[v6] MdePkg: Add macro definitions for CET feature for NASM files.

[edk2-devel] [PATCH v6 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.

Posted by Sheng Wei 2 years, 2 months ago

OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2.
If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and
 the next assemble code is not ENDBR, it will trigger #CP exception
 when set CR4.CET bit.
SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET
 before set CR4.CET bit,
And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler.

Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++++++++++++++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm  | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
index 1da9afab97..9e1155dee6 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
@@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported):
     push    edx
     push    eax
 
+    mov     ecx, MSR_IA32_U_CET
+    rdmsr
+    push    edx
+    push    eax
+
     mov     ecx, MSR_IA32_PL0_SSP
     rdmsr
     push    edx
     push    eax
 
+    mov     ecx, MSR_IA32_U_CET
+    xor     eax, eax
+    xor     edx, edx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     mov     eax, MSR_IA32_CET_SH_STK_EN
     xor     edx, edx
@@ -276,6 +286,11 @@ CetDone:
     pop     edx
     wrmsr
 
+    mov     ecx, MSR_IA32_U_CET
+    pop     eax
+    pop     edx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     pop     eax
     pop     edx
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
index abf9f1a90a..881d3177f7 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
@@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported):
     push    rdx
     push    rax
 
+    mov     ecx, MSR_IA32_U_CET
+    rdmsr
+    push    rdx
+    push    rax
+
     mov     ecx, MSR_IA32_PL0_SSP
     rdmsr
     push    rdx
@@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported):
     push    rdx
     push    rax
 
+    mov     ecx, MSR_IA32_U_CET
+    xor     eax, eax
+    xor     edx, edx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     mov     eax, MSR_IA32_CET_SH_STK_EN
     xor     edx, edx
@@ -325,6 +335,11 @@ mCetSupportedAbsAddr:
     pop     rdx
     wrmsr
 
+    mov     ecx, MSR_IA32_U_CET
+    pop     rax
+    pop     rdx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     pop     rax
     pop     rdx
-- 
2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111519): https://edk2.groups.io/g/devel/message/111519
Mute This Topic: https://groups.io/mt/102724276/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH v6 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.

Posted by Ni, Ray 2 years, 2 months ago

Reviewed-by: Ray Ni <ray.ni@intel.com>

Thanks,
Ray
> -----Original Message-----
> From: Sheng, W <w.sheng@intel.com>
> Sent: Tuesday, November 21, 2023 3:03 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Laszlo
> Ersek <lersek@redhat.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Tan, Dun
> <dun.tan@intel.com>
> Subject: [PATCH v6 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in
> SMI handler.
> 
> OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2.
> If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and
>  the next assemble code is not ENDBR, it will trigger #CP exception
>  when set CR4.CET bit.
> SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET
>  before set CR4.CET bit,
> And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler.
> 
> Signed-off-by: Sheng Wei <w.sheng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Wu Jiaxin <jiaxin.wu@intel.com>
> Cc: Tan Dun <dun.tan@intel.com>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15
> +++++++++++++++
>  UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm  | 15
> +++++++++++++++
>  2 files changed, 30 insertions(+)
> 
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
> b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
> index 1da9afab97..9e1155dee6 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
> @@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported):
>      push    edx
> 
>      push    eax
> 
> 
> 
> +    mov     ecx, MSR_IA32_U_CET
> 
> +    rdmsr
> 
> +    push    edx
> 
> +    push    eax
> 
> +
> 
>      mov     ecx, MSR_IA32_PL0_SSP
> 
>      rdmsr
> 
>      push    edx
> 
>      push    eax
> 
> 
> 
> +    mov     ecx, MSR_IA32_U_CET
> 
> +    xor     eax, eax
> 
> +    xor     edx, edx
> 
> +    wrmsr
> 
> +
> 
>      mov     ecx, MSR_IA32_S_CET
> 
>      mov     eax, MSR_IA32_CET_SH_STK_EN
> 
>      xor     edx, edx
> 
> @@ -276,6 +286,11 @@ CetDone:
>      pop     edx
> 
>      wrmsr
> 
> 
> 
> +    mov     ecx, MSR_IA32_U_CET
> 
> +    pop     eax
> 
> +    pop     edx
> 
> +    wrmsr
> 
> +
> 
>      mov     ecx, MSR_IA32_S_CET
> 
>      pop     eax
> 
>      pop     edx
> 
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
> b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
> index abf9f1a90a..881d3177f7 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
> @@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported):
>      push    rdx
> 
>      push    rax
> 
> 
> 
> +    mov     ecx, MSR_IA32_U_CET
> 
> +    rdmsr
> 
> +    push    rdx
> 
> +    push    rax
> 
> +
> 
>      mov     ecx, MSR_IA32_PL0_SSP
> 
>      rdmsr
> 
>      push    rdx
> 
> @@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported):
>      push    rdx
> 
>      push    rax
> 
> 
> 
> +    mov     ecx, MSR_IA32_U_CET
> 
> +    xor     eax, eax
> 
> +    xor     edx, edx
> 
> +    wrmsr
> 
> +
> 
>      mov     ecx, MSR_IA32_S_CET
> 
>      mov     eax, MSR_IA32_CET_SH_STK_EN
> 
>      xor     edx, edx
> 
> @@ -325,6 +335,11 @@ mCetSupportedAbsAddr:
>      pop     rdx
> 
>      wrmsr
> 
> 
> 
> +    mov     ecx, MSR_IA32_U_CET
> 
> +    pop     rax
> 
> +    pop     rdx
> 
> +    wrmsr
> 
> +
> 
>      mov     ecx, MSR_IA32_S_CET
> 
>      pop     rax
> 
>      pop     rdx
> 
> --
> 2.26.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111529): https://edk2.groups.io/g/devel/message/111529
Mute This Topic: https://groups.io/mt/102724276/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/xyzzy [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v6 1/6] MdePkg: Add macro definitions for CET feature for NASM files.
[edk2-devel] [PATCH v6 2/6] UefiCpuPkg: Use macro CR4_CET_BIT to replace hard code value in Cet.nasm.
[edk2-devel] [PATCH v6 3/6] UefiCpuPkg: Use CET macro definitions in Cet.inc for SmiEntry.nasm files.
[edk2-devel] [PATCH v6 4/6] UefiCpuPkg: Only change CR4.CET bit for enable and disable CET.
[edk2-devel] [PATCH v6 5/6] UefiCpuPkg: Backup and Restore MSR IA32_U_CET in SMI handler.
[edk2-devel] [PATCH v6 6/6] MdePkg: Use macro CR4_CET_BIT to replace hard code value.