From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1CAAC9414E7 for ; Mon, 6 Nov 2023 09:41:23 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=jk0q7m8dNgpIAqPNhrrZweI9v/I6e7P6nRlj1vuFGlE=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:msip_labels:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type; s=20140610; t=1699263682; v=1; b=Jswk+/4qK0+g/XlNL7kaPPW/md34FJvXyga/uo9xh9KEJandSzcQ3hMZodhcEnWtJ1bcZOu2 2AQYwrjPTso+4tK1k7q3BEbgG+yrqDmHb70bd0rrwJ+gnXEf+TAKPw2laL1Htt+TF5YHXH4VzB6 hMYsrWK3fWGKztCDMJwivgCI= X-Received: by 127.0.0.2 with SMTP id 6c5NYY7687511xg4VJVnAbgU; Mon, 06 Nov 2023 01:41:22 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.50187.1699263681469855577 for ; Mon, 06 Nov 2023 01:41:21 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10885"; a="455724675" X-IronPort-AV: E=Sophos;i="6.03,281,1694761200"; d="scan'208,217";a="455724675" X-Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Nov 2023 01:41:20 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.03,281,1694761200"; d="scan'208,217";a="10048012" X-Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orviesa001.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 06 Nov 2023 01:41:21 -0800 X-Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Mon, 6 Nov 2023 01:41:19 -0800 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Mon, 6 Nov 2023 01:41:19 -0800 X-Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34 via Frontend Transport; Mon, 6 Nov 2023 01:41:19 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.34; Mon, 6 Nov 2023 01:40:43 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qj12mNPJS7AF7ZxUqNoSBUWzbsbjUVCLYKTxsuj1JV8Q3mSPToLvYpNzwsg6+qY8ef6auca8O9+X9S9ZQRabHPz7ni35ipFjKBY/q1Og7oeNwVWxjyfmBwBpp13KWJGKeFbFbaDoW08cikE6QOQC79lOLJ6lq23Zs17E/u0BWZpBNNT3w9UMCRndpdkhc8vLbsqr71hHWq+fIekJmEPKXEOIf1XZzCulhtEPm5hgq3cOzFHkjOc8OSjbGWPSA31Kq2B2DarrSLDLSe5Xo35AILmiCrMTjUTkcgvMR2YL7vbP0a5rfgE4kPBY7kgcgdW6g54N780GFQlshBdzreex/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9Y2DlyaiZEgvhaGbnvxHf9IqBCsz1kLjOgj5mitq/PU=; b=RpWNxZcGs231OAQcoBD9+hk24YCOC1sH/OVPYuUACR7XPH3k0Vl4HLhes0QBV92i4UGJJjVzRoAM6EvDc+nRRNNH3TvBBYOSoAmZwxg63P41omOMqHf0ievFU7ewcOQLdQ3mMQ5DoNuqkntSCBozaH8L0QUZX0teiNP09uj9y0I7v1G3BCjIFU8OEv79ml+duY+ncsZrbm3/KjXNKYHnPacu8T14BKz+7SXRUdhhMiCiPOpisV+F69YC/qm3JHaRWLvGWIFq2OT5kfDvMUNPs5bPCRSNvMUXqkS5zuki7kzsveUemueuGSXO3DHxITnKyMB1u2/oWjWwhNUEsDNyAA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by DS0PR11MB8688.namprd11.prod.outlook.com (2603:10b6:8:1a0::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.28; Mon, 6 Nov 2023 09:40:40 +0000 X-Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::b614:1f5e:8b0c:9858]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::b614:1f5e:8b0c:9858%4]) with mapi id 15.20.6954.028; Mon, 6 Nov 2023 09:40:39 +0000 From: "Ni, Ray" To: "Wu, Jiaxin" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Zeng, Star" , Gerd Hoffmann , "Kumar, Rahul R" , Laszlo Ersek Subject: Re: [edk2-devel] [PATCH v3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET enable Thread-Topic: [PATCH v3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET enable Thread-Index: AQHaEFt7NnnJUDWH1ku/XZTOnj+BaLBs8WFY Date: Mon, 6 Nov 2023 09:40:39 +0000 Message-ID: References: <20231106024633.8140-1-jiaxin.wu@intel.com> In-Reply-To: <20231106024633.8140-1-jiaxin.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|DS0PR11MB8688:EE_ x-ms-office365-filtering-correlation-id: fe27586b-1817-4ff3-1eab-08dbdeac6fa0 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: 3wkT5UDZefUTbuDmfCpsInpRvYJJKRVMBNwQYRS5oWkrHsglTpuRwRcSxI+i2tcDfcE+BKDGoBUN5SAyzpAivpEGR5iqMYGFZASZ/xuwnOwIQtsSCY1FMswKGV304CRRg3utmOO0qvX3lIK4t/z3efHXURtyYjFEynNwY7sAVzoWDN29o38O6xQap7eSj8LX44+yFQCwreP8bPYmzKgk66pEWOkbyYnV/VlScSK0SLQP41sxd2ryTbxZ7wAA/YPme7LXtagoN0lkKDBNC2vPhTgzrUkFuTXwb7oYvJ9b1+HpndGxYo2ZUzrrSXmHHElvZo+zDURlnUA38vl1WF71ZzIa1GBxzrKnfTOLEWq9JDJD3H5V6faU+iDJ2aX4jb6Dc1qOknvIumu592I3s0Ob1kDeHFFchMPcZ2PW0pKSWMc5xq4wsa4D83n8ObJxCvPsCcMK9wN3GJcG9MYXu09gQk1tLngW4AOf/tBa/fzT/raddp1BkGeylGa+my3Gb9AiQfLtBWGIj605blsiX1ds/PVcIqH2Jd1ic2eNWgjBZ66wwA2k1eUkqBOkcYFefNb4gDU/NZ/oHdCppOf+BHz+vAZ89XbA+MR+pHTBBd48fELN0LSu7bji9PKkPQnGKSUx x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?WDSv+l51YVa99jdWniwfGnPMwa59m4/CX7YzyWQZppbpe+SXvpOqHXEbm7?