From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web12.7189.1611912016837208178 for ; Fri, 29 Jan 2021 01:20:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=CUqANB3u; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jiewen.yao@intel.com) IronPort-SDR: Y0yMF8Iq+kxE7RR5Ae68EZ5qAp7Vp+IP2KMKrsJINdXx8Ipjc7cnHoVHftLbayt99qOhMad1pH g72PrxM1bxQQ== X-IronPort-AV: E=McAfee;i="6000,8403,9878"; a="160165035" X-IronPort-AV: E=Sophos;i="5.79,385,1602572400"; d="scan'208";a="160165035" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jan 2021 01:20:16 -0800 IronPort-SDR: a3DUC4QR9vQIE3bTgW3RjgdvKPs7WwGKJOggZXCK3bFmyktgRx12qh05kErHybbmstv3vwsEqE 83NRfqRAE+IQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.79,385,1602572400"; d="scan'208";a="354521599" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga003.jf.intel.com with ESMTP; 29 Jan 2021 01:20:15 -0800 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Fri, 29 Jan 2021 01:20:15 -0800 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Fri, 29 Jan 2021 01:20:14 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Fri, 29 Jan 2021 01:20:14 -0800 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.172) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Fri, 29 Jan 2021 01:20:14 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jQbLPRUqIwl6oFZOLnxJ8nJUJvGf7YbBXbI4NKC3p0uQ8qxzOK5E+nr26mZjg0KHVOC2DunXvnG/KwC4XAlmajrHL2bF7fMiNWAoF7+zWf8v6Jcy7RovjFPcCysqxU97WX2b86f7W/33nYac/LpvkeA9dftoYGh9j6QZEllFoMriSpGlZOHwaEHyzb81Z+zUb2VdtiuBiVulF61OkSMoAJyMv+wHEpscYIvXjOt2mk480C1oQFmwJt6ZNpBpApOPiezUQ1JgYrEAdnZePAsU+FgrBHF25ZxyiSxhBvWWfU0N5HSM3Xsxy05K1g44ua8bQovPNqsvBWqv1x9Mw2KwGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dJ0KOKrY2KucSzM37qWihdqNsZnMXxR975ohFleBpYw=; b=WmAb65V19kwhYvSc59VGXcLckTG+iU6G5YO9me9e5Yr5oDPD+RAerX2PlIXUBQel2b9RnAXvm57gRS1huade8hGwS9Ciujq3aoTHSCRRLL6beR94mBSzpDwmfPtGhDB+GTF+CoJ/AWoWqDigEzEvMGzgGg5P/K0Ti0ZH+9RwLj2CT1NP+p8wC3iyxQ50iSPy5CTxkErU8IcLZr4CF0NhK6vizylUDo6irAiMDMEcuDKAGNc0mpNgP9GKGom5ZQyC0Ys7Nlqjslix49ILGa2pifTQbPHcuoulxuCGQkY7S/Xq6CVn/bqA6PMxKFeg1/JIiLqkUHnHZxPMu1g82uP6vw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dJ0KOKrY2KucSzM37qWihdqNsZnMXxR975ohFleBpYw=; b=CUqANB3uxNYMmZ1HZbpsL/VLGR1JkqyMeym0dxxxzdXUu3wYhDOq5M66h31wcseqOJrpG1Tl8Xedc4KVGVNSi2DcWkMgUvfatoFnjIL2F6+NLUEd+g67la8Bmsq8fM5G/VmNC4XmFMZZmN4Q5Zlp8KD6ykC31wKWPOETSWVrAG8= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BY5PR11MB3990.namprd11.prod.outlook.com (2603:10b6:a03:18d::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.12; Fri, 29 Jan 2021 09:20:13 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3805.017; Fri, 29 Jan 2021 09:20:13 +0000 From: "Yao, Jiewen" To: "Sheng, W" , "devel@edk2.groups.io" , "Dong, Eric" , "Ni, Ray" , Laszlo Ersek , "Kumar, Rahul1" , "Kinney, Michael D" , Liming Gao , "Liu, Zhiguang" Subject: Re: [PATCH] MdePkg/Include: Add CET instructions to Nasm.inc