From nobody Tue May 14 00:33:56 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+110384+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+110384+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1698740575; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kCBkQtehopI0rN/dDvotVS7FwzFfm3jah03FVPh/amGUug9MaORSP7jbSIocthVm6bWcXMG6PKlIvKQdnr1ArS0ajGuGcwuJyPX7S+7aQkvM+8lMwSNHzn5jex0IdtTo/JvxJjQtXW2NMH/AiV8k73TnX2yAOVBZQC97yO2vIAE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1698740575;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:Sender:Subject:Subject:To:To:Message-Id;
	bh=WeRmtWyk8wsmS8FmENra0LQr/klEHllNhWNOleXiyHo=;
	b=X9EPoe9ko4rXz+Nm+qdaAFMuHIzEVStN0XNCIYIKvy7Fhi4OvkWuuztnc/ipYxWPz/9DmHOS82ZQEAQ8lGvO0c/o8gpqxWb+aCyELTFta6I8z8lURdJkKP0pMB4u0wu5S3uw2+bGImyGQiXbu66AF3IvZhJoDSWsh9B7qYQOCLI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+110384+1787277+3901457@groups.io;
	dmarc=fail header.from=<ray.ni@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1698740575830390.2889721491613;
 Tue, 31 Oct 2023 01:22:55 -0700 (PDT)
Return-Path: <bounce+27952+110384+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=60QrQibFGZLzpujnEqFJ3Q9PImys4j9hJW7W8h8S+O4=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1698740575; v=1;
 b=A1tWUA4rehPZKB1ZqujfFnDRmuuaW9fxIVz2R0ByOybu2oxaT6/KKKFmoXfg/UJ9cECidRxs
 ZfH27lR/OJJ3tQ3cIgs05SH2rt1Lp+svGriZYzmTgELRIpnC7gBvaH5RrQ5+bWG42AHhFE6v2Jx
 PHX5JyhjuMNySsOmSgxhrqd8=
X-Received: by 127.0.0.2 with SMTP id qc4mYY1788612xbnM11Q0Kjz;
 Tue, 31 Oct 2023 01:22:55 -0700
X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.100])
 by mx.groups.io with SMTP id smtpd.web10.181437.1698740574380256778
 for <devel@edk2.groups.io>;
 Tue, 31 Oct 2023 01:22:54 -0700
X-IronPort-AV: E=McAfee;i="6600,9927,10879"; a="454705955"
X-IronPort-AV: E=Sophos;i="6.03,265,1694761200";
   d="scan'208";a="454705955"
X-Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 31 Oct 2023 01:22:53 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10879"; a="877436583"
X-IronPort-AV: E=Sophos;i="6.03,265,1694761200";
   d="scan'208";a="877436583"
X-Received: from ray-dev.ccr.corp.intel.com ([10.239.158.139])
  by fmsmga002.fm.intel.com with ESMTP; 31 Oct 2023 01:22:52 -0700
From: "Ni, Ray" <ray.ni@intel.com>
To: devel@edk2.groups.io
Cc: Chasel Chiu <chasel.chiu@intel.com>
Subject: [edk2-devel] [PATCH] IntelFsp2Pkg/SwitchStack: Reserve 32B when
 calling C function in 64bit
Date: Tue, 31 Oct 2023 16:22:16 +0800
Message-Id: <20231031082216.2038-1-ray.ni@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ray.ni@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
X-Gm-Message-State: k31Iw5XbiWl8050TsNyb4W24x1787277AA=
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1698740577754100001
Content-Type: text/plain; charset="utf-8"

When FSP runs in API mode, it saves the IDTR in its own stack then
switches to bootloader's stack before it returns from FspMemoryInit.
Next time when the bootloader calls TempRamExit, FSP switches to
its own stack and restores IDTR from its stack saved earlier.

However, due to a bug in BaseFspSwitchStackLib, the IDTR saved on
FSP's stack might be corrupted that results the following TempRamExit
call fails inside FSP due to PeiServices pointer cannot be retrieved
from IDT.base - 8.

The bug is the assembly code doesn't reserve 32 bytes before calling
the C routine in 64bit. According to the x86-64 calling convention,
caller is responsible for allocating 32 bytes of "shadow space" on the
stack right before calling the function (regardless of the actual
number of parameters used).

When FSP is built in optimization-off mode, the C routine makes use
of the 32-byte "shadow space" which is not reserved by the assembly
caller. That causes the IDTR saved on the stack is corrupted by the
C routine.
The patch fixes so by reserving the 32 bytes before calling C routine.

Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
M: Nate DeSimone <nathaniel.l.desimone@intel.com>
M: Duggapu Chinni B <chinni.b.duggapu@intel.com>
M: Ray Han Lim Ng <ray.han.lim.ng@intel.com>
R: Star Zeng <star.zeng@intel.com>
R: Ted Kuo <ted.kuo@intel.com>
R: Ashraf Ali S <ashraf.ali.s@intel.com>
R: Susovan Mohapatra <susovan.mohapatra@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
---
 IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm b/In=
telFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm
index 1ea1220608..e3a7cf002f 100644
--- a/IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm
+++ b/IntelFsp2Pkg/Library/BaseFspSwitchStackLib/X64/Stack.nasm
@@ -1,6 +1,6 @@
 ;-------------------------------------------------------------------------=
-----
 ;
-; Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
 ; SPDX-License-Identifier: BSD-2-Clause-Patent
 ;
 ; Abstract:
@@ -60,7 +60,9 @@ ASM_PFX(FspSwitchStack):
=20
     ; Load new stack
     mov     rcx, rsp
+    sub     rsp, 0x20
     call    ASM_PFX(SwapStack)
+    add     rsp, 0x20
     mov     rsp, rax
=20
     ; Restore previous contexts
--=20
2.39.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110384): https://edk2.groups.io/g/devel/message/110384
Mute This Topic: https://groups.io/mt/102293342/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076=
/xyzzy [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-