From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.2010.1660104177506844401 for ; Tue, 09 Aug 2022 21:02:58 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=HVNYYY2z; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: dun.tan@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1660104177; x=1691640177; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=bYt8joUebSc7VDvG/ubrQdN5BFqG7MsbtvJNTDEmYi8=; b=HVNYYY2z/SKbxdnK2SGSKV5xcz87Mz1MJ0U5/qVHqLtu2YDRdKgYCeqA om129O99o25rHpIFU3qHeV79tFq8CRIh65wYkI8foArtKG8KHscjSRudB PsnP6Tzb5d8DjcFQcbagOaDLx6AGEpkns/4ZdpqCNixqokUcbczSU/yHJ tsTSH1oMukP6HLmhJ5xS1P9oJpla39SU3vtDhlinR2JiA5CBxQVOzIM6Y jDmWBtzXThi8cAKrslwekcAfJ+NUQj76uwRY/SLHcdcrsKXuVI9e/Vx27 BJ0LtgFIQ4tDJ9EIxeUtVMwO9XazayXZQ8YTJX9ZpJyZuGvBEL4nkT0av w==; X-IronPort-AV: E=McAfee;i="6400,9594,10434"; a="288556386" X-IronPort-AV: E=Sophos;i="5.93,226,1654585200"; d="scan'208";a="288556386" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Aug 2022 21:02:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,226,1654585200"; d="scan'208";a="633601584" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga008.jf.intel.com with ESMTP; 09 Aug 2022 21:02:56 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28; Tue, 9 Aug 2022 21:02:55 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.28 via Frontend Transport; Tue, 9 Aug 2022 21:02:55 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.28; Tue, 9 Aug 2022 21:02:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kWR9rJK1aV5eb722X+YPUEObeZVlQ0rfam8BoZNrx5WiHDW8tuS1W7aCbOF9A+xH6/E6a9dqQJdFkmZgRO7ahX5hGTA6Ss1rtjwTO0NItdKcIGLL29yynShB6+tHOn6UI923KfQGn4x+0p4JeYZ0Fms5KOvNJIx433zRJoAd5+o9Nzx62uGji6S4/xxBWIBpmBayBz4ZdEQVRH2nshECWcz2eSlWrT+l/orvsHPtx4NKVdpnyP9QRpqnCe3pBEkdLHSzzR2zcLS1h6pXRDFcOqbsaMpHjuQC3BDnnqH2BKz53CocaBQpEKIviOqK9T4cIJnmlqPAxt+Q6m28T/gjnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jEVJYptHCJqji36vig+uS45qKKlpxtjsVSxRLJDEK1Q=; b=bN0kH1A/9pe2NxJU+MAxHstS9kzegG6IslXqa2akjuDGY5NWHe6aYGRh5C2lqMhLWf0ANWF6NmeMUxO2c3V0fSZ/ZYXEBO6HpfL6IdFZ7ND3pBjgWR+pLWR12MTSSp0FPfxb7dBELyBkNSzdQgrN9lEXgsget5dQruGlTu+Lpqx8xqSEl/c1tk21IBWYixulpx9hOmkZv0ir8HIPyXy6z65uZbWDCC51MD7uzL1j+YdJScWbFMtHIOzzLsXVUr1IcvBG0XaP5BsTKMJcTB10wpi6E7E0fIxX5h94OnAhgX10MNK12Or3r0/lNavEjLtWlbdKKeKKGNRLhEq7UW9wcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from BN9PR11MB5483.namprd11.prod.outlook.com (2603:10b6:408:104::10) by SN6PR11MB2799.namprd11.prod.outlook.com (2603:10b6:805:64::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.16; Wed, 10 Aug 2022 04:02:52 +0000 Received: from BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::d482:3ee0:a92b:bc39]) by BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::d482:3ee0:a92b:bc39%4]) with mapi id 15.20.5504.021; Wed, 10 Aug 2022 04:02:52 +0000 From: "duntan" To: "Ni, Ray" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul R" Subject: Re: [edk2-devel] [PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new IsShadowStack flag Thread-Topic: [edk2-devel] [PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new IsShadowStack flag Thread-Index: AQHYrGyKW/iPvioYDkqEodLjKN45Hq2ngIUA Date: Wed, 10 Aug 2022 04:02:52 +0000 Message-ID: References: <20220810014532.117-1-dun.tan@intel.com> <20220810014532.117-2-dun.tan@intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.6.500.17 dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 476e550a-3262-4495-027f-08da7a853295 x-ms-traffictypediagnostic: SN6PR11MB2799:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: BRfv+xLI3h37oyii1dwyKyPJQRzFbqmeicj6AvoiDNplhw7lDbgiekmS/EQe9DJBPC25Iyj3s99citv0jVoTq8X+U7XkrCMUA2Lud1fJgQhHy/+pHM9sCn94hPThXTDaDSL/ntrR03tuXc7vJzoncKSpJCLSVKKy/5yjKwcPe3mC9Ce9WH4raphASfrGD+kxnOpJs00DjXjmuKSVm1Cw5Ha+cAQysscyRqaR8WRZ9Xhavk4tFVoaiowZiAvGNGM86f3AELEmmaZhPtCCeTi+IXO/MHTjOAM7Jr1Lr6Fv8MNzpo+pL4iY9Tj9gd1K2yCni7mrL6VNllMDFIHXBz61uiAiIbKbJOZ4mB3KqjCdqUQH1SknlKZCqwa3C246DkwdJs5CNxUOOHW9IBLWx/Vh4StzOr/xMoVjAtB6B2hXuNgb4hjPaA9lFUxrixbN45JVW6zxdY/AT96mqlIDTasLPUg30mV8Y26sCisebz6GGHRF0oRcE5cHtVvony9JdbmfSfVkLyPe8SgHmukPvr+39JviyPNR+cUovU8tSpnYsEohoxp6A33Z2iKOJuSbcomlPpqN1IaE7gZ/F17eBIjPdFqeSZCMFg0vDySPAzrxKuWPLz3DI71VfOBoYIH9WvdCTvs+AsEizIz3x5F4x3XjWwsSqluVUhs/N1YxYpLlQtXeu7GRXR+kyRrIyfFYey0dwtUHVrtO5FtjyvjV7roFQGgUGfihqhG8FTsCrHioORkLeE3AvuMBpw98clF9B+Lm3jc+6FZQwnDRKUIa4Mgj4fWk9WIoZFjaJVNNQc5s9C7Uhvz7a2NeVTnrkb1zDpndJDZ9eXhdJSPl1VD3La5e4ghuGvawpnOA35bnpwlge8HW66HpSRxI4MEDGu74FF8u x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN9PR11MB5483.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(6029001)(136003)(376002)(396003)(366004)(346002)(39860400002)(2906002)(122000001)(55016003)(82960400001)(38070700005)(38100700002)(83380400001)(966005)(26005)(8676002)(66476007)(41300700001)(54906003)(110136005)(5660300002)(9686003)(8936002)(71200400001)(52536014)(4326008)(6506007)(66946007)(66556008)(107886003)(316002)(53546011)(186003)(66446008)(64756008)(478600001)(76116006)(33656002)(7696005)(86362001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?2mcDIfMjOQnYXUhnsuxe5xYANeN8YfHmqbxEn386KuLYPKB4cmkn90GyboLO?= =?us-ascii?Q?0rjaXi0/08ReCOjZgg+FXVSSbFl7gcN9EeZ5BdL9ftHrChIF27tSgKsCwPGz?= =?us-ascii?Q?dMaDUD0/KFOsc9QKP3RwsAoztiyhnM+Mk44jnVeG5yPkSlLTuTtysLp3QTQv?= =?us-ascii?Q?zNCvgGKDetcl+jTXM5tpeSVlDAOJb9qM0yKQGVDd/fnVXPgdye4n9fUFjEm1?= =?us-ascii?Q?dIUIi40GOvRlqY2xNxwX0OQsVvqK2fnj+fxosaV8Zby6JM5Mht9mgZd7aAqD?= =?us-ascii?Q?BzU10owniSz7hL65/fIXWDDITnoTVYrOyz6/dlPLu0keMzPrV82Qu+4AYCmN?= =?us-ascii?Q?HbeTOO91uFNzl0/suRIHDeZV8Ojm0mmys7B/4RjcYn3hwgVIt+aZu5NR32ZO?= =?us-ascii?Q?lJEZsiKD5yXphXhpsLpEISL7NQm2miQYNMoT+HJXLIZ/j4ZFFkx3NK+FGfqI?= =?us-ascii?Q?cDjmszXCwraaKbWsxSNvoEOcb2712RvM3GGAPreXyKb1fMWZkpdLZbaWhj0K?= =?us-ascii?Q?m/OgJBv3whddcbJEUtFL4G5xbU1ispQtz3S8rhGcnvELcVTsCtLWLP+mTeSe?= =?us-ascii?Q?jIlvZrEJH+GbNCvLJb+YeCgokHyG04dXpqExN/zLCPJJxXijgFoqfh/Q2Opb?= =?us-ascii?Q?CbsFPimL1Mo5jiyg5dYTFbe0vtWfRWJtU1gXBCvMl/fl9w25r4XD9cQ+eSbz?= =?us-ascii?Q?RxXBfcOKnq1wgpdSc9IcE53dxos+I9xnacX43Jj3oear7Q1kVEytQSAno0HY?= =?us-ascii?Q?AGjQJr+/jIjuFfP/xxpb0vfWbKtqlRz760AIaU3Wtpb8I0wLMJPtq9cqb/Bt?= =?us-ascii?Q?xDpyAHTplGdgyuZwjviksHc2ljBmUlp4DxElUbWD9hZc2WS6hfwk1HV84v3S?= =?us-ascii?Q?5uv33aJQslgFkCc9w6UDnTFiG9eH35ZWCPmgXkGmL7VzAtd/7H4mgOKhwY6U?= =?us-ascii?Q?fMKEqbzBJfnEOO2I0CjXNyVvarwiMVcMlPcLRG0hTRU7W8SsDQcMZp4/vLW3?= =?us-ascii?Q?9ulhV06v7vcZUf0Qxq8DasCU8pMmZIsSmaxeAckGfIffnwe5mjb9TeREPmGw?= =?us-ascii?Q?9iP9t9RMOGW1EoqXniYf9YMfMGVr3CoUj2ap1n7HykpwvrHTNjHMBAWl/ww5?= =?us-ascii?Q?iTUR1bJYzvl0i9WjWNTPRJ+eTDtLqvToHdM1RYFZ3ZuwnadfLFvazyz3wtR4?= =?us-ascii?Q?FtKVddk1oouUbmFZAPKTGiZlZgGwxHrjS6WFxkQIs5OxiMFIL4Qw+4goy5o/?