From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web09.15101.1636720384608506852
 for <devel@edk2.groups.io>;
 Fri, 12 Nov 2021 04:33:04 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=zAi1e3FF;
 spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: ray.ni@intel.com)
X-IronPort-AV: E=McAfee;i="6200,9189,10165"; a="231849406"
X-IronPort-AV: E=Sophos;i="5.87,229,1631602800"; 
   d="scan'208";a="231849406"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Nov 2021 04:32:57 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.87,229,1631602800"; 
   d="scan'208";a="502543427"
Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18])
  by fmsmga007.fm.intel.com with ESMTP; 12 Nov 2021 04:32:57 -0800
Received: from orsmsx607.amr.corp.intel.com (10.22.229.20) by
 ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Fri, 12 Nov 2021 04:32:56 -0800
Received: from orsmsx604.amr.corp.intel.com (10.22.229.17) by
 ORSMSX607.amr.corp.intel.com (10.22.229.20) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Fri, 12 Nov 2021 04:32:56 -0800
Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by
 orsmsx604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Fri, 12 Nov 2021 04:32:56 -0800
Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.44) by
 edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Fri, 12 Nov 2021 04:32:56 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=FYmCLJQ+MkQi8qhkkFy7rAMVxIGQzMgfguWFsaFKH9/eUlrnYBxVfqfowi0N2QzfFthbu3VaZ2cAQduwIQKGU9QxqR2+mo0OhcocQnzai4S5KMzvpqcvF/d3vhxTQVoT95ikLVJLQJ6w7cpVGYZcfhJP7k6yb7DmGWlJQSir5ksTVA1rfh34x4Zp+MJgF3sU0BZ8go9i/qJuYaIzbParoJMg2VC2ihcKm7bOmglc41DuyPxM1VmzN0u6tf8uqLFm+ciXqFSFs2zYBJ84kTVYaKOgwH8QiZhCA2JhXEKnUNt3gsQKKji7jgoY4+7rFQZFrzudYBkE7vjFIG5n2PnvUg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=MchD5obIqqx/qVfu2jUUuB+TYZfqTQ+2vFPvw7N4xXk=;
 b=WahXGv2AJntZoHzzweM55+TDGzTy/LNq18Zvo+2YDSoneypd+pEQjWkNc6KqXIvt9pyGQdYMOwvnulDpTuaCDCU7OcHNNRNoxN19/EfPWUnNR2YS0Jpa8GS1zfgx1iamLpOXD1V2zyaRydZL5u4tEeh/8LO8DwxRrJlC5jIW5tJ1yZ7yV9tm6eo6BJoKvcGBATZTwiRuCGstVEe7iH1vCygEhpBR9Nb1ihQNiHmJzy3yRy5ZPGvXpnZmHuKoew/gQCqBN7I/XpapZmO2+eZckoBaelVphXR+u6QSwx4c5XavuG4T30vkPJmxxFcCxvkHcsG8Fvvr8H/Uz3UOrJDfrA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=MchD5obIqqx/qVfu2jUUuB+TYZfqTQ+2vFPvw7N4xXk=;
 b=zAi1e3FFH3bpUmnQtTMvLhlY6mgvZTTxUfDQg97kq37XE/ts/at0ZaGUJj38yY9I9gTFXjGxJ0S77w8m3JtlGxFCBNyQC8+t46AQN3An8jgDLI7fGkeET0E89oaPZ1PUrJUXhFhF5hlP1ZVLcqadBytn1CGx7E+hlAVtIbuFxzI=
Received: from BN0PR11MB5696.namprd11.prod.outlook.com (2603:10b6:408:14b::11)
 by BN6PR11MB1988.namprd11.prod.outlook.com (2603:10b6:404:48::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4690.18; Fri, 12 Nov
 2021 12:32:54 +0000
Received: from BN0PR11MB5696.namprd11.prod.outlook.com
 ([fe80::317e:de35:e920:7778]) by BN0PR11MB5696.namprd11.prod.outlook.com
 ([fe80::317e:de35:e920:7778%3]) with mapi id 15.20.4669.013; Fri, 12 Nov 2021
 12:32:54 +0000
From: "Ni, Ray" <ray.ni@intel.com>
To: "Sheng, W" <w.sheng@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Dong, Eric" <eric.dong@intel.com>, "Kumar, Rahul1"
