From nobody Mon Feb  9 12:10:06 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+111519+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+111519+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1700550182; cv=none;
	d=zohomail.com; s=zohoarc;
	b=afLtFLkGDiG/VdOjUC7UZy6LdkZM8lK0F9nEJevM1oiTA3DUJwCIVsLDP+BQP2EELDn9sBAK3SlvKgZ14w7sM+M1ZRlelB7JmDA6txV05Na6Vt+s0zqIQqXLY4Q9zYLzRZE27JgB/CwwBF2XxF7DgiXUvU33wEG0B4KRLg4xEw8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1700550182;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id;
	bh=OGAohxBRXErP78LINxaHp0JKKHvzHfhRx94QmuhIVn8=;
	b=C/135vcXHVlv1DEZAQv3XNNfJE1ZvZylwpdKLOHdLDh1rd6PVdXeYACQi7QtjMMoLiIW9dV4/XsciOHMO6n5Za2gMWAAhDayVMxVSsNS4iP+nzUa2mj8EmbW19U8A+L9Qpvs8RuZadU9pOHIBW7I5thucT24sUym4KIziD2vpYA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+111519+1787277+3901457@groups.io;
	dmarc=fail header.from=<w.sheng@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1700550182095405.2981216520318;
 Mon, 20 Nov 2023 23:03:02 -0800 (PST)
Return-Path: <bounce+27952+111519+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=ADLlj5TIR7nuQP9U2gmXEzgSbUT1V7Dr01jnT9eoBcw=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20140610; t=1700550181; v=1;
 b=JMFQbODQSTMiiRd365VLhjTQogyVZpduCDVW9Z7RFENxBt/7qvKwDnIoTrnd7+9jyc6ASo4Z
 691rR8LzoAliCmjkVoTYNNDlGM92b25ZiuTF9tx1YalbsW4YIFY/YzMTNBO7uR0sUgmLHJu0DIg
 ZTVSL4WUJqBGU7AIkwjh7s4M=
X-Received: by 127.0.0.2 with SMTP id DGdqYY1788612x2hMQDdg8k6;
 Mon, 20 Nov 2023 23:03:01 -0800
X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120])
 by mx.groups.io with SMTP id smtpd.web10.30512.1700550170171771930
 for <devel@edk2.groups.io>;
 Mon, 20 Nov 2023 23:03:01 -0800
X-IronPort-AV: E=McAfee;i="6600,9927,10900"; a="390633424"
X-IronPort-AV: E=Sophos;i="6.04,215,1695711600";
   d="scan'208";a="390633424"
X-Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 20 Nov 2023 23:03:00 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10900"; a="795704989"
X-IronPort-AV: E=Sophos;i="6.04,215,1695711600";
   d="scan'208";a="795704989"
X-Received: from shwdesssddpdwei.ccr.corp.intel.com ([10.239.157.28])
  by orsmga008.jf.intel.com with ESMTP; 20 Nov 2023 23:02:58 -0800
From: "Sheng Wei" <w.sheng@intel.com>
To: devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Wu Jiaxin <jiaxin.wu@intel.com>,
	Tan Dun <dun.tan@intel.com>
Subject: [edk2-devel] [PATCH v6 5/6] UefiCpuPkg: Backup and Restore MSR
 IA32_U_CET in SMI handler.
Date: Tue, 21 Nov 2023 15:02:45 +0800
Message-Id: <20231121070246.505-6-w.sheng@intel.com>
In-Reply-To: <20231121070246.505-1-w.sheng@intel.com>
References: <20231121070246.505-1-w.sheng@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,w.sheng@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
X-Gm-Message-State: pk6xUgefFGCRp0ISXfHgmu9Gx1787277AA=
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1700550182926100007
Content-Type: text/plain; charset="utf-8"

OS may enable CET-IBT feature by set MSR IA32_U_CET.bit2.
If IA32_U_CET.bit2 is set, CPU is in WAIT_FOR_ENDBRANCH state and
 the next assemble code is not ENDBR, it will trigger #CP exception
 when set CR4.CET bit.
SMI handler needs to backup MSR IA32_U_CET and clear MSR IA32_U_CET
 before set CR4.CET bit,
And SMI handler needs to restore MSR IA32_U_CET when exit SMI handler.

Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Wu Jiaxin <jiaxin.wu@intel.com>
Cc: Tan Dun <dun.tan@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
 UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm | 15 +++++++++++++++
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm  | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm b/UefiCpuPkg/PiSm=
mCpuDxeSmm/Ia32/SmiEntry.nasm
index 1da9afab97..9e1155dee6 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiEntry.nasm
@@ -202,11 +202,21 @@ ASM_PFX(mPatchCetSupported):
     push    edx
     push    eax
=20
+    mov     ecx, MSR_IA32_U_CET
+    rdmsr
+    push    edx
+    push    eax
+
     mov     ecx, MSR_IA32_PL0_SSP
     rdmsr
     push    edx
     push    eax
=20
+    mov     ecx, MSR_IA32_U_CET
+    xor     eax, eax
+    xor     edx, edx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     mov     eax, MSR_IA32_CET_SH_STK_EN
     xor     edx, edx
@@ -276,6 +286,11 @@ CetDone:
     pop     edx
     wrmsr
=20
+    mov     ecx, MSR_IA32_U_CET
+    pop     eax
+    pop     edx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     pop     eax
     pop     edx
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm b/UefiCpuPkg/PiSmm=
CpuDxeSmm/X64/SmiEntry.nasm
index abf9f1a90a..881d3177f7 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
@@ -217,6 +217,11 @@ ASM_PFX(mPatchCetSupported):
     push    rdx
     push    rax
=20
+    mov     ecx, MSR_IA32_U_CET
+    rdmsr
+    push    rdx
+    push    rax
+
     mov     ecx, MSR_IA32_PL0_SSP
     rdmsr
     push    rdx
@@ -227,6 +232,11 @@ ASM_PFX(mPatchCetSupported):
     push    rdx
     push    rax
=20
+    mov     ecx, MSR_IA32_U_CET
+    xor     eax, eax
+    xor     edx, edx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     mov     eax, MSR_IA32_CET_SH_STK_EN
     xor     edx, edx
@@ -325,6 +335,11 @@ mCetSupportedAbsAddr:
     pop     rdx
     wrmsr
=20
+    mov     ecx, MSR_IA32_U_CET
+    pop     rax
+    pop     rdx
+    wrmsr
+
     mov     ecx, MSR_IA32_S_CET
     pop     rax
     pop     rdx
--=20
2.26.2.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111519): https://edk2.groups.io/g/devel/message/111519
Mute This Topic: https://groups.io/mt/102724276/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-