UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow Stack

[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / PiSmmCpuDxeSmm.c

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
index 67ad9a4c07d50763d6d8661e04e33775ae4d5a4b..2b2e1a53908a39beb0dfae37ff07eedecf934692 100644 (file)
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -861,35 +861,58 @@ PiCpuSmmEntry (
   mSmmStackSize = EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (PcdGet32 (PcdCpuSmmStackSize)));\r
   if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
     //\r
-    // 2 more pages is allocated for each processor.\r
-    // one is guard page and the other is known good stack.\r
+    // SMM Stack Guard Enabled\r
+    //   2 more pages is allocated for each processor, one is guard page and the other is known good stack.\r
     //\r
-    // +-------------------------------------------+-----+-------------------------------------------+\r
-    // | Known Good Stack | Guard Page | SMM Stack | ... | Known Good Stack | Guard Page | SMM Stack |\r
-    // +-------------------------------------------+-----+-------------------------------------------+\r
-    // |                                           |     |                                           |\r
-    // |<-------------- Processor 0 -------------->|     |<-------------- Processor n -------------->|\r
+    // +--------------------------------------------------+-----+--------------------------------------------------+\r
+    // | Known Good Stack | Guard Page |     SMM Stack    | ... | Known Good Stack | Guard Page |     SMM Stack    |\r
+    // +--------------------------------------------------+-----+--------------------------------------------------+\r
+    // |        4K        |    4K       PcdCpuSmmStackSize|     |        4K        |    4K       PcdCpuSmmStackSize|\r
+    // |<---------------- mSmmStackSize ----------------->|     |<---------------- mSmmStackSize ----------------->|\r
+    // |                                                  |     |                                                  |\r
+    // |<------------------ Processor 0 ----------------->|     |<------------------ Processor n ----------------->|\r
     //\r
     mSmmStackSize += EFI_PAGES_TO_SIZE (2);\r
   }\r
 \r
   mSmmShadowStackSize = 0;\r
   if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {\r
-    //\r
-    // Append Shadow Stack after normal stack\r
-    //\r
-    // |= Stacks\r
-    // +--------------------------------------------------+---------------------------------------------------------------+\r
-    // | Known Good Stack | Guard Page |    SMM Stack     | Known Good Shadow Stack | Guard Page |    SMM Shadow Stack    |\r
-    // +--------------------------------------------------+---------------------------------------------------------------+\r
-    // |                               |PcdCpuSmmStackSize|                                      |PcdCpuSmmShadowStackSize|\r
-    // |<---------------- mSmmStackSize ----------------->|<--------------------- mSmmShadowStackSize ------------------->|\r
-    // |                                                                                                                  |\r
-    // |<-------------------------------------------- Processor N ------------------------------------------------------->|\r
-    //\r
     mSmmShadowStackSize = EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (PcdGet32 (PcdCpuSmmShadowStackSize)));\r
+\r
     if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
+      //\r
+      // SMM Stack Guard Enabled\r
+      // Append Shadow Stack after normal stack\r
+      //   2 more pages is allocated for each processor, one is guard page and the other is known good shadow stack.\r
+      //\r
+      // |= Stacks\r
+      // +--------------------------------------------------+---------------------------------------------------------------+\r
+      // | Known Good Stack | Guard Page |    SMM Stack     | Known Good Shadow Stack | Guard Page |    SMM Shadow Stack    |\r
+      // +--------------------------------------------------+---------------------------------------------------------------+\r
+      // |         4K       |    4K      |PcdCpuSmmStackSize|            4K           |    4K      |PcdCpuSmmShadowStackSize|\r
+      // |<---------------- mSmmStackSize ----------------->|<--------------------- mSmmShadowStackSize ------------------->|\r
+      // |                                                                                                                  |\r
+      // |<-------------------------------------------- Processor N ------------------------------------------------------->|\r
+      //\r
       mSmmShadowStackSize += EFI_PAGES_TO_SIZE (2);\r
+    } else {\r
+      //\r
+      // SMM Stack Guard Disabled (Known Good Stack is still required for potential stack switch.)\r
+      //   Append Shadow Stack after normal stack with 1 more page as known good shadow stack.\r
+      //   1 more pages is allocated for each processor, it is known good stack.\r
+      //\r
+      //\r
+      // |= Stacks\r
+      // +-------------------------------------+--------------------------------------------------+\r
+      // | Known Good Stack |    SMM Stack     | Known Good Shadow Stack |    SMM Shadow Stack    |\r
+      // +-------------------------------------+--------------------------------------------------+\r
+      // |        4K        |PcdCpuSmmStackSize|          4K             |PcdCpuSmmShadowStackSize|\r
+      // |<---------- mSmmStackSize ---------->|<--------------- mSmmShadowStackSize ------------>|\r
+      // |                                                                                        |\r
+      // |<-------------------------------- Processor N ----------------------------------------->|\r
+      //\r
+      mSmmShadowStackSize += EFI_PAGES_TO_SIZE (1);\r
+      mSmmStackSize       += EFI_PAGES_TO_SIZE (1);\r
     }\r
   }\r
 \r