From 8d4d55b15b5887d6906c6d2c434687e5212ed5a7 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 30 Jan 2018 15:34:08 +0100 Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: eliminate conditional jump in IA32 SmmStartup() SMM emulation under both KVM and QEMU (TCG) crashes the guest when the "jz" branch, added in commit d4d87596c11d ("UefiCpuPkg/PiSmmCpuDxeSmm: Enable NXE if it's supported", 2018-01-18), is taken. Rework the propagation of CPUID.80000001H:EDX.NX [bit 20] to IA32_EFER.NXE [bit 11] so that no code is executed conditionally. Cc: Eric Dong Cc: Jian J Wang Cc: Jiewen Yao Cc: Paolo Bonzini Cc: Ruiyu Ni Ref: http://mid.mail-archive.com/d6fff558-6c4f-9ca6-74a7-e7cd9d007276@redhat.com Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek Reviewed-by: Paolo Bonzini [lersek@redhat.com: XD -> NX code comment updates from Ray] Reviewed-by: Ruiyu Ni [lersek@redhat.com: mark QEMU/TCG as well in the commit message] --- UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm index 9231aa5b3d..d64fcd48d0 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmInit.nasm @@ -47,6 +47,8 @@ ASM_PFX(SmmStartup): mov eax, 0x80000001 ; read capability cpuid mov ebx, edx ; rdmsr will change edx. keep it in ebx. + and ebx, BIT20 ; extract NX capability bit + shr ebx, 9 ; shift bit to IA32_EFER.NXE[BIT11] position DB 0x66, 0xb8 ; mov eax, imm32 ASM_PFX(gSmmCr3): DD 0 mov cr3, eax @@ -56,11 +58,8 @@ ASM_PFX(gSmmCr4): DD 0 mov cr4, eax mov ecx, 0xc0000080 ; IA32_EFER MSR rdmsr - test ebx, BIT20 ; check NXE capability - jz .1 - or ah, BIT3 ; set NXE bit + or eax, ebx ; set NXE bit if NX is available wrmsr -.1: DB 0x66, 0xb8 ; mov eax, imm32 ASM_PFX(gSmmCr0): DD 0 mov di, PROTECT_MODE_DS -- 2.39.2