From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.4195.1685675349798743302 for ; Thu, 01 Jun 2023 20:09:10 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=HCqpc7QF; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: ray.ni@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685675349; x=1717211349; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=2zvUtzKII5gC83KByE65/LUqyCZORwobK8x5GLONi0U=; b=HCqpc7QF868AGuBtXtURTApBvUOfRMJOdF/kGgriiOuh+ktYx9VjtQ// lapm3+AVSahaXof+E7Jysi9zWWVaUTHpG9nwS8HOZpLfEGS8izmCpgT79 HsxV1et0BcLnpBxbB+awGy+BkCyUjZutCG7aS1H7MJI/g/nAp63MeWu5y uomtl07lLXSv48RH91Jw4o1/7+JnG4g9UCPQ910vbXQO67ne5mWXHwtPv dom8qigeAGJhypKk2FlcHzjafBrSsrfdsZ2XmpgTUmA6urBZdmaWJOsNa qv+qieUnsZSIf2IB6EjS+6bIX69D+HyMBMHAlvyAeiwpoEFvgtRtEg1fY Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10728"; a="384029505" X-IronPort-AV: E=Sophos;i="6.00,211,1681196400"; d="scan'208";a="384029505" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jun 2023 20:09:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10728"; a="685125347" X-IronPort-AV: E=Sophos;i="6.00,211,1681196400"; d="scan'208";a="685125347" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga006.jf.intel.com with ESMTP; 01 Jun 2023 20:09:09 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 1 Jun 2023 20:09:08 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 1 Jun 2023 20:09:08 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Thu, 1 Jun 2023 20:09:08 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.176) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Thu, 1 Jun 2023 20:09:07 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UAr1oQoJJhOTc2Si0iu1gEPZTQi+ABGuJFaB6lA/IGBismr/0SiBq7Xy8eJWLV0bM8rk3CVu8HE3XlYRQBlfthAHP/SJKOHeLke+yGmctvTyPtfEIvSqZM29Xlj2q25juZ7vkaktUnx+qhKJzwJshGBO8XdWBPFN2qyppWaTNN1PeCkF/J582MWJAsclDcFu86sP/WA3HRLEaqCzVn34IRu9rtdYPeOuABAgLcif+rdV+ZlyduH9UWtnCoT+W42So53XdIjiZUVCWeqcJzIqRyQGUQQl+qGtFKJucIOkPNt6icUBn+jEfQhdFJOfhWDqEAQpSk1GCLTeuxAn6aq8OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w4O8cq87nrGJ5aOSKNj6VVrVZNVxtvFrXJ6/WWp9fz0=; b=f9lKPWijeCbW7W4arErbIPazzsrdUdMh7u5UDMgMW7V4zFcVjgYzTM6ppeEals5MLlnbJLa5v4HHjCt389+d29hDsmYEN8W4qp69Z0fjwmLIAABT51bnRAbYSOpxKpxcHeE1+sqw4WZl6nw24jqxiXNoYvUieGUJ+r/u5V6YlFgnJ3w1Bj5cAkVPeQd5ddWFpAas8nDskS6XHXt5Y7YYxEscxypq1nSOPJkMBn8i65KLS8xtCWOoXgTqkNf/wdw7ufYtdVIL1RSqgy3247exI2OB4z5cn8D5ivyp2CS3nqFtq7dD0bwcOdsm14QqWb5tUXo6Zyn33Qv5HOmBJxc4MA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by PH7PR11MB8123.namprd11.prod.outlook.com (2603:10b6:510:236::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.22; Fri, 2 Jun 2023 03:09:01 +0000 Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::892b:b8e6:bab7:635d]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::892b:b8e6:bab7:635d%3]) with mapi id 15.20.6455.020; Fri, 2 Jun 2023 03:09:00 +0000 From: "Ni, Ray" To: "Tan, Dun" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul R" , Gerd Hoffmann Subject: Re: [Patch V4 07/15] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP Thread-Topic: [Patch V4 07/15] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP Thread-Index: AQHZh91MGatpTlyfU0StU8Xn4AQfwa9272UA Date: Fri, 2 Jun 2023 03:09:00 +0000 Message-ID: References: <20230516095932.1525-1-dun.tan@intel.com> <20230516095932.1525-8-dun.tan@intel.com> In-Reply-To: <20230516095932.1525-8-dun.tan@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|PH7PR11MB8123:EE_ x-ms-office365-filtering-correlation-id: 0d9452a7-9efa-4ad1-5762-08db6316b66e x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: aN9+YW1FXoqGBF8wKiZiTgOVWl6vQlpRt7pOwH9BdzgI1wzAdSNiCvtgXOqh3Jjt7uwosm8I1ufUriBNQ4WXeayjflJ/XQ18oUGxTL/1gHjzwC6fJ5wXGd/x2nkU4KB1r1FbTSVrxSjOJkJLbtEi3if/RObyvi2B50SYmLcnnto1vq0tZc3tiIAfPEDq2ZXN8a8GPsT+aqmV97D9jVup4JWYTC6T0Uydf6eioxjTEr7XHZkGBeGPHc82J3fnj3MK8ViPjhiAmixD/8o3AFsJrQyJ2lo1QtWjQWxj1YpbJWOwFIiwGLSa5GuP5TYKHbPvrou9gT84AWYAaPpOTLuLE8cPylYV5K3KVSahId7sLhCw73VoR8ZyU1a+Mthnxr6gKl7RmDRyd+7AykKfRzcC7Lse9ugDPDqPDT2xsEqaQRh7ER08RlTARTXOFoFuDz4ilG4BSf2KnHuvZXCAz+HbpDbgITF4LQ/UvDlw815zdcLw67P2ufpQVQHF2kWmpBZidiM5ZaxaEYzwx0YkMiB4sWd5Hk1OGV6D4oX/yGf53XZo9fPEODOGEwmt7HBg/F2aHA0ONQayIraSR+4lDpdDH4tYwRWZBH56kCDZDmge3d3tqBkbvP3q+e3GNUSnpOf7 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN6PR11MB8244.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(6029001)(376002)(39860400002)(366004)(346002)(396003)(136003)(451199021)(110136005)(54906003)(38070700005)(76116006)(66446008)(4326008)(6506007)(26005)(83380400001)(122000001)(316002)(86362001)(82960400001)(66946007)(478600001)(66476007)(66556008)(64756008)(2906002)(52536014)(33656002)(5660300002)(41300700001)(71200400001)(186003)(7696005)(55016003)(8676002)(38100700002)(8936002)(9686003)(53546011);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?nOPlOLAbI10zstJRSghbdy0j04LxY+u6hMiY5lU3r1lyztICA2rLEXddj6rs?= =?us-ascii?Q?IFMqPH/PjHKEs7y79F1KCfry+7qv1uWTHcybHd7xswgCxMS9l3u65+DD6lnG?= =?us-ascii?Q?kc/6OUlaim07KpMWqH7BR0X5qZX8P1NIG1iJ95/DZsGHyDKR0fYPlTXtNoQ9?= =?us-ascii?Q?ItXE3zzNLl8so1QaJ3TkD5up6i9DexVXEfQaW5BKF9HOXYZ8ZObIOh3xY9Oz?= =?us-ascii?Q?x69TSFhHVvJQbXaCNgF9pzPo0+wcs8+kXPtb0shLHZLK5pRevGAQT2OnE4W8?= =?us-ascii?Q?nNoz+63oTCgqFBdfi8fObPvFdvj5YvB+GJmNTfG8E49yYrO2guVaPYJrITcD?= =?us-ascii?Q?mH8FJlPEyRAepziyTdCkCw05kVCo/e4CeUA1gHgWJDSbn9Ty8kqCDoH6fJ0s?= =?us-ascii?Q?GKOBhk0S8iG7PmwwaC4VvzG/NoGyD2TUBWvYrk9YUf0ffFZjIvOUTO2DsLLt?= =?us-ascii?Q?VOxhpnk2fM9OoFbolHGGKD57/UhtsfKg0jtAQC8A7OQH06sI/ymkTwHkcuY6?= =?us-ascii?Q?Ep+lNNIH7F6NV6e0lARLWOaGaEiymqLBgSCSAhfL/uPx+8HhJJUxtwSB3Cp4?= =?us-ascii?Q?Puf49ySgxvtqPl2nKkOZ82gYL0eQucyn1UVBz+q5wYkETzVoozaMBH7ktPKo?= =?us-ascii?Q?3Piq8sBTBJIikALYicAriJvLitIf+oZXStVN/wKLwjyH3O6Sqa/FWBkH1igF?= =?us-ascii?Q?U1g3uLMZPWqIWhOrHSXTEy8e+pUe+YZa5ytnOIBCLwQS5Cov0h6NYQ3uiypo?= =?us-ascii?Q?je1eKikrmTyPRdyiESRm9HlG9KfIivBocwaruIO4J9DUuMa+JKBGldGn8g5s?= =?us-ascii?Q?b13DDUa9/cZECGbFEs1SUAlqLBVALK/XIYXbIE69wcowtiUKZ0uyRrRNYgn4?= =?us-ascii?Q?5qM3gb/8QNP0g3KkUyff0tB1t5RDlXH8UcUpwMfKyXY6nDZXZ3314tuNPLYS?= =?us-ascii?Q?AtVI/yTQ8QisnUcy+rqadlwkEcKgmRoox4+QIk0iKBfjRoIT2qaiK48wx1B7?= =?us-ascii?Q?B8QB/mHeJGy28lS0R7f/jDIWg09P9T7H2IenJklUz4PdR/Fk2Nb82L4OolII?= =?us-ascii?Q?mYxGkS+kUeGCcAjjEeRsrZVed6XPxi4yPmyNiDIEWjYGatfKD+6OM9pSWKwo?= =?us-ascii?Q?X/AMmD19OQURg/+B26KlfdHKRXJxw9XDM9iPc0d6Bg62Nc4ZaAFR2X7/Fy20?= =?us-ascii?Q?1ZmzrWE7MdwWM4XuPFLslv1vMGQlk65P9hub3egVtvHUrDwGBUS6+kEQdcPm?= =?us-ascii?Q?/jfrDaAp3kXPCZrzobEehVdt2jEYS4/V3dCprYWag0cGM22CMvW0AB+SSRQe?