Thread-Topic: [PATCH] MdePkg/Include: Add CET instructions to Nasm.inc Thread-Index: AQHW9edV5HyCMOuSy06wo4n1pXl186o+JdKggAAfFPCAAA4ZAA== Date: Fri, 29 Jan 2021 09:20:12 +0000 Message-ID: References: <20210129023448.30348-1-w.sheng@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9fa81998-58a7-4613-d26d-08d8c437156f x-ms-traffictypediagnostic: BY5PR11MB3990: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lnjZ0pRfjtJoMMHEtwb4NgJg8uYg7QFIjGkrQUJpDaEYj1XkOqXoMUG0DBeqDwt4gWzVytXw4GC7lgf6mQyPfEURtjPerks2x54P3W1bz/HJsnomyrUzaTbPku31xY99wIc/QRJVxQZHHeaiY8EntVKeuxdj/QRU2shUTakf1tIPmIKn94PKG8JRW0G4P+TYHg7/xYem6uwQi/5sfw3zcH+lywlIt9O9ApR2BSSYQaLXnP2VH5CnYwaY+lIWVzjMyVtX0RAjkW81MP+8CQewNIb/3xu5gtVlwpnJx3uVOKi1FPMmvY8Hfo2qJoC6YspHV6sL4IjLhFs3ZWNXzNZXixbuHP4h2WnMuwZANgU1aIqZ1zun0YYyRPyNJj2ahWL5NHFEm7Jq3/FDlwL4MJIkAfp9Uen9cinz3C7dvs3tEOhaoeOFx2e3W4g1LWdVs+ponWWlKoPsUkmR5tzgKBW75zByqpV7gF9d3Wdo57JYrxwYi4HWbqvSLq7fCCBsiuV5N7RMe0WHeJllmQdiMW0lkKifyWjbs+Zw2Ji+/A0fe+ZpQ+AuM5BGJeS3gfc9wIyHmjr97YgT62k9wgehM87XZfSlG35u6CUgh0ht1FraclX+kmzRRUo57/iPDO1+2EwRlfPT02PeaPXjSC6N2LQoBg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(366004)(396003)(346002)(376002)(64756008)(76116006)(2906002)(6506007)(26005)(66556008)(66946007)(52536014)(66476007)(110136005)(66446008)(55016002)(9686003)(478600001)(966005)(53546011)(71200400001)(921005)(316002)(83380400001)(5660300002)(6636002)(7696005)(19627235002)(33656002)(186003)(86362001)(8936002)(8676002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?iso-2022-jp?B?NXNPd1pLYkh1dlBRRlY5dVcvUmJXQVcvNUJLdmQ2SnFvc0daMFAyOWJ2?= =?iso-2022-jp?B?WmU1SWc1bjRVYXNhUVV6a2ZLL0llS081UlQxOTVGc2IxUC9KellQN2Iw?= =?iso-2022-jp?B?S3R2MGRDcFVUa0t0OWplR3A4dkpHellDSzBwalpIYTNxbUtGcDVFRkVy?= =?iso-2022-jp?B?ZnNNeVlHd3EyeUg0VzAwVUVOaStVMmFRZFBCcVM3Q3ZLSWwxM0RqbnNN?= =?iso-2022-jp?B?SG9PRzc1RHdvMUNXVGlFdndRcGsvTFlQZWF3MVRzUWZrRjkrR3MzeFdw?= =?iso-2022-jp?B?ektnZ040T0hQVGVycnNuWmZzbWI1RHNiZGtuOHYzR3krVy9CbGFEVTlh?= =?iso-2022-jp?B?L1FUdWl0OXM0WUNxYkU2MnN5MmFYaGVQRE5XWXVhaWx6Y0xJaXhIV0dK?= =?iso-2022-jp?B?QVN6V1lRaXcvaHdTMDd5V3o2K0p5K3p1Z2dvTlFzWEhWaGExbzZOVmc4?= =?iso-2022-jp?B?SkRrSTVISUJxMEpNdzhlYi9EZFN4NkYzb0xmU3dNbVI4VkROR1ZUZkYz?= =?iso-2022-jp?B?Z29IU05nL1kvMEpZMHpDMGVlYjZJbTJhMlQ5bUN4OS9VdHhERDhRUGp3?= =?iso-2022-jp?B?NUFKL1lNVktBTkkzT0plRmNNVGF6QnhmdWgzRktYaUQ1UVB2UG44S1Mv?= =?iso-2022-jp?B?L2Y0Z0M4aGhQMUNZNnZXOWVXZlJ5MXdvcWttd2FtOVhwNTBpZktEZjRv?= =?iso-2022-jp?B?aHhUeWV1YUljRXMveXFJOEVLUXZrdGpjVndpa2lsazg4T29OMnJ1Zklm?= =?iso-2022-jp?B?Ynhmb3B2R090cjFOR3NmK0xtQ1JpZGp4aVlJanRKMitGSE5Kdjl1Q1Y4?= =?iso-2022-jp?B?dGJkbm9PVDZWVVdBQk9QZ2dwVkIrdkNOT2xmK1JnZzRZZE93dXR4bXRO?= =?iso-2022-jp?B?cjh4OFJGYVpoV05QTk15NUgrWDJqS2ZOcDMxU2VpVkxCSE5POHFoMDgy?= =?iso-2022-jp?B?eDBXUXQ5QWkyMDlhMW5uaGRjOC9WREdXbm9EcEg5OUtoVXo0aWdkcVUy?= =?iso-2022-jp?B?dFAvdUZkVEtGL2hzYTFyNVhKcmZaZTBLYk03ZGdYTThTbWprMGY1TmZJ?= =?iso-2022-jp?B?QW5pb1BuY3RENUthaEF0YXJKWS9CUis4NjR1L3RKRU9RSlVJdjF2bkJj?