= =?iso-8859-1?Q?WacA+IMkGvMHdaATpTzf5ElRBJjQishoREPEeaKNQqFijLoFWp3PveHzUX?= =?iso-8859-1?Q?EOGQG9gi99B8gltyOeuEfya9xxx6VtIUoaH2EeoZ78KUFAooZ+hCCdIrQT?= =?iso-8859-1?Q?4mfE+Yxz/6wUa7SA1367kLdlbREGP+NBprCYuNJzIJK4g59uCyEgwVpy7A?= =?iso-8859-1?Q?HnHrGhwd+R3PzdDOgcts5wsKj9KC0BoLtkW8peZqLGZxBUIbKn1Wx8amEm?= =?iso-8859-1?Q?J+zgecZr7gFQM4YvqZoHg7dH2G8Plavy4RIsIW5zTDa/ei5ieTd8OHoqNn?= =?iso-8859-1?Q?9jmTkJF6fvNASG5cyq0sCiw7JYbFXof1tf/RHM1FTR9b18HoEax3EiN774?= =?iso-8859-1?Q?sf8/I7u/HHfLL2dIQ/095Qka08DhuSfivfYJD7aNIjGWsPKditt1P8Bybc?= =?iso-8859-1?Q?O2odq/jrWM7C7FeQ/VFWbaDetKb9LPHzLXVFx4jEjnIv2hfvXGgQKpoG/F?= =?iso-8859-1?Q?A5G94VFxEdBgPDb10DntF3u6zEjqmD5r1FfMwWTQPvvEoTaYhdM83j7Sh8?= =?iso-8859-1?Q?gS59f98zo/IKjNZI2YEjjE/q4oIYCmuS3ZjD0bS5MHyYOgzGPZVcxcqKEh?= =?iso-8859-1?Q?AHPIYeR1ycwRAYlQ9C3llN3eEyuos8TqFd4kgU0xQa4DRzwx3+KhMFTM95?= =?iso-8859-1?Q?/yEe8dpOrQ2JUcMeirUBfTEqaZToQdX0F3JYUBneo/07WR1h151l2EsgnG?= =?iso-8859-1?Q?NlQQRG/EKvg2cnWZ674ZYbtSQOt6r1H1lt06D3DQBeByP+BY08nGs8fE+X?= =?iso-8859-1?Q?1sd68dt+ZugrdYqp2xkTmGt9eWxfGXtlLkwxEfBD0bsDa56CWKtjoWoNVA?= =?iso-8859-1?Q?pcnxllN7yPynvUvyo0eEf3WNJos+wSYVcaA6G0ofz7XqE6MqtGro8ZA3oS?= =?iso-8859-1?Q?/viLjNVwlAYqKQv4/1vVHxtlqBe4tu/aE5apJWBvN6RHqV5XhA2PGzI/Ef?= =?iso-8859-1?Q?EXQCV6e3YJirsN5RgmHVt3frOpF5jxMjBFz5wR39/ebpfHKmD/b2t6p0Tw?= =?iso-8859-1?Q?U+gTJTXt/NWCIUcGgRpzc/yL0PqgeI5315nBQPJWv6dEIwgi9Wl4junqKJ?= =?iso-8859-1?Q?WW4by5lZgn1872VMEYUgg2moVrJQ5utIBUJx8Qi23cXUDMSPFiS/tIgxOe?= =?iso-8859-1?Q?duD3t/wI7TOWSXB4y2apvulcFZKQ+dQLIaNsB4AkDIzKsqezTvjtLvFV38?= =?iso-8859-1?Q?kCOsLLLieDhhHYiVrCZNlggXWcSBwVn0jiKBQfR7GlmtJjvKrE5CBQlphA?= =?iso-8859-1?Q?p9ALaW2J5ITA08M1swev4NApCbYZrzqIWs7RvK2xv+Uqgru+kpx2O012/C?= =?iso-8859-1?Q?f05UmMKqDjbqgpPnUVbs8FGMbTo/5GhEwXuk/o4aZ8FYAPV08neWh52Khw?= =?iso-8859-1?Q?sa9BoHNFl0erorrDvIfF6tfz3wm2LJqyETB3XWbFJZupSAiJAHAONsqc3i?= =?iso-8859-1?Q?auTW5cf1VJZ0FYujAKU5l05mrKcmNOgrrpjV5NAnTzIgjKKOc7QWekJI69?= =?iso-8859-1?Q?Bg8TwR6DzbedO5N4HtDH4xMne2YcqSVZXpqrlA7nLPs2qD0htp7wQ6pdoV?= =?iso-8859-1?Q?9h0cH/nIWwgHI=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fe27586b-1817-4ff3-1eab-08dbdeac6fa0 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2023 09:40:39.1132 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: BBCjl7S/pJrc7o9dUl2IVaDxXfl9+QvBJHpjyDVJMm/e2ANgs6raKZnwi49MrhxYgdr5czK36PoaBAcxh08ETw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB8688 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ray.ni@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: hBD39MqIsoqIJkGGYFOIxvIJx7686176AA= Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_MN6PR11MB8244FF7B91BC88AB138C44DB8CAAAMN6PR11MB8244namp_" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="Jswk+/4q"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io --_000_MN6PR11MB8244FF7B91BC88AB138C44DB8CAAAMN6PR11MB8244namp_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable The commit message doesn't explain the root cause of the issue very clearly= . (I am sure that you understand the issue very clearly. But I see improvemen= ts in explaining it.) I guess the root cause is due to the code flow as follows: 1. Before DisableReadonlyPageWriteProtect() is called, the return address (= #1) is pushed in shadow stack. 2. CET is disabled. 3. DisableReadonlyPageWriteProtect() returns to #1. 4. Page table is modified. 5. EnableReadonlyPageWriteProtect() is called, but the return address (#2) = is not pushed in shadow stack. 6. CET is enabled. 