= =?us-ascii?Q?wPAwEPUqS/5ZdrVXbcbPXoUNHLTaf0DIfssr1cW+0GE0AoanWy+DqJNvuyjc?= =?us-ascii?Q?HWa+Fm8mOkkEiA1iRbE4YUWOjjtwQwh7SwenX4tOXIoQhwHDqpGA8e/9Sows?= =?us-ascii?Q?6mD7Mm6nuOegA0BzsH2yzl70TObsGcx74VDF9TegslQcxkBl89t40MJWHz60?= =?us-ascii?Q?/P8gYbm95U00KRK+ripG2ykD4VkeGblOWFEUGvU4lTf3uF5c5FxmDX+xrh57?= =?us-ascii?Q?8iOYpnKYUCVC16aWnTs=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0d9452a7-9efa-4ad1-5762-08db6316b66e X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2023 03:09:00.4100 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3p5H16jts1/WJXtizFRRd4gsf/qEb35gHAPAxQqmaH+Lpn9CqAkncBmFCt6mwg0/xsDnIagWmHOf7vgFm63O2A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB8123 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Ray Ni > -----Original Message----- > From: Tan, Dun > Sent: Tuesday, May 16, 2023 5:59 PM > To: devel@edk2.groups.io > Cc: Dong, Eric ; Ni, Ray ; Kumar, = Rahul > R ; Gerd Hoffmann > Subject: [Patch V4 07/15] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to > disable/enable CR0.WP >=20 > Add two functions to disable/enable CR0.WP. These two unctions > will also be used in later commits. This commit doesn't change any > functionality. >=20 > Signed-off-by: Dun Tan > Cc: Eric Dong > Cc: Ray Ni > Cc: Rahul Kumar > Cc: Gerd Hoffmann > --- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 24 > ++++++++++++++++++++++++ > UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 115 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > +------------------------------------------------- > 2 files changed, 90 insertions(+), 49 deletions(-) >=20 > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > index ba341cadc6..e0c4ca76dc 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h > @@ -1565,4 +1565,28 @@ SmmWaitForApArrival ( > VOID > ); >=20 > +/** > + Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1= . > + > + @param[out] WpEnabled If Cr0.WP is enabled. > + @param[out] CetEnabled If CET is enabled. > +**/ > +VOID > +DisableReadOnlyPageWriteProtect ( > + OUT BOOLEAN *WpEnabled, > + OUT BOOLEAN *CetEnabled > + ); > + > +/** > + Enable Write Protect on pages marked as read-only. > + > + @param[out] WpEnabled If Cr0.WP should be enabled. > + @param[out] CetEnabled If CET should be enabled. > +**/ > +VOID > +EnableReadOnlyPageWriteProtect ( > + BOOLEAN WpEnabled, > + BOOLEAN CetEnabled > + ); > + > #endif > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > index 2faee8f859..4b512edf68 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c > @@ -40,6 +40,64 @@ PAGE_TABLE_POOL *mPageTablePool =3D NULL; > // > BOOLEAN mIsReadOnlyPageTable =3D FALSE; >=20 > +/** > + Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1= . > + > + @param[out] WpEnabled If Cr0.WP is enabled. > + @param[out] CetEnabled If CET is enabled. > +**/ > +VOID > +DisableReadOnlyPageWriteProtect ( > + OUT BOOLEAN *WpEnabled, > + OUT BOOLEAN *CetEnabled > + ) > +{ > + IA32_CR0 Cr0; > + > + *CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FAL= SE; > + Cr0.UintN =3D AsmReadCr0 (); > + *WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; > + if (*WpEnabled) { > + if (*CetEnabled) { > + // > + // CET must be disabled if WP is disabled. Disable CET before clea= ring > CR0.WP. > + // > + DisableCet (); > + } > + > + Cr0.Bits.WP =3D 0; > + AsmWriteCr0 (Cr0.UintN); > + } > +} > + > +/** > + Enable Write Protect on pages marked as read-only. > + > + @param[out] WpEnabled If Cr0.WP should be enabled. > + @param[out] CetEnabled If CET should be enabled. > +**/ > +VOID > +EnableReadOnlyPageWriteProtect ( > + BOOLEAN WpEnabled, > + BOOLEAN CetEnabled > + ) > +{ > + IA32_CR0 Cr0; > + > + if (WpEnabled) { > + Cr0.UintN =3D AsmReadCr0 (); > + Cr0.Bits.WP =3D 1; > + AsmWriteCr0 (Cr0.UintN); > + > + if (CetEnabled) { > + // > + // re-enable CET. > + // > + EnableCet (); > + } > + } > +} > + > /** > Initialize a buffer pool for page table use only. >=20 > @@ -62,10 +120,9 @@ InitializePageTablePool ( > IN UINTN PoolPages > ) > { > - VOID *Buffer; > - BOOLEAN CetEnabled; > - BOOLEAN WpEnabled; > - IA32_CR0 Cr0; > + VOID *Buffer; > + BOOLEAN WpEnabled; > + BOOLEAN CetEnabled; >=20 > // > // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one p= age > for > @@ -102,34 +159,9 @@ InitializePageTablePool ( > // If page table memory has been marked as RO, mark the new pool pages= as > read-only. > // > if (mIsReadOnlyPageTable) { > - CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FA= LSE; > - Cr0.UintN =3D AsmReadCr0 (); > - WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; > - if (WpEnabled) { > - if (CetEnabled) { > - // > - // CET must be disabled if WP is disabled. Disable CET before cl= earing > CR0.WP. > - // > - DisableCet (); > - } > - > - Cr0.Bits.WP =3D 0; > - AsmWriteCr0 (Cr0.UintN); > - } > - > + DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); > SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, > EFI_PAGES_TO_SIZE (PoolPages), EFI_MEMORY_RO); > - if (WpEnabled) { > - Cr0.UintN =3D AsmReadCr0 (); > - Cr0.Bits.WP =3D 1; > - AsmWriteCr0 (Cr0.UintN); > - > - if (CetEnabled) { > - // > - // re-enable CET. > - // > - EnableCet (); > - } > - } > + EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); > } >=20 > return TRUE; > @@ -1782,6 +1814,7 @@ SetPageTableAttributes ( > VOID > ) > { > + BOOLEAN WpEnabled; > BOOLEAN CetEnabled; >=20 > if (!IfReadOnlyPageTableNeeded ()) { > @@ -1794,15 +1827,7 @@ SetPageTableAttributes ( > // Disable write protection, because we need mark page table to be wri= te > protected. > // We need *write* page table memory, to mark itself to be *read only*= . > // > - CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALS= E; > - if (CetEnabled) { > - // > - // CET must be disabled if WP is disabled. > - // > - DisableCet (); > - } > - > - AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP); > + DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); >=20 > // Set memory used by page table as Read Only. > DEBUG ((DEBUG_INFO, "Start...\n")); > @@ -1811,20 +1836,12 @@ SetPageTableAttributes ( > // > // Enable write protection, after page table attribute updated. > // > - AsmWriteCr0 (AsmReadCr0 () | CR0_WP); > + EnableReadOnlyPageWriteProtect (TRUE, CetEnabled); > mIsReadOnlyPageTable =3D TRUE; >=20 > // > // Flush TLB after mark all page table pool as read only. > // > FlushTlbForAll (); > - > - if (CetEnabled) { > - // > - // re-enable CET. > - // > - EnableCet (); > - } > - > return; > } > -- > 2.31.1.windows.1