= =?iso-2022-jp?B?S3hxdEJMdmpkdTBFMkE2V01PVHdEMkx5ZDBXODZSVTN2Mm0vSWp4SjU4?= =?iso-2022-jp?B?ZThUWlRKY3Fzb3JydVE1T3cxemhLSmNBQ0Ixc0ZvWGN3c3JiZktVQ1hS?= =?iso-2022-jp?B?MXJPUHRCSHJlNEhhUFJCdTlKd1AyWktsQVBQaFhBNE1FeW5tbkcyd1Nw?= =?iso-2022-jp?B?cmV2dWYyZnI5RVg2eTQ1SXZBdW1EMEoraVRFRUs5Z0Zrc3pJY2FrRDk3?= =?iso-2022-jp?B?dTNFVlZ3VWZiSUFXVGNIVGdLT0V3SHNQeHhTY2NLWmpscHovV2hrT3dD?= =?iso-2022-jp?B?RDJ0WHNFcGduUmNXSlNSRHhsbzYzNXgzaDQ2VXlIOVg4UzBiM1NXUmU4?= =?iso-2022-jp?B?UFBhUUlWZ2hrbEl3RTJTdDRwdmlhM3J0VHJCQnB1enp4ajlnLzQ=?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9fa81998-58a7-4613-d26d-08d8c437156f X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jan 2021 09:20:13.2631 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 5as7nrUK8SPivcdkBcmmLpibcRYawqEwVv9OHvNvDcBkLtZM3a1lZZvg/x4C1ZYDawLXNOOyDlDSsXnistlOyw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB3990 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable Thanks. A question: Do we also need change the https://github.com/tianocore/edk2/bl= ob/master/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiException.nasm#L174 Thank you Yao Jiewen > -----Original Message----- > From: Sheng, W > Sent: Friday, January 29, 2021 4:33 PM > To: Yao, Jiewen ; devel@edk2.groups.io; Dong, Eric > ; Ni, Ray ; Laszlo Ersek > ; Kumar, Rahul1 ; Kinney, > Michael D ; Liming Gao > ; Liu, Zhiguang > Subject: RE: [PATCH] MdePkg/Include: Add CET instructions to Nasm.inc >=20 > Hi Jiewen, all, > The 2 patches are for fix #DF exception when enable CET shadow stack > feature. > The file 0002-UefiCpuPkg-CpuExceptionHandlerLib-Clear-CET-shadow- > s.patch is used to fix the #DF exception issue. > The file 0001-MdePkg-Include-Add-CET-instructions-to-Nasm.inc.patch is > used to add the CET instruction which is used in patch 0002. >=20 > Some description about the issue and the fix: > If CET shadows stack feature enabled in SMM and stack switch is enabled. > When code execute from SMM handler to SMM exception, CPU will check > SMM > exception shadow stack token busy bit if it is cleared or not. > If it is set, it will trigger #DF exception. > If it is not set, CPU will set the busy bit when enter SMM exception. > The busy bit should be cleared when return back form SMM exception to > SMM > handler. Otherwise, keeping busy bit in set state will cause to trigger > #DF exception when enter SMM exception next time. > So, we use instruction SAVEPREVSSP, CLRSSBSY and RSTORSSP to clear the > shadow stack token busy bit before RETF instruction in SMM exception. >=20 > Could you help to review and merge the patch? > Thank you > BR > Sheng Wei >=20 > > -----Original Message----- > > From: Yao, Jiewen > > Sent: 2021=1B$BG/=1B(B1=1B$B7n=1B(B29=1B$BF|=1B(B 14:36 > > To: Sheng, W ; devel@edk2.groups.io > > Cc: Kinney, Michael D ; Liming Gao > > ; Liu, Zhiguang > > Subject: RE: [PATCH] MdePkg/Include: Add CET instructions