	<rahul1.kumar@intel.com>
Subject: Re: [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow Stack
Thread-Topic: [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow
 Stack
Thread-Index: AQHX12ZOeJxVJDXTS0OgChfQ8hN6Vqv/OZmQgAAfCLCAAHtd8A==
Date: Fri, 12 Nov 2021 12:32:54 +0000
Message-ID: <BN0PR11MB5696CD170C71FA8D31EDF0F38C959@BN0PR11MB5696.namprd11.prod.outlook.com>
References: <20211112014028.9520-1-w.sheng@intel.com>
 <BN0PR11MB5696378577811FFA3E570CA88C959@BN0PR11MB5696.namprd11.prod.outlook.com>
 <PH0PR11MB48709EC851C8431749801C79E1959@PH0PR11MB4870.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB48709EC851C8431749801C79E1959@PH0PR11MB4870.namprd11.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0768ba33-adf8-41a4-ca63-08d9a5d88cea
x-ms-traffictypediagnostic: BN6PR11MB1988:
x-microsoft-antispam-prvs: <BN6PR11MB19882AE1231EC22981E06CF18C959@BN6PR11MB1988.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: d6k6c1au6RfZBz/VFCEv4KTnFG2STZozhZWnYKBooOTfTS4qtIABYWNyM+1y77jzFryWfbFTdb+Wr5PuZuM64gVvDrYTARxARcamPQJwBPEgo9pc03tiVKHVi9zfVXyzrKCty9bs1flebVKQuAIDAxRS2z/qeXV1c/E1WXGXGM3OO3ysvzDoGEM/vw3ubTT0RsbwL7pTL/itjNMdQ7ogMolOQR38rozFZELe3jsOv0K7+QEcQmAI4azXxlrJkR/EQCLe34vz3x1Q7JE2QDVpUo7B8+oLPLnuABr9g/FbIbF1cMGIun2s+jbHLDIZUsLfOCGmG4mESWmhHVz1k5KXt/W//ezrGMBTHyFi2oDTkJgOPjbc0a8EuaUTCvPnjBiJ2zyIW9pBxrncc6BmnyuqwsX49F7ArZlQQDNNQnFogXQJ7nsasPvqkZZnD0MonK/85AbByubmCdr+Va2UrKi1M6krCq4MANqGaU2APTGtPA85wQle85YnHaLsYEhPodYtkUspcOqUk66skWW+lyC4h8/1ikmYLqRVMq+bPwIJqcDI36P5D4M5hCEtJUb91ONUmybNUBqrN+k31OVRFtcAnltAx8eeDiq3qT1MWwiPu93bpTLwEThoA2nco1sS4MW9bj6o5ar1D1EWOCc3jPc2FhJxeUb0+bCv/1aYpeQOmVC1sjzii/BeKe4H0UnXajt7QkKOKdHx1RSiBsjbLoOMcmZSVCmGnijTV1N0RgInjXePbQcZ9zramN7Uz7MLYYZPD0YZFcKWAkwx6RljAyOwWapGU62VOhx8rF554BFky0MfOsQXP58WuqOhQ1FOkKSIX5srUu80cvUipEpHGgggng==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0PR11MB5696.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(30864003)(4326008)(19627235002)(122000001)(5660300002)(55016002)(38070700005)(38100700002)(53546011)(6506007)(8676002)(7696005)(9686003)(2906002)(110136005)(52536014)(71200400001)(76116006)(66476007)(66946007)(54906003)(66556008)(186003)(64756008)(86362001)(107886003)(8936002)(508600001)(26005)(82960400001)(66446008)(966005)(83380400001)(33656002)(316002)(579004);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-2022-jp?B?bE11VVZiMDUzWTdjbkoyV2xqcjZZT3ErRU4zaU9yN1dhR3FiUkY2RnZ4?=
 =?iso-2022-jp?B?cVpMelhpT3R2M2Y1YngyZXQybUF0U1VQWkdsNUkzYkhrNmpLckkvS0VT?=
 =?iso-2022-jp?B?ODd6eXQ3UWtaL0J5QlZmQUdNeGozdnBDcTVPZnROWkFremovRThyQnJ2?=
 =?iso-2022-jp?B?V2htd3p4M1FiR28weDQwK0doT1VVR3BPRmhUM1JndzBxVVpLTmtQUUdP?=
 =?iso-2022-jp?B?L2VPQkRpMGxxVmtFKzMvTjlxMEFnR2Yxeng3d0puVGNPMTJSclBwMGJv?=
 =?iso-2022-jp?B?WUZ5T0wxVmlqaUU2TFRkOGFkaUdnMHF5aHEwMURjV2krcmZ4ZUZyVjhP?=
 =?iso-2022-jp?B?MG9hZFR2ZEdRZGhuMzVIT3RZU3lGVzJuaDMxSDR2T3dsNCsvdDd6UURw?=
 =?iso-2022-jp?B?TE51MFhnZ1BldnpPdDVsMTlxaENNQnppTGcwcVc1WDBpZFFGMFRrMnBC?=
 =?iso-2022-jp?B?NFZ3MklhRHBpcnNYRDBMVzdoOTZzZXRPVEF5c3djTzRxSmljbmNtNm5F?=
 =?iso-2022-jp?B?Sm9IWWkrNllqMTIvK0RldTVJSUl2UmFkandiTEJtMTBlMlpvMzdCSFBv?=
