diff --git a/MdeModulePkg/Core/Dxe/DxeRing3/IA32/SysCall.nasm b/MdeModulePkg/Core/Dxe/DxeRing3/IA32/SysCall.nasm index 1e50f950dc..25817aded8 100644 --- a/MdeModulePkg/Core/Dxe/DxeRing3/IA32/SysCall.nasm +++ b/MdeModulePkg/Core/Dxe/DxeRing3/IA32/SysCall.nasm @@ -24,7 +24,6 @@ ASM_PFX(SysCall): sysenter userReturnAddress: - ; sti ret ;------------------------------------------------------------------------------ @@ -39,6 +38,5 @@ userReturnAddress: global ASM_PFX(Ring3EntryPoint) ASM_PFX(Ring3EntryPoint): push eax - ; sti call ASM_PFX(Ring3Call) diff --git a/MdeModulePkg/Core/Dxe/SysCall/IA32/CoreBootServices.nasm b/MdeModulePkg/Core/Dxe/SysCall/IA32/CoreBootServices.nasm index c5e8b68ad3..f0ae792209 100644 --- a/MdeModulePkg/Core/Dxe/SysCall/IA32/CoreBootServices.nasm +++ b/MdeModulePkg/Core/Dxe/SysCall/IA32/CoreBootServices.nasm @@ -161,6 +161,7 @@ ASM_PFX(CoreBootServices): pop ebp pop ecx ; User Stack Pointer. + sti sysexit ;------------------------------------------------------------------------------ @@ -194,6 +195,7 @@ ASM_PFX(CallRing3): mov ebp, ecx ; Pass control to user image + sti sysexit coreReturnAddress: diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.nasm b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.nasm index 9a92c931dd..c6876eff64 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.nasm +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.nasm @@ -167,6 +167,10 @@ ErrorCodeAndVectorOnStack: ; ; Stack: ; +---------------------+ + ; + Old SS + on CPL change + ; +---------------------+ + ; + Old ESP + on CPL change + ; +---------------------+ ; + EFlags + ; +---------------------+ ; + CS + @@ -198,6 +202,12 @@ ErrorCodeAndVectorOnStack: push edx push ebx lea ecx, [ebp + 6 * 4] + ; Check whether Ring0 process was interrupted. + mov eax, ds + and eax, 3 + jz sameCPL_0 + mov ecx, [ecx] +sameCPL_0: push ecx ; ESP push dword [ebp] ; EBP push esi @@ -205,9 +215,15 @@ ErrorCodeAndVectorOnStack: ;; UINT32 Gs, Fs, Es, Ds, Cs, Ss; mov eax, ss - push eax + ; Check whether Ring0 process was interrupted. + mov ecx, ds + and ecx, 3 + jz sameCPL_1 + movzx eax, word [ebp + 7 * 4] +sameCPL_1: + push eax ; for ss movzx eax, word [ebp + 4 * 4] - push eax + push eax ; for cs mov eax, ds push eax mov eax, es @@ -217,6 +233,12 @@ ErrorCodeAndVectorOnStack: mov eax, gs push eax + mov eax, ss + mov ds, eax + mov es, eax + mov fs, eax + mov gs, eax + ;; UINT32 Eip; mov eax, [ebp + 3 * 4] push eax @@ -367,7 +389,15 @@ ErrorCodeAndVectorOnStack: pop es pop ds pop dword [ebp + 4 * 4] + ; Check whether Ring0 process was interrupted. + mov ecx, ss + and ecx, 3 + jz sameCPL_2 + pop dword [ebp + 7 * 4] + jmp continue +sameCPL_2: pop ss +continue: ;; UINT32 Edi, Esi, Ebp, Esp, Ebx, Edx, Ecx, Eax; pop edi @@ -379,6 +409,14 @@ ErrorCodeAndVectorOnStack: pop ecx pop eax + ; Check whether Ring3 process was interrupted. + push ecx + mov ecx, ds + and ecx, 3 + cmp ecx, 3 + pop ecx + je ReturnToRing3 + pop dword [ebp - 8] pop dword [ebp - 4] mov esp, ebp @@ -406,6 +444,11 @@ DoReturn: DoIret: iretd +ReturnToRing3: + mov esp, ebp + pop ebp + add esp, 8 + iretd ;---------------------------------------; ; _AsmGetTemplateAddressMap ;