7. EnableReadonlyPageWriteProtect() returns to #2. #CP exception happens because the actual return address (#2) doesn't match = the return address stored in shadow stack (#1). If yes, can you update the commit to explain in above way? Also, please emphasize that EnableCet() and DisableCet() is implemented in= a way that return address of DisableCet() is poped out from shadow stack and EnableCet() doesn't use "RET" but "JMP" to return to = caller. So calling EnableCet() and DisableCet() doesn't have the same issue as calling DisableReadonlyPageWriteProtect() and Enable= ReadonlyPageWriteProtect(). Thanks, Ray ________________________________ From: Wu, Jiaxin Sent: Monday, November 6, 2023 10:46 AM To: devel@edk2.groups.io Cc: Dong, Eric ; Ni, Ray ; Zeng, Sta= r ; Gerd Hoffmann ; Kumar, Rahul R = ; Laszlo Ersek Subject: [PATCH v3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception when CET en= able Shadow stack will stop update after CET disable (DisableCet in DisableReadOnlyPageWriteProtect), but normal smi stack will be continue updated with the function return and enter (DisableReadOnlyPageWriteProtect & EnableReadOnlyPageWriteProtect), thus leading stack mismatch after CET re-enabled (EnableCet in EnableReadOnlyPageWriteProtect). Normal smi stack and shadow stack must be matched when CET enable, otherwise CP Exception will happen, which is caused by a near RET instruction (See SDM Vol 3, 6.15-Control Protection Exception). With above requirement, define below 2 macros instead of functions for WP & CET operation: WRITE_UNPROTECT_RO_PAGES (Wp, Cet) WRITE_PROTECT_RO_PAGES (Wp, Cet) Because "CET" feature disable & enable must be in the same function to avoid shadow stack and normal SMI stack mismatch. Note: WRITE_UNPROTECT_RO_PAGES () must be called pair with WRITE_PROTECT_RO_PAGES () in same function. Cc: Eric Dong Cc: Ray Ni Cc: Zeng Star Cc: Gerd Hoffmann Cc: Rahul Kumar Cc: Laszlo Ersek Signed-off-by: Jiaxin Wu --- UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 59 +++++++++++++---- UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 73 +++++++++---------= ---- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 7 ++- 3 files changed, 81 insertions(+), 58 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmC= puDxeSmm/PiSmmCpuDxeSmm.h index 654935dc76..20ada465c2 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h @@ -1551,29 +1551,64 @@ VOID SmmWaitForApArrival ( VOID ); /** - Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1. + Write unprotect read-only pages if Cr0.Bits.WP is 1. + + @param[out] WriteProtect If Cr0.Bits.WP is enabled. - @param[out] WpEnabled If Cr0.WP is enabled. - @param[out] CetEnabled If CET is enabled. **/ VOID -DisableReadOnlyPageWriteProtect ( - OUT BOOLEAN *WpEnabled, - OUT BOOLEAN *CetEnabled +SmmWriteUnprotectReadOnlyPage ( + OUT BOOLEAN *WriteProtect ); /** - Enable Write Protect on pages marked as read-only. + Write protect read-only pages. + + @param[in] WriteProtect If Cr0.Bits.WP should be enabled. - @param[out] WpEnabled If Cr0.WP should be enabled. - @param[out] CetEnabled If CET should be enabled. **/ VOID -EnableReadOnlyPageWriteProtect ( - BOOLEAN WpEnabled, - BOOLEAN CetEnabled +SmmWriteProtectReadOnlyPage ( + IN BOOLEAN WriteProtect ); +/// +/// Define macros to encapsulate the write unprotect/protect +/// read-only pages. +/// Below pieces of logic are defined as macros and not functions +/// because "CET" feature disable & enable must be in the same +/// function to avoid shadow stack and normal SMI stack mismatch, +/// thus WRITE_UNPROTECT_RO_PAGES () must be called pair with +/// WRITE_PROTECT_RO_PAGES () in same function. +/// +/// @param[in,out] Wp A BOOLEAN variable local to the containing +/// function, carrying write protection status from +/// WRITE_UNPROTECT_RO_PAGES() to +/// WRITE_PROTECT_RO_PAGES(). +/// +/// @param[in,out] Cet