 =?iso-2022-jp?B?MVdOaTk5M2dWRS84dHZRWHU2RVE5MkZweDZmK1d6NXNyNjZVb0dwTmMr?=
 =?iso-2022-jp?B?L3hMZnUwY2tkTHlUMjliL291Z3hjb3BZTy9WSGlXM2lGcGdiQnNLTTJp?=
 =?iso-2022-jp?B?d1NQVnVQbkUweU1RY2JpTXJmcnF1VVBsekdGOTlKVm94amdLS3dFV3FT?=
 =?iso-2022-jp?B?RHIxUUpQZFRmK2RlWnFQQ2Jad0hZS2p5eVlpMXJtZlJVNWsvY3dvYU04?=
 =?iso-2022-jp?B?WUpNTTQ2UzJleWQyd0gxZ29PYVRybHBoN2NBa1B2eks0dHUzSWZsbFQ3?=
 =?iso-2022-jp?B?N1VYazgyVzFObUVBeG9LcFRnY1VseWRUOHBxQ1BzckdIdFhTZ0hNNVd5?=
 =?iso-2022-jp?B?NndDTTJnUUs1RlBjUWNqWFpPbXBRWEQyYzhMNzRJVEdiOWxGdmVvMlM5?=
 =?iso-2022-jp?B?dXF4WThmSXFCZFJ0bnRUeW5maGJyMFZrN2N4S3hLcGhYUnZBUzh0Qktv?=
 =?iso-2022-jp?B?TnFudnJxRyt3Y3BtZUtHaERMSmVlaTVVSlVyNThGTEJuTkdmUmR6bkg2?=
 =?iso-2022-jp?B?Y1dVWXNkVnRqN2RJYUpnUU1SYURpamJzLzFpNXVvQmhnV0R5STYwKzlB?=
 =?iso-2022-jp?B?bVNMNStxUFhoa1B3Q1owR3FIOFBKRUJJVXcxQVB5b1dwcGVlb0twYkNE?=
 =?iso-2022-jp?B?eXdMdWxtWVV4ODMxZXRJTk1FZ21TeTVHUzlDNHNHS092WExGWHpJcVRT?=
 =?iso-2022-jp?B?a3NtVDgvdGh6alVtc3R1cGZJOW52Q1ZZTzA1ajVaQW1jYkgxQ1lxQkpW?=
 =?iso-2022-jp?B?eVgwK3dmd1FmTDFmWmw3d2pnM1cvbWs0RFUwQWVSdXBpeis4ckx2Mmpx?=
 =?iso-2022-jp?B?em15eTRvQnlVUEZqZzRsanF5a29OaGtDcGZ6c25QZkUvMVJhNkJXQ3Jp?=
 =?iso-2022-jp?B?NlYxdThtd2kxd3QyaDJ6MUdyTko0d3FmSWRCUFp0YTE1OGRKNGJwMWFa?=
 =?iso-2022-jp?B?UnJrMWQxMlpISmx6VjFDRXExUU9CSHpkN1l3d3E1blF3eENwWHJVejds?=
 =?iso-2022-jp?B?Rm5Hd24vN0tON1JoSmZDVEFGSlh0Mjh3dnlRYUtlSFVYczA4cndlY0cx?=
 =?iso-2022-jp?B?Y01RcUpwck5PMGVkWFUxKzFPTmtPMFg1OHFNY1YyNTdtUVpBdG1BdTBR?=
 =?iso-2022-jp?B?M2dwRUNhYjdIangyMGhMTjA1REtSRVdTOTNoNGF1eTlGbjdKUmZXQ1N3?=
 =?iso-2022-jp?B?NjJUOVowNVBLU3lKWFdwOWdwdGQ4RjFRcVNNSnVSZEFkZXoySUpId3Ni?=
 =?iso-2022-jp?B?UGxvdFJqSHFjVnhMN1ZVb09qTzNpQXVFQWZCRE1GckZFTDdCdTNIZkMw?=
 =?iso-2022-jp?B?aGw3Z3kzcG9MMVFDRVNVVVRmdEM5cWdTSmkwZXIzTHdudUlQcU1qU0w3?=
 =?iso-2022-jp?B?c1FJbzRQWkZGNXg1K1Fsb29INzJ6cEs2OC9sY2kyZXVhcWFSRjh4YTAr?=
 =?iso-2022-jp?B?cTVPSFB6cW02bHVtOFhQWVM3eThYR1E3aFlqK3FXVFN1UDE0cWh6R3pl?=
 =?iso-2022-jp?B?ZzltYzRJd1lKc1BIYUZobzFkVUhPM0pkU21QTGtJNEdhV3dkd3VmYmdS?=
 =?iso-2022-jp?B?Ri8zRlkxekxWc3VDcG9COEpyVmhHNE1lMmIrdzg1WTNPMWp5VXBIM2p4?=
 =?iso-2022-jp?B?Q1pVV3R3dGhxL2pQaWxsZm9HM2k0aElYTTNkTU1VWWt6MUZQa2hhZUM5?=
 =?iso-2022-jp?B?VWphOG1WMm1oTjZFWE5vdHBhTnh2YW9vZDRDcGM1T01CSFpBb252ZXVN?=
 =?iso-2022-jp?B?bzc2cXM9?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR11MB5696.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0768ba33-adf8-41a4-ca63-08d9a5d88cea
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2021 12:32:54.3749
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8BR7vHwfAyTA6y7j18Iu0MbUsxU8Dau+OLk+hf89dLLNlamzTZmMi5MDCyUbfk3TAYdelVZ5AMuDiN+aKAg0lg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1988
Return-Path: ray.ni@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable

https://github.com/tianocore/edk2/pull/2203 is created.

> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Friday, November 12, 2021 1:12 PM
> To: Ni, Ray <ray.ni@intel.com>; devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.c=
om>
> Subject: RE: [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shad=
ow Stack
>=20
> Hi Ray,
> Thank you very much for the help.
