diff options
Diffstat (limited to 'UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAsm.nasm')
| -rw-r--r-- | UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAsm.nasm | 66 |
1 files changed, 46 insertions, 20 deletions
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAsm.nasm b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAsm.nasm index 4881a02848..84a12ddb88 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAsm.nasm +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/Xcode5ExceptionHandlerAsm.nasm @@ -16,16 +16,35 @@ %include "Nasm.inc"
;
+; Equivalent NASM structure of IA32_DESCRIPTOR
+;
+struc IA32_DESCRIPTOR
+ .Limit CTYPE_UINT16 1
+ .Base CTYPE_UINTN 1
+endstruc
+
+;
+; Equivalent NASM structure of IA32_IDT_GATE_DESCRIPTOR
+;
+struc IA32_IDT_GATE_DESCRIPTOR
+ .OffsetLow CTYPE_UINT16 1
+ .Selector CTYPE_UINT16 1
+ .Reserved_0 CTYPE_UINT8 1
+ .GateType CTYPE_UINT8 1
+ .OffsetHigh CTYPE_UINT16 1
+ .OffsetUpper CTYPE_UINT32 1
+ .Reserved_1 CTYPE_UINT32 1
+endstruc
+
+;
; CommonExceptionHandler()
;
%define VC_EXCEPTION 29
-%define PF_EXCEPTION 14
extern ASM_PFX(mErrorCodeFlag) ; Error code flags for exceptions
extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag
extern ASM_PFX(CommonExceptionHandler)
-extern ASM_PFX(FeaturePcdGet (PcdCpuSmmStackGuard))
SECTION .data
@@ -282,42 +301,49 @@ DrFinish: ; The follow algorithm is used for clear shadow stack token busy bit.
; The comment is based on the sample shadow stack.
+ ; Shadow stack is 32 bytes aligned.
; The sample shadow stack layout :
; Address | Context
; +-------------------------+
- ; 0xFD0 | FREE | it is 0xFD8|0x02|(LMA & CS.L), after SAVEPREVSSP.
+ ; 0xFB8 | FREE | It is 0xFC0|0x02|(LMA & CS.L), after SAVEPREVSSP.
; +-------------------------+
- ; 0xFD8 | Prev SSP |
+ ; 0xFC0 | Prev SSP |
; +-------------------------+
- ; 0xFE0 | RIP |
+ ; 0xFC8 | RIP |
; +-------------------------+
- ; 0xFE8 | CS |
+ ; 0xFD0 | CS |
; +-------------------------+
- ; 0xFF0 | 0xFF0 | BUSY | BUSY flag cleared after CLRSSBSY
+ ; 0xFD8 | 0xFD8 | BUSY | BUSY flag cleared after CLRSSBSY
; +-------------------------+
- ; 0xFF8 | 0xFD8|0x02|(LMA & CS.L) |
+ ; 0xFE0 | 0xFC0|0x02|(LMA & CS.L) |
; +-------------------------+
; Instructions for Intel Control Flow Enforcement Technology (CET) are supported since NASM version 2.15.01.
cmp qword [ASM_PFX(mDoFarReturnFlag)], 0
jz CetDone
- cmp qword [rbp + 8], PF_EXCEPTION ; check if it is a Page Fault
- jnz CetDone
- cmp byte [dword ASM_PFX(FeaturePcdGet (PcdCpuSmmStackGuard))], 0
- jz CetDone
mov rax, cr4
- and rax, 0x800000 ; check if CET is enabled
+ and rax, 0x800000 ; Check if CET is enabled
+ jz CetDone
+ sub rsp, 0x10
+ sidt [rsp]
+ mov rcx, qword [rsp + IA32_DESCRIPTOR.Base]; Get IDT base address
+ add rsp, 0x10
+ mov rax, qword [rbp + 8]; Get exception number
+ sal rax, 0x04 ; Get IDT offset
+ add rax, rcx ; Get IDT gate descriptor address
+ mov al, byte [rax + IA32_IDT_GATE_DESCRIPTOR.Reserved_0]
+ and rax, 0x01 ; Check IST field
jz CetDone
- ; SSP should be 0xFD8 at this point
+ ; SSP should be 0xFC0 at this point
mov rax, 0x04 ; advance past cs:lip:prevssp;supervisor shadow stack token
- INCSSP_RAX ; After this SSP should be 0xFF8
- SAVEPREVSSP ; now the shadow stack restore token will be created at 0xFD0
- READSSP_RAX ; Read new SSP, SSP should be 0x1000
+ INCSSP_RAX ; After this SSP should be 0xFE0
+ SAVEPREVSSP ; now the shadow stack restore token will be created at 0xFB8
+ READSSP_RAX ; Read new SSP, SSP should be 0xFE8
sub rax, 0x10
- CLRSSBSY_RAX ; Clear token at 0xFF0, SSP should be 0 after this
+ CLRSSBSY_RAX ; Clear token at 0xFD8, SSP should be 0 after this
sub rax, 0x20
- RSTORSSP_RAX ; Restore to token at 0xFD0, new SSP will be 0xFD0
+ RSTORSSP_RAX ; Restore to token at 0xFB8, new SSP will be 0xFB8
mov rax, 0x01 ; Pop off the new save token created
- INCSSP_RAX ; SSP should be 0xFD8 now
+ INCSSP_RAX ; SSP should be 0xFC0 now
CetDone:
cli
|