A BOOLEAN variable local to the containing +/// function, carrying control flow integrity +/// enforcement status from +/// WRITE_UNPROTECT_RO_PAGES() to +/// WRITE_PROTECT_RO_PAGES(). +/// +#define WRITE_UNPROTECT_RO_PAGES(Wp, Cet) \ + do { \ + Cet =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0); \ + if (Cet) { \ + DisableCet (); \ + } \ + SmmWriteUnprotectReadOnlyPage (&Wp); \ + } while (FALSE) + +#define WRITE_PROTECT_RO_PAGES(Wp, Cet) \ + do { \ + SmmWriteProtectReadOnlyPage (Wp); \ + if (Cet) { \ + EnableCet (); \ + } \ + } while (FALSE) + #endif diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPk= g/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c index 6f49866615..3d445df213 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c @@ -39,64 +39,47 @@ PAGE_TABLE_POOL *mPageTablePool =3D NULL; // If memory used by SMM page table has been mareked as ReadOnly. // BOOLEAN mIsReadOnlyPageTable =3D FALSE; /** - Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1. + Write unprotect read-only pages if Cr0.Bits.WP is 1. + + @param[out] WriteProtect If Cr0.Bits.WP is enabled. - @param[out] WpEnabled If Cr0.WP is enabled. - @param[out] CetEnabled If CET is enabled. **/ VOID -DisableReadOnlyPageWriteProtect ( - OUT BOOLEAN *WpEnabled, - OUT BOOLEAN *CetEnabled +SmmWriteUnprotectReadOnlyPage ( + OUT BOOLEAN *WriteProtect ) { IA32_CR0 Cr0; - *CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRUE : FALSE= ; - Cr0.UintN =3D AsmReadCr0 (); - *WpEnabled =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE; - if (*WpEnabled) { - if (*CetEnabled) { - // - // CET must be disabled if WP is disabled. Disable CET before cleari= ng CR0.WP. - // - DisableCet (); - } - + Cr0.UintN =3D AsmReadCr0 (); + *WriteProtect =3D (Cr0.Bits.WP !=3D 0); + if (*WriteProtect) { Cr0.Bits.WP =3D 0; AsmWriteCr0 (Cr0.UintN); } } /** - Enable Write Protect on pages marked as read-only. + Write protect read-only pages. + + @param[in] WriteProtect If Cr0.Bits.WP should be enabled. - @param[out] WpEnabled If Cr0.WP should be enabled. - @param[out] CetEnabled If CET should be enabled. **/ VOID -EnableReadOnlyPageWriteProtect ( - BOOLEAN WpEnabled, - BOOLEAN CetEnabled +SmmWriteProtectReadOnlyPage ( + IN BOOLEAN WriteProtect ) { IA32_CR0 Cr0; - if (WpEnabled) { + if (WriteProtect) { Cr0.UintN =3D AsmReadCr0 (); Cr0.Bits.WP =3D 1; AsmWriteCr0 (Cr0.UintN); - - if (CetEnabled) { - // - // re-enable CET. - // - EnableCet (); - } } } /** Initialize a buffer pool for page table use only. @@ -119,11 +102,11 @@ BOOLEAN InitializePageTablePool ( IN UINTN PoolPages ) { VOID *Buffer; - BOOLEAN WpEnabled; + BOOLEAN WriteProtect; BOOLEAN CetEnabled; // // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one pag= e for // header. @@ -157,13 +140,15 @@ InitializePageTablePool ( // // If page table memory has been marked as RO, mark the new pool pages a= s read-only. // if (mIsReadOnlyPageTable) { - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); + SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, EFI_PAGES= _TO_SIZE (PoolPages), EFI_MEMORY_RO); - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); + + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); } return TRUE; } @@ -1009,11 +994,11 @@ SetMemMapAttributes ( UINTN PageTable; EFI_STATUS Status; IA32_MAP_ENTRY *Map; UINTN Count; UINT64 MemoryAttribute; - BOOLEAN WpEnabled; + BOOLEAN WriteProtect; BOOLEAN CetEnabled; SmmGetSystemConfigurationTable (&gEdkiiPiSmmMemoryAttributesTableGuid, (= VOID **)&MemoryAttributesTable); if (MemoryAttributesTable =3D=3D NULL) { DEBUG ((DEBUG_INFO, "MemoryAttributesTable - NULL\n")); @@ -1055,11 +1040,11 @@ SetMemMapAttributes ( Status =3D PageTableParse (PageTable, mPagingMode, Map, &Count); } ASSERT_RETURN_ERROR (Status); - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); MemoryMap =3D MemoryMapStart; for (Index =3D 0; Index < MemoryMapEntryCount; Index++) { DEBUG ((DEBUG_VERBOSE, "SetAttribute: Memory Entry - 0x%lx, 0x%x\n", M= emoryMap->PhysicalStart, MemoryMap->NumberOfPages)); if (MemoryMap->Type =3D=3D EfiRuntimeServicesCode) { @@ -1085,11 +1070,12 @@ SetMemMapAttributes ( ); MemoryMap =3D NEXT_MEMORY_DESCRIPTOR (MemoryMap, DescriptorSize); } - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); + FreePool (Map); PatchSmmSaveStateMap (); PatchGdtIdtMap (); @@ -1392,18 +1378,18 @@ SetUefiMemMapAttributes ( EFI_STATUS Status; EFI_MEMORY_DESCRIPTOR *MemoryMap; UINTN MemoryMapEntryCount; UINTN Index; EFI_MEMORY_DESCRIPTOR *Entry; - BOOLEAN WpEnabled; + BOOLEAN WriteProtect; BOOLEAN CetEnabled; PERF_FUNCTION_BEGIN (); DEBUG ((DEBUG_INFO, "SetUefiMemMapAttributes\n")); - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); if (mUefiMemoryMap !=3D NULL) { MemoryMapEntryCount =3D mUefiMemoryMapSize/mUefiDescriptorSize; MemoryMap =3D mUefiMemoryMap; for (Index =3D 0; Index < MemoryMapEntryCount; Index++) { @@ -1479,11 +1465,11 @@ SetUefiMemMapAttributes ( Entry =3D NEXT_MEMORY_DESCRIPTOR (Entry, mUefiMemoryAttributesTable-= >DescriptorSize); } } - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); // // Do not free mUefiMemoryAttributesTable, it will be checked in IsSmmCo= mmBufferForbiddenAddress(). // @@ -1870,11 +1856,11 @@ IfReadOnlyPageTableNeeded ( VOID SetPageTableAttributes ( VOID ) { - BOOLEAN WpEnabled; + BOOLEAN WriteProtect; BOOLEAN CetEnabled; if (!IfReadOnlyPageTableNeeded ()) { return; } @@ -1884,20 +1870,21 @@ SetPageTableAttributes ( // // Disable write protection, because we need mark page table to be write= protected. // We need *write* page table memory, to mark itself to be *read only*. // - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); // Set memory used by page table as Read Only. DEBUG ((DEBUG_INFO, "Start...\n")); EnablePageTableProtection (); // // Enable write protection, after page table attribute updated. // - EnableReadOnlyPageWriteProtect (TRUE, CetEnabled); + WRITE_PROTECT_RO_PAGES (TRUE, CetEnabled); + mIsReadOnlyPageTable =3D TRUE; // // Flush TLB after mark all page table pool as read only. // diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDx= eSmm/SmmProfile.c index 7ac3c66f91..8142d3ceac 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c @@ -592,11 +592,11 @@ InitPaging ( UINT64 Base; UINT64 Length; UINT64 Limit; UINT64 PreviousAddress; UINT64 MemoryAttrMask; - BOOLEAN WpEnabled; + BOOLEAN WriteProtect; BOOLEAN CetEnabled; PERF_FUNCTION_BEGIN (); PageTable =3D AsmReadCr3 (); @@ -604,11 +604,12 @@ InitPaging ( Limit =3D BASE_4GB; } else { Limit =3D (IsRestrictedMemoryAccess ()) ? LShiftU64 (1, mPhysicalAddre= ssBits) : BASE_4GB; } - DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled); + WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); + // // [0, 4k] may be non-present. // PreviousAddress =3D ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BI= T1) !=3D 0) ? BASE_4KB : 0; @@ -670,11 +671,11 @@ InitPaging ( // Status =3D ConvertMemoryPageAttributes (PageTable, mPagingMode, Previo= usAddress, Limit - PreviousAddress, MemoryAttrMask, TRUE, NULL); ASSERT_RETURN_ERROR (Status); } - EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled); + WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled); // // Flush TLB // CpuFlushTlb (); -- 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110746): https://edk2.groups.io/g/devel/message/110746 Mute This Topic: https://groups.io/mt/102413389/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --_000_MN6PR11MB8244FF7B91BC88AB138C44DB8CAAAMN6PR11MB8244namp_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
The commit message doesn't explain the root cause of the issue very clearly= .
(I am sure that you understand the issue very clearly. But I see improvemen= ts in explaining it.)

