UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM.

[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / X64 / SmiEntry.nasm

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
index 807b309b2706de7d0d200044062e4493998751c3..73febcea63413aaf187f22a4e533cff643b93448 100644 (file)
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
@@ -1,5 +1,5 @@
 ;------------------------------------------------------------------------------ ;\r
-; Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
+; Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>\r
 ; This program and the accompanying materials\r
 ; are licensed and made available under the terms and conditions of the BSD License\r
 ; which accompanies this distribution.  The full text of the license may be found at\r
@@ -19,11 +19,26 @@
 ;-------------------------------------------------------------------------------\r
 \r
 %include "StuffRsbNasm.inc"\r
+%include "Nasm.inc"\r
 \r
 ;\r
 ; Variables referrenced by C code\r
 ;\r
 \r
+%define MSR_IA32_S_CET                     0x6A2\r
+%define   MSR_IA32_CET_SH_STK_EN             0x1\r
+%define   MSR_IA32_CET_WR_SHSTK_EN           0x2\r
+%define   MSR_IA32_CET_ENDBR_EN              0x4\r
+%define   MSR_IA32_CET_LEG_IW_EN             0x8\r
+%define   MSR_IA32_CET_NO_TRACK_EN           0x10\r
+%define   MSR_IA32_CET_SUPPRESS_DIS          0x20\r
+%define   MSR_IA32_CET_SUPPRESS              0x400\r
+%define   MSR_IA32_CET_TRACKER               0x800\r
+%define MSR_IA32_PL0_SSP                   0x6A4\r
+%define MSR_IA32_INTERRUPT_SSP_TABLE_ADDR  0x6A8\r
+\r
+%define CR4_CET                            0x800000\r
+\r
 %define MSR_IA32_MISC_ENABLE 0x1A0\r
 %define MSR_EFER      0xc0000080\r
 %define MSR_EFER_XD   0x800\r
@@ -63,6 +78,12 @@ global ASM_PFX(gPatchSmiCr3)
 global ASM_PFX(gcSmiHandlerTemplate)\r
 global ASM_PFX(gcSmiHandlerSize)\r
 \r
+extern ASM_PFX(mCetSupported)\r
+global ASM_PFX(mPatchCetSupported)\r
+global ASM_PFX(mPatchCetPl0Ssp)\r
+global ASM_PFX(mPatchCetInterruptSsp)\r
+global ASM_PFX(mPatchCetInterruptSspTable)\r
+\r
     DEFAULT REL\r
     SECTION .text\r
 \r
@@ -174,8 +195,71 @@ SmiHandlerIdtrAbsAddr:
     mov     ax, [rbx + DSC_SS]\r
     mov     ss, eax\r
 \r
-_SmiHandler:\r
-    mov     rbx, [rsp + 0x8]             ; rcx <- CpuIndex\r
+    mov     rbx, [rsp + 0x8]             ; rbx <- CpuIndex\r
+\r
+; enable CET if supported\r
+    mov     al, strict byte 1           ; source operand may be patched\r
+ASM_PFX(mPatchCetSupported):\r
+    cmp     al, 0\r
+    jz      CetDone\r
+\r
+    mov     ecx, MSR_IA32_S_CET\r
+    rdmsr\r
+    push    rdx\r
+    push    rax\r
+\r
+    mov     ecx, MSR_IA32_PL0_SSP\r
+    rdmsr\r
+    push    rdx\r
+    push    rax\r
+\r
+    mov     ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR\r
+    rdmsr\r
+    push    rdx\r
+    push    rax\r
+\r
+    mov     ecx, MSR_IA32_S_CET\r
+    mov     eax, MSR_IA32_CET_SH_STK_EN\r
+    xor     edx, edx\r
+    wrmsr\r
+\r
+    mov     ecx, MSR_IA32_PL0_SSP\r
+    mov     eax, strict dword 0         ; source operand will be patched\r
+ASM_PFX(mPatchCetPl0Ssp):\r
+    xor     edx, edx\r
+    wrmsr\r
+    mov     rcx, cr0\r
+    btr     ecx, 16                     ; clear WP\r
+    mov     cr0, rcx\r
+    mov     [eax], eax                  ; reload SSP, and clear busyflag.\r
+    xor     ecx, ecx\r
+    mov     [eax + 4], ecx\r
+\r
+    mov     ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR\r
+    mov     eax, strict dword 0         ; source operand will be patched\r
+ASM_PFX(mPatchCetInterruptSspTable):\r
+    xor     edx, edx\r
+    wrmsr\r
+\r
+    mov     eax, strict dword 0         ; source operand will be patched\r
+ASM_PFX(mPatchCetInterruptSsp):\r
+    cmp     eax, 0\r
+    jz      CetInterruptDone\r
+    mov     [eax], eax                  ; reload SSP, and clear busyflag.\r
+    xor     ecx, ecx\r
+    mov     [eax + 4], ecx\r
+CetInterruptDone:\r
+\r
+    mov     rcx, cr0\r
+    bts     ecx, 16                     ; set WP\r
+    mov     cr0, rcx\r
+\r
+    mov     eax, 0x668 | CR4_CET\r
+    mov     cr4, rax\r
+\r
+    SETSSBSY\r
+\r
+CetDone:\r
 \r
     ;\r
     ; Save FP registers\r
@@ -209,6 +293,31 @@ CpuSmmDebugExitAbsAddr:
 \r
     add     rsp, 0x200\r
 \r
+    mov     rax, strict qword 0        ;    mov     rax, ASM_PFX(mCetSupported)\r
+mCetSupportedAbsAddr:\r
+    mov     al, [rax]\r
+    cmp     al, 0\r
+    jz      CetDone2\r
+\r
+    mov     eax, 0x668\r
+    mov     cr4, rax       ; disable CET\r
+\r
+    mov     ecx, MSR_IA32_INTERRUPT_SSP_TABLE_ADDR\r
+    pop     rax\r
+    pop     rdx\r
+    wrmsr\r
+\r
+    mov     ecx, MSR_IA32_PL0_SSP\r
+    pop     rax\r
+    pop     rdx\r
+    wrmsr\r
+\r
+    mov     ecx, MSR_IA32_S_CET\r
+    pop     rax\r
+    pop     rdx\r
+    wrmsr\r
+CetDone2:\r
+\r
     mov     rax, strict qword 0         ;       lea     rax, [ASM_PFX(mXdSupported)]\r
 mXdSupportedAbsAddr:\r
     mov     al, [rax]\r
@@ -223,6 +332,7 @@ mXdSupportedAbsAddr:
     wrmsr\r
 \r
 .1:\r
+\r
     StuffRsb64\r
     rsm\r
 \r
@@ -257,4 +367,8 @@ ASM_PFX(PiSmmCpuSmiEntryFixupAddress):
     lea    rax, [ASM_PFX(mXdSupported)]\r
     lea    rcx, [mXdSupportedAbsAddr]\r
     mov    qword [rcx - 8], rax\r
+\r
+    lea    rax, [ASM_PFX(mCetSupported)]\r
+    lea    rcx, [mCetSupportedAbsAddr]\r
+    mov    qword [rcx - 8], rax\r
     ret\r