> BR
> Sheng Wei
>=20
> > -----Original Message-----
> > From: Ni, Ray <ray.ni@intel.com>
> > Sent: 2021=1B$BG/=1B(B11=1B$B7n=1B(B12=1B$BF|=1B(B 11:21
> > To: Sheng, W <w.sheng@intel.com>; devel@edk2.groups.io
> > Cc: Dong, Eric <eric.dong@intel.com>; Kumar, Rahul1
> > <rahul1.kumar@intel.com>
> > Subject: RE: [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM
> > Interrupt Shadow Stack
> >
> > Reviewed-by: Ray Ni <ray.ni@intel.com>
> >
> > I will create PR by end of my today since this patch fixes a critical i=
ssue when
> > enabling CET in SMM.
> >
> > > -----Original Message-----
> > > From: Sheng, W <w.sheng@intel.com>
> > > Sent: Friday, November 12, 2021 9:40 AM
> > > To: devel@edk2.groups.io
> > > Cc: Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>;
> > > Kumar, Rahul1 <rahul1.kumar@intel.com>
> > > Subject: [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt
> > > Shadow Stack
> > >
> > > When CET shadow stack feature is enabled, it needs to use IST for the
> > > exceptions, and uses interrupt shadow stack for the stack switch.
> > > Shadow stack should be 32 bytes aligned.
> > > Check IST field, when clear shadow stack token busy bit when using re=
tf.
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3728
> > >
> > > Signed-off-by: Sheng Wei <w.sheng@intel.com>
> > > Cc: Eric Dong <eric.dong@intel.com>
> > > Cc: Ray Ni <ray.ni@intel.com>
> > > Cc: Rahul Kumar <rahul1.kumar@intel.com>
> > > Reviewed-by: Ray Ni <ray.ni@intel.com>
> > > ---
> > >  .../X64/Xcode5ExceptionHandlerAsm.nasm             | 66 ++++++++++++=
------
> > >  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c         | 61
> > +++++++++++-----
> > >  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h         | 14 ++++
> > >  UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c            | 12 +++-
> > >  UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c       | 81
> > ++++++++++++----------
> > >  5 files changed, 157 insertions(+), 77 deletions(-)
> > >
> > > diff --git
> > >
> > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandle
> > r
> > > Asm.nasm
> > >
> > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandle
> > r
> > > Asm.nasm
> > > index 4881a02848..84a12ddb88 100644
> > > ---
> > >
> > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandle
> > r
> > > Asm.nasm
> > > +++
> > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHan
> > > +++ dlerAsm.nasm
> > > @@ -15,17 +15,36 @@
> > >
> > > ;--------------------------------------------------------------------=
-
> > > ---------
> > >  %include "Nasm.inc"
> > >
> > > +;
> > > +; Equivalent NASM structure of IA32_DESCRIPTOR ; struc
> > > +IA32_DESCRIPTOR
> > > +  .Limit                         CTYPE_UINT16 1
> > > +  .Base                          CTYPE_UINTN  1
> > > +endstruc
> > > +
> > > +;
> > > +; Equivalent NASM structure of IA32_IDT_GATE_DESCRIPTOR ; struc
> > > +IA32_IDT_GATE_DESCRIPTOR
> > > +  .OffsetLow                     CTYPE_UINT16 1
> > > +  .Selector                      CTYPE_UINT16 1
> > > +  .Reserved_0                    CTYPE_UINT8 1
> > > +  .GateType                      CTYPE_UINT8 1
> > > +  .OffsetHigh                    CTYPE_UINT16 1
> > > +  .OffsetUpper                   CTYPE_UINT32 1
> > > +  .Reserved_1                    CTYPE_UINT32 1
> > > +endstruc
> > > +
> > >  ;
> > >  ; CommonExceptionHandler()
> > >  ;
> > >
> > >  %define VC_EXCEPTION 29
> > > -%define PF_EXCEPTION 14
> > >
> > >  extern ASM_PFX(mErrorCodeFlag)    ; Error code flags for exceptions
> > >  extern ASM_PFX(mDoFarReturnFlag)  ; Do far return flag  extern
> > > ASM_PFX(CommonExceptionHandler) -extern ASM_PFX(FeaturePcdGet
> > > (PcdCpuSmmStackGuard))
> > >
> > >  SECTION .data
> > >
> > > @@ -282,42 +301,49 @@ DrFinish:
> > >
> > >      ; The follow algorithm is used for clear shadow stack token busy=
 bit.
> > >      ; The comment is based on the sample shadow stack.
> > > +    ; Shadow stack is 32 bytes aligned.
> > >      ; The sample shadow stack layout :
> > >      ; Address | Context
> > >      ;         +-------------------------+
> > > -    ;  0xFD0  |   FREE                  | it is 0xFD8|0x02|(LMA & CS=
.L), after
> > SAVEPREVSSP.
> > > +    ;  0xFB8  |   FREE                  | It is 0xFC0|0x02|(LMA & CS=
.L), after
> > SAVEPREVSSP.
