From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+110948+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 1BA377803D9
	for <rebecca@openfw.io>; Thu,  9 Nov 2023 05:06:40 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=2oHwF903IqeDrAeOVnJ4LLbYigNXU45C1vYucijXqAc=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1699506399; v=1;
 b=Oivm+vI5EbsrriXsFAHmjVU56gvgYUaiRWvi8x3nnpcmMvKyjobavMtZaBlzsQHuMTa7T2EU
 dykcGMGiydNtdukKMXNgIyR67K3YqDxZ4NLxl6flOjFWPHZJLgVNghKcocZIzRXquoY7ISmEEZu
 CInzTCTQ9ORfSzmv0v3yFnTw=
X-Received: by 127.0.0.2 with SMTP id 3OUNYY7687511xBlqCe8wuto; Wed, 08 Nov 2023 21:06:39 -0800
X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web11.115301.1699506398950229223
 for <devel@edk2.groups.io>;
 Wed, 08 Nov 2023 21:06:39 -0800
X-IronPort-AV: E=McAfee;i="6600,9927,10888"; a="454221515"
X-IronPort-AV: E=Sophos;i="6.03,288,1694761200"; 
   d="scan'208";a="454221515"
X-Received: from orsmga005.jf.intel.com ([10.7.209.41])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Nov 2023 21:06:38 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10888"; a="936735856"
X-IronPort-AV: E=Sophos;i="6.03,288,1694761200"; 
   d="scan'208";a="936735856"
X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82])
  by orsmga005.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 08 Nov 2023 21:06:38 -0800
X-Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.34; Wed, 8 Nov 2023 21:06:37 -0800
X-Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by
 fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.34 via Frontend Transport; Wed, 8 Nov 2023 21:06:37 -0800
X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.100)
 by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.34; Wed, 8 Nov 2023 21:06:36 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=fY6jzVDm5Ods27P11+PHxm9aOjiMhrCYpYY4DUfwrhLZlwwoBdHPyKL7JUkijeFZcHCIkQ2SmNmKdjzLnTSb8kLXSGaXd8/bor8giwTsvt3Y2QKg7ai6V4HihcqlRHUdKVM6SubnfF4KASNC3KSpL4+DvIfxN8G1FOflB99OkRnfoQF5gyinRFsP4kJYOW5cY7PkJao+UEusLwIkhMarI3j/oHh3kJnvzNdyG4Mn2UfQH5794i1KWBysjTNPbbh0w0XVeGUhpmeMqJLHWNcYIY+N3DQhOcOgjA27D0uPp+pUtlU38t8f6H+hvr2CmUCET0qgha07yF+ob2mxynZ4RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Cr2aJzdOI79Eej6Y445dsWYdVqrjeDwvDrJuWLmOK4g=;
 b=S8CHikmUURJFzDs4X3Y8uDBgHKb2Dzsv9wN4QAIZDMgNw7rkbLdwvz/xd40wrJd10FLq+uJnzgNDnXyeKJz/ypS53c0MPYYcGwbs2VsEriOfMENfqV1L/h85NBA5MG5az/NZ3MgoP7oO3+/3soAYbz5leHQIV5XHT21e5N+awOBagTb1gmX5ARKXTkHt4nM4NQc+mGOnU9JvxVAMODK+pdOGe9HkfyJd6qv0r6N8vkMDhyMan7fvM1wlyzjflalHmuWpFFLUU5tP5uAxFlHetHmC5CrVNDZ3Lo3gikoAlu+HZwPxtP11lcPF9gHJhx5tf6OTLr+VWsCpFfA2PFVZ8Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
X-Received: from DM4PR11MB6480.namprd11.prod.outlook.com (2603:10b6:8:8d::17) by
