From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.8930.1616739232670702944 for ; Thu, 25 Mar 2021 23:13:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=misXxvWK; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: jiewen.yao@intel.com) IronPort-SDR: WnNu6qa84G8U+zxIM+dOQ/8V0AGdatWmMjFUxNO7jaddx4dYgBuznLqiC4hdDr/zJbv/Os090D UwussL8Qx0Bw== X-IronPort-AV: E=McAfee;i="6000,8403,9934"; a="188804741" X-IronPort-AV: E=Sophos;i="5.81,279,1610438400"; d="scan'208";a="188804741" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2021 23:13:51 -0700 IronPort-SDR: WkzrQIRDbWfWH6fx3dihxLB2jp40BTRCYb7q1sd8aVdlPg3GOxHmiFAQ3rTvSskKUfWG55Nvs/ XN5qDamohRVg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,279,1610438400"; d="scan'208";a="382513698" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by fmsmga007.fm.intel.com with ESMTP; 25 Mar 2021 23:13:50 -0700 Received: from orsmsx609.amr.corp.intel.com (10.22.229.22) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 25 Mar 2021 23:13:49 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX609.amr.corp.intel.com (10.22.229.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 25 Mar 2021 23:13:49 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Thu, 25 Mar 2021 23:13:49 -0700 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (104.47.56.43) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Thu, 25 Mar 2021 23:13:49 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ngPT5uYDojVREu3jqBeTZefaCFipMXw0dvwQZkPIkZ6eu0DrqIjrMauPsnppNxSjX0fk1xqHDLhVWHbnRh+ZU6/RL8IQ4ld0TdY3uHLiCluaNnY7k4XgZraZccqyKbVxkWmakD1HzH37LwR+mDZwt0uIRq0bcVBYRrAlxbMi2EuOQhc0o5sbhbjf2WSdtZ+GaaATWyqJVjLqm0HTHguJv5jMbQPpN52Lz3Ec/jzDXEOGwtChsyqRo1NYS1xoBZZqq/5kfxVgYjeThaZ6T8HX56Ve20l00sL7s/A7UIhfpeTQ316Y3ezBRxe1keCbdgaaMkKccfCSJL8hdseh64mAqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GXxqSCWkLmGVhxGOxk0MWFMnxGNNsGxPmqPKxOTImNs=; b=ICzGKW8ccoedCgtGwRstXZ7DDVYUVFabkKp40Qo9bhN50LtCBV/YH/5Q/9foQwlYrxvNwP+O+O/7hgANCMoE3KRScIzqCChb82dE0irNbyfrib67/AkUMbFw9JaP1+WAmziURjIO62T+adFADL4WJH0TofvrOfj53H43xNT0+aWbG049Ad8wLMovwVM65L+M+1dNZDGUsMIVNvOasEODZmRh8sez8O+3ujhRHEr4oUR7R1ObEx141I6DV6Qyu8ALNnakdWmzSe+7eVSFPSM+uVBBR7Ojr7MkCfxk8Tfij8011vf6cchLVfCKwEBnQq0nuzt3e7Sszzx9q9CGSbCixg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GXxqSCWkLmGVhxGOxk0MWFMnxGNNsGxPmqPKxOTImNs=; b=misXxvWKq5ot3bQr7b25pOwYJd8if4jfm+jAWGnvrbJwgPWkB5F0qEy/xhPB2Z8fRrfF7f4+H2g0dti7tX0EsX2eN9VyLD4dyEA7FU1arMd6gzViZGkIK7iAlsiUv4F3ROEXS+apDBTJvwD0b1Pf0aNnoU3wTdyKzjXaEP2/tU0= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by SJ0PR11MB5198.namprd11.prod.outlook.com (2603:10b6:a03:2ad::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.25; Fri, 26 Mar 2021 06:13:48 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3977.024; Fri, 26 Mar 2021 06:13:48 +0000 From: "Yao, Jiewen" To: "Sheng, W" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Ni, Ray" , "Laszlo Ersek" , "Kumar, Rahul1" , "Feng, Roger" Subject: Re: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow Thread-Topic: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow Thread-Index: AQHXIgXgA0JcWUeBQkaZqybbNApjWqqVygaQ Date: Fri, 26 Mar 2021 06:13:47 +0000 Message-ID: References: <20210326060413.7760-1-w.sheng@intel.com> In-Reply-To: <20210326060413.7760-1-w.sheng@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5c0195dc-5033-47bf-4e6f-08d8f01e5193 x-ms-traffictypediagnostic: SJ0PR11MB5198: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: x44UF5uGoalzuk7uwpI5PIEneFc9bBJzcx6gAfTW3mG+7P0sk+gGRIrZ6xHc0FxbU+QP78mG/qYLBSUgg0ZgbYPHJT2vKkIU5d2wovn3nJT7pGmqTxUd/b4hYYLiQmos8dc2wtW2S6IF/SdHDKLVVGNqDB4XZWgLh1m/o8oEoMO9hrBcnMq+BFuM52NOXprd9K50RYCoCtcPQd0Jzp3jPoRgypGSqS5SKOgw2Ubzj0Ljma+1UWgeRm+SJ/kO/Pq6CcPAIww13TU35s4Xiy028Ny4E/2LmguViREqIJPBIBOSjbWUp1scivv9arpjRyJ1p5rhFnvMcdAH730RDRhojpVOd1qm0rcogueuaNSsmYJ8jOA1dRJjcYEKo5CpASZQIiaFZ8rW7rVg8qcbSmtnQAvmwoD2f2FqlCpiCqIx3SxGg2j/d93huTz5E2tkAXyRIall4VI15b+s1LnQqIp7HAXQ4//uC/HlwKjkwsmAKhtsEEUqeQGYQhVSeLDK8wa6tgbOfrzYoezutvwwlcHuNja7RpqPbvkljPAV13s1kMrA7mGkTctOhrgN6KjgDB1hA/0p+wy5r7oMCZZCAkwsZ3lRkMPeJGtWlR8EqvUSAZAe0UDPRe0pXKESqFd6pa/BMiNdynJJCHgUSEBFN/p0boshYbVuRIq5Yb7MaDtjFg+681pJPYCGjt2O+LTFgSD/pcHOHfXK/T1gJhB18aGrgXhaP8Gxl6AWWL9UuiU0HFwbTkEKMoyLCpQZHpyaUtBv x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(136003)(396003)(366004)(346002)(39860400002)(376002)(66946007)(83380400001)(6506007)(5660300002)(19627235002)(52536014)(66556008)(38100700001)(64756008)(86362001)(33656002)(66446008)(76116006)(66476007)(107886003)(53546011)(26005)(2906002)(8936002)(8676002)(4326008)(54906003)(186003)(9686003)(966005)(7696005)(110136005)(71200400001)(316002)(55016002)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?YjodNcpUZKz3/bMgSdTdi1nyvf/7O2812R8vE7aHrWDcUqYrJQyN38bpNlc4?= =?us-ascii?Q?k5P7N1COLv/MpFOk2Mn/fu2YR1NofqvBwUhmYulIMHF7y6VgqIxSySk0flFG?= =?us-ascii?Q?8YI5aNRCoJPUHAqx4o3EnBk6LKzfZDjRa10FC8h9GpgwcRSjp3BrSXuI0yaB?= =?us-ascii?Q?RqRz3gVu2vgT0gJPtwlodhLODoWJ7qnaRrqWXCOcAR+czq+LsyjyWkFLuoZ+?= =?us-ascii?Q?vRaNPpBMcHFVQDwkWoyGiY57tTiE0zEd15q8GjAebgpOwtwNENyOFmvMRuxu?= =?us-ascii?Q?FGtRNpA8mWr9M9fttdu8zVtTl9EBi2b+UVh40Ie7DR+srENBxujhUp4w+8Bj?= =?us-ascii?Q?q3Nfw4xE3Y55HPXnEv1wbQdF5WgknTefb6iS1OPQ8QwPYyAFPgc0LySX+BEY?= =?us-ascii?Q?JPhcv2d+EDcFpQaZua6/8D+at1KqrhLeJ4w4WJbGj8rsgDOgDPY0+aBT2o+V?= =?us-ascii?Q?frvoM062MAwlzFLeXg3JM3alpNHmD75bTf7G+I7EOgIMIaoURzyoZeG/Ub9d?= =?us-ascii?Q?usJo+mUcOiX/gqKPekaWXtVGdUEIHhxnx2cvnQ+8K6d5j6eyLA1EWt7RVHNv?= =?us-ascii?Q?fStQHjCQ+fpeQ7RoHGDouaMlFRyTXwDuBb9I8bPzUE5mJqfsYtcp6d3mhc7S?= =?us-ascii?Q?Aid5it5KOQAb4L5jMToQn2qFBgjH0XuQk31liOGlx6f1g+txcHJMsL6BhEV8?= =?us-ascii?Q?xSlfIo55ddCYaW5WZubIPSLasSPaDiOddnM+qYMI32vjxB2BejKACw3lIiIG?= =?us-ascii?Q?6zby29flojIquW+o/GXV11BTtCUetGOIB8ovzJQjDzraBd+f80KQVTtu78Ix?= =?us-ascii?Q?Ks/H6xIeMe1uIu2ydNaWvjAeUcl+tMMFqdol3sZEZG4ncYhoTeSj04/ShFqu?= =?us-ascii?Q?5PBc5KbVK+ptSVkJwwYR4bnRdojvnL1shBxltryc2kKWWWDaR5XCl0DiRG4Z?= =?us-ascii?Q?1knxwbwqSG30qIm2sZIl9Pskir5LRwgLut6tBYLvKN0nQWkNljZ9R8qgrBYD?= =?us-ascii?Q?TgJKtxD9g2riIvuSe3R9IUv4HT2gg8k+M/2TxpmVW95/tRhtNmZYaPCfuEmw?= =?us-ascii?Q?0nv2sCt3kyRJuPFhZ9OVYBt/SQEh+HTyaOQvtO9GH3zR0zfCpVYgEunKdXRM?