> > >      ;         +-------------------------+
> > > -    ;  0xFD8  |  Prev SSP               |
> > > +    ;  0xFC0  |  Prev SSP               |
> > >      ;         +-------------------------+
> > > -    ;  0xFE0  |   RIP                   |
> > > +    ;  0xFC8  |   RIP                   |
> > >      ;         +-------------------------+
> > > -    ;  0xFE8  |   CS                    |
> > > +    ;  0xFD0  |   CS                    |
> > >      ;         +-------------------------+
> > > -    ;  0xFF0  |  0xFF0 | BUSY           | BUSY flag cleared after CL=
RSSBSY
> > > +    ;  0xFD8  |  0xFD8 | BUSY           | BUSY flag cleared after CL=
RSSBSY
> > >      ;         +-------------------------+
> > > -    ;  0xFF8  | 0xFD8|0x02|(LMA & CS.L) |
> > > +    ;  0xFE0  | 0xFC0|0x02|(LMA & CS.L) |
> > >      ;         +-------------------------+
> > >      ; Instructions for Intel Control Flow Enforcement Technology (CE=
T) are
> > supported since NASM version 2.15.01.
> > >      cmp     qword [ASM_PFX(mDoFarReturnFlag)], 0
> > >      jz      CetDone
> > > -    cmp     qword [rbp + 8], PF_EXCEPTION   ; check if it is a Page =
Fault
> > > -    jnz     CetDone
> > > -    cmp     byte [dword ASM_PFX(FeaturePcdGet
> > (PcdCpuSmmStackGuard))], 0
> > > -    jz      CetDone
> > >      mov     rax, cr4
> > > -    and     rax, 0x800000       ; check if CET is enabled
> > > +    and     rax, 0x800000       ; Check if CET is enabled
> > > +    jz      CetDone
> > > +    sub     rsp, 0x10
> > > +    sidt    [rsp]
> > > +    mov     rcx, qword [rsp + IA32_DESCRIPTOR.Base]; Get IDT base ad=
dress
> > > +    add     rsp, 0x10
> > > +    mov     rax, qword [rbp + 8]; Get exception number
> > > +    sal     rax, 0x04           ; Get IDT offset
> > > +    add     rax, rcx            ; Get IDT gate descriptor address
> > > +    mov     al, byte [rax + IA32_IDT_GATE_DESCRIPTOR.Reserved_0]
> > > +    and     rax, 0x01           ; Check IST field
> > >      jz      CetDone
> > > -                                ; SSP should be 0xFD8 at this point
> > > +                                ; SSP should be 0xFC0 at this point
> > >      mov     rax, 0x04           ; advance past cs:lip:prevssp;superv=
isor shadow
> > stack token
> > > -    INCSSP_RAX                  ; After this SSP should be 0xFF8
> > > -    SAVEPREVSSP                 ; now the shadow stack restore token=
 will be
> > created at 0xFD0
> > > -    READSSP_RAX                 ; Read new SSP, SSP should be 0x1000
> > > +    INCSSP_RAX                  ; After this SSP should be 0xFE0
> > > +    SAVEPREVSSP                 ; now the shadow stack restore token=
 will be
> > created at 0xFB8
> > > +    READSSP_RAX                 ; Read new SSP, SSP should be 0xFE8
> > >      sub     rax, 0x10
> > > -    CLRSSBSY_RAX                ; Clear token at 0xFF0, SSP should b=
e 0 after this
> > > +    CLRSSBSY_RAX                ; Clear token at 0xFD8, SSP should b=
e 0 after this
> > >      sub     rax, 0x20
> > > -    RSTORSSP_RAX                ; Restore to token at 0xFD0, new SSP=
 will be
> > 0xFD0
> > > +    RSTORSSP_RAX                ; Restore to token at 0xFB8, new SSP=
 will be
> > 0xFB8
> > >      mov     rax, 0x01           ; Pop off the new save token created
> > > -    INCSSP_RAX                  ; SSP should be 0xFD8 now
> > > +    INCSSP_RAX                  ; SSP should be 0xFC0 now
> > >  CetDone:
> > >
> > >      cli
> > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> > > b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> > > index 67ad9a4c07..2b2e1a5390 100644
> > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> > > @@ -861,35 +861,58 @@ PiCpuSmmEntry (
> > >    mSmmStackSize =3D EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (PcdGet32
> > (PcdCpuSmmStackSize)));
> > >    if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
> > >      //
> > > -    // 2 more pages is allocated for each processor.
> > > -    // one is guard page and the other is known good stack.
> > > +    // SMM Stack Guard Enabled
> > > +    //   2 more pages is allocated for each processor, one is guard =
page and
> > the other is known good stack.
