From 5515e17ae8c0395ce330bd76896b8fa9ae87a8c6 Mon Sep 17 00:00:00 2001
From: Mikhail Krichanov <mikhailkrichanov@gmail.com>
Date: Mon, 9 Sep 2024 08:56:05 +0300
Subject: [PATCH] SysCall: Split SMEP and SMAP initialization.

---
 MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c | 13 +++++++++++--
 MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c  | 13 +++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c b/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c
index 23bd212ffe..83b34b1d55 100644
--- a/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c
+++ b/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c
@@ -29,10 +29,19 @@ InitializeMsr (
   // Forbid supervisor-mode accesses to any user-mode pages.
   //
   AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL);
-  if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) {
+  if ((Ebx & BIT7) != 0) {
+    Cr4.UintN     = AsmReadCr4 ();
+    Cr4.Bits.SMEP = 1;
+    AsmWriteCr4 (Cr4.UintN);
+
+    Eflags.UintN   = AsmReadEflags ();
+    Eflags.Bits.AC = 0;
+    AsmWriteEflags (Eflags.UintN);
+  }
+
+  if ((Ebx & BIT20) != 0) {
     Cr4.UintN     = AsmReadCr4 ();
     Cr4.Bits.SMAP = 1;
-    Cr4.Bits.SMEP = 1;
     AsmWriteCr4 (Cr4.UintN);
 
     Eflags.UintN   = AsmReadEflags ();
diff --git a/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c b/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c
index 9694c071c2..3126f09d12 100644
--- a/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c
+++ b/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c
@@ -30,10 +30,19 @@ InitializeMsr (
   // Forbid supervisor-mode accesses to any user-mode pages.
   //
   AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL);
-  if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) {
+  if ((Ebx & BIT7) != 0) {
+    Cr4.UintN     = AsmReadCr4 ();
+    Cr4.Bits.SMEP = 1;
+    AsmWriteCr4 (Cr4.UintN);
+
+    Eflags.UintN   = AsmReadEflags ();
+    Eflags.Bits.AC = 0;
+    AsmWriteEflags (Eflags.UintN);
+  }
+
+  if ((Ebx & BIT20) != 0) {
     Cr4.UintN     = AsmReadCr4 ();
     Cr4.Bits.SMAP = 1;
-    Cr4.Bits.SMEP = 1;
     AsmWriteCr4 (Cr4.UintN);
 
     Eflags.UintN   = AsmReadEflags ();