From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3E91A740040 for ; Tue, 7 Nov 2023 12:01:15 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=W3SuVRnBfMm3hG6z/Yt1ng9PXQzaPiKBE8UoB+kwEI0=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1699358473; v=1; b=N8RD6+2Ifu4N+s4VZiffjXE/baUy9Irus0gZcG3kin6JAzueNIhkmNTt5vtnzDidu5qFkpgW DkVE/vEztz/Rte/EHiaHoejKkLY63csm7U4t7XxS3sCFsC18WptSF1upLKRYlirbCYCjbXUKGDV A81pRHJq7fJk9pTABr0kKBnU= X-Received: by 127.0.0.2 with SMTP id E3kuYY7687511x02jmovmMzA; Tue, 07 Nov 2023 04:01:13 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web11.8566.1699358472886387980 for ; Tue, 07 Nov 2023 04:01:13 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10886"; a="368828964" X-IronPort-AV: E=Sophos;i="6.03,283,1694761200"; d="scan'208";a="368828964" X-Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2023 04:01:12 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10886"; a="797656789" X-IronPort-AV: E=Sophos;i="6.03,283,1694761200"; d="scan'208";a="797656789" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 07 Nov 2023 04:01:12 -0800 X-Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Tue, 7 Nov 2023 04:01:11 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Tue, 7 Nov 2023 04:01:11 -0800 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34 via Frontend Transport; Tue, 7 Nov 2023 04:01:11 -0800 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.34; Tue, 7 Nov 2023 04:01:10 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ixQAv7T/DgHpM7nsrgPUxCQXR/756dnhq3H3pbSVUWJ7QsRPnpT9Exs9n6y+5lB6JPPFlhIwDikmmOgG5NA4JGNT0n3OmIaYTPsF3TWHY7klI+iyf3pkoSFjaIITHfAwf7NHllUoEi9Y8fTg2wPCsQLN7S8vi+hHEFlAaYTPTkamvhtEaN0jaRFL1qQRJa08MBAW1d2mUg3M2/ws+pJp/PNBKPwvW/q6X/AY3n2lvs19IBnhg8cyLCuud7xsmjrmNvqBl5wrw9FtB2kDvbt7Tsl/gOKXomH2ecp7df8kEwQi16iq4uNhyY7bSkHiFxy/zlUJy0UvjkWByuTiD/FqWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tatgWVC7Dxe15ZA0JqG9kslSlCXyeVV6/HN4KJtNqi8=; b=ZyH2Xc3gF/ajgcH270Jn+aAIr8CbqK3/LFCDoCHaETHdAMS7v7AXvL1C3ZreyobHfHI2sXJigOtpKbpdrNDtFApDfN/LY4OhQAlLfktRIHqhDov/NLUo6sLi9jJaEWvQzh+D0eJc0tdcVa8Lu4Rbueo47PREteQX/fvLTxMgEj3tTHuGfMHK8dn0yURQ19pmOEQ8thwVtYndgQSMMtPASMPxPMh4NGbEIIW5as83xVlva/y13pciJ+E+dI9FapH+Swzzygjtki5jUkvE9Ab2lYJVN3CzfmnNdDQuBKTnaS0sRGTRX48DVBWj79g5xN/asqZ4WdtuzOoJjNoRCFEmKA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MN0PR11MB6158.namprd11.prod.outlook.com (2603:10b6:208:3ca::18) by IA0PR11MB7839.namprd11.prod.outlook.com (2603:10b6:208:408::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.28; Tue, 7 Nov 2023 12:01:07 +0000 X-Received: from MN0PR11MB6158.namprd11.prod.outlook.com ([fe80::6e7f:8903:fdc6:9833]) by MN0PR11MB6158.namprd11.prod.outlook.com ([fe80::6e7f:8903:fdc6:9833%7]) with mapi id 15.20.6954.021; Tue, 7 Nov 2023 12:01:07 +0000 From: "Wu, Jiaxin" To: "devel@edk2.groups.io" , "Wu, Jiaxin" , "Gao, Liming" , "Kinney, Michael D" CC: "Dong, Eric" , "Ni, Ray" , "Zeng, Star" , Gerd Hoffmann , "Kumar, Rahul R" , Laszlo Ersek Subject: Re: [edk2-devel] [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET enable Thread-Topic: [edk2-devel] [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET enable Thread-Index: AQHaERk/CaSbXVMLFk+0C79yc6Xd47BulkQg Date: Tue, 7 Nov 2023 12:01:07 +0000 Message-ID: References: <179532CD4E894831.20624@groups.io> In-Reply-To: <179532CD4E894831.20624@groups.io> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN0PR11MB6158:EE_|IA0PR11MB7839:EE_ x-ms-office365-filtering-correlation-id: ea4ff32a-6a74-4fc3-d254-08dbdf8939a9 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: WvFX3VL/KYB+hS379zmzyVtuLkj/1IpftmaE2A3OWq9mFAY+Zb8UOcSL2ZOq5Ks7xX6e25fpJjHUP27QnflnZaV1uSK/K9hgCjDVm7rrqpdb++twbMs7Z8owd6ZAsI8i9bT51/DhqZZHdqSVf/9tPApW0kpJsDivSv5QCkyPxekXwo9hTVTaW0bd+yK/iEN5cGtO0fQGydP77k/MndrMTMQVRiX2RVCYeBueDM+QG1QPhW3Afr9BgfbWWWL/Zma2lod9u+hM3FwH5RPavVp/eYpzv7Xt6WEMfO7M1YXuFmYaPMMzSNDcW4uudDQv0FOUtLnO35Jv5KoAB1P4O0oUJceFPx/Fslk1efH5TR0B6SQXGHUAjkxDIuJlUZvlbO+0jGjf+JFyn6JnlcI22Ryb/9VPpUPOOQOUTM/U6kRK5u8gBD7r0XtsBq+TU8HD/2+MYkcqDAOTxsk6hH2H6XpFluhrc5eoRmqCf8Oq7hF9HPnTFIjbr970J5Xc25c9BnUrv619Vr4eXdCqVEYDyc9fQBBGRQhEd8Ms4WIb5dlepjj52ZF229fz5sJSlDirM8PnozzOF7u5iWtqXsb9Sb80phNMgJr4JC6Qwrf9+ZNPiqqebeJHQ2lNar0KcUSjvzziFIQC9aAagGMYR9H2QQ88IA== x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?8lt5QIQu48iymPV+EeRQs1BIgxpdPbzEVnshA22eBEeNQlJmZtcrYZWqKozf?= =?us-ascii?Q?bmrBIyzuzuPNF92ksWLosIzcSzcxKTqmXqr0ykgyE4rka6gBwjwpQw6Y3JjE?= =?us-ascii?Q?hTcwDL2LUmIMikq4hE9CBtIctT49lh8udqlW7tzErOr+5yvqVe8cr4oNNpYz?= =?us-ascii?Q?paWaTgheOOM0AZIk7VoTDG/UDT9tAVbVhPBgu8JUlXxQA+85AzkgDQLNoqtT?= =?us-ascii?Q?0PF1/VCsL6/CqQUqXXfu9/X6tmSn3YJi16cp6DHvDj4TCy/u7De9/9t++Z32?= =?us-ascii?Q?df616RCfsD8+F+XXb7sbmY3kCWyuxYQfMQTPkvAvsZM6fgrM/ndaijckskCK?= =?us-ascii?Q?WDUSnGK6hQn835Kf/AZEUpSMpuiBWbtSyP0r4Arvx1zK/HoVL1NcAxIX8eMG?= =?us-ascii?Q?eFjQG9V0tXHc/QnI/QnUzwr+hykuse0pK2gGWgO5Qk1UT5yHIYGikK5nNpRm?= =?us-ascii?Q?Gq1ib/4QOykt3E/dB+afYtAA/qZ3+EUJQdxlPgm1GILEaFH0c9pu3cCo3sfr?= =?us-ascii?Q?DuKcFYjX2lTfKRkoYV+9E7oX1XT85ZUYlAmfsH9xXA1tV3emnhkzyj3emqas?= =?us-ascii?Q?IaWDaxdR1XA/FNA3xe+OnA3AYrUg00+eS30fQTJrs8j9leT1T4QQdSpM+xxD?= =?us-ascii?Q?wRWOIKPyWqFGDqjXFT+4gev0QLfVteyPc/cdOZqzNL1GaADlfkEAcLU0nsZj?= =?us-ascii?Q?5rZEuba0Xo/VC0flf8JZ/L8YUQ6SIa6vmUL5atuL3jcxiyJVkmIrvBn3NQ0H?= =?us-ascii?Q?fs5MGdyVi8oHnr40MH7Mz+9g7g0uljUVsRLCwgn9qUtG6ufZr8sI0VdNAzhP?= =?us-ascii?Q?wteKU3yrX4ip0BJSoDPoa/zK0miAQRPGzv6dLkdl/zgL10osmQ9rggd7q9QR?= =?us-ascii?Q?pln+aGEmGw1hWmD2YpVj8wEpT0c/w0H3OR8iRSu/41PF4m8NvLGKsqOUTa+S?= =?us-ascii?Q?mpspxQilEtk2uRdHLreoD22q4ATe6PtvV33ggdmVe5HeARKhKcXRA28ZdExq?= =?us-ascii?Q?OP+q/TqxyFMow1z+ft+8xDd34KN28X4TPlunZSgiTIMMVonei/kOgU2VQxpx?= =?us-ascii?Q?Iu620wRfcXuqK9q1KloKxr5s2dTRrVJ/TQTYX4rHLvPWCMvIZBrU3mbHSHsW?= =?us-ascii?Q?oqCnrRZUqSwu9aBxV5mA49O9Umg3b+9UXwiUx8Ifxd6NLFToS/mgIS3lQvBv?= =?us-ascii?Q?mr4FEkp5Krjc78LXsQKSEOnTV4LgkLfeg05cPQUX8sZ+nBztJflXx2kzcWwT?= =?us-ascii?Q?5/3iByNBooZnf18tSEjyhfjsTCbhfhBvYUUx/C6XMoVWlrSDYuPE3Dhvh1BF?= =?us-ascii?Q?2k/DFZ0zJzpcsFN49qa/lNC+MGti8kLFUf+uKHKRLPxm1d6zJONCNtpQH7Lq?= =?us-ascii?Q?IRC2EAscJXfv1HtmH+iEJ6O4c9ppP7vOwQYnpYodlKI7qAN1JwsC9rF9BCjW?= =?us-ascii?Q?++ftgWhQ+PHY0lcluIsU4B80ktmLhZ7eJCNHR0FWmXTeIvu/XBlaPN8UJthY?= =?us-ascii?Q?TcKMMUBTfllK3huQqQ0aznJZRFLKHkCAg+cv9GGww+I6W8dYkQQgp5QrsYIH?= =?us-ascii?Q?aDSJDenrVBZCNewykuZ7XaNIJKY4L0PDWeKLU63p?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN0PR11MB6158.