> > >      //
> > > -    // +-------------------------------------------+-----+----------=
----------------------
> > -----------+
> > > -    // | Known Good Stack | Guard Page | SMM Stack | ... | Known Goo=
d
> > Stack | Guard Page | SMM Stack |
> > > -    // +-------------------------------------------+-----+----------=
----------------------
> > -----------+
> > > -    // |                                           |     |          =
                                 |
> > > -    // |<-------------- Processor 0 -------------->|     |<---------=
----- Processor n
> > -------------->|
> > > +    // +--------------------------------------------------+-----+---=
----------------------
> > -------------------------+
> > > +    // | Known Good Stack | Guard Page |     SMM Stack    | ... | Kn=
own
> > Good Stack | Guard Page |     SMM Stack    |
> > > +    // +--------------------------------------------------+-----+---=
----------------------
> > -------------------------+
> > > +    // |        4K        |    4K       PcdCpuSmmStackSize|     |   =
     4K        |    4K
> > PcdCpuSmmStackSize|
> > > +    // |<---------------- mSmmStackSize ----------------->|     |<--=
--------------
> > mSmmStackSize ----------------->|
> > > +    // |                                                  |     |   =
                                               |
> > > +    // |<------------------ Processor 0 ----------------->|     |<--=
----------------
> > Processor n ----------------->|
> > >      //
> > >      mSmmStackSize +=3D EFI_PAGES_TO_SIZE (2);
> > >    }
> > >
> > >    mSmmShadowStackSize =3D 0;
> > >    if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) !=3D 0) &&
> > mCetSupported) {
> > > -    //
> > > -    // Append Shadow Stack after normal stack
> > > -    //
> > > -    // |=3D Stacks
> > > -    // +--------------------------------------------------+---------=
-----------------------
> > -------------------------------+
> > > -    // | Known Good Stack | Guard Page |    SMM Stack     | Known Go=
od
> > Shadow Stack | Guard Page |    SMM Shadow Stack    |
> > > -    // +--------------------------------------------------+---------=
-----------------------
> > -------------------------------+
> > > -    // |                               |PcdCpuSmmStackSize|
> > |PcdCpuSmmShadowStackSize|
> > > -    // |<---------------- mSmmStackSize ----------------->|<--------=
-------------
> > mSmmShadowStackSize ------------------->|
> > > -    // |                                                            =
                                                      |
> > > -    // |<-------------------------------------------- Processor N --=
--------------------
> > --------------------------------->|
> > > -    //
> > >      mSmmShadowStackSize =3D EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES
> > > (PcdGet32 (PcdCpuSmmShadowStackSize)));
> > > +
> > >      if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
> > > +      //
> > > +      // SMM Stack Guard Enabled
> > > +      // Append Shadow Stack after normal stack
> > > +      //   2 more pages is allocated for each processor, one is guar=
d page and
> > the other is known good shadow stack.
> > > +      //
> > > +      // |=3D Stacks
> > > +      // +--------------------------------------------------+-------=
-----------------------
> > ---------------------------------+
> > > +      // | Known Good Stack | Guard Page |    SMM Stack     | Known =
Good
> > Shadow Stack | Guard Page |    SMM Shadow Stack    |
> > > +      // +--------------------------------------------------+-------=
-----------------------
> > ---------------------------------+
> > > +      // |         4K       |    4K      |PcdCpuSmmStackSize|       =
     4K           |    4K
> > |PcdCpuSmmShadowStackSize|
> > > +      // |<---------------- mSmmStackSize ----------------->|<------=
---------------
> > mSmmShadowStackSize ------------------->|
> > > +      // |                                                          =
                                                        |
> > > +      // |<-------------------------------------------- Processor N =
--------------------
> > ----------------------------------->|
> > > +      //
> > >        mSmmShadowStackSize +=3D EFI_PAGES_TO_SIZE (2);
> > > +    } else {
> > > +      //
> > > +      // SMM Stack Guard Disabled (Known Good Stack is still require=
d for
> > potential stack switch.)
> > > +      //   Append Shadow Stack after normal stack with 1 more page a=
s
> > known good shadow stack.
> > > +      //   1 more pages is allocated for each processor, it is known=
 good stack.
> > > +      //
> > > +      //
> > > +      // |=3D Stacks
> > > +      // +-------------------------------------+--------------------=
-----------------------
> > -------+
> > > +      // | Known Good Stack |    SMM Stack     | Known Good Shadow S=
tack |
> > SMM Shadow Stack    |
> > > +      // +-------------------------------------+--------------------=
-----------------------
> > -------+
> > > +      // |        4K        |PcdCpuSmmStackSize|          4K
> > |PcdCpuSmmShadowStackSize|
> > > +      // |<---------- mSmmStackSize ---------->|<---------------
> > mSmmShadowStackSize ------------>|
> > > +      // |                                                          =
                              |
> > > +      // |<-------------------------------- Processor N ------------=
--------------------
> > --------->|
> > > +      //
> > > +      mSmmShadowStackSize +=3D EFI_PAGES_TO_SIZE (1);
> > > +      mSmmStackSize       +=3D EFI_PAGES_TO_SIZE (1);
> > >      }
> > >    }
> > >
> > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
> > > b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
> > > index 2248a8c5ee..fc9b748948 100644
> > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
> > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
> > > @@ -557,6 +557,20 @@ InitializeIDTSmmStackGuard (
> > >    VOID
> > >    );
> > >
> > > +/**
> > > +  Initialize IDT IST Field.
> > > +
> > > +  @param[in]  ExceptionType       Exception type.
> > > +  @param[in]  Ist                 IST value.
> > > +
> > > +**/
> > > +VOID
> > > +EFIAPI
> > > +InitializeIdtIst (
> > > +  IN EFI_EXCEPTION_TYPE            ExceptionType,
> > > +  IN UINT8                         Ist
> > > +  );
> > > +
> > >  /**
> > >    Initialize Gdt for all processors.