I guess the root cause is due to the code flow as follows:
1. Before DisableReadonlyPageWriteProtect() is called, the return addr= ess (#1) is pushed in shadow stack.
2. CET is disabled.
3. DisableReadonlyPageWriteProtect() returns to #1.
4. Page table is modified.
5. EnableReadonlyPageWriteProtect() is called, but the return address (#2) = is not pushed in shadow stack.
6. CET is enabled.
7. EnableReadonlyPageWriteProtect() returns to #2.
#CP exception happens because the actual return = address (#2) doesn't match the return address stored in shadow stack (#1).

If yes, can you update the commit to explain in above way?

Also, please emphasize  that EnableCet() and DisableCet() is implement= ed in a way that return address of DisableCet() is poped  out
from shadow stack and EnableCet() doesn't use "RET" but "JMP= " to return to caller. So calling EnableCet() and DisableCet() doesn't=
have the same issue as calling DisableReadonlyPageWriteProtect() and Enable= ReadonlyPageWriteProtect().

Thanks,
Ray

From: Wu, Ji= axin <jiaxin.wu@intel.com>
Sent: Monday, November 6, 2023 10:46 AM
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@= intel.com>; Zeng, Star <star.zeng@intel.com>; Gerd Hoffmann <kr= axel@redhat.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Laszlo= Ersek <lersek@redhat.com>
Subject: [PATCH v3] UefiCpuPkg/PiSmmCpuDxeSmm: Fix CP Exception= when CET enable
 
Shadow stack will stop update after C= ET disable (DisableCet in
DisableReadOnlyPageWriteProtect), but normal smi stack will be
continue updated with the function return and enter
(DisableReadOnlyPageWriteProtect & EnableReadOnlyPageWriteProtect),
thus leading stack mismatch after CET re-enabled (EnableCet in
EnableReadOnlyPageWriteProtect).

Normal smi stack and shadow stack must be matched when CET enable,
otherwise CP Exception will happen, which is caused by a near RET
instruction (See SDM Vol 3, 6.15-Control Protection Exception).

With above requirement, define below 2 macros instead of functions
for WP & CET operation:
WRITE_UNPROTECT_RO_PAGES (Wp, Cet)
WRITE_PROTECT_RO_PAGES (Wp, Cet)
Because "CET" feature disable & enable must be in the same function to avoid shadow stack and normal SMI stack mismatch.

Note: WRITE_UNPROTECT_RO_PAGES () must be called pair with
WRITE_PROTECT_RO_PAGES () in same function.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Zeng Star <star.zeng@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h    &nb= sp;    | 59 +++++++++++++----
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 73 +++++++++----= ---------
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c     &= nbsp;       |  7 ++-
 3 files changed, 81 insertions(+), 58 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmC= puDxeSmm/PiSmmCpuDxeSmm.h
index 654935dc76..20ada465c2 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -1551,29 +1551,64 @@ VOID
 SmmWaitForApArrival (
   VOID
   );
 
 /**
-  Disable Write Protect on pages marked as read-only if Cr0.Bits.WP i= s 1.
+  Write unprotect read-only pages if Cr0.Bits.WP is 1.
+
+  @param[out]  WriteProtect      If Cr0= .Bits.WP is enabled.
 
-  @param[out]  WpEnabled      If Cr0.WP= is enabled.
-  @param[out]  CetEnabled     If CET is enab= led.
 **/
 VOID
-DisableReadOnlyPageWriteProtect (
-  OUT BOOLEAN  *WpEnabled,
-  OUT BOOLEAN  *CetEnabled
+SmmWriteUnprotectReadOnlyPage (
+  OUT BOOLEAN  *WriteProtect
   );
 
 /**
-  Enable Write Protect on pages marked as read-only.
+  Write protect read-only pages.
+
+  @param[in]  WriteProtect      If Cr0.= Bits.WP should be enabled.
 
-  @param[out]  WpEnabled      If Cr0.WP= should be enabled.
-  @param[out]  CetEnabled     If CET should = be enabled.
 **/
 VOID
-EnableReadOnlyPageWriteProtect (
-  BOOLEAN  WpEnabled,
-  BOOLEAN  CetEnabled
+SmmWriteProtectReadOnlyPage (
+  IN  BOOLEAN  WriteProtect
   );
 
+///
+/// Define macros to encapsulate the write unprotect/protect
+/// read-only pages.
+/// Below pieces of logic are defined as macros and not functions
+/// because "CET" feature disable & enable must be in the sa= me
+/// function to avoid shadow stack and normal SMI stack mismatch,
+/// thus WRITE_UNPROTECT_RO_PAGES () must be called pair with
+/// WRITE_PROTECT_RO_PAGES () in same function.
+///
+/// @param[in,out] Wp   A BOOLEAN variable local to the containi= ng
+///            = ;         function, carrying write = protection status from
+///            = ;         WRITE_UNPROTECT_RO_PAGES(= ) to
+///            = ;         WRITE_PROTECT_RO_PAGES().=
+///
+/// @param[in,out] Cet  A BOOLEAN variable local to the containing +///            = ;         function, carrying contro= l flow integrity
+///            = ;         enforcement status from +///            = ;         WRITE_UNPROTECT_RO_PAGES(= ) to
+///            = ;         WRITE_PROTECT_RO_PAGES().=
+///
+#define WRITE_UNPROTECT_RO_PAGES(Wp, Cet) \
+  do { \
+    Cet =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0); = \
+    if (Cet) { \
+      DisableCet (); \
+    } \
+    SmmWriteUnprotectReadOnlyPage (&Wp); \
+  } while (FALSE)
+
+#define WRITE_PROTECT_RO_PAGES(Wp, Cet) \
+  do { \
+    SmmWriteProtectReadOnlyPage (Wp); \
+    if (Cet) { \
+      EnableCet (); \
+    } \
+  } while (FALSE)
+
 #endif
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPk= g/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 6f49866615..3d445df213 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -39,64 +39,47 @@ PAGE_TABLE_POOL  *mPageTablePool =3D NULL;
 // If memory used by SMM page table has been mareked as ReadOnly.
 //
 BOOLEAN  mIsReadOnlyPageTable =3D FALSE;
 
 /**
-  Disable Write Protect on pages marked as read-only if Cr0.Bits.WP i= s 1.
+  Write unprotect read-only pages if Cr0.Bits.WP is 1.
+
+  @param[out]  WriteProtect      If Cr0= .Bits.WP is enabled.
 