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ea4ff32a-6a74-4fc3-d254-08dbdf8939a9 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2023 12:01:07.3693 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3eG7eER9Mgn9UlAJwcsbzCUkNhTGrJf4wNtrMMZreowDvRFdpBLkfstFgRwpBV1Olfa7GJqAqKrUHtQSUmabxQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR11MB7839 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiaxin.wu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: b4dBsPPZqWBECd3azCxifR2Kx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=N8RD6+2I; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Hi Ray & Laszlo, Any more comments to this? Thanks, Jiaxin > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Wu, > Jiaxin > Sent: Tuesday, November 7, 2023 9:25 AM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Zeng, S= tar > ; Gerd Hoffmann ; Kumar, Rahul R > ; Laszlo Ersek > Subject: [edk2-devel] [PATCH v4] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP > Exception when CET enable >=20 > Root cause: > 1. Before DisableReadonlyPageWriteProtect() is called, the return > address (#1) is pushed in shadow stack. > 2. CET is disabled. > 3. DisableReadonlyPageWriteProtect() returns to #1. > 4. Page table is modified. > 5. EnableReadonlyPageWriteProtect() is called, but the return > address (#2) is not pushed in shadow stack. > 6. CET is enabled. > 7. EnableReadonlyPageWriteProtect() returns to #2. > #CP exception happens because the actual return address (#2) > doesn't match the return address stored in shadow stack (#1). >=20 > Analysis: > Shadow stack will stop update after CET disable (DisableCet() in > DisableReadOnlyPageWriteProtect), but normal smi stack will be > continue updated with the function called and return > (DisableReadOnlyPageWriteProtect & EnableReadOnlyPageWriteProtect), > thus leading stack mismatch after CET re-enabled (EnableCet() in > EnableReadOnlyPageWriteProtect). >=20 > According SDM Vol 3, 6.15-Control Protection Exception: > Normal smi stack and shadow stack must be matched when CET enable, > otherwise CP Exception will happen, which is caused by a near RET > instruction. >=20 > CET is disabled in DisableCet(), while can be enabled in > EnableCet(). This way won't cause the problem because they are > implemented in a way that return address of DisableCet() is > poped out from shadow stack (Incsspq performs a pop to increases > the shadow stack) and EnableCet() doesn't use "RET" but "JMP" to > return to caller. So calling EnableCet() and DisableCet() doesn't > have the same issue as calling DisableReadonlyPageWriteProtect() > and EnableReadonlyPageWriteProtect(). >=20 > With above root cause & analysis, define below 2 macros instead of > functions for WP & CET operation: > WRITE_UNPROTECT_RO_PAGES (Wp, Cet) > WRITE_PROTECT_RO_PAGES (Wp, Cet) > Because DisableCet() & EnableCet() must be in the same function > to avoid shadow stack and normal SMI stack mismatch. >=20 > Note: WRITE_UNPROTECT_RO_PAGES () must be called pair with > WRITE_PROTECT_RO_PAGES () in same function. >=20 > Cc: Eric Dong > Cc: Ray Ni > Cc: Zeng Star > Cc: Gerd Hoffmann > Cc: Rahul Kumar > Cc: Laszlo Ersek > Signed-off-by: Jiaxin Wu > --- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 59 > +++++++++++++---- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 73 > +++++++++------------- > UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 7 ++- > 3 files changed, 81 insertions(+), 58 deletions(-) >=20 > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > index 654935dc76..20ada465c2 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > @@ -1551,29 +1551,64 @@ VOID > SmmWaitForApArrival ( > VOID > ); >=20 > /** > - Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1= . > + Write unprotect read-only pages if Cr0.Bits.WP is 1. > + > + @param[out] WriteProtect If Cr0.Bits.WP is enabled. >=20 > - @param[out] WpEnabled If Cr0.WP is enabled. > - @param[out] CetEnabled If CET is enabled. > **/ > VOID > -DisableReadOnlyPageWriteProtect ( > - OUT BOOLEAN *WpEnabled, > - OUT BOOLEAN *CetEnabled > +SmmWriteUnprotectReadOnlyPage ( > + OUT BOOLEAN *WriteProtect > ); >=20 > /** > - Enable Write Protect on pages marked as read-only. > + Write protect read-only pages. > + > + @param[in] WriteProtect If Cr0.Bits.WP should be enabled. >=20 > - @param[out] WpEnabled If Cr0.WP should be enabled. > - @param[out] CetEnabled If CET should be enabled. > **/ > VOID > -EnableReadOnlyPageWriteProtect ( > - BOOLEAN WpEnabled, > - BOOLEAN CetEnabled > +SmmWriteProtectReadOnlyPage ( > + IN BOOLEAN WriteProtect > ); >=20 > +/// > +/// Define macros to encapsulate the write unprotect/protect > +/// read-only pages. > +/// Below pieces of logic are defined as macros and not functions > +/// because "CET" feature disable & enable must be in the same > +/// function to avoid shadow stack and normal SMI stack mismatch, > +/// thus WRITE_UNPROTECT_RO_PAGES () must be called pair with > +/// WRITE_PROTECT_RO_PAGES () in same function. > +/// > +/// @param[in,out] Wp A BOOLEAN variable local to the containing > +/// function, carrying write protection status from > +/// WRITE_UNPROTECT_RO_PAGES() to > +/// WRITE_PROTECT_RO_PAGES(). > +/// > +/// @param[in,out] Cet A BOOLEAN variable local to the containing > +/// function, carrying control flow integrity > +/// enforcement status from > +/// WRITE_UNPROTECT_RO_PAGES() to > +/// WRITE_PROTECT_RO_PAGES(). > +/// > +#define WRITE_UNPROTECT_RO_PAGES(Wp, Cet) \ > + do { \ > + Cet =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0); \ > + if (Cet) { \ > + DisableCet (); \ > + } \ > + SmmWriteUnprotectReadOnlyPage (&Wp); \ > + } while (FALSE) > + > +#define WRITE_PROTECT_RO_PAGES(Wp, Cet) \ > + do { \ > + SmmWriteProtectReadOnlyPage (Wp); \ > + if (Cet) { \ > + EnableCet (); \ > + } \ > + } while (FALSE) > + > #endif > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > index 6f49866615..3d445df213 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > @@ -39,64 +39,47 @@ PAGE_TABLE_POOL *mPageTablePool =3D NULL; > // If memory used by SMM page table has been mareked as ReadOnly. > // > BOOLEAN mIsReadOnlyPageTable =3D FALSE; >=20 > /** > - Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1= . > + Write unprotect read-only pages if Cr0.Bits.WP is 1. > + > + @param[out] WriteProtect If Cr0.Bits.WP is enabled. >=20 > - @param[out] WpEnabled If Cr0.WP is enabled. > - @param[out] CetEnabled If CET is enabled. > **/ > VOID > -DisableReadOnlyPageWriteProtect ( > - OUT BOOLEAN *WpEnabled, > - OUT BOOLEAN *CetEnabled > +SmmWriteUnprotectReadOnlyPage ( > + OUT BOOLEAN *WriteProtect > ) > { > IA32_CR0 Cr0; >=20 > - *CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FAL= SE; > - Cr0.UintN =3D AsmReadCr0 (); > - *WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; > - if (*WpEnabled) { > - if (*CetEnabled) { > - // > - // CET must be disabled if WP is disabled. Disable CET before clea= ring > CR0.WP. > - // > - DisableCet (); > - } > - > + Cr0.UintN =3D AsmReadCr0 (); > + *WriteProtect =3D (Cr0.Bits.WP !