From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web09.8535.1614342108797949768 for ; Fri, 26 Feb 2021 04:21:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Nm7vlQl2; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: jiewen.yao@intel.com) IronPort-SDR: 7sqBjzVX8UMsuihn5MWhv7jMD5GOGp2vl9Yi3yOlsaqGSmw+SDU9NIZq+qp7cbGDgzMfwwwb6C uv+ATsA2Z2Cg== X-IronPort-AV: E=McAfee;i="6000,8403,9906"; a="249916897" X-IronPort-AV: E=Sophos;i="5.81,208,1610438400"; d="scan'208";a="249916897" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2021 04:21:47 -0800 IronPort-SDR: cPhUyZE5zfkyJziAO3H2Paw2W+MTB62Yz76+lTMEB/RQXLwFSTxzywjgblvD3ztWi3a6Zz7RId 746bCkr22llg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,208,1610438400"; d="scan'208";a="432762825" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by FMSMGA003.fm.intel.com with ESMTP; 26 Feb 2021 04:21:45 -0800 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Fri, 26 Feb 2021 04:21:44 -0800 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Fri, 26 Feb 2021 04:21:44 -0800 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.168) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Fri, 26 Feb 2021 04:21:43 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EwymdD4YgVUo5l1q/XttVuGsP2eQGacqvyERLsRE46ygucrqqxRiS/rJQAG3Z0FgO+4dVI2lsOXONvy0HoX4uJaZnUSKMjygOpl7u3Ksa1PrFQThL0O9WOQlOJXXbTna3VOB8TE+SiG0S4lh9F0y0UfV6+p/brdv5G7Unc2URADSVf7A1G9TUQ+XVTGsbKlTOzjSXUxaE751b7wrfhbOwsWAfJD53g7dS6/Hiymng4g4SIuImve62i8Qwq2dIpnNjYqgdk+t8FEjlJYBKVB6HbKuEM5ZQhyqlMP6StdiDP7GWDbM+h5VZQeo28OJdJ0I0GggHrWvf6R3EwH23ITXAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EVYID9B5ivR8PP/srlZDEtPMZUhGWbfwymU+Lm7vu9w=; b=A2MwsD6k3AUqwQdoviPJdeY69xedeEQ/PeitrL5NeM76l/tpYi+YjfvdPZg5VHYt6hkKbRdWES0CrY4KxnA9m8+9gvR7oT38hT1Qd2emkMIPMCBfnd6GjhkELQJCAt+CYRtWQCd7UKhMeFk3XRzJTjRJP/4/9Vgg2Kq3cdjuv0rOP8STgjlqKqlgL8H5TlPaX2T1ETSSu8YEam5uHnPf8Avf0DBg21IDEoi7+2jQROeU2iRcjvncMWYQVbg5ApF/XiwtTdbRFb2H6hRRqemgFQVJAPlVAbiCZ9nzVwP7b3zTbH6E+JhB/o3Omeus+o5LIUwbr1IWiJVFI4EuO2bnLA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EVYID9B5ivR8PP/srlZDEtPMZUhGWbfwymU+Lm7vu9w=; b=Nm7vlQl2Jb5L0n1NkOKA2aRUd07AENHwLCIrWa/P58MjpZ+pWQ0PDWw00LVX1dDs5UkgNbw3hZnSQydsHs6tV6rhFIHAYoTX8/a/xBP81gatu4RBD17GeLsf73SJtiRkIvuH4lbkzbTEsH3ZuLNerNuVcH/CYM3SM83G/mtp6rA= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BY5PR11MB4167.namprd11.prod.outlook.com (2603:10b6:a03:185::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.25; Fri, 26 Feb 2021 12:21:40 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3868.033; Fri, 26 Feb 2021 12:21:40 +0000 From: "Yao, Jiewen" To: "Sheng, W" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Ni, Ray" , "Laszlo Ersek" , "Kumar, Rahul1" , "Feng, Roger" Subject: Re: [PATCH v6 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMM stack offset is not correct Thread-Topic: [PATCH v6 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMM stack offset is not correct Thread-Index: AQHXDBY7I+rEP6dUDkCZaaxLw8qeQKpqWKaA Date: Fri, 26 Feb 2021 12:21:40 +0000 Message-ID: References: <20210226080316.13724-1-w.sheng@intel.com> <20210226080316.13724-4-w.sheng@intel.com> In-Reply-To: <20210226080316.13724-4-w.sheng@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.222] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f29fdfbc-8aca-4daf-0483-08d8da511206 x-ms-traffictypediagnostic: BY5PR11MB4167: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0g+/yLDdZmMTy3piCUEplOPpIzPYrLua5L+9OkPDATHi6q2+WECCkeWecfSfRgRPZrQUw47Z2sWC05SrsQzd9YP/kjgFycZmcYKecIeS/PF8wE7TJDHZXgD0YSo+M/pOR7nUy+uCtvHdSFmQinUWVW5npXV8jZgJ5uOrLmbehgYhPtJty0kfQUY7F/IVUVZUXVU5W/4LVY1M3cyoqYVpl1ZPEJhs55sqCSxpn4LYd8wnLa0EqGqwpL3Yj/2RYAB/Ban3QG+qU7gCpEbRcRlt8wvaC27L66IRXoYDUCG99qhojmp8pldsd1sirI1MXWW5LwCtX2nGj/NxSfQOmBJPYWe/NTPeR8mu159rl62ri9RVbRU5TAvOfyDjVG9dvW/LNxAADvE1P0foj6loY8gJlj+6gsrTAYAs38M++PY8H1zFAk32LKeybvyuD6cIlCCvyJ9kStZASbFTEAuWg38n41bMhBADWVEpyNqQU9Kc+cnzYSg7avNHXD2UzvWzS56bE1qFw0IjA5msnw1O+PtmSLttzucw0oabxjLS4iShu1HQ6T2NtdRHIHAual4tIsC/ZWevJxfrPP+XTJbTttw6zO1ADLHjLYYW7VvWaVfb088= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(39860400002)(346002)(396003)(376002)(366004)(136003)(33656002)(4326008)(19627235002)(71200400001)(83380400001)(2906002)(5660300002)(107886003)(52536014)(55016002)(478600001)(316002)(110136005)(54906003)(26005)(66446008)(66476007)(8676002)(64756008)(7696005)(66946007)(76116006)(86362001)(8936002)(66556008)(9686003)(53546011)(186003)(966005)(6506007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?FQFsTxWM4tGNBkifMMDaxnL13al7buY2T6/qmSG9VpHh8EgwUnYnTmDZ/DIL?= =?us-ascii?Q?lmeDs6uys3rhwb8w4HdSucGKPARZVNV/RsrrO/6OoLc+P9zu8dz+jgjIFwGh?= =?us-ascii?Q?MrUg2STZrtavRkBaQCwsQrv+ZAiIJcyjpna1OFaxFIfkEot0f6E8K7Hg7rEK?= =?us-ascii?Q?/dmdFbr0fkeFNGm2KBq/ye2PckWINL78TkdkRvwPrlO5GrZqmIqbjwhTq+cC?= =?us-ascii?Q?W56ChFeZvjEvIAlpst4xgZF6ps76orAxjUq4/C7TQCU7E0hhyhWkczBdihrX?= =?us-ascii?Q?8wAPNA/9iSzBWIdvqaiTYK8bpcXe1gUO7gZz83AYxUPL122vLoFuTYMp/v6s?= =?us-ascii?Q?xjfEjaL+GMW3GfRSKgs7cXbo94dcOzaOoyuKdXXaBT104jsQAAanyCMHxANW?= =?us-ascii?Q?ydCptcWCgO2c+4RoWdkNbN0JMU/Ho6Rj+RKQAmy8fyWAWK7icazIT8vXbgeX?= =?us-ascii?Q?/jCLtXipOLRV6dhbghCuA3rAp7EArKlBFz/M97qxHZCkjr+/haPHpfGIBVRP?= =?us-ascii?Q?HjQGOI59QJEKATAGaskmnhytRlzo4h4DSR5eFFSuxBx094sUD7onmLXr9OoR?= =?us-ascii?Q?XAbz2QfGRy53lxV2+p6/GqwyyuQmEcBNk5upfS0lu67iqa5clHMmu/k5FOcb?= =?us-ascii?Q?YkVqCpx7cjhcIDJC3Y6ZHIzw1xV9uyUj5j2xXEGIdcyw8/mYGRGn+nV1simy?= =?us-ascii?Q?R3Z8IYWBJxPI6UbD+tWHyflgNmjrbptqXuqZnd7SVJa6Z1XoNJJCu42mt+57?= =?us-ascii?Q?8wMBiWblFw+YSGyAWcuDYRHTDzaENA9i9iwia7W30uBE+jxsmR15PKYfd1C0?= =?us-ascii?Q?+n60jPnOZ9vxLZDXlFq0chzR3omOVbq2rGAjRQHcK7wbXulpW8yDSkKn8mK8?= =?us-ascii?Q?5yIP+yzP+FrrdreA6rXl9uWQAmLx48wmkeYBDQ0Te8PmEwyTl1j+xMmbbfIG?= =?us-ascii?Q?YXQVUbW7CB6phullu7SUbWCjowr38FkGWzf6g/fUqaBtKvhVdjs01UKq8Fmn?= =?us-ascii?Q?ChB7NgP1J7csLZ7IReeAU9qLb0bAV8zesoJ0zTQl15smbrRz5SXtf2hc0l/r?= =?us-ascii?Q?G27sAR57MmUgpUf5iLRaaMAkgNlwW1J2cK5u4tvhR0ceM9hmKfvu0iThqGep?= =?us-ascii?Q?KWfF1nM0VHT1FMLSZ64qqPhC7ADjHzviPSsLnYhT8EvQOCY2FOEhw5Qrj636?= =?us-ascii?Q?GS3PpUloDz+aUYO7CHOLfw+6SzWyKsC8AFvZS8Hb5qaqUo/EowbHfVJOuLsK?= =?us-ascii?Q?lSq8ZFAqm0CyASJKdeg9FDKWdHZ++83dE+bc56p02HYwv6v/MnQG8pENT5uv?= =?us-ascii?Q?3CYkP5Ka8VWbU6PD/UMRxDvD?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f29fdfbc-8aca-4daf-0483-08d8da511206 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2021 12:21:40.1336 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nTXJP4lBC6ga8EiLUSG4XsZTf5HU/xtrAl/x1Q5gM7xCy4/2SSsPsh3IjiOL9uC9S86boR/DaXDnQR0ll9cnow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4167 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Sheng, W > Sent: Friday, February 26, 2021 4:03 PM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Laszlo = Ersek > ; Kumar, Rahul1 ; Yao, Jiewen > ; Feng, Roger > Subject: [PATCH v6 3/3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix SMM stack offset i= s > not correct >=20 > In function InitGdt(), SmiPFHandler() and Gen4GPageTable(), it uses > CpuIndex * mSmmStackSize to get the SMM stack address offset for > multi processor. It misses the SMM Shadow Stack Size. Each processor > will use mSmmStackSize + mSmmShadowStackSize in the memory. > It should use CpuIndex * (mSmmStackSize + mSmmShadowStackSize) to get > this SMM stack address offset. If mSmmShadowStackSize > 0 and multi > processor enabled, it will get the wrong offset value. > CET shadow stack feature will set the value of mSmmShadowStackSize. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3237 >=20 > Signed-off-by: Sheng Wei > Cc: Eric Dong > Cc: Ray Ni > Cc: Laszlo Ersek > Cc: Rahul Kumar > Cc: Jiewen Yao > Cc: Roger Feng > --- > UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 6 ++++-- > UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 4 +++- > UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- > 3 files changed, 8 insertions(+), 4 deletions(-) >=20 > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > index 4bcd217917..6227b2428a 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c > @@ -23,6 +23,8 @@ SPIN_LOCK *mPFLock = =3D NULL; > SMM_CPU_SYNC_MODE mCpuSmmSyncMode; > BOOLEAN mMachineCheckSupported =3D F= ALSE; >=20 > +extern UINTN mSmmShadowStackSize; > + > /** > Performs an atomic compare exchange operation to get semaphore. > The compare exchange operation must be performed using > @@ -920,7 +922,7 @@ Gen4GPageTable ( > // Add two more pages for known good stack and stack guard page, > // then find the lower 2MB aligned address. > // > - High2MBoundary =3D (mSmmStackArrayEnd - mSmmStackSize + EFI_PAGE_SIZ= E > * 2) & ~(SIZE_2MB-1); > + High2MBoundary =3D (mSmmStackArrayEnd - mSmmStackSize - > mSmmShadowStackSize + EFI_PAGE_SIZE * 2) & ~(SIZE_2MB-1); > PagesNeeded =3D ((High2MBoundary - Low2MBoundary) / SIZE_2MB) + 1; > } > // > @@ -971,7 +973,7 @@ Gen4GPageTable ( > // Mark the guard page as non-present > // > Pte[Index] =3D PageAddress | mAddressEncMask; > - GuardPage +=3D mSmmStackSize; > + GuardPage +=3D (mSmmStackSize + mSmmShadowStackSize); > if (GuardPage > mSmmStackArrayEnd) { > GuardPage =3D 0; > } > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > index cdc1fcefc5..07e7ea70de 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c > @@ -13,6 +13,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #define PAGE_TABLE_PAGES 8 > #define ACC_MAX_BIT BIT3 >=20 > +extern UINTN mSmmShadowStackSize; > + > LIST_ENTRY mPagePool =3D INITIALIZE_LIST_HEAD_V= ARIABLE > (mPagePool); > BOOLEAN m1GPageTableSupport =3D FALSE; > BOOLEAN mCpuSmmRestrictedMemoryAccess; > @@ -1037,7 +1039,7 @@ SmiPFHandler ( > (PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)= )) { > DumpCpuContext (InterruptType, SystemContext); > CpuIndex =3D GetCpuIndex (); > - GuardPageAddress =3D (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex = * > mSmmStackSize); > + GuardPageAddress =3D (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex = * > (mSmmStackSize + mSmmShadowStackSize)); > if ((FeaturePcdGet (PcdCpuSmmStackGuard)) && > (PFAddress >=3D GuardPageAddress) && > (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) { > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > index 7ef3b1d488..661c1ba294 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c > @@ -93,7 +93,7 @@ InitGdt ( > // > // Setup top of known good stack as IST1 for each processor. > // > - *(UINTN *)(TssBase + TSS_X64_IST1_OFFSET) =3D (mSmmStackArrayBase = + > EFI_PAGE_SIZE + Index * mSmmStackSize); > + *(UINTN *)(TssBase + TSS_X64_IST1_OFFSET) =3D (mSmmStackArrayBase = + > EFI_PAGE_SIZE + Index * (mSmmStackSize + mSmmShadowStackSize)); > } > } >=20 > -- > 2.16.2.windows.1