 DM3PR11MB8758.namprd11.prod.outlook.com (2603:10b6:0:47::15) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6954.28; Thu, 9 Nov 2023 05:06:29 +0000
X-Received: from DM4PR11MB6480.namprd11.prod.outlook.com
 ([fe80::f7fa:c17e:2546:8a5b]) by DM4PR11MB6480.namprd11.prod.outlook.com
 ([fe80::f7fa:c17e:2546:8a5b%6]) with mapi id 15.20.6954.028; Thu, 9 Nov 2023
 05:06:29 +0000
From: "Dong, Eric" <eric.dong@intel.com>
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Ni, Ray" <ray.ni@intel.com>, "Zeng, Star" <star.zeng@intel.com>, "Gerd
 Hoffmann" <kraxel@redhat.com>, "Kumar, Rahul R" <rahul.r.kumar@intel.com>,
	Laszlo Ersek <lersek@redhat.com>
Subject: Re: [edk2-devel] [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET enable
Thread-Topic: [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET
 enable
Thread-Index: AQHaERk2fmpEDowpL06N3xgaY0UOSrBxcrLQ
Date: Thu, 9 Nov 2023 05:06:29 +0000
Message-ID: <DM4PR11MB64808F656217B914AE97AB1AFEAFA@DM4PR11MB6480.namprd11.prod.outlook.com>
References: <20231107012445.7808-1-jiaxin.wu@intel.com>
In-Reply-To: <20231107012445.7808-1-jiaxin.wu@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR11MB6480:EE_|DM3PR11MB8758:EE_
x-ms-office365-filtering-correlation-id: e30f6822-d77f-4d0a-1654-08dbe0e1a21f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: 3fze/V4TGPuKdNa1QfdD7MtJg3sWtW7tAKeWNlltbAy1FN2ew2rLcKRdkrbnQgTd1DX0Qca8eqe6j7+8xwhDfS3bd8yS5/TBvPw3fOb8ncIVIgCYB92fLAao8uHvqwdYxO29BIgYQ2DaNsS6YqhXCSEtYtcEU/fMnqmpXRfKZ4pQWsViWW+n/grzBS2RNX3p4uUkzi4lJuVx06UweMzdmVxe7I1aQRpHeXxmDEy6XMOhzG2sPj+EIjIHOnt6LDSF2SkqN1f/9iPnUzMQ7jE4KEaM6aeGUSDcOpnMakUH6DwG+BNKMm7+KSDsVOhUO+473TxlVGwaw5dh0bJqh0w6fAkUOady/g/csnq3GJJNkMGbUgU7tvj1dgczAvbPeOPCSp9sv5VRGgVc/RiKgzp9ElEOZEKv7pGx3vIHA9w9kge6o03EqCyCH7RD/iP2ZJ7MPbJCPeLAKDCSZazrW+t8LHCyi9rdyyYJVeYq3oUlNF0T5XO3ZCD0I6DVpmZZ5PTqQMN6G8G46/NZoM1KB/QH4jQVKjWCp0ndaE2uZT4V0YXSPSzMe2v/Dnpsj4x/xZPjmPTmIr9iAutpN3Ecv0rcOX9TyqgY9bvlHipikudXmUJrUJfm7Hn9mvwF7WPKenB5
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?5AqZGyzbNmaOoN2zW3+ni8/cYB72yy6VnIc+HC8ENGIP/KaDV1yQid1LaPZM?=
 =?us-ascii?Q?zbaLfBQ2qvAJfaAoOzMD3vas52RdGMkvjSOPUQasFHFT/MLAbJSHyniOG282?=
 =?us-ascii?Q?iZuk0gdcFZ+IoCqxQV+ZZvpsyp/N7M5LRFzjF2LdQcKwibbLFLo0srikO+Aa?=
 =?us-ascii?Q?3Fw2i8hEF4hTwsrqiXy+sxDHQHCUY3yYhN2LgTdCK9Um4vU/224PcWKupFdJ?=
 =?us-ascii?Q?ypRg/m0iOZ2tJgCLWUQVNyhtQcwkxDRFCYtlI18cW4cWjnupeRufREtubgW9?=
 =?us-ascii?Q?xt0xjii3EVJkpBT5hYRcSfURTmbUA+H7PgWodt53Oy19lUOk+mQ8l4O6uq1e?=
 =?us-ascii?Q?r/zMmfZOZjPjE2S+A2MKAkEyUX8ISHOonkCrF/YO7qUsiWaAshhQNynsJnrp?=
 =?us-ascii?Q?dDoFkHGGxGeYD7aHBUzMY+v8x0jxwjnlhf52WF9K8bb17wa+XF3TdsNo4Pw7?=
 =?us-ascii?Q?DpxsEnyP7dsMeTqiHWWw6t49nF4BupUks9NZpgaKkhiBh3W29Dh2T/i45Md2?=
