UINT32 Ebp;\r
UINT32 Esp;\r
UINT32 Eip;\r
+ UINT32 Ssp;\r
} BASE_LIBRARY_JUMP_BUFFER;\r
\r
#define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 4\r
UINT64 Rip;\r
UINT64 MxCsr;\r
UINT8 XmmBuffer[160]; ///< XMM6-XMM15.\r
+ UINT64 Ssp;\r
} BASE_LIBRARY_JUMP_BUFFER;\r
\r
#define BASE_LIBRARY_JUMP_BUFFER_ALIGNMENT 8\r
## @file\r
# Base Library implementation.\r
#\r
-# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>\r
+# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>\r
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>\r
# Portions copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.<BR>\r
#\r
gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength ## SOMETIMES_CONSUMES\r
gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength ## SOMETIMES_CONSUMES\r
gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength ## SOMETIMES_CONSUMES\r
+ gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ## SOMETIMES_CONSUMES\r
\r
[FeaturePcd]\r
gEfiMdePkgTokenSpaceGuid.PcdVerifyNodeInList ## CONSUMES\r
/** @file\r
Implementation of _LongJump() on IA-32.\r
\r
- Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
)\r
{\r
_asm {\r
+ mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]\r
+ test eax, eax\r
+ jz CetDone\r
+ _emit 0x0F\r
+ _emit 0x20\r
+ _emit 0xE0 ; mov eax, cr4\r
+ bt eax, 23 ; check if CET is enabled\r
+ jnc CetDone\r
+\r
+ mov edx, [esp + 4] ; edx = JumpBuffer\r
+ mov edx, [edx + 24] ; edx = target SSP\r
+ _emit 0xF3\r
+ _emit 0x0F\r
+ _emit 0x1E\r
+ _emit 0xC8 ; READSSP EAX\r
+ sub edx, eax ; edx = delta\r
+ mov eax, edx ; eax = delta\r
+\r
+ shr eax, 2 ; eax = delta/sizeof(UINT32)\r
+ _emit 0xF3\r
+ _emit 0x0F\r
+ _emit 0xAE\r
+ _emit 0xE8 ; INCSSP EAX\r
+\r
+CetDone:\r
+\r
pop eax ; skip return address\r
pop edx ; edx <- JumpBuffer\r
pop eax ; eax <- Value\r
;------------------------------------------------------------------------------\r
;\r
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>\r
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
; This program and the accompanying materials\r
; are licensed and made available under the terms and conditions of the BSD License\r
; which accompanies this distribution. The full text of the license may be found at\r
;\r
;------------------------------------------------------------------------------\r
\r
+%include "Nasm.inc"\r
+\r
SECTION .text\r
\r
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))\r
+\r
;------------------------------------------------------------------------------\r
; VOID\r
; EFIAPI\r
;------------------------------------------------------------------------------\r
global ASM_PFX(InternalLongJump)\r
ASM_PFX(InternalLongJump):\r
+\r
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]\r
+ test eax, eax\r
+ jz CetDone\r
+ mov eax, cr4\r
+ bt eax, 23 ; check if CET is enabled\r
+ jnc CetDone\r
+\r
+ mov edx, [esp + 4] ; edx = JumpBuffer\r
+ mov edx, [edx + 24] ; edx = target SSP\r
+ READSSP_EAX\r
+ sub edx, eax ; edx = delta\r
+ mov eax, edx ; eax = delta\r
+\r
+ shr eax, 2 ; eax = delta/sizeof(UINT32)\r
+ INCSSP_EAX\r
+\r
+CetDone:\r
+\r
pop eax ; skip return address\r
pop edx ; edx <- JumpBuffer\r
pop eax ; eax <- Value\r
/** @file\r
Implementation of SetJump() on IA-32.\r
\r
- Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
pop ecx\r
pop ecx\r
mov edx, [esp]\r
+\r
+ xor eax, eax\r
+ mov [edx + 24], eax ; save 0 to SSP\r
+\r
+ mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]\r
+ test eax, eax\r
+ jz CetDone\r
+ _emit 0x0F\r
+ _emit 0x20\r
+ _emit 0xE0 ; mov eax, cr4\r
+ bt eax, 23 ; check if CET is enabled\r
+ jnc CetDone\r
+\r
+ mov eax, 1\r
+ _emit 0xF3\r
+ _emit 0x0F\r
+ _emit 0xAE\r
+ _emit 0xE8 ; INCSSP EAX to read original SSP\r
+ _emit 0xF3\r
+ _emit 0x0F\r
+ _emit 0x1E\r
+ _emit 0xC8 ; READSSP EAX\r
+ mov [edx + 0x24], eax ; save SSP\r
+\r
+CetDone:\r
+\r
mov [edx], ebx\r
mov [edx + 4], esi\r
mov [edx + 8], edi\r
;------------------------------------------------------------------------------\r
;\r
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>\r
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
; This program and the accompanying materials\r
; are licensed and made available under the terms and conditions of the BSD License\r
