sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow Stack

Browse Source 
When CET shadow stack feature is enabled, it needs to use IST for the
 exceptions, and uses interrupt shadow stack for the stack switch.
Shadow stack should be 32 bytes aligned.
Check IST field, when clear shadow stack token busy bit when using retf.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3728

Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
This commit is contained in:
Sheng, W
2021-11-12 09:40:28 +08:00
committed by mergify[bot]
parent 466ebdd2e0
commit 455b0347a7
5 changed files with 157 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
View File

@@ -481,7 +481,17 @@ SmmInitPageTable (
// Additional SMM IDT initialization for SMM stack guard
//
if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
InitializeIDTSmmStackGuard ();
DEBUG ((DEBUG_INFO, "Initialize IDT IST field for SMM Stack Guard\n"));
InitializeIdtIst (EXCEPT_IA32_PAGE_FAULT, 1);
}
//
// Additional SMM IDT initialization for SMM CET shadow stack
//
if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {
DEBUG ((DEBUG_INFO, "Initialize IDT IST field for SMM Shadow Stack\n"));
InitializeIdtIst (EXCEPT_IA32_PAGE_FAULT, 1);
InitializeIdtIst (EXCEPT_IA32_MACHINE_CHECK, 1);
}
//