 =?us-ascii?Q?jzU66tmHFPYhzKrXSd1mzcksYOuQMmJ2TWRisPvxRHM2r5OJtuJ3sZH8RpQX?=
 =?us-ascii?Q?p65wlMF45RRKwy1kfz7K2+zNmsVoX7XpaO7snzBCc1X7po/rE8yVQmD98ZRS?=
 =?us-ascii?Q?drq//rUI49d136jb38+4myB0K9UaU6/LBgk9prlUs4u4o8eu2JMFq36/VMQ/?=
 =?us-ascii?Q?pFaQHTU7QkudSEsP+Gcj4a/2oLd5xNFn8AGpm7iDsV+5o0VI9pCHwclOnb4d?=
 =?us-ascii?Q?d7ZehC6bdZMjqwv5OOi1eelhbfgjTTUiHfQUxjo/8Yi+PJMVJ/7akJlbUUlz?=
 =?us-ascii?Q?YgzNYad1jXYBzK3EYtXax4KI1uaL5vKAgkBtFAf7fX2mpWM5thKHthL0KYRm?=
 =?us-ascii?Q?lig1ik4pzSwl6bTmGVR5fJi8vwWga/oOrl0MjwaF1LHxrz9NB99tfRfge7HS?=
 =?us-ascii?Q?hoPHVwaUt13LjZKDXR4IAjY3P80ulPlFYNZ7J7c4cV3HldknV9UzutfFrIv2?=
 =?us-ascii?Q?EI5nTXwzftRw5hS0cKwLIx4iAiHR93cV3Ey+PGFZBM0mopW3Jt40VqbWQ+LA?=
 =?us-ascii?Q?xnlGIzmdmyQhb0CghTxbS2fif7fFvzM1yJUz4dZ1S+bctD8KGZ5vnnAl83C+?=
 =?us-ascii?Q?oI2Ed1VNtVPfzUh+nrKLJuc88dlldd0GLRUH5zfNeRIvzhXMOsmjW3QcBuQi?=
 =?us-ascii?Q?wVUlvFKxOBNYnZDDUPae3GNjlx6NCo6OjUZELUKHHWZKbmHSJXyAsQdOrMN1?=
 =?us-ascii?Q?+b+PKsYevRWFD61E3j90ERY/GoDKpMoaFl+f73aRlh9FHQeJ90QKwgaC6WDb?=
 =?us-ascii?Q?inwyHWhaahFpEF1ecfuyGxghc+odoVpvtjsI8lPg0lahUc5Qb2eWoBI4FzZQ?=
 =?us-ascii?Q?qN5Y7cp/6Sv/wesT888tHFud8JMlrU3TSsVuJ9doGTBZPiYmkA4j7EpTs3DW?=
 =?us-ascii?Q?0oPdrOmac+X6fubgN6NciMc/wK7PGBtUYIqy8Jj/GHpTKYUmQJZ4Ui+ds0Lu?=
 =?us-ascii?Q?VirhrYPsGWKBexLBQ87OxPX9hd2663ZwSmkN20xmosAReO8+5fSwC/1aI8nT?=
 =?us-ascii?Q?Ktw+UTs9A85dM2K4zEJSuZat6U3sRpOIrRsJ7E7m?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB6480.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e30f6822-d77f-4d0a-1654-08dbe0e1a21f
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Nov 2023 05:06:29.4849
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PNGrtrikzjJlylXAzVKxhFSXlc85vf5xRdy+K+aysRSK8b329ZTSDojONWvr9/mGgAYrK8mDLaeM3Ahh6jbTOA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR11MB8758
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,eric.dong@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: en6dBpMfwOTxaGPtnr3pQvnnx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=Oivm+vI5;
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}");
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

Reviewed-by: Eric Dong <eric.dong@intel.com>

-----Original Message-----
From: Wu, Jiaxin <jiaxin.wu@intel.com>=20
Sent: Tuesday, November 7, 2023 9:25 AM
To: devel@edk2.groups.io
Cc: Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Zeng, Sta=
r <star.zeng@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Kumar, Rahul R =
<rahul.r.kumar@intel.com>; Laszlo Ersek <lersek@redhat.com>
Subject: [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET en=
able

Root cause:
1. Before DisableReadonlyPageWriteProtect() is called, the return address (=
#1) is pushed in shadow stack.