; which accompanies this distribution. The full text of the license may be found at\r
;\r
;------------------------------------------------------------------------------\r
\r
+%include "Nasm.inc"\r
+\r
SECTION .text\r
\r
extern ASM_PFX(InternalAssertJumpBuffer)\r
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))\r
\r
;------------------------------------------------------------------------------\r
; UINTN\r
pop ecx\r
pop ecx ; ecx <- return address\r
mov edx, [esp]\r
+\r
+ xor eax, eax\r
+ mov [edx + 24], eax ; save 0 to SSP\r
+\r
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]\r
+ test eax, eax\r
+ jz CetDone\r
+ mov eax, cr4\r
+ bt eax, 23 ; check if CET is enabled\r
+ jnc CetDone\r
+\r
+ mov eax, 1\r
+ INCSSP_EAX ; to read original SSP\r
+ READSSP_EAX\r
+ mov [edx + 0x24], eax ; save SSP\r
+\r
+CetDone:\r
+\r
mov [edx], ebx\r
mov [edx + 4], esi\r
mov [edx + 8], edi\r
;------------------------------------------------------------------------------\r
;\r
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>\r
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
; This program and the accompanying materials\r
; are licensed and made available under the terms and conditions of the BSD License\r
; which accompanies this distribution. The full text of the license may be found at\r
;\r
;------------------------------------------------------------------------------\r
\r
+%include "Nasm.inc"\r
+\r
DEFAULT REL\r
SECTION .text\r
\r
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))\r
+\r
;------------------------------------------------------------------------------\r
; VOID\r
; EFIAPI\r
;------------------------------------------------------------------------------\r
global ASM_PFX(InternalLongJump)\r
ASM_PFX(InternalLongJump):\r
+\r
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]\r
+ test eax, eax\r
+ jz CetDone\r
+ mov rax, cr4\r
+ bt eax, 23 ; check if CET is enabled\r
+ jnc CetDone\r
+\r
+ push rdx ; save rdx\r
+\r
+ mov rdx, [rcx + 0xF8] ; rdx = target SSP\r
+ READSSP_RAX\r
+ sub rdx, rax ; rdx = delta\r
+ mov rax, rdx ; rax = delta\r
+\r
+ shr rax, 3 ; rax = delta/sizeof(UINT64)\r
+ INCSSP_RAX\r
+\r
+ pop rdx ; restore rdx\r
+CetDone:\r
+\r
mov rbx, [rcx]\r
mov rsp, [rcx + 8]\r
mov rbp, [rcx + 0x10]\r
;------------------------------------------------------------------------------\r
;\r
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>\r
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>\r
; This program and the accompanying materials\r
; are licensed and made available under the terms and conditions of the BSD License\r
; which accompanies this distribution. The full text of the license may be found at\r
;\r
;------------------------------------------------------------------------------\r
\r
+%include "Nasm.inc"\r
+\r
DEFAULT REL\r
SECTION .text\r
\r
extern ASM_PFX(InternalAssertJumpBuffer)\r
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))\r
\r
;------------------------------------------------------------------------------\r
; UINTN\r
add rsp, 0x20\r
pop rcx\r
pop rdx\r
+\r
+ xor rax, rax\r
+ mov [rcx + 0xF8], rax ; save 0 to SSP\r
+\r
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]\r
+ test eax, eax\r
+ jz CetDone\r
+ mov rax, cr4\r
+ bt eax, 23 ; check if CET is enabled\r
+ jnc CetDone\r
+\r
+ mov rax, 1\r
+ INCSSP_RAX ; to read original SSP\r
+ READSSP_RAX\r
+ mov [rcx + 0xF8], rax ; save SSP\r
+\r
+CetDone:\r
+\r
mov [rcx], rbx\r
mov [rcx + 8], rsp\r
mov [rcx + 0x10], rbp\r
# @Prompt Fixed Debug Message Print Level.\r
gEfiMdePkgTokenSpaceGuid.PcdFixedDebugPrintErrorLevel|0xFFFFFFFF|UINT32|0x30001016\r
\r
+ ## Indicates the control flow enforcement enabling state.\r
+ # If enabled, it uses control flow enforcement technology to prevent ROP or JOP.<BR><BR>\r
+ # BIT0 - SMM CET Shadow Stack is enabled.<BR>\r
+ # Other - reserved\r
+ # @Prompt Enable control flow enforcement.\r
+ gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask|0x0|UINT32|0x30001017\r
+\r
[PcdsFixedAtBuild,PcdsPatchableInModule]\r
## Indicates the maximum length of unicode string used in the following\r
# BaseLib functions: StrLen(), StrSize(), StrCmp(), StrnCmp(), StrCpy(), StrnCpy()<BR><BR>\r
projects / mirror_edk2.git / commitdiff