From nobody Sun Feb  8 15:47:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+92268+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+92268+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1660095955; cv=none;
	d=zohomail.com; s=zohoarc;
	b=lN+P8gcWPMOIvmklgH1KNhcQG45h60lXWP77ejXvVIb/NB3vJPX66fwgE2fl60xs1u/JUk5oB4XAyZfXDiIk9FsnkKN6dIR+BhfVmVf77LJLT1lKsttwlo1d5m+VhAIe1fADvururZDCG+8adG/nijGRyyiFen6VDhOHma9pZ9E=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1660095955;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=4IfVP7XVqAwetREF6Ka1OApS8jPvR2n6ThjOQ/HNCro=;
	b=hRu4CxyQAivctReinWEHjxlblvwQwAC0+aikN1zxOQ0RYYfNcng02PimvEAvh+CxgfRjslPCDi+eBlE1M6gHJqqp70kvzJ0iXkyFbtBKOQJHbFVI8Nm9dJId+uMuMdHVYm8ilnfnDTw1yTnukzj/Tt2hnNXMb5U7U94Bt5CDElI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+92268+1787277+3901457@groups.io;
	dmarc=fail header.from=<dun.tan@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1660095955930781.3974508413476;
 Tue, 9 Aug 2022 18:45:55 -0700 (PDT)
Return-Path: <bounce+27952+92268+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id X8jCYY1788612xdmSyAY3WxS;
 Tue, 09 Aug 2022 18:45:55 -0700
X-Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by mx.groups.io with SMTP id smtpd.web11.1038.1660095953631651306
 for <devel@edk2.groups.io>;
 Tue, 09 Aug 2022 18:45:54 -0700
X-IronPort-AV: E=McAfee;i="6400,9594,10434"; a="277911996"
X-IronPort-AV: E=Sophos;i="5.93,225,1654585200";
   d="scan'208";a="277911996"
X-Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 09 Aug 2022 18:45:54 -0700
X-IronPort-AV: E=Sophos;i="5.93,225,1654585200";
   d="scan'208";a="664678126"
X-Received: from duntan-mobl.ccr.corp.intel.com ([10.239.157.47])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 09 Aug 2022 18:45:53 -0700
From: "duntan" <dun.tan@intel.com>
To: devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>
Subject: [edk2-devel] [PATCH 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: Add a new
 IsShadowStack flag
Date: Wed, 10 Aug 2022 09:45:31 +0800
Message-Id: <20220810014532.117-2-dun.tan@intel.com>
In-Reply-To: <20220810014532.117-1-dun.tan@intel.com>
References: <20220810014532.117-1-dun.tan@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dun.tan@intel.com
X-Gm-Message-State: Ka5UZxXzdMFA4RPj07akxX7hx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1660095955;
 bh=LNJeOAn/wK95V5lP0cRDqqsoQKlDfereyQ3bNwcS9to=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=LFyY5UXTRVEGqOybh3OICdZRvk9V6t5HhcjDVyd3bwujXtnCFKxv8OP/KSmKZDbNNE7
 1yN7WyddRiRBWcRq0cdY+e4ZwUTP0o6ozFh9aYOKnEd61oLt8fKO6JuCkO1bzKZM4K8mi
 xuQYfwiK5/EAb9W0M9Ep8mlGgkXmLkLW+1k=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1660095956627100001
Content-Type: text/plain; charset="utf-8"

Add a new IsShadowStack flag to identify whether current memory is
shadow stack. The dirty bit in page table entry for this memory will
be set if IsShadowStack is TRUE, instead of depending on mInternalCr3.

Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
 UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPk=
g/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 1f7cc15727..b369c0c435 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -33,6 +33,7 @@ PAGE_ATTRIBUTE_TABLE  mPageAttributeTable[] =3D {
 };
=20
 UINTN  mInternalCr3;
+UINTN  IsShadowStack =3D FALSE;
=20
 /**
   Set the internal page table base address.
@@ -249,7 +250,7 @@ ConvertPageEntryAttribute (
   if ((Attributes & EFI_MEMORY_RO) !=3D 0) {
     if (IsSet) {
       NewPageEntry &=3D ~(UINT64)IA32_PG_RW;
-      if (mInternalCr3 !=3D 0) {
+      if (IsShadowStack) {
         // Environment setup
         // ReadOnly page need set Dirty bit for shadow stack
         NewPageEntry |=3D IA32_PG_D;
@@ -734,10 +735,11 @@ SetShadowStack (
   EFI_STATUS  Status;
=20
   SetPageTableBase (Cr3);
-
-  Status =3D SmmSetMemoryAttributes (BaseAddress, Length, EFI_MEMORY_RO);
+  IsShadowStack =3D TRUE;
+  Status        =3D SmmSetMemoryAttributes (BaseAddress, Length, EFI_MEMOR=
Y_RO);
=20
   SetPageTableBase (0);
+  IsShadowStack =3D FALSE;
=20
   return Status;
 }
--=20
2.31.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92268): https://edk2.groups.io/g/devel/message/92268
Mute This Topic: https://groups.io/mt/92928945/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-