2. CET is disabled.
3. DisableReadonlyPageWriteProtect() returns to #1.
4. Page table is modified.
5. EnableReadonlyPageWriteProtect() is called, but the return address (#2) =
is not pushed in shadow stack.
6. CET is enabled.
7. EnableReadonlyPageWriteProtect() returns to #2.
#CP exception happens because the actual return address (#2) doesn't match =
the return address stored in shadow stack (#1).

Analysis:
Shadow stack will stop update after CET disable (DisableCet() in DisableRea=
dOnlyPageWriteProtect), but normal smi stack will be continue updated with =
the function called and return (DisableReadOnlyPageWriteProtect & EnableRea=
dOnlyPageWriteProtect), thus leading stack mismatch after CET re-enabled (E=
nableCet() in EnableReadOnlyPageWriteProtect).

According SDM Vol 3, 6.15-Control Protection Exception:
Normal smi stack and shadow stack must be matched when CET enable, otherwis=
e CP Exception will happen, which is caused by a near RET instruction.

CET is disabled in DisableCet(), while can be enabled in EnableCet(). This =
way won't cause the problem because they are implemented in a way that retu=
rn address of DisableCet() is poped out from shadow stack (Incsspq performs=
 a pop to increases the shadow stack) and EnableCet() doesn't use "RET" but=
 "JMP" to return to caller. So calling EnableCet() and DisableCet() doesn't=
 have the same issue as calling DisableReadonlyPageWriteProtect() and Enabl=
eReadonlyPageWriteProtect().

With above root cause & analysis, define below 2 macros instead of function=
s for WP & CET operation:
WRITE_UNPROTECT_RO_PAGES (Wp, Cet)
WRITE_PROTECT_RO_PAGES (Wp, Cet)
Because DisableCet() & EnableCet() must be in the same function to avoid sh=
adow stack and normal SMI stack mismatch.

Note: WRITE_UNPROTECT_RO_PAGES () must be called pair with WRITE_PROTECT_RO=
_PAGES () in same function.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Zeng Star <star.zeng@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h         | 59 +++++++++++++----
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 73 +++++++++---------=
----
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c             |  7 ++-
 3 files changed, 81 insertions(+), 58 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmC=
puDxeSmm/PiSmmCpuDxeSmm.h
index 654935dc76..20ada465c2 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -1551,29 +1551,64 @@ VOID
 SmmWaitForApArrival (
   VOID
   );
=20
 /**
-  Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1.
+  Write unprotect read-only pages if Cr0.Bits.WP is 1.
+
+  @param[out]  WriteProtect      If Cr0.Bits.WP is enabled.
=20
-  @param[out]  WpEnabled      If Cr0.WP is enabled.
-  @param[out]  CetEnabled     If CET is enabled.
