From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web08.12955.1612057599234696839 for ; Sat, 30 Jan 2021 17:46:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=KurN+pB7; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com) IronPort-SDR: tyS1uknRGDsb5xfsJqouU3UykYEpwA6g/+ZR7acnm54Le9lttiHXBKHC4noyHZj6wUvtRxqbcp 49qtUzTk7+wA== X-IronPort-AV: E=McAfee;i="6000,8403,9880"; a="265391353" X-IronPort-AV: E=Sophos;i="5.79,389,1602572400"; d="scan'208";a="265391353" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jan 2021 17:46:38 -0800 IronPort-SDR: DnaVCym4I5jRHf7ltEX6AClddtoHxi/R64Orajp5VPlRd27U0abSFE7C5xm4TJHKem0ZGs0uxE 5JUxyVgsnlYw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.79,389,1602572400"; d="scan'208";a="431635322" Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by orsmga001.jf.intel.com with ESMTP; 30 Jan 2021 17:46:38 -0800 Received: from fmsmsx606.amr.corp.intel.com (10.18.126.86) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Sat, 30 Jan 2021 17:46:37 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Sat, 30 Jan 2021 17:46:37 -0800 Received: from NAM04-SN1-obe.outbound.protection.outlook.com (104.47.44.54) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Sat, 30 Jan 2021 17:46:37 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MYbkni6UlOdk1X1MyV/49779R/+uY+w9XyOGhWqE0uLBKV43vqnQBiP4Es1rEs17ULPVr5ddYJs8bSxyxyNw7uZrQF5eHA+zzs8G4xUZ7Qb2GXwai4Ii17h7gPv2CihZqnSpbrTnwTvAX2KzhDE45ANUQyN2vE3lAm9QJxiT8PaoIZHpWWWcSr5fSD10Wx0v1T1lNn09FCTbEpOATTbH+iwiwrGpFoOue7FMgjIq3UFj4M1wiiJ10YSIzPl0aVusRWWxzhX1ASCoaxNugr/dv6DdcA4fb6FcPb+AnTgs4terijcSt/j1Uf9By3JVss/6kC0QEjB89W+zXnBW28CrKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SMaWMGMSkQRhBpPxJbtDc3cZHi3a9H94v02amPekoGo=; b=gN0T8eDK1/RmAmo//C4LA21bf5Fo1nl8UISGWr9B/buSeIAPx6zcciqWPFW33kTxOXcS4A7X/wKMuEUYGOOCRk5XzKjn3kSUq6Dx1AGEJ3sZKhbG5YUthedyUcAdOPa5+BfnIwHXZAG8bdAIstj602voUDwubwxR3unLaroVR9AGICjR9hyhDNVj+5tvHw9Gmfj0+zEs3lUVAFx3yWc+BOOez5X9MuqS/vJLxLT15dMgB3virb54kcJhRlhkk1xYNOVHuPgntvsAY5IT/7hiVu5NMdH8U+6EoPo8EFdysus+l8JYyXZr/inuMhjmfQxcJQUr40G+9GpKQidUpv9eEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SMaWMGMSkQRhBpPxJbtDc3cZHi3a9H94v02amPekoGo=; b=KurN+pB7UPvK05+kBj98ZeqdEj3AQkUnob6Qo1kiINoOr09MaZWxQpV6+jCkKemW/9sJ7EtQHClceli0SvJnXD0+p1O0F3aVykbI9VkBMnVWWTtycex7N9D5s2IoUdYwo40mdW3iinFM4kvcgW6bakcd38k8/2HgaFq14cor/tw= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BYAPR11MB2711.namprd11.prod.outlook.com (2603:10b6:a02:c2::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.19; Sun, 31 Jan 2021 01:46:33 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3805.024; Sun, 31 Jan 2021 01:46:33 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" , "Sheng, W" CC: "Dong, Eric" , "Ni, Ray" , "Laszlo Ersek" , "Kumar, Rahul1" Subject: Re: [edk2-devel] [PATCH 2/2] UefiCpuPkg/CpuExceptionHandlerLib: Clear CET shadow stack token busy bit Thread-Topic: [edk2-devel] [PATCH 2/2] UefiCpuPkg/CpuExceptionHandlerLib: Clear CET shadow stack token busy bit Thread-Index: AQHW9hTDzcMmsj/tkEKUsKDvi1/UrKpA8IQwgAAINIA= Date: Sun, 31 Jan 2021 01:46:33 +0000 Message-ID: References: <20210129075946.31684-1-w.sheng@intel.com> <20210129075946.31684-3-w.sheng@intel.com> <165F2D66EAF4D84C.16314@groups.io> In-Reply-To: <165F2D66EAF4D84C.16314@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 09093146-e364-4d2a-1f39-08d8c58a09e6 x-ms-traffictypediagnostic: BYAPR11MB2711: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: