diff options
author | Jiewen Yao <jiewen.yao@intel.com> | 2016-10-23 23:19:52 +0800 |
---|---|---|
committer | Jiewen Yao <jiewen.yao@intel.com> | 2016-11-17 16:30:07 +0800 |
commit | 717fb60443fbaedfab9a37fd186361b3b9e1ecfe (patch) | |
tree | f360f028594e994f452f6e674726bf210643498b /UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm | |
parent | 28b020b5de1e1bee4a44e2536f71fc96c781863c (diff) | |
download | edk2-717fb60443fbaedfab9a37fd186361b3b9e1ecfe.tar.gz edk2-717fb60443fbaedfab9a37fd186361b3b9e1ecfe.tar.bz2 edk2-717fb60443fbaedfab9a37fd186361b3b9e1ecfe.zip |
UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection.
PiSmmCpuDxeSmm consumes SmmAttributesTable and setup page table:
1) Code region is marked as read-only and Data region is non-executable,
if the PE image is 4K aligned.
2) Important data structure is set to RO, such as GDT/IDT.
3) SmmSaveState is set to non-executable,
and SmmEntrypoint is set to read-only.
4) If static page is supported, page table is read-only.
We use page table to protect other components, and itself.
If we use dynamic paging, we can still provide *partial* protection.
And hope page table is not modified by other components.
The XD enabling code is moved to SmiEntry to let NX take effect.
Cc: Jeff Fan <jeff.fan@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Diffstat (limited to 'UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm')
-rw-r--r-- | UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm | 36 |
1 files changed, 5 insertions, 31 deletions
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm index 6a328289a8..4d58999e90 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmiException.nasm @@ -1,5 +1,5 @@ ;------------------------------------------------------------------------------ ;
-; Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
; This program and the accompanying materials
; are licensed and made available under the terms and conditions of the BSD License
; which accompanies this distribution. The full text of the license may be found at
@@ -24,6 +24,7 @@ extern ASM_PFX(SmiPFHandler) global ASM_PFX(gcSmiIdtr)
global ASM_PFX(gcSmiGdtr)
+global ASM_PFX(gTaskGateDescriptor)
global ASM_PFX(gcPsd)
SECTION .data
@@ -250,21 +251,10 @@ ASM_PFX(gcSmiGdtr): DD NullSeg
ASM_PFX(gcSmiIdtr):
- DW IDT_SIZE - 1
- DD _SmiIDT
+ DW 0
+ DD 0
-_SmiIDT:
-%rep 32
- DW 0 ; Offset 0:15
- DW CODE_SEL ; Segment selector
- DB 0 ; Unused
- DB 0x8e ; Interrupt Gate, Present
- DW 0 ; Offset 16:31
-%endrep
-
-IDT_SIZE equ $ - _SmiIDT
-
-TaskGateDescriptor:
+ASM_PFX(gTaskGateDescriptor):
DW 0 ; Reserved
DW EXCEPTION_TSS_SEL ; TSS Segment selector
DB 0 ; Reserved
@@ -717,19 +707,3 @@ ASM_PFX(PageFaultStubFunction): clts
iretd
-global ASM_PFX(InitializeIDTSmmStackGuard)
-ASM_PFX(InitializeIDTSmmStackGuard):
- push ebx
-;
-; If SMM Stack Guard feature is enabled, the Page Fault Exception entry in IDT
-; is a Task Gate Descriptor so that when a Page Fault Exception occurrs,
-; the processors can use a known good stack in case stack is ran out.
-;
- lea ebx, [_SmiIDT + 14 * 8]
- lea edx, [TaskGateDescriptor]
- mov eax, [edx]
- mov [ebx], eax
- mov eax, [edx + 4]
- mov [ebx + 4], eax
- pop ebx
- ret
|