;\r
;-------------------------------------------------------------------------------\r
\r
+%include "StuffRsb.inc"\r
+\r
%define MSR_IA32_MISC_ENABLE 0x1A0\r
%define MSR_EFER 0xc0000080\r
%define MSR_EFER_XD 0x800\r
wrmsr\r
\r
.7:\r
+ StuffRsb32\r
rsm\r
\r
ASM_PFX(gcSmiHandlerSize): DW $ - _SmiEntryPoint\r
;\r
;-------------------------------------------------------------------------------\r
\r
+%include "StuffRsb.inc"\r
+\r
extern ASM_PFX(SmmInitHandler)\r
extern ASM_PFX(mRebasedFlag)\r
extern ASM_PFX(mSmmRelocationOriginalAddress)\r
mov esp, strict dword 0 ; source operand will be patched\r
ASM_PFX(gPatchSmmInitStack):\r
call ASM_PFX(SmmInitHandler)\r
+ StuffRsb32\r
rsm\r
\r
BITS 16\r
--- /dev/null
+;------------------------------------------------------------------------------\r
+;\r
+; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
+; This program and the accompanying materials\r
+; are licensed and made available under the terms and conditions of the BSD License\r
+; which accompanies this distribution. The full text of the license may be found at\r
+; http://opensource.org/licenses/bsd-license.php.\r
+;\r
+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+;\r
+; Abstract:\r
+;\r
+; This file provides macro definitions for stuffing the Return Stack Buffer (RSB).\r
+;\r
+;------------------------------------------------------------------------------\r
+\r
+%define RSB_STUFF_ENTRIES 0x20\r
+\r
+;\r
+; parameters:\r
+; @param 1: register to use as counter (e.g. IA32:eax, X64:rax)\r
+; @param 2: stack pointer to restore (IA32:esp, X64:rsp)\r
+; @param 3: the size of a stack frame (IA32:4, X64:8)\r
+;\r
+%macro StuffRsb 3\r
+ mov %1, RSB_STUFF_ENTRIES / 2\r
+ %%Unroll1:\r
+ call %%Unroll2\r
+ %%SpecTrap1:\r
+ pause\r
+ lfence\r
+ jmp %%SpecTrap1\r
+ %%Unroll2:\r
+ call %%StuffLoop\r
+ %%SpecTrap2:\r
+ pause\r
+ lfence\r
+ jmp %%SpecTrap2\r
+ %%StuffLoop:\r
+ dec %1\r
+ jnz %%Unroll1\r
+ add %2, RSB_STUFF_ENTRIES * %3 ; Restore the stack pointer\r
+%endmacro\r
+\r
+;\r
+; RSB stuffing macros for IA32 and X64\r
+;\r
+%macro StuffRsb32 0\r
+ StuffRsb eax, esp, 4\r
+%endmacro\r
+\r
+%macro StuffRsb64 0\r
+ StuffRsb rax, rsp, 8\r
+%endmacro\r
;\r
;-------------------------------------------------------------------------------\r
\r
+%include "StuffRsb.inc"\r
+\r
;\r
; Variables referrenced by C code\r
;\r
wrmsr\r
\r
.1:\r
+ StuffRsb64\r
rsm\r
\r
ASM_PFX(gcSmiHandlerSize) DW $ - _SmiEntryPoint\r
;\r
;-------------------------------------------------------------------------------\r
\r
+%include "StuffRsb.inc"\r
+\r
extern ASM_PFX(SmmInitHandler)\r
extern ASM_PFX(mRebasedFlag)\r
extern ASM_PFX(mSmmRelocationOriginalAddress)\r
movdqa xmm4, [rsp + 0x40]\r
movdqa xmm5, [rsp + 0x50]\r
\r
+ StuffRsb64\r
rsm\r
\r
BITS 16\r
--- /dev/null
+;------------------------------------------------------------------------------\r
+;\r
+; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>\r
+; This program and the accompanying materials\r
+; are licensed and made available under the terms and conditions of the BSD License\r
+; which accompanies this distribution. The full text of the license may be found at\r
+; http://opensource.org/licenses/bsd-license.php.\r
+;\r
+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+;\r
+; Abstract:\r
+;\r
+; This file provides macro definitions for stuffing the Return Stack Buffer (RSB).\r
+;\r
+;------------------------------------------------------------------------------\r
+\r
+%define RSB_STUFF_ENTRIES 0x20\r
+\r
+;\r
+; parameters:\r
+; @param 1: register to use as counter (e.g. IA32:eax, X64:rax)\r
+; @param 2: stack pointer to restore (IA32:esp, X64:rsp)\r
+; @param 3: the size of a stack frame (IA32:4, X64:8)\r
+;\r
+%macro StuffRsb 3\r
+ mov %1, RSB_STUFF_ENTRIES / 2\r
+ %%Unroll1:\r
+ call %%Unroll2\r
+ %%SpecTrap1:\r
+ pause\r
+ lfence\r
+ jmp %%SpecTrap1\r
+ %%Unroll2:\r
+ call %%StuffLoop\r
+ %%SpecTrap2:\r
+ pause\r
+ lfence\r
+ jmp %%SpecTrap2\r
+ %%StuffLoop:\r
+ dec %1\r
+ jnz %%Unroll1\r
+ add %2, RSB_STUFF_ENTRIES * %3 ; Restore the stack pointer\r
+%endmacro\r
+\r
+;\r
+; RSB stuffing macros for IA32 and X64\r
+;\r
+%macro StuffRsb32 0\r
+ StuffRsb eax, esp, 4\r
+%endmacro\r
+\r
+%macro StuffRsb64 0\r
+ StuffRsb rax, rsp, 8\r
+%endmacro\r