= =?us-ascii?Q?QR6lJplo3ScG+v9AiejI8bZRA9muwKuF81do1RzqnCw1FR+W394kG4ngGahZ?= =?us-ascii?Q?it7HI2sJ4NF0HVneeRf3rckU11tOSC9XM/ipNgdhry4U4R24ZnRMIlioQnrP?= =?us-ascii?Q?Y9EbvrtojGntuaQ/hrUDYwEz0GR4/GzNGq8v/Bh2e8+4TzXx8iuSTRjoklbm?= =?us-ascii?Q?Ymv5Ad4GRH6f3gkjPGhSq7sTnbJUSNh4tqYeaUujdYHv0sJtsRFA/S9DKbwQ?= =?us-ascii?Q?REwZQ3kT+6WapRdpmdBe4fZFk2XmGHqke6vVVGKhKrFF0djfU5tZdM9RD/4t?= =?us-ascii?Q?Jo5RZnqvOCqbSqg93Ao=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5483.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 476e550a-3262-4495-027f-08da7a853295 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2022 04:02:52.3586 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: JLkakUROxSAkuHtFWWNnC6yDI1A0OTcTrvdeDAuBtr4Kk2gzfUAalk3tTdHA128XV+NivfOiZ90tcdo/fkE/uQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2799 Return-Path: dun.tan@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Ok, I'll send the V2 patch set soon. Thanks, Dun -----Original Message----- From: Ni, Ray =20 Sent: Wednesday, August 10, 2022 11:52 AM To: devel@edk2.groups.io; Tan, Dun Cc: Dong, Eric ; Kumar, Rahul R Subject: RE: [edk2-devel] [PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new = IsShadowStack flag Dun, Can you please update the commit message to explain it's a code refactoring= and doesn't change any functionality? Also explain why such refactoring is= needed. IsShadowStack: the name doesn't follow EDKII coding style. You need to use "mIsShadowStack". Thanks, Ray > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of duntan > Sent: Wednesday, August 10, 2022 9:46 AM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ;=20 > Kumar, Rahul R > Subject: [edk2-devel] [PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new=20 > IsShadowStack flag >=20 > Add a new IsShadowStack flag to identify whether current memory is=20 > shadow stack. The dirty bit in page table entry for this memory will=20 > be set if IsShadowStack is TRUE, instead of depending on mInternalCr3. >=20 > Signed-off-by: Dun Tan > Cc: Eric Dong > Cc: Ray Ni > Cc: Rahul Kumar > --- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 8 > +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) >=20 > diff --git > a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > index 1f7cc15727..b369c0c435 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > @@ -33,6 +33,7 @@ PAGE_ATTRIBUTE_TABLE mPageAttributeTable[] =3D { }; >=20 > UINTN mInternalCr3; > +UINTN IsShadowStack =3D FALSE; >=20 > /** > Set the internal page table base address. > @@ -249,7 +250,7 @@ ConvertPageEntryAttribute ( > if ((Attributes & EFI_MEMORY_RO) !=3D 0) { > if (IsSet) { > NewPageEntry &=3D ~(UINT64)IA32_PG_RW; > - if (mInternalCr3 !=3D 0) { > + if (IsShadowStack) { > // Environment setup > // ReadOnly page need set Dirty bit for shadow stack > NewPageEntry |=3D IA32_PG_D; > @@ -734,10 +735,11 @@ SetShadowStack ( > EFI_STATUS Status; >=20 > SetPageTableBase (Cr3); > - > - Status =3D SmmSetMemoryAttributes (BaseAddress, Length,=20 > EFI_MEMORY_RO); > + IsShadowStack =3D TRUE; > + Status =3D SmmSetMemoryAttributes (BaseAddress, Length, > EFI_MEMORY_RO); >=20 > SetPageTableBase (0); > + IsShadowStack =3D FALSE; >=20 > return Status; > } > -- > 2.31.1.windows.1 >=20 >=20 >=20 >=20 >=20