diff options
| author | Sheng, W <w.sheng@intel.com> | 2021-03-26 14:04:13 +0800 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-04-09 05:33:35 +0000 |
| commit | efa7f4df0f3b9e70d49dc41b397ec8400c1ad374 (patch) | |
| tree | 15f87344d9bc23a97fc144abaf7b893531e04c1b /UefiCpuPkg | |
| parent | bce0328431f6c26e9de591be50beeab9be802f63 (diff) | |
| download | edk2-efa7f4df0f3b9e70d49dc41b397ec8400c1ad374.tar.gz edk2-efa7f4df0f3b9e70d49dc41b397ec8400c1ad374.tar.bz2 edk2-efa7f4df0f3b9e70d49dc41b397ec8400c1ad374.zip | |
UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow
Use SMM stack guard feature to detect SMM shadow stack overflow.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3280
Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Cc: Roger Feng <roger.feng@intel.com>
Diffstat (limited to 'UefiCpuPkg')
| -rw-r--r-- | UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c index 07e7ea70de..6902584b1f 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c @@ -1016,6 +1016,7 @@ SmiPFHandler ( {
UINTN PFAddress;
UINTN GuardPageAddress;
+ UINTN ShadowStackGuardPageAddress;
UINTN CpuIndex;
ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);
@@ -1032,7 +1033,7 @@ SmiPFHandler ( }
//
- // If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,
+ // If a page fault occurs in SMRAM range, it might be in a SMM stack/shadow stack guard page,
// or SMM page protection violation.
//
if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&
@@ -1040,10 +1041,16 @@ SmiPFHandler ( DumpCpuContext (InterruptType, SystemContext);
CpuIndex = GetCpuIndex ();
GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize));
+ ShadowStackGuardPageAddress = (mSmmStackArrayBase + mSmmStackSize + EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize));
if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&
(PFAddress >= GuardPageAddress) &&
(PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {
DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));
+ } else if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&
+ (mSmmShadowStackSize > 0) &&
+ (PFAddress >= ShadowStackGuardPageAddress) &&
+ (PFAddress < (ShadowStackGuardPageAddress + EFI_PAGE_SIZE))) {
+ DEBUG ((DEBUG_ERROR, "SMM shadow stack overflow!\n"));
} else {
if ((SystemContext.SystemContextX64->ExceptionData & IA32_PF_EC_ID) != 0) {
DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%lx)\n", PFAddress));
|