= =?us-ascii?Q?qDbhD6Ems50zaPU+DYK0HLON5mdjTupOt76AybznyB9pszDXn9tneMPweN4W?= =?us-ascii?Q?HL9fRZlUZLXNvTkL+jN4h4KlrKidTbHDkuZxHFnuztwFAV6dAbH5xmuo1Zgf?= =?us-ascii?Q?+8ZT5NPr/5A2C907XLYw+dpdAqYDP2DndDl4EINW12lNlu4bLOmuhsgjCRWQ?= =?us-ascii?Q?htLCJRG2aR/uv+y3XsB6SXDx?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5c0195dc-5033-47bf-4e6f-08d8f01e5193 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Mar 2021 06:13:47.9419 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TodKaO+eANrj2A3wtSMM7oXk67wU1FH3nJhLzrONRq00hUeG58HOzJN5sHMWutu3F6XB0BHe+ndZikQ11m6Arg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5198 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Would you please share the info on how you do unit test for the new added c= ode? Thank you > -----Original Message----- > From: Sheng, W > Sent: Friday, March 26, 2021 2:04 PM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Laszlo = Ersek > ; Kumar, Rahul1 ; Yao, Jiewen > ; Feng, Roger > Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow > stack overflow >=20 > Use SMM stack guard feature to detect SMM shadow stack overflow. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3280 >=20 > Signed-off-by: Sheng Wei > Cc: Eric Dong > Cc: Ray Ni > Cc: Laszlo Ersek > Cc: Rahul Kumar > Cc: Jiewen Yao > Cc: Roger Feng > --- > UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) >=20 > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > index 07e7ea70de..6902584b1f 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > @@ -1016,6 +1016,7 @@ SmiPFHandler ( > { > UINTN PFAddress; > UINTN GuardPageAddress; > + UINTN ShadowStackGuardPageAddress; > UINTN CpuIndex; >=20 > ASSERT (InterruptType =3D=3D EXCEPT_IA32_PAGE_FAULT); > @@ -1032,7 +1033,7 @@ SmiPFHandler ( > } >=20 > // > - // If a page fault occurs in SMRAM range, it might be in a SMM stack g= uard > page, > + // If a page fault occurs in SMRAM range, it might be in a SMM stack/s= hadow > stack guard page, > // or SMM page protection violation. > // > if ((PFAddress >=3D mCpuHotPlugData.SmrrBase) && > @@ -1040,10 +1041,16 @@ SmiPFHandler ( > DumpCpuContext (InterruptType, SystemContext); > CpuIndex =3D GetCpuIndex (); > GuardPageAddress =3D (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex = * > (mSmmStackSize + mSmmShadowStackSize)); > + ShadowStackGuardPageAddress =3D (mSmmStackArrayBase + mSmmStackSize > + EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize)); > if ((FeaturePcdGet (PcdCpuSmmStackGuard)) && > (PFAddress >=3D GuardPageAddress) && > (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) { > DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n")); > + } else if ((FeaturePcdGet (PcdCpuSmmStackGuard)) && > + (mSmmShadowStackSize > 0) && > + (PFAddress >=3D ShadowStackGuardPageAddress) && > + (PFAddress < (ShadowStackGuardPageAddress + EFI_PAGE_SIZE))) { > + DEBUG ((DEBUG_ERROR, "SMM shadow stack overflow!\n")); > } else { > if ((SystemContext.SystemContextX64->ExceptionData & IA32_PF_EC_ID= ) !=3D > 0) { > DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%lx)\n", > PFAddress)); > -- > 2.16.2.windows.1