 **/
 VOID
-DisableReadOnlyPageWriteProtect (
-  OUT BOOLEAN  *WpEnabled,
-  OUT BOOLEAN  *CetEnabled
+SmmWriteUnprotectReadOnlyPage (
+  OUT BOOLEAN  *WriteProtect
   );
=20
 /**
-  Enable Write Protect on pages marked as read-only.
+  Write protect read-only pages.
+
+  @param[in]  WriteProtect      If Cr0.Bits.WP should be enabled.
=20
-  @param[out]  WpEnabled      If Cr0.WP should be enabled.
-  @param[out]  CetEnabled     If CET should be enabled.
 **/
 VOID
-EnableReadOnlyPageWriteProtect (
-  BOOLEAN  WpEnabled,
-  BOOLEAN  CetEnabled
+SmmWriteProtectReadOnlyPage (
+  IN  BOOLEAN  WriteProtect
   );
=20
+///
+/// Define macros to encapsulate the write unprotect/protect ///=20
+read-only pages.
+/// Below pieces of logic are defined as macros and not functions ///=20
+because "CET" feature disable & enable must be in the same /// function=20
+to avoid shadow stack and normal SMI stack mismatch, /// thus=20
+WRITE_UNPROTECT_RO_PAGES () must be called pair with ///=20
+WRITE_PROTECT_RO_PAGES () in same function.
+///
+/// @param[in,out] Wp   A BOOLEAN variable local to the containing
+///                     function, carrying write protection status from
+///                     WRITE_UNPROTECT_RO_PAGES() to
+///                     WRITE_PROTECT_RO_PAGES().
+///
+/// @param[in,out] Cet  A BOOLEAN variable local to the containing
+///                     function, carrying control flow integrity
+///                     enforcement status from
+///                     WRITE_UNPROTECT_RO_PAGES() to
+///                     WRITE_PROTECT_RO_PAGES().
+///
+#define WRITE_UNPROTECT_RO_PAGES(Wp, Cet) \
+  do { \
+    Cet =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0); \
+    if (Cet) { \
+      DisableCet (); \
+    } \
+    SmmWriteUnprotectReadOnlyPage (&Wp); \
+  } while (FALSE)
+
+#define WRITE_PROTECT_RO_PAGES(Wp, Cet) \
+  do { \
+    SmmWriteProtectReadOnlyPage (Wp); \
+    if (Cet) { \
+      EnableCet (); \
+    } \
+  } while (FALSE)
+
 #endif
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPk=
g/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 6f49866615..3d445df213 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -39,64 +39,47 @@ PAGE_TABLE_POOL  *mPageTablePool =3D NULL;  // If memor=
y used by SMM page table has been mareked as ReadOnly.
 //
 BOOLEAN  mIsReadOnlyPageTable =3D FALSE;
=20
 /**
-  Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1.
+  Write unprotect read-only pages if Cr0.Bits.WP is 1.
+
+  @param[out]  WriteProtect      If Cr0.Bits.WP is enabled.
=20
-  @param[out]  WpEnabled      If Cr0.WP is enabled.
-  @param[out]  CetEnabled     If CET is enabled.
 **/
 VOID
-DisableReadOnlyPageWriteProtect (
-  OUT BOOLEAN  *WpEnabled,
-  OUT BOOLEAN  *CetEnabled
+SmmWriteUnprotectReadOnlyPage (
+  OUT BOOLEAN  *WriteProtect
   )
 {
   IA32_CR0  Cr0;
=20
-  *CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALSE=
;
-  Cr0.UintN   =3D AsmReadCr0 ();
-  *WpEnabled  =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE;
-  if (*WpEnabled) {
-    if (*CetEnabled) {
-      //
-      // CET must be disabled if WP is disabled. Disable CET before cleari=
ng CR0.WP.
-      //
-      DisableCet ();
-    }
-
+  Cr0.UintN     =3D AsmReadCr0 ();
+  *WriteProtect =3D (Cr0.Bits.WP !=3D 0);
+  if (*WriteProtect) {
     Cr0.Bits.WP =3D 0;
     AsmWriteCr0 (Cr0.UintN);
   }
 }
=20
 /**
-  Enable Write Protect on pages marked as read-only.