C0Ug95kX2OfFHbisjAjBkV+36H2xjKWq0shdu85s77xqBC3XZK8+i1xKo1Om8rpvklPsJj5e3r6igl1FxkE+b7jPuNMn1cbn9rbdOeX0S5CHHP/7lfQr7Px1+2q1VfspzVKvdFeSJ5s13cD9TA34d40iC2pdpryHtEierhZjB1sKIrSlGoAG2k96K6NTZfgX4LDwnvInyFCo8+nM37fydy7y7a4u/0v9w4xSX+Q85xVfILxNJcEVjkgYQpQF8xS8Uv1LGGGN3F2y10KQd6NNICGSTcoJTpNcy0GOG93CaUqIx5dOSjpU30X0v0XNRYkdzOXtLtvZDLDfwrmanK6c1tXxIdOAXnb4ZTNzbLHfh5efGQVk7XFfKAOJE45azUoj+CEUvxaG+v1QeIhApBK0ADbqWfCYWKzoWU+xT7bis4nW7FKEgOV8AZVUebRh6nv3Wgyx7tCCxu8Rt+nC5A/JigFr3ONITrP2ptycM1uMVXDWd+7SY0pjmGnuSwq5UOSX9pmY2L9a4LLJi/obSXh3TG1epXVLzHWNl3rU9fONIIlYK3pEhHxQWVnYcFj6o9CfoRgTqGO8K8p+VNGF1LHg5cWBaN3jrtq8SFfcbhyPdUw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(376002)(366004)(39850400004)(346002)(396003)(86362001)(71200400001)(966005)(8936002)(5660300002)(186003)(26005)(8676002)(54906003)(7696005)(19627235002)(110136005)(2906002)(55016002)(66446008)(64756008)(316002)(9686003)(52536014)(66556008)(33656002)(66476007)(107886003)(66946007)(6636002)(83380400001)(4326008)(6506007)(478600001)(53546011)(76116006);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?kcvvsY/KOzUY6lstS3VLfLVpivtg4aiJ57GLUCGcVmjFbBe0gKI+LJhAwC/o?= =?us-ascii?Q?wj6i1o+b2j5sSUf5KsTJgLz/Iio301b82tbb+34kXQe0FLgB+cRBQnlY2kgF?= =?us-ascii?Q?0LPc1XLGspP7tm+XZm80DXjKyyEFw0tgEDoipujA5XpI09vAHJLSCweWm2Fi?= =?us-ascii?Q?6gH9ixp84NtLH824ZJUp6SOQWjFDJ/frE16dfFEK9Fu4sAPilIWyy/Y36iqK?= =?us-ascii?Q?IRGPrdXVL32Kh3TwJEDCRNSGJ83c+EuHHNSO73B3bLrBaMjnQ2auib8tltE0?= =?us-ascii?Q?q7jPFbZwG9wbYVHawHE+Mj0rlkWXvjLKwHlWhnaPDNNlZct77vB62xFlOJE7?= =?us-ascii?Q?JvcbZeeUcf/C+LNs94Kve/K2PrNppGINsKNtSLnmOOkulaqR0VAM1LfIsvbD?= =?us-ascii?Q?XAuoBpMA/hiULf5LMUyGJ4qTYpLyUHpD+/S3C6xpU2uPELHy8bmZ//Z130yF?= =?us-ascii?Q?9d8Y00rM/DDuWycPDCe/4nsvTGE87/4mHCr8V9a88Qqw/HxcRuoPxzN7Eif2?= =?us-ascii?Q?q736v5zE8lJEluahB7ui3HXOCdwDUI/G8JjzpmBZnInygTiCXxdjqem58ooM?= =?us-ascii?Q?cVLOsj5N0yCytUl7cNSmatOCqePL6H60ovYN7Eh2ghbJCXubQVgKnhqgH3dp?= =?us-ascii?Q?nCjtix5ZahntiJMkWnQfYRqhvgz12nO+6WlSLS030vgJX38rLYeHve+vWBPJ?= =?us-ascii?Q?aYMh0CubVdkk8SXTQ0ZpVfQF4ibPuaRGTXKB6LYrj+PbQbU6DDQPG5TMsuee?= =?us-ascii?Q?88Cu6xJwPm8hIxASEK1ucukeqkGTB25PehHc6oOLHsEn5BEFs7y/ucLsuBUV?= =?us-ascii?Q?nXaLoHEgacMTmV0qh9a5jCX+w0QavAgR/JOJqCKysGOEeOonOaLj5DguOXvk?= =?us-ascii?Q?L+Y5cUBHeXUD5ha+CIIUw1O2fdlNdiX277/j26qv6T41jYogTndCCorUtMgf?= =?us-ascii?Q?4e7l2V02yWKRUWE4pRFgTIoeZ0UTHcmRq7Ra6D12+rhqPGv37cZwD3VqoGM8?= =?us-ascii?Q?eTJzuRDSivvczDceC8TPZ5K9LsrsSV8M7JnhlFFFdshgkXIGLkJjC7NDVxUi?= =?us-ascii?Q?zE9FFFas?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 09093146-e364-4d2a-1f39-08d8c58a09e6 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2021 01:46:33.3411 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: rFg51eCKq5dlxgMa5KnXgXz9amRQRcb9oAGrH0P26ZNBpDiBsolJap1O+KCIVNYnaYa9cOBt+fbyLUrGSfTOFg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2711 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable One more question: 4) I saw from original author's note: The interrupt SSP table point should= be 0xFF0. I have not seen you update https://github.com/tianocore/edk2/blob/master/U= efiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c#L194 May I know that SSP table point is ? > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiew= en > Sent: Sunday, January 31, 2021 9:38 AM > To: Sheng, W ; devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Laszlo= Ersek > ; Kumar, Rahul1 ; Yao, Jiewen > > Subject: Re: [edk2-devel] [PATCH 2/2] UefiCpuPkg/CpuExceptionHandlerLib: > Clear CET shadow stack token busy bit >=20 > Hi > I have some feedback. >=20 > 1) Would you please confirm you have validated the > https://github.com/tianocore/edk2/tree/master/UefiCpuPkg/Library/SmmCpuF > eaturesLib and > https://github.com/tianocore/edk2/tree/master/UefiCpuPkg/PiSmmCpuDxeSm > m with dynamic paging turn on > (gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmRestrictedMemoryAccess|FALSE), > and with multiple page fault triggered in the code? >=20 > 2) Would you please add comment for the assembly instruction? >=20 > I saw good comment from the original author. Not sure why you removed th= em? >=20 > =09 push %rax ; SSP should be 0xFD8 at this point > =09 mov $0x04, %rax ; advance past cs:lip:prevssp;supervisor s= hadow > stack token > =09 INCSSP %rax ; After this SSP should be 0xFF8 > =09 SAVEPREVSSP ; now s shadow stack restore token will be > created at 0xFD0 > =09 RDSSP %rax ; Read new SSP - should be 0x1000 > =09 CLRSSBSY (%rax - $0x10) ; Clear token at 0xFF0; SSP should be 0 af= ter > this > =09 RESTORESSP (%rax - $0x30) ; Restore to token at 0xFD0 - new SSP wi= ll > be 0xFD0 > =09 Mov $0x01, %rax ; Pop off the new save token created > =09 INCSSP %rax ; SSP should be 0xFD8 now > =09 pop %rax ; restore rax > =09 Retf ; Return >=20 > 3) Please draw the stack layout in the file. It will help other people m= aintain the > code later. >=20 > For example: >=20 > +------------------------------------+ > 0xFD0 | FREE | // it is 0xFD8|0x02= |(LMA & CS.L), after > SAVEPREVSSP. > +------------------------------------+ > 0xFD8 | Prev SSP | > +------------------------------------+ > 0xFE0 | RIP | > +------------------------------------+ > 0xFE8 | CS | > +------------------------------------+ > 0xFF0 | 0xFF0 | BUSY | // BUSY flag cleared afte= r CLRSSBSY > +------------------------------------+ > 0xFF8 | 0xFD8|0x02|(LMA & CS.L) | > +------------------------------------+ >=20 > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: Sheng, W > > Sent: Friday, January 29, 2021 4:00 PM > > To: devel@edk2.groups.io > > Cc: Dong, Eric ; Ni, Ray ; Lasz= lo > Ersek > > ; Kumar, Rahul1 ; Yao, > Jiewen > > > > Subject: [PATCH 2/2] UefiCpuPkg/CpuExceptionHandlerLib: Clear CET shad= ow > > stack token busy bit > > > > If CET shadows stack feature enabled in SMM and stack switch is enable= d. > > When code execute from SMM handler to SMM exception, CPU will check > SMM > > exception shadow stack token busy bit if it is cleared or not. > > If it is set, it will trigger #DF exception. > > If it is not set, CPU will set the busy bit when enter SMM exception. > > The busy bit should be cleared when return back form SMM exception to = SMM > > handler. Otherwise, keeping busy bit in set state will cause to trigge= r > > #DF exception when enter SMM exception next time. > > So, we use instruction SAVEPREVSSP, CLRSSBSY and RSTORSSP to clear the > > shadow stack token busy bit before RETF instruction in SMM exception. > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3192 > > > > Signed-off-by: Sheng Wei > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Laszlo Ersek > > Cc: Rahul Kumar > > Cc: Jiewen Yao > > --- > > .../DxeCpuExceptionHandlerLib.inf | 3 +++ > > .../PeiCpuExceptionHandlerLib.inf | 3 +++ > > .../SecPeiCpuExceptionHandlerLib.inf | 4 ++++ > > .../SmmCpuExceptionHandlerLib.inf | 3 +++ > > .../X64/Xcode5ExceptionHandlerAsm.nasm | 28 > > +++++++++++++++++++++- > > .../Xcode5SecPeiCpuExceptionHandlerLib.inf | 4 ++++ > > 6 files changed, 44 insertions(+), 1 deletion(-) > > > > diff --git > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.in= f > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.in= f > > index 07b34c92a8..e7a81bebdb 100644 > > --- > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.in= f > > +++ > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.in= f > > @@ -43,6 +43,9 @@ > > gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList > > gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize > > > > +[FeaturePcd] > > + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard ## > > CONSUMES > > + > > [Packages] > > MdePkg/MdePkg.dec > > MdeModulePkg/MdeModulePkg.dec > > diff --git > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.= inf > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.= inf > > index feae7b3e06..cf5bfe4083 100644 > > --- > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.= inf > > +++ > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.