-  @param[out]  WpEnabled      If Cr0.WP= is enabled.
-  @param[out]  CetEnabled     If CET is enab= led.
 **/
 VOID
-DisableReadOnlyPageWriteProtect (
-  OUT BOOLEAN  *WpEnabled,
-  OUT BOOLEAN  *CetEnabled
+SmmWriteUnprotectReadOnlyPage (
+  OUT BOOLEAN  *WriteProtect
   )
 {
   IA32_CR0  Cr0;
 
-  *CetEnabled =3D ((AsmReadCr4 () & CR4_CET_ENABLE) !=3D 0) ? TRU= E : FALSE;
-  Cr0.UintN   =3D AsmReadCr0 ();
-  *WpEnabled  =3D (Cr0.Bits.WP !=3D 0) ? TRUE : FALSE;
-  if (*WpEnabled) {
-    if (*CetEnabled) {
-      //
-      // CET must be disabled if WP is disabled. = Disable CET before clearing CR0.WP.
-      //
-      DisableCet ();
-    }
-
+  Cr0.UintN     =3D AsmReadCr0 ();
+  *WriteProtect =3D (Cr0.Bits.WP !=3D 0);
+  if (*WriteProtect) {
     Cr0.Bits.WP =3D 0;
     AsmWriteCr0 (Cr0.UintN);
   }
 }
 
 /**
-  Enable Write Protect on pages marked as read-only.
+  Write protect read-only pages.
+
+  @param[in]  WriteProtect      If Cr0.= Bits.WP should be enabled.
 
-  @param[out]  WpEnabled      If Cr0.WP= should be enabled.
-  @param[out]  CetEnabled     If CET should = be enabled.
 **/
 VOID
-EnableReadOnlyPageWriteProtect (
-  BOOLEAN  WpEnabled,
-  BOOLEAN  CetEnabled
+SmmWriteProtectReadOnlyPage (
+  IN  BOOLEAN  WriteProtect
   )
 {
   IA32_CR0  Cr0;
 
-  if (WpEnabled) {
+  if (WriteProtect) {
     Cr0.UintN   =3D AsmReadCr0 ();
     Cr0.Bits.WP =3D 1;
     AsmWriteCr0 (Cr0.UintN);
-
-    if (CetEnabled) {
-      //
-      // re-enable CET.
-      //
-      EnableCet ();
-    }
   }
 }
 
 /**
   Initialize a buffer pool for page table use only.
@@ -119,11 +102,11 @@ BOOLEAN
 InitializePageTablePool (
   IN UINTN  PoolPages
   )
 {
   VOID     *Buffer;
-  BOOLEAN  WpEnabled;
+  BOOLEAN  WriteProtect;
   BOOLEAN  CetEnabled;
 
   //
   // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, includi= ng one page for
   // header.
@@ -157,13 +140,15 @@ InitializePageTablePool (
 
   //
   // If page table memory has been marked as RO, mark the new po= ol pages as read-only.
   //
   if (mIsReadOnlyPageTable) {
-    DisableReadOnlyPageWriteProtect (&WpEnabled, &C= etEnabled);
+    WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled); +
     SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UIN= TN)Buffer, EFI_PAGES_TO_SIZE (PoolPages), EFI_MEMORY_RO);
-    EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);=
+
+    WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
   }
 
   return TRUE;
 }
 
@@ -1009,11 +994,11 @@ SetMemMapAttributes (
   UINTN         &nb= sp;            =            PageTable;
   EFI_STATUS        &nbs= p;            &= nbsp;      Status;
   IA32_MAP_ENTRY        =             &nb= sp;   *Map;
   UINTN         &nb= sp;            =            Count;
   UINT64         &n= bsp;            = ;          MemoryAttribute; -  BOOLEAN          =             &nb= sp;        WpEnabled;
+  BOOLEAN          =             &nb= sp;        WriteProtect;
   BOOLEAN         &= nbsp;           &nbs= p;         CetEnabled;
 
   SmmGetSystemConfigurationTable (&gEdkiiPiSmmMemoryAttribut= esTableGuid, (VOID **)&MemoryAttributesTable);
   if (MemoryAttributesTable =3D=3D NULL) {
     DEBUG ((DEBUG_INFO, "MemoryAttributesTable - = NULL\n"));
@@ -1055,11 +1040,11 @@ SetMemMapAttributes (
     Status =3D PageTableParse (PageTable, mPagingMode,= Map, &Count);
   }
 
   ASSERT_RETURN_ERROR (Status);
 
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);<= br> +  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
 
