;------------------------------------------------------------------------------ ;\r
-; Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
-; This program and the accompanying materials\r
-; are licensed and made available under the terms and conditions of the BSD License\r
-; which accompanies this distribution. The full text of the license may be found at\r
-; http://opensource.org/licenses/bsd-license.php.\r
-;\r
-; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+; Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>\r
+; SPDX-License-Identifier: BSD-2-Clause-Patent\r
;\r
; Module Name:\r
;\r
;\r
;-------------------------------------------------------------------------------\r
\r
-%include "StuffRsb.inc"\r
+%include "StuffRsbNasm.inc"\r
+%include "Nasm.inc"\r
\r
;\r
; Variables referrenced by C code\r
;\r
\r
+%define MSR_IA32_S_CET 0x6A2\r
+%define MSR_IA32_CET_SH_STK_EN 0x1\r
+%define MSR_IA32_CET_WR_SHSTK_EN 0x2\r
+%define MSR_IA32_CET_ENDBR_EN 0x4\r
+%define MSR_IA32_CET_LEG_IW_EN 0x8\r
+%define MSR_IA32_CET_NO_TRACK_EN 0x10\r
+%define MSR_IA32_CET_SUPPRESS_DIS 0x20\r
+%define MSR_IA32_CET_SUPPRESS 0x400\r
+%define MSR_IA32_CET_TRACKER 0x800\r
+%define MSR_IA32_PL0_SSP 0x6A4\r
+%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR 0x6A8\r
+\r
+%define CR4_CET 0x800000\r
+\r
%define MSR_IA32_MISC_ENABLE 0x1A0\r
%define MSR_EFER 0xc0000080\r
%define MSR_EFER_XD 0x800\r
global ASM_PFX(gcSmiHandlerTemplate)\r
global ASM_PFX(gcSmiHandlerSize)\r
\r
+extern ASM_PFX(mCetSupported)\r
+global ASM_PFX(mPatchCetSupported)\r
+global ASM_PFX(mPatchCetPl0Ssp)\r
+global ASM_PFX(mPatchCetInterruptSsp)\r
+global ASM_PFX(mPatchCetInterruptSspTable)\r
+\r
DEFAULT REL\r
SECTION .text\r
\r
mov ax, [rbx + DSC_SS]\r
mov ss, eax\r
\r
-_SmiHandler:\r
- mov rbx, [rsp + 0x8] ; rcx <- CpuIndex\r
+ mov rbx, [rsp + 0x8] ; rbx <- CpuIndex\r
+\r
+; enable CET if supported\r
+ mov al, strict byte 1 ; source operand may be patched\r
+ASM_PFX(mPatchCetSupported):\r
+ cmp al, 0\r
+ jz CetDone\r
+\r
+ mov ecx, MSR_IA32_S_CET\r
+ rdmsr\r
+ push rdx\r
+ push rax\r
+\r
+ mov ecx, MSR_IA32_PL0_SSP\r
+ rdmsr\r
+ push rdx\r
+ push rax\r
+\r
+ mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR\r
+ rdmsr\r
+ push rdx\r
+ push rax\r
+\r
+ mov ecx, MSR_IA32_S_CET\r
+ mov eax, MSR_IA32_CET_SH_STK_EN\r
+ xor edx, edx\r
+ wrmsr\r
+\r
+ mov ecx, MSR_IA32_PL0_SSP\r
+ mov eax, strict dword 0 ; source operand will be patched\r
+ASM_PFX(mPatchCetPl0Ssp):\r
+ xor edx, edx\r
+ wrmsr\r
+ mov rcx, cr0\r
+ btr ecx, 16 ; clear WP\r
+ mov cr0, rcx\r
+ mov [eax], eax ; reload SSP, and clear busyflag.\r
+ xor ecx, ecx\r
+ mov [eax + 4], ecx\r
+\r
+ mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR\r
+ mov eax, strict dword 0 ; source operand will be patched\r
+ASM_PFX(mPatchCetInterruptSspTable):\r
+ xor edx, edx\r
+ wrmsr\r
+\r
+ mov eax, strict dword 0 ; source operand will be patched\r
+ASM_PFX(mPatchCetInterruptSsp):\r
+ cmp eax, 0\r
+ jz CetInterruptDone\r
+ mov [eax], eax ; reload SSP, and clear busyflag.\r
+ xor ecx, ecx\r
+ mov [eax + 4], ecx\r
+CetInterruptDone:\r
+\r
+ mov rcx, cr0\r
+ bts ecx, 16 ; set WP\r
+ mov cr0, rcx\r
+\r
+ mov eax, 0x668 | CR4_CET\r
+ mov cr4, rax\r
+\r
+ SETSSBSY\r
+\r
+CetDone:\r
\r
;\r
; Save FP registers\r
\r
add rsp, 0x200\r
\r
+ mov rax, strict qword 0 ; mov rax, ASM_PFX(mCetSupported)\r
+mCetSupportedAbsAddr:\r
+ mov al, [rax]\r
+ cmp al, 0\r
+ jz CetDone2\r
+\r
+ mov eax, 0x668\r
+ mov cr4, rax ; disable CET\r
+\r
+ mov ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR\r
+ pop rax\r
+ pop rdx\r
+ wrmsr\r
+\r
+ mov ecx, MSR_IA32_PL0_SSP\r
+ pop rax\r
+ pop rdx\r
+ wrmsr\r
+\r
+ mov ecx, MSR_IA32_S_CET\r
+ pop rax\r
+ pop rdx\r
+ wrmsr\r
+CetDone2:\r
+\r
mov rax, strict qword 0 ; lea rax, [ASM_PFX(mXdSupported)]\r
mXdSupportedAbsAddr:\r
mov al, [rax]\r
wrmsr\r
\r
.1:\r
+\r
StuffRsb64\r
rsm\r
\r
lea rax, [ASM_PFX(mXdSupported)]\r
lea rcx, [mXdSupportedAbsAddr]\r
mov qword [rcx - 8], rax\r
+\r
+ lea rax, [ASM_PFX(mCetSupported)]\r
+ lea rcx, [mCetSupportedAbsAddr]\r
+ mov qword [rcx - 8], rax\r
ret\r