UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow Stack
When CET shadow stack feature is enabled, it needs to use IST for the exceptions, and uses interrupt shadow stack for the stack switch. Shadow stack should be 32 bytes aligned. Check IST field, when clear shadow stack token busy bit when using retf. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3728 Signed-off-by: Sheng Wei <w.sheng@intel.com> Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Reviewed-by: Ray Ni <ray.ni@intel.com>
This commit is contained in:
Sheng, W
mergify[bot]
@@ -861,35 +861,58 @@ PiCpuSmmEntry (
|
||||
mSmmStackSize = EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (PcdGet32 (PcdCpuSmmStackSize)));
|
||||
if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
|
||||
//
|
||||
// 2 more pages is allocated for each processor.
|
||||
// one is guard page and the other is known good stack.
|
||||
// SMM Stack Guard Enabled
|
||||
// 2 more pages is allocated for each processor, one is guard page and the other is known good stack.
|
||||
//
|
||||
// +-------------------------------------------+-----+-------------------------------------------+
|
||||
// | Known Good Stack | Guard Page | SMM Stack | ... | Known Good Stack | Guard Page | SMM Stack |
|
||||
// +-------------------------------------------+-----+-------------------------------------------+
|
||||
// | | | |
|
||||
// |<-------------- Processor 0 -------------->| |<-------------- Processor n -------------->|
|
||||
// +--------------------------------------------------+-----+--------------------------------------------------+
|
||||
// | Known Good Stack | Guard Page | SMM Stack | ... | Known Good Stack | Guard Page | SMM Stack |
|
||||
// +--------------------------------------------------+-----+--------------------------------------------------+
|
||||
// | 4K | 4K PcdCpuSmmStackSize| | 4K | 4K PcdCpuSmmStackSize|
|
||||
// |<---------------- mSmmStackSize ----------------->| |<---------------- mSmmStackSize ----------------->|
|
||||
// | | | |
|
||||
// |<------------------ Processor 0 ----------------->| |<------------------ Processor n ----------------->|
|
||||
//
|
||||
mSmmStackSize += EFI_PAGES_TO_SIZE (2);
|
||||
}
|
||||
|
||||
mSmmShadowStackSize = 0;
|
||||
if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {
|
||||
//
|
||||
// Append Shadow Stack after normal stack
|
||||
//
|
||||
// |= Stacks
|
||||
// +--------------------------------------------------+---------------------------------------------------------------+
|
||||
// | Known Good Stack | Guard Page | SMM Stack | Known Good Shadow Stack | Guard Page | SMM Shadow Stack |
|
||||
// +--------------------------------------------------+---------------------------------------------------------------+
|
||||
// | |PcdCpuSmmStackSize| |PcdCpuSmmShadowStackSize|
|
||||
// |<---------------- mSmmStackSize ----------------->|<--------------------- mSmmShadowStackSize ------------------->|
|
||||
// | |
|
||||
// |<-------------------------------------------- Processor N ------------------------------------------------------->|
|
||||
//
|
||||
mSmmShadowStackSize = EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (PcdGet32 (PcdCpuSmmShadowStackSize)));
|
||||
|
||||
if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
|
||||
//
|
||||
// SMM Stack Guard Enabled
|
||||
// Append Shadow Stack after normal stack
|
||||
// 2 more pages is allocated for each processor, one is guard page and the other is known good shadow stack.
|
||||
//
|
||||
// |= Stacks
|
||||
// +--------------------------------------------------+---------------------------------------------------------------+
|
||||
// | Known Good Stack | Guard Page | SMM Stack | Known Good Shadow Stack | Guard Page | SMM Shadow Stack |
|
||||
// +--------------------------------------------------+---------------------------------------------------------------+
|
||||
// | 4K | 4K |PcdCpuSmmStackSize| 4K | 4K |PcdCpuSmmShadowStackSize|
|
||||
// |<---------------- mSmmStackSize ----------------->|<--------------------- mSmmShadowStackSize ------------------->|
|
||||
// | |
|
||||
// |<-------------------------------------------- Processor N ------------------------------------------------------->|
|
||||
//
|
||||
mSmmShadowStackSize += EFI_PAGES_TO_SIZE (2);
|
||||
} else {
|
||||
//
|
||||
// SMM Stack Guard Disabled (Known Good Stack is still required for potential stack switch.)
|
||||
// Append Shadow Stack after normal stack with 1 more page as known good shadow stack.
|
||||
// 1 more pages is allocated for each processor, it is known good stack.
|
||||
//
|
||||
//
|
||||
// |= Stacks
|
||||
// +-------------------------------------+--------------------------------------------------+
|
||||
// | Known Good Stack | SMM Stack | Known Good Shadow Stack | SMM Shadow Stack |
|
||||
// +-------------------------------------+--------------------------------------------------+
|
||||
// | 4K |PcdCpuSmmStackSize| 4K |PcdCpuSmmShadowStackSize|
|
||||
// |<---------- mSmmStackSize ---------->|<--------------- mSmmShadowStackSize ------------>|
|
||||
// | |
|
||||
// |<-------------------------------- Processor N ----------------------------------------->|
|
||||
//
|
||||
mSmmShadowStackSize += EFI_PAGES_TO_SIZE (1);
|
||||
mSmmStackSize += EFI_PAGES_TO_SIZE (1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user