   MemoryMap =3D MemoryMapStart;
   for (Index =3D 0; Index < MemoryMapEntryCount; Index++) {      DEBUG ((DEBUG_VERBOSE, "SetAttribute: Memory = Entry - 0x%lx, 0x%x\n", MemoryMap->PhysicalStart, MemoryMap->Num= berOfPages));
     if (MemoryMap->Type =3D=3D EfiRuntimeServicesCo= de) {
@@ -1085,11 +1070,12 @@ SetMemMapAttributes (
       );
 
     MemoryMap =3D NEXT_MEMORY_DESCRIPTOR (MemoryMap, D= escriptorSize);
   }
 
-  EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
+
   FreePool (Map);
 
   PatchSmmSaveStateMap ();
   PatchGdtIdtMap ();
 
@@ -1392,18 +1378,18 @@ SetUefiMemMapAttributes (
   EFI_STATUS        &nbs= p;    Status;
   EFI_MEMORY_DESCRIPTOR  *MemoryMap;
   UINTN         &nb= sp;        MemoryMapEntryCount;
   UINTN         &nb= sp;        Index;
   EFI_MEMORY_DESCRIPTOR  *Entry;
-  BOOLEAN          =       WpEnabled;
+  BOOLEAN          =       WriteProtect;
   BOOLEAN         &= nbsp;      CetEnabled;
 
   PERF_FUNCTION_BEGIN ();
 
   DEBUG ((DEBUG_INFO, "SetUefiMemMapAttributes\n"));  
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);<= br> +  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
 
   if (mUefiMemoryMap !=3D NULL) {
     MemoryMapEntryCount =3D mUefiMemoryMapSize/mUefiDe= scriptorSize;
     MemoryMap       = ;    =3D mUefiMemoryMap;
     for (Index =3D 0; Index < MemoryMapEntryCount; = Index++) {
@@ -1479,11 +1465,11 @@ SetUefiMemMapAttributes (
 
       Entry =3D NEXT_MEMORY_DESCRIPTOR (Entr= y, mUefiMemoryAttributesTable->DescriptorSize);
     }
   }
 
-  EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
 
   //
   // Do not free mUefiMemoryAttributesTable, it will be checked = in IsSmmCommBufferForbiddenAddress().
   //
 
@@ -1870,11 +1856,11 @@ IfReadOnlyPageTableNeeded (
 VOID
 SetPageTableAttributes (
   VOID
   )
 {
-  BOOLEAN  WpEnabled;
+  BOOLEAN  WriteProtect;
   BOOLEAN  CetEnabled;
 
   if (!IfReadOnlyPageTableNeeded ()) {
     return;
   }
@@ -1884,20 +1870,21 @@ SetPageTableAttributes (
 
   //
   // Disable write protection, because we need mark page table t= o be write protected.
   // We need *write* page table memory, to mark itself to be *re= ad only*.
   //
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);<= br> +  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
 
   // Set memory used by page table as Read Only.
   DEBUG ((DEBUG_INFO, "Start...\n"));
   EnablePageTableProtection ();
 
   //
   // Enable write protection, after page table attribute updated= .
   //
-  EnableReadOnlyPageWriteProtect (TRUE, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (TRUE, CetEnabled);
+
   mIsReadOnlyPageTable =3D TRUE;
 
   //
   // Flush TLB after mark all page table pool as read only.
   //
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDx= eSmm/SmmProfile.c
index 7ac3c66f91..8142d3ceac 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -592,11 +592,11 @@ InitPaging (
   UINT64         Base;    UINT64         Length;=
   UINT64         Limit;<= br>    UINT64         Previou= sAddress;
   UINT64         MemoryA= ttrMask;
-  BOOLEAN        WpEnabled;
+  BOOLEAN        WriteProtect;
   BOOLEAN        CetEnabled;<= br>  
   PERF_FUNCTION_BEGIN ();
 
   PageTable =3D AsmReadCr3 ();
@@ -604,11 +604,12 @@ InitPaging (
     Limit =3D BASE_4GB;
   } else {
     Limit =3D (IsRestrictedMemoryAccess ()) ? LShiftU6= 4 (1, mPhysicalAddressBits) : BASE_4GB;
   }
 
-  DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);<= br> +  WRITE_UNPROTECT_RO_PAGES (WriteProtect, CetEnabled);
+
   //
   // [0, 4k] may be non-present.
   //
   PreviousAddress =3D ((PcdGet8 (PcdNullPointerDetectionProperty= Mask) & BIT1) !=3D 0) ? BASE_4KB : 0;
 
@@ -670,11 +671,11 @@ InitPaging (
     //
     Status =3D ConvertMemoryPageAttributes (PageTable,= mPagingMode, PreviousAddress, Limit - PreviousAddress, MemoryAttrMask, TRU= E, NULL);
     ASSERT_RETURN_ERROR (Status);
   }
 
-  EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+  WRITE_PROTECT_RO_PAGES (WriteProtect, CetEnabled);
 
   //
   // Flush TLB
   //
   CpuFlushTlb ();
--
2.16.2.windows.1

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#110746) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--_000_MN6PR11MB8244FF7B91BC88AB138C44DB8CAAAMN6PR11MB8244namp_--