+  Write protect read-only pages.
+
+  @param[in]  WriteProtect      If Cr0.Bits.WP should be enabled.
=20
-  @param[out]  WpEnabled      If Cr0.WP should be enabled.
-  @param[out]  CetEnabled     If CET should be enabled.
 **/
 VOID
-EnableReadOnlyPageWriteProtect (
-  BOOLEAN  WpEnabled,
-  BOOLEAN  CetEnabled
+SmmWriteProtectReadOnlyPage (
+  IN  BOOLEAN  WriteProtect
   )
 {
   IA32_CR0  Cr0;
=20
-  if (WpEnabled) {
+  if (WriteProtect) {
     Cr0.UintN   =3D AsmReadCr0 ();
     Cr0.Bits.WP =3D 1;
     AsmWriteCr0 (Cr0.UintN);
-
-    if (CetEnabled) {
-      //
-      // re-enable CET.
-      //
-      EnableCet ();
-    }
   }
 }
=20
 /**
   Initialize a buffer pool for page table use only.
@@ -119,11 +102,11 @@ BOOLEAN
 InitializePageTablePool (
   IN UINTN  PoolPages
   )
 {
   VOID     *Buffer;
-  BOOLEAN  WpEnabled;
+  BOOLEAN  WriteProtect;
   BOOLEAN  CetEnabled;
=20
   //
   // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one pag=
e for
   // header.
@@ -157,13 +140,15 @@ InitializePageTablePool (
=20
   //
   // If page table memory has been marked as RO, mark the new pool pages a=
s read-only.
   //
   if (mIsReadOnlyPageTable) {
-    DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
+    WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
+
     SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, EFI_PAGES=
_TO_SIZE (PoolPages), EFI_MEMORY_RO);
-    EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+
+    WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
   }
=20
   return TRUE;
 }
=20
@@ -1009,11 +994,11 @@ SetMemMapAttributes (
   UINTN                                 PageTable;
   EFI_STATUS                            Status;
   IA32_MAP_ENTRY                        *Map;
   UINTN                                 Count;
   UINT64                                MemoryAttribute;
-  BOOLEAN                               WpEnabled;
+  BOOLEAN                               WriteProtect;
   BOOLEAN                               CetEnabled;
=20
   SmmGetSystemConfigurationTable (&gEdkiiPiSmmMemoryAttributesTableGuid, (=
VOID **)&MemoryAttributesTable);
   if (MemoryAttributesTable =3D=3D NULL) {
     DEBUG ((DEBUG_INFO, "MemoryAttributesTable - NULL\n")); @@ -1055,11 +1=
040,11 @@ SetMemMapAttributes (
     Status =3D PageTableParse (PageTable, mPagingMode, Map, &Count);
   }
=20
   ASSERT_RETURN_ERROR (Status);
=20
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
+  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
=20
   MemoryMap =3D MemoryMapStart;
   for (Index =3D 0; Index < MemoryMapEntryCount; Index++) {
     DEBUG ((DEBUG_VERBOSE, "SetAttribute: Memory Entry - 0x%lx, 0x%x\n", M=
emoryMap->PhysicalStart, MemoryMap->NumberOfPages));
     if (MemoryMap->Type =3D=3D EfiRuntimeServicesCode) { @@ -1085,11 +1070=
,12 @@ SetMemMapAttributes (
       );
=20
     MemoryMap =3D NEXT_MEMORY_DESCRIPTOR (MemoryMap, DescriptorSize);
   }
=20
-  EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
+
   FreePool (Map);
=20
   PatchSmmSaveStateMap ();
   PatchGdtIdtMap ();
=20
@@ -1392,18 +1378,18 @@ SetUefiMemMapAttributes (
   EFI_STATUS             Status;
   EFI_MEMORY_DESCRIPTOR  *MemoryMap;
   UINTN                  MemoryMapEntryCount;
   UINTN                  Index;
   EFI_MEMORY_DESCRIPTOR  *Entry;
-  BOOLEAN                WpEnabled;