> > >
> > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
> > > b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
> > > index d6f8dd94d3..211a78b1c4 100644
> > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
> > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
> > > @@ -481,7 +481,17 @@ SmmInitPageTable (
> > >    // Additional SMM IDT initialization for SMM stack guard
> > >    //
> > >    if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
> > > -    InitializeIDTSmmStackGuard ();
> > > +    DEBUG ((DEBUG_INFO, "Initialize IDT IST field for SMM Stack
> > Guard\n"));
> > > +    InitializeIdtIst (EXCEPT_IA32_PAGE_FAULT, 1);  }
> > > +
> > > +  //
> > > +  // Additional SMM IDT initialization for SMM CET shadow stack  //
> > > + if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) !=3D 0) &&
> > mCetSupported) {
> > > +    DEBUG ((DEBUG_INFO, "Initialize IDT IST field for SMM Shadow
> > Stack\n"));
> > > +    InitializeIdtIst (EXCEPT_IA32_PAGE_FAULT, 1);
> > > +    InitializeIdtIst (EXCEPT_IA32_MACHINE_CHECK, 1);
> > >    }
> > >
> > >    //
> > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
> > b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
> > > index ca3f5ff91a..ce7afce6d4 100644
> > > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
> > > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
> > > @@ -24,24 +24,24 @@ UINT32 mCetInterruptSspTable;
> > >  UINTN  mSmmInterruptSspTables;
> > >
> > >  /**
> > > -  Initialize IDT for SMM Stack Guard.
> > > +  Initialize IDT IST Field.
> > > +
> > > +  @param[in]  ExceptionType       Exception type.
> > > +  @param[in]  Ist                 IST value.
> > >
> > >  **/
> > >  VOID
> > >  EFIAPI
> > > -InitializeIDTSmmStackGuard (
> > > -  VOID
> > > +InitializeIdtIst (
> > > +  IN EFI_EXCEPTION_TYPE            ExceptionType,
> > > +  IN UINT8                         Ist
> > >    )
> > >  {
> > >    IA32_IDT_GATE_DESCRIPTOR  *IdtGate;
> > >
> > > -  //
> > > -  // If SMM Stack Guard feature is enabled, set the IST field of
> > > -  // the interrupt gate for Page Fault Exception to be 1
> > > -  //
> > >    IdtGate =3D (IA32_IDT_GATE_DESCRIPTOR *)gcSmiIdtr.Base;
> > > -  IdtGate +=3D EXCEPT_IA32_PAGE_FAULT;
> > > -  IdtGate->Bits.Reserved_0 =3D 1;
> > > +  IdtGate +=3D ExceptionType;
> > > +  IdtGate->Bits.Reserved_0 =3D Ist;
> > >  }
> > >
> > >  /**
> > > @@ -89,7 +89,7 @@ InitGdt (
> > >      GdtDescriptor->Bits.BaseMid =3D (UINT8)((UINTN)TssBase >> 16);
> > >      GdtDescriptor->Bits.BaseHigh =3D (UINT8)((UINTN)TssBase >> 24);
> > >
> > > -    if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
> > > +    if ((FeaturePcdGet (PcdCpuSmmStackGuard)) || ((PcdGet32
> > (PcdControlFlowEnforcementPropertyMask) !=3D 0) &&
> > > mCetSupported)) {
> > >        //
> > >        // Setup top of known good stack as IST1 for each processor.
> > >        //
> > > @@ -177,8 +177,16 @@ InitShadowStack (
> > >
> > >    if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) !=3D 0) &&
> > mCetSupported) {
> > >      SmmShadowStackSize =3D EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES
> > (PcdGet32 (PcdCpuSmmShadowStackSize)));
> > > +    //
> > > +    // Add 1 page as known good shadow stack
> > > +    //
> > > +    SmmShadowStackSize +=3D EFI_PAGES_TO_SIZE (1);
> > > +
> > >      if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
> > > -      SmmShadowStackSize +=3D EFI_PAGES_TO_SIZE (2);
> > > +      //
> > > +      // Add one guard page between Known Good Shadow Stack and SMM
> > Shadow Stack.
> > > +      //
> > > +      SmmShadowStackSize +=3D EFI_PAGES_TO_SIZE (1);
> > >      }
> > >      mCetPl0Ssp =3D (UINT32)((UINTN)ShadowStack + SmmShadowStackSize =
-
> > sizeof(UINT64));
> > >      PatchInstructionX86 (mPatchCetPl0Ssp, mCetPl0Ssp, 4);
> > > @@ -186,33 +194,32 @@ InitShadowStack (
> > >      DEBUG ((DEBUG_INFO, "ShadowStack - 0x%x\n", ShadowStack));
> > >      DEBUG ((DEBUG_INFO, "  SmmShadowStackSize - 0x%x\n",
> > SmmShadowStackSize));
> > >
> > > -    if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
> > > -      if (mSmmInterruptSspTables =3D=3D 0) {
> > > -        mSmmInterruptSspTables =3D (UINTN)AllocateZeroPool(sizeof(UI=
NT64)
> > * 8 * gSmmCpuPrivate-
> > > >SmmCoreEntryContext.NumberOfCpus);
> > > -        ASSERT (mSmmInterruptSspTables !=3D 0);
> > > -        DEBUG ((DEBUG_INFO, "mSmmInterruptSspTables - 0x%x\n",
> > mSmmInterruptSspTables));
> > > -      }
> > > -
> > > -      //
> > > -      // The highest address on the stack (0xFF8) is a save-previous=
-ssp
> > token pointing to a location that is 40 bytes away - 0xFD0.