=3D 0); > + if (*WriteProtect) { > Cr0.Bits.WP =3D 0; > AsmWriteCr0 (Cr0.UintN); > } > } >=20 > /** > - Enable Write Protect on pages marked as read-only. > + Write protect read-only pages. > + > + @param[in] WriteProtect If Cr0.Bits.WP should be enabled. >=20 > - @param[out] WpEnabled If Cr0.WP should be enabled. > - @param[out] CetEnabled If CET should be enabled. > **/ > VOID > -EnableReadOnlyPageWriteProtect ( > - BOOLEAN WpEnabled, > - BOOLEAN CetEnabled > +SmmWriteProtectReadOnlyPage ( > + IN BOOLEAN WriteProtect > ) > { > IA32_CR0 Cr0; >=20 > - if (WpEnabled) { > + if (WriteProtect) { > Cr0.UintN =3D AsmReadCr0 (); > Cr0.Bits.WP =3D 1; > AsmWriteCr0 (Cr0.UintN); > - > - if (CetEnabled) { > - // > - // re-enable CET. > - // > - EnableCet (); > - } > } > } >=20 > /** > Initialize a buffer pool for page table use only. > @@ -119,11 +102,11 @@ BOOLEAN > InitializePageTablePool ( > IN UINTN PoolPages > ) > { > VOID *Buffer; > - BOOLEAN WpEnabled; > + BOOLEAN WriteProtect; > BOOLEAN CetEnabled; >=20 > // > // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one > page for > // header. > @@ -157,13 +140,15 @@ InitializePageTablePool ( >=20 > // > // If page table memory has been marked as RO, mark the new pool pages= as > read-only. > // > if (mIsReadOnlyPageTable) { > - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); > + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); > + > SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, > EFI_PAGES_TO_SIZE (PoolPages), EFI_MEMORY_RO); > - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); > + > + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); > } >=20 > return TRUE; > } >=20 > @@ -1009,11 +994,11 @@ SetMemMapAttributes ( > UINTN PageTable; > EFI_STATUS Status; > IA32_MAP_ENTRY *Map; > UINTN Count; > UINT64 MemoryAttribute; > - BOOLEAN WpEnabled; > + BOOLEAN WriteProtect; > BOOLEAN CetEnabled; >=20 > SmmGetSystemConfigurationTable > (&gEdkiiPiSmmMemoryAttributesTableGuid, (VOID > **)&MemoryAttributesTable); > if (MemoryAttributesTable =3D=3D NULL) { > DEBUG ((DEBUG_INFO, "MemoryAttributesTable - NULL\n")); > @@ -1055,11 +1040,11 @@ SetMemMapAttributes ( > Status =3D PageTableParse (PageTable, mPagingMode, Map, &Count); > } >=20 > ASSERT_RETURN_ERROR (Status); >=20 > - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); > + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); >=20 > MemoryMap =3D MemoryMapStart; > for (Index =3D 0; Index < MemoryMapEntryCount; Index++) { > DEBUG ((DEBUG_VERBOSE, "SetAttribute: Memory Entry - 0x%lx, 0x%x\n", > MemoryMap->PhysicalStart, MemoryMap->NumberOfPages)); > if (MemoryMap->Type =3D=3D EfiRuntimeServicesCode) { > @@ -1085,11 +1070,12 @@ SetMemMapAttributes ( > ); >=20 > MemoryMap =3D NEXT_MEMORY_DESCRIPTOR (MemoryMap, > DescriptorSize); > } >=20 > - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); > + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); > + > FreePool (Map); >=20 > PatchSmmSaveStateMap (); > PatchGdtIdtMap (); >=20 > @@ -1392,18 +1378,18 @@ SetUefiMemMapAttributes ( > EFI_STATUS Status; > EFI_MEMORY_DESCRIPTOR *MemoryMap; > UINTN MemoryMapEntryCount; > UINTN Index; > EFI_MEMORY_DESCRIPTOR *Entry; > - BOOLEAN WpEnabled; > + BOOLEAN WriteProtect; > BOOLEAN CetEnabled; >=20 > PERF_FUNCTION_BEGIN (); >=20 > DEBUG ((DEBUG_INFO, "SetUefiMemMapAttributes\n")); >=20 > - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); > + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); >=20 > if (mUefiMemoryMap !