= inf > > @@ -57,3 +57,6 @@ > > [Pcd] > > gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard # CONSUMES > > > > +[FeaturePcd] > > + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard ## > > CONSUMES > > + > > diff --git > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib= .i > > nf > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib= .i > > nf > > index 967cb61ba6..8ae4feae62 100644 > > --- > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib= .i > > nf > > +++ > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib= .i > > nf > > @@ -49,3 +49,7 @@ > > LocalApicLib > > PeCoffGetEntryPointLib > > VmgExitLib > > + > > +[FeaturePcd] > > + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard ## > > CONSUMES > > + > > diff --git > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.in= f > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.in= f > > index 4cdb11c04e..5c3d1f7cfd 100644 > > --- > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.in= f > > +++ > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SmmCpuExceptionHandlerLib.in= f > > @@ -53,3 +53,6 @@ > > DebugLib > > VmgExitLib > > > > +[FeaturePcd] > > + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard ## > > CONSUMES > > + > > diff --git > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAs > > m.nasm > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAs > > m.nasm > > index 26cae56cc5..13fd147f11 100644 > > --- > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAs > > m.nasm > > +++ > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAs > > m.nasm > > @@ -1,5 +1,5 @@ > > ;--------------------------------------------------------------------= ---------- ; > > -; Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<= BR> > > +; Copyright (c) 2012 - 2021, Intel Corporation. All rights reserved.<= BR> > > ; SPDX-License-Identifier: BSD-2-Clause-Patent > > ; > > ; Module Name: > > @@ -13,6 +13,7 @@ > > ; Notes: > > ; > > ;--------------------------------------------------------------------= ---------- > > +%include "Nasm.inc" > > > > ; > > ; CommonExceptionHandler() > > @@ -23,6 +24,7 @@ > > extern ASM_PFX(mErrorCodeFlag) ; Error code flags for exceptions > > extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag > > extern ASM_PFX(CommonExceptionHandler) > > +extern ASM_PFX(FeaturePcdGet (PcdCpuSmmStackGuard)) > > > > SECTION .data > > > > @@ -371,6 +373,30 @@ DoReturn: > > push qword [rax + 0x18] ; save EFLAGS in new location > > mov rax, [rax] ; restore rax > > popfq ; restore EFLAGS > > + > > + push rax > > + cmp byte [dword ASM_PFX(FeaturePcdGet (PcdCpuSmmStackGuard))]= , 0 > > + jz CetDone > > + mov rax, cr4 > > + and rax, 0x800000 ; check if CET is enabled > > + jz CetDone > > + push rbx > > + mov rax, 0x04 > > + INCSSP_RAX > > + SAVEPREVSSP > > + READSSP_RAX > > + mov rbx, rax > > + sub rax, 0x10 > > + CLRSSBSY_RAX > > + mov rax, rbx > > + sub rax, 0x30 > > + RSTORSSP_RAX > > + mov rax, 0x01 > > + INCSSP_RAX > > + pop rbx > > +CetDone: > > + pop rax > > + > > DB 0x48 ; prefix to composite "retq" with next= "retf" > > retf ; far return > > DoIret: > > diff --git > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5SecPeiCpuExceptionHan > > dlerLib.inf > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5SecPeiCpuExceptionHan > > dlerLib.inf > > index 743c2aa766..a15f125d5b 100644 > > --- > > > a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5SecPeiCpuExceptionHan > > dlerLib.inf > > +++ > > > b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Xcode5SecPeiCpuExceptionHan > > dlerLib.inf > > @@ -54,3 +54,7 @@ > > LocalApicLib > > PeCoffGetEntryPointLib > > VmgExitLib > > + > > +[FeaturePcd] > > + gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStackGuard ## > > CONSUMES > > + > > -- > > 2.16.2.windows.1 >=20 >=20 >=20 >=20 >=20