+  BOOLEAN                WriteProtect;
   BOOLEAN                CetEnabled;
=20
   PERF_FUNCTION_BEGIN ();
=20
   DEBUG ((DEBUG_INFO, "SetUefiMemMapAttributes\n"));
=20
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
+  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
=20
   if (mUefiMemoryMap !=3D NULL) {
     MemoryMapEntryCount =3D mUefiMemoryMapSize/mUefiDescriptorSize;
     MemoryMap           =3D mUefiMemoryMap;
     for (Index =3D 0; Index < MemoryMapEntryCount; Index++) { @@ -1479,11 =
+1465,11 @@ SetUefiMemMapAttributes (
=20
       Entry =3D NEXT_MEMORY_DESCRIPTOR (Entry, mUefiMemoryAttributesTable-=
>DescriptorSize);
     }
   }
=20
-  EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
=20
   //
   // Do not free mUefiMemoryAttributesTable, it will be checked in IsSmmCo=
mmBufferForbiddenAddress().
   //
=20
@@ -1870,11 +1856,11 @@ IfReadOnlyPageTableNeeded (  VOID  SetPageTableAttr=
ibutes (
   VOID
   )
 {
-  BOOLEAN  WpEnabled;
+  BOOLEAN  WriteProtect;
   BOOLEAN  CetEnabled;
=20
   if (!IfReadOnlyPageTableNeeded ()) {
     return;
   }
@@ -1884,20 +1870,21 @@ SetPageTableAttributes (
=20
   //
   // Disable write protection, because we need mark page table to be write=
 protected.
   // We need *write* page table memory, to mark itself to be *read only*.
   //
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
+  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
=20
   // Set memory used by page table as Read Only.
   DEBUG ((DEBUG_INFO, "Start...\n"));
   EnablePageTableProtection ();
=20
   //
   // Enable write protection, after page table attribute updated.
   //
-  EnableReadOnlyPageWriteProtect (TRUE, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (TRUE, CetEnabled);
+
   mIsReadOnlyPageTable =3D TRUE;
=20
   //
   // Flush TLB after mark all page table pool as read only.
   //
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDx=
eSmm/SmmProfile.c
index 7ac3c66f91..8142d3ceac 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -592,11 +592,11 @@ InitPaging (
   UINT64         Base;
   UINT64         Length;
   UINT64         Limit;
   UINT64         PreviousAddress;
   UINT64         MemoryAttrMask;
-  BOOLEAN        WpEnabled;
+  BOOLEAN        WriteProtect;
   BOOLEAN        CetEnabled;
=20
   PERF_FUNCTION_BEGIN ();
=20
   PageTable =3D AsmReadCr3 ();
@@ -604,11 +604,12 @@ InitPaging (
     Limit =3D BASE_4GB;
   } else {
     Limit =3D (IsRestrictedMemoryAccess ()) ? LShiftU64 (1, mPhysicalAddre=
ssBits) : BASE_4GB;
   }
=20
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
+  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
+
   //
   // [0, 4k] may be non-present.
   //
   PreviousAddress =3D ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BI=
T1) !=3D 0) ? BASE_4KB : 0;
=20
@@ -670,11 +671,11 @@ InitPaging (
     //
     Status =3D ConvertMemoryPageAttributes (PageTable, mPagingMode, Previo=
usAddress, Limit - PreviousAddress, MemoryAttrMask, TRUE, NULL);
     ASSERT_RETURN_ERROR (Status);
   }
=20
-  EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
=20
   //
   // Flush TLB
   //
   CpuFlushTlb ();
--
2.16.2.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110948): https://edk2.groups.io/g/devel/message/110948
Mute This Topic: https://groups.io/mt/102434876/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-