=3D NULL) { > MemoryMapEntryCount =3D mUefiMemoryMapSize/mUefiDescriptorSize; > MemoryMap =3D mUefiMemoryMap; > for (Index =3D 0; Index < MemoryMapEntryCount; Index++) { > @@ -1479,11 +1465,11 @@ SetUefiMemMapAttributes ( >=20 > Entry =3D NEXT_MEMORY_DESCRIPTOR (Entry, > mUefiMemoryAttributesTable->DescriptorSize); > } > } >=20 > - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); > + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); >=20 > // > // Do not free mUefiMemoryAttributesTable, it will be checked in > IsSmmCommBufferForbiddenAddress(). > // >=20 > @@ -1870,11 +1856,11 @@ IfReadOnlyPageTableNeeded ( > VOID > SetPageTableAttributes ( > VOID > ) > { > - BOOLEAN WpEnabled; > + BOOLEAN WriteProtect; > BOOLEAN CetEnabled; >=20 > if (!IfReadOnlyPageTableNeeded ()) { > return; > } > @@ -1884,20 +1870,21 @@ SetPageTableAttributes ( >=20 > // > // Disable write protection, because we need mark page table to be wri= te > protected. > // We need *write* page table memory, to mark itself to be *read only*= . > // > - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); > + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); >=20 > // Set memory used by page table as Read Only. > DEBUG ((DEBUG_INFO, "Start...\n")); > EnablePageTableProtection (); >=20 > // > // Enable write protection, after page table attribute updated. > // > - EnableReadOnlyPageWriteProtect (TRUE, CetEnabled); > + WRITE_PROTECT_RO_PAGES (TRUE, CetEnabled); > + > mIsReadOnlyPageTable =3D TRUE; >=20 > // > // Flush TLB after mark all page table pool as read only. > // > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c > index 7ac3c66f91..8142d3ceac 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c > @@ -592,11 +592,11 @@ InitPaging ( > UINT64 Base; > UINT64 Length; > UINT64 Limit; > UINT64 PreviousAddress; > UINT64 MemoryAttrMask; > - BOOLEAN WpEnabled; > + BOOLEAN WriteProtect; > BOOLEAN CetEnabled; >=20 > PERF_FUNCTION_BEGIN (); >=20 > PageTable =3D AsmReadCr3 (); > @@ -604,11 +604,12 @@ InitPaging ( > Limit =3D BASE_4GB; > } else { > Limit =3D (IsRestrictedMemoryAccess ()) ? LShiftU64 (1, > mPhysicalAddressBits) : BASE_4GB; > } >=20 > - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); > + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); > + > // > // [0, 4k] may be non-present. > // > PreviousAddress =3D ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & > BIT1) !=3D 0) ? BASE_4KB : 0; >=20 > @@ -670,11 +671,11 @@ InitPaging ( > // > Status =3D ConvertMemoryPageAttributes (PageTable, mPagingMode, > PreviousAddress, Limit - PreviousAddress, MemoryAttrMask, TRUE, NULL); > ASSERT_RETURN_ERROR (Status); > } >=20 > - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); > + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); >=20 > // > // Flush TLB > // > CpuFlushTlb (); > -- > 2.16.2.windows.1 >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110845): https://edk2.groups.io/g/devel/message/110845 Mute This Topic: https://groups.io/mt/102434876/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-