to Nasm.inc > > > > Hi Wei > > Would you please send out the second patch to consume these > instruction? > > > > As such people can have a full picture on what the issue is and what th= e > > solution is. > > > > Thank you > > Yao Jiewen > > > > > -----Original Message----- > > > From: Sheng, W > > > Sent: Friday, January 29, 2021 10:35 AM > > > To: devel@edk2.groups.io > > > Cc: Kinney, Michael D ; Liming Gao > > > ; Liu, Zhiguang ; > > > Yao, Jiewen > > > Subject: [PATCH] MdePkg/Include: Add CET instructions to Nasm.inc > > > > > > This is to add instruction SAVEPREVSSP, CLRSSBSY and RSTORSSP_RAX > in > > > Nasm, because these instructions are not supported yet. > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3192 > > > > > > Signed-off-by: Sheng Wei > > > Cc: Michael D Kinney > > > Cc: Liming Gao > > > Cc: Zhiguang Liu > > > Cc: Jiewen Yao > > > --- > > > MdePkg/Include/Ia32/Nasm.inc | 14 +++++++++++++- > > > MdePkg/Include/X64/Nasm.inc | 14 +++++++++++++- > > > 2 files changed, 26 insertions(+), 2 deletions(-) > > > > > > diff --git a/MdePkg/Include/Ia32/Nasm.inc > > > b/MdePkg/Include/Ia32/Nasm.inc index 31ce861f1e..9c1b7796ea > 100644 > > > --- a/MdePkg/Include/Ia32/Nasm.inc > > > +++ b/MdePkg/Include/Ia32/Nasm.inc > > > @@ -1,6 +1,6 @@ > > > > > > ;--------------------------------------------------------------------= - > > > --------- > > > ; > > > -; Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > +; Copyright (c) 2019 - 2021, Intel Corporation. All rights > > > +reserved.
> > > ; SPDX-License-Identifier: BSD-2-Clause-Patent ; ; Abstract: > > > @@ -20,3 +20,15 @@ > > > %macro INCSSP_EAX 0 > > > DB 0xF3, 0x0F, 0xAE, 0xE8 > > > %endmacro > > > + > > > +%macro SAVEPREVSSP 0 > > > + DB 0xF3, 0x0F, 0x01, 0xEA > > > +%endmacro > > > + > > > +%macro CLRSSBSY_EAX 0 > > > + DB 0x67, 0xF3, 0x0F, 0xAE, 0x30 > > > +%endmacro > > > + > > > +%macro RSTORSSP_EAX 0 > > > + DB 0x67, 0xF3, 0x0F, 0x01, 0x28 > > > +%endmacro > > > diff --git a/MdePkg/Include/X64/Nasm.inc > > b/MdePkg/Include/X64/Nasm.inc > > > index 42412735ea..c5189982bb 100644 > > > --- a/MdePkg/Include/X64/Nasm.inc > > > +++ b/MdePkg/Include/X64/Nasm.inc > > > @@ -1,6 +1,6 @@ > > > > > > ;--------------------------------------------------------------------= - > > > --------- > > > ; > > > -; Copyright (c) 2019, Intel Corporation. All rights reserved.
> > > +; Copyright (c) 2019 - 2021, Intel Corporation. All rights > > > +reserved.
> > > ; SPDX-License-Identifier: BSD-2-Clause-Patent ; ; Abstract: > > > @@ -20,3 +20,15 @@ > > > %macro INCSSP_RAX 0 > > > DB 0xF3, 0x48, 0x0F, 0xAE, 0xE8 > > > %endmacro > > > + > > > +%macro SAVEPREVSSP 0 > > > + DB 0xF3, 0x0F, 0x01, 0xEA > > > +%endmacro > > > + > > > +%macro CLRSSBSY_RAX 0 > > > + DB 0xF3, 0x0F, 0xAE, 0x30 > > > +%endmacro > > > + > > > +%macro RSTORSSP_RAX 0 > > > + DB 0xF3, 0x0F, 0x01, 0x28 > > > +%endmacro > > > -- > > > 2.16.2.windows.1