From nobody Fri Apr 19 01:31:50 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+73309+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+73309+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1616738669; cv=none; d=zohomail.com; s=zohoarc; b=RWq1+wy5z5jzBNUn5dm/I5d8/ZhaVQdv6cDcCbpmsklcsJ9BHqCAaUlqnrY/vTI2pTd+m85Iys37ClguZ/u8wJa5bgLQ80/JYOUTjQtJytzpRvwJuSSzXAkQR2X9fzEt1VOt2w2BuNEFE80PioknjAB2pJ+ehHMIP9Y9pxi6H8k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1616738669; h=Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To; bh=0d/CeGiyBFNUpSK9u3R7Q4q/xSMbiPeAIg8g8ef+tm4=; b=lpAijCOcfjkb/s72VaurskcPqEIzNSxKG7bHh6H04E1a6zE0vFyNTCaSYroOOLqVyvNY6VCsIT2ZynD6W3WRRqxhWouI/pEFLDfOjRExDsOyTck6G7CFpJjeokRAQL/t0kIyTVEwl4sQVnLKnTseOFv/WR7xD2JKOfhVae3jyuI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+73309+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1616738669730520.712077198817; Thu, 25 Mar 2021 23:04:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id JLrmYY1788612xcOSZhgyaUK; Thu, 25 Mar 2021 23:04:26 -0700 X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.8883.1616738660798365432 for ; Thu, 25 Mar 2021 23:04:20 -0700 IronPort-SDR: Pv05SRQEddiwacYQGjYH3CeAvC02wRjDin+YvECmv1fWwe/BTVVsycaFhnQx3R7WPgyg9l1zST 3jNoyuciw20Q== X-IronPort-AV: E=McAfee;i="6000,8403,9934"; a="178203881" X-IronPort-AV: E=Sophos;i="5.81,279,1610438400"; d="scan'208";a="178203881" X-Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2021 23:04:19 -0700 IronPort-SDR: rXy7rPd2SXUeVkwaSqxK7yPe4OY3ANYeDnz7nsafQeVOgyS9qFegfkuO6UyiGID+GGmhCTXMFl 67VpT3SxN4Mw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,279,1610438400"; d="scan'208";a="443178991" X-Received: from shwdesssddpdwei.ccr.corp.intel.com ([10.239.157.35]) by fmsmga002.fm.intel.com with ESMTP; 25 Mar 2021 23:04:17 -0700 From: "Sheng Wei" To: devel@edk2.groups.io Cc: Eric Dong , Ray Ni , Laszlo Ersek , Rahul Kumar , Jiewen Yao , Roger Feng Subject: [edk2-devel] [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow Date: Fri, 26 Mar 2021 14:04:13 +0800 Message-Id: <20210326060413.7760-1-w.sheng@intel.com> Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,w.sheng@intel.com X-Gm-Message-State: R7ifIvjAZPxiRTMahUjPBhlKx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1616738666; bh=+K/CSmDrsS27kobM7OhgpM7o3t2LCsXegghFRJlvhu4=; h=Cc:Date:From:Reply-To:Subject:To; b=pBzG9WMHA0B62fp66C8/tzXbFbrvjOxXrOTVdLFEANpplbUD6Xp1AR3LsKLX5gNAJEZ 52aHa90CKpOWgdzczUJKW+t6RkUbOSH/BZNOBM72o7w1Hdg10gH0Wd4fryaj0r5HoD2ff Rr7aWDXz3p+ij0/RoawKWhPEXYdTtNUhEgY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Use SMM stack guard feature to detect SMM shadow stack overflow. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3280 Signed-off-by: Sheng Wei Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Cc: Rahul Kumar Cc: Jiewen Yao Cc: Roger Feng Reviewed-by: Jiewen Yao Reviewed-by: Ray Ni --- UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuD= xeSmm/X64/PageTbl.c index 07e7ea70de..6902584b1f 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -1016,6 +1016,7 @@ SmiPFHandler ( { UINTN PFAddress; UINTN GuardPageAddress; + UINTN ShadowStackGuardPageAddress; UINTN CpuIndex; =20 ASSERT (InterruptType =3D=3D EXCEPT_IA32_PAGE_FAULT); @@ -1032,7 +1033,7 @@ SmiPFHandler ( } =20 // - // If a page fault occurs in SMRAM range, it might be in a SMM stack gua= rd page, + // If a page fault occurs in SMRAM range, it might be in a SMM stack/sha= dow stack guard page, // or SMM page protection violation. // if ((PFAddress >=3D mCpuHotPlugData.SmrrBase) && @@ -1040,10 +1041,16 @@ SmiPFHandler ( DumpCpuContext (InterruptType, SystemContext); CpuIndex =3D GetCpuIndex (); GuardPageAddress =3D (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * = (mSmmStackSize + mSmmShadowStackSize)); + ShadowStackGuardPageAddress =3D (mSmmStackArrayBase + mSmmStackSize + = EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize)); if ((FeaturePcdGet (PcdCpuSmmStackGuard)) && (PFAddress >=3D GuardPageAddress) && (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) { DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n")); + } else if ((FeaturePcdGet (PcdCpuSmmStackGuard)) && + (mSmmShadowStackSize > 0) && + (PFAddress >=3D ShadowStackGuardPageAddress) && + (PFAddress < (ShadowStackGuardPageAddress + EFI_PAGE_SIZE))) { + DEBUG ((DEBUG_ERROR, "SMM shadow stack overflow!\n")); } else { if ((SystemContext.SystemContextX64->ExceptionData & IA32_PF_EC_ID) = !=3D 0) { DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%lx)\n", PFAdd= ress)); --=20 2.16.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#73309): https://edk2.groups.io/g/devel/message/73309 Mute This Topic: https://groups.io/mt/81621994/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-