> > > -      // The supervisor shadow stack token is just above it at addre=
ss 0xFF0.
> > This is where the interrupt SSP table points.
> > > -      // So when an interrupt of exception occurs, we can use
> > SAVESSP/RESTORESSP/CLEARSSBUSY for the supervisor shadow
> > > stack,
> > > -      // due to the reason the RETF in SMM exception handler cannot =
clear
> > the BUSY flag with same CPL.
> > > -      // (only IRET or RETF with different CPL can clear BUSY flag)
> > > -      // Please refer to UefiCpuPkg/Library/CpuExceptionHandlerLib/X=
64 for
> > the full stack frame at runtime.
> > > -      //
> > > -      InterruptSsp =3D (UINT32)((UINTN)ShadowStack + EFI_PAGES_TO_SI=
ZE(1)
> > - sizeof(UINT64));
> > > -      *(UINT64 *)(UINTN)InterruptSsp =3D (InterruptSsp - sizeof(UINT=
64) * 4) |
> > 0x2;
> > > -      mCetInterruptSsp =3D InterruptSsp - sizeof(UINT64);
> > > -
> > > -      mCetInterruptSspTable =3D (UINT32)(UINTN)(mSmmInterruptSspTabl=
es
> > + sizeof(UINT64) * 8 * CpuIndex);
> > > -      InterruptSspTable =3D (UINT64 *)(UINTN)mCetInterruptSspTable;
> > > -      InterruptSspTable[1] =3D mCetInterruptSsp;
> > > -      PatchInstructionX86 (mPatchCetInterruptSsp, mCetInterruptSsp, =
4);
> > > -      PatchInstructionX86 (mPatchCetInterruptSspTable,
> > mCetInterruptSspTable, 4);
> > > -      DEBUG ((DEBUG_INFO, "mCetInterruptSsp - 0x%x\n",
> > mCetInterruptSsp));
> > > -      DEBUG ((DEBUG_INFO, "mCetInterruptSspTable - 0x%x\n",
> > mCetInterruptSspTable));
> > > +    if (mSmmInterruptSspTables =3D=3D 0) {
> > > +      mSmmInterruptSspTables =3D (UINTN)AllocateZeroPool(sizeof(UINT=
64)
> > * 8 * gSmmCpuPrivate-
> > > >SmmCoreEntryContext.NumberOfCpus);
> > > +      ASSERT (mSmmInterruptSspTables !=3D 0);
> > > +      DEBUG ((DEBUG_INFO, "mSmmInterruptSspTables - 0x%x\n",
> > mSmmInterruptSspTables));
> > >      }
> > > +
> > > +    //
> > > +    // The highest address on the stack (0xFE0) is a save-previous-s=
sp token
> > pointing to a location that is 40 bytes away - 0xFB8.
> > > +    // The supervisor shadow stack token is just above it at address=
 0xFD8.
> > This is where the interrupt SSP table points.
> > > +    // So when an interrupt of exception occurs, we can use
> > SAVESSP/RESTORESSP/CLEARSSBUSY for the supervisor shadow
> > > stack,
> > > +    // due to the reason the RETF in SMM exception handler cannot cl=
ear
> > the BUSY flag with same CPL.
> > > +    // (only IRET or RETF with different CPL can clear BUSY flag)
> > > +    // Please refer to UefiCpuPkg/Library/CpuExceptionHandlerLib/X64=
 for
> > the full stack frame at runtime.
> > > +    // According to SDM (ver. 075 June 2021), shadow stack should be=
 32
> > bytes aligned.
> > > +    //
> > > +    InterruptSsp =3D (UINT32)(((UINTN)ShadowStack + EFI_PAGES_TO_SIZ=
E(1)
> > - (sizeof(UINT64) * 4)) & ~0x1f);
> > > +    *(UINT64 *)(UINTN)InterruptSsp =3D (InterruptSsp - sizeof(UINT64=
) * 4) |
> > 0x2;
> > > +    mCetInterruptSsp =3D InterruptSsp - sizeof(UINT64);
> > > +
> > > +    mCetInterruptSspTable =3D (UINT32)(UINTN)(mSmmInterruptSspTables=
 +
> > sizeof(UINT64) * 8 * CpuIndex);
> > > +    InterruptSspTable =3D (UINT64 *)(UINTN)mCetInterruptSspTable;
> > > +    InterruptSspTable[1] =3D mCetInterruptSsp;
> > > +    PatchInstructionX86 (mPatchCetInterruptSsp, mCetInterruptSsp, 4)=
;
> > > +    PatchInstructionX86 (mPatchCetInterruptSspTable,
> > mCetInterruptSspTable, 4);
> > > +    DEBUG ((DEBUG_INFO, "mCetInterruptSsp - 0x%x\n",
> > mCetInterruptSsp));
> > > +    DEBUG ((DEBUG_INFO, "mCetInterruptSspTable - 0x%x\n",
> > mCetInterruptSspTable));
> > >    }
> > >  }
> > >
> > > --
> > > 2.16.2.windows.1