tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-28 16:14:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

CpuExceptionHandlerLib: Saved UserPageTable on stack,

Browse Source 
used CS saved on stack instead of DS for CPL extraction.
This commit is contained in:
Mikhail Krichanov 2025-01-24 19:32:15 +03:00
parent dd71687e44
commit 7154ce628f
3 changed files with 73 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
View File

@ -8,14 +8,6 @@
#include "CpuExceptionCommon.h" #include "CpuExceptionCommon.h"
//
// Error code flag indicating whether or not an error code will be
// pushed on the stack if an exception occurs.
//
// 1 means an error code will be pushed, otherwise 0
//
CONST UINT32 mErrorCodeFlag = 0x20227d00;
// //
// Define the maximum message length // Define the maximum message length
// //

70
UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/ExceptionHandlerAsm.nasm
View File

@ -23,7 +23,6 @@
; ;
; CommonExceptionHandler() ; CommonExceptionHandler()
; ;
extern ASM_PFX(mErrorCodeFlag) ; Error code flags for exceptions
extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag
extern ASM_PFX(CommonExceptionHandler) extern ASM_PFX(CommonExceptionHandler)
@ -32,11 +31,17 @@ ALIGN 4096
global ASM_PFX(CorePageTable) global ASM_PFX(CorePageTable)
ASM_PFX(CorePageTable): ASM_PFX(CorePageTable):
resq 1 resd 1
global ASM_PFX(UserPageTable) ;
ASM_PFX(UserPageTable): ; Error code flag indicating whether or not an error code will be
resq 1 ; pushed on the stack if an exception occurs.
;
; 1 means an error code will be pushed, otherwise 0
;
global ASM_PFX(mErrorCodeFlag)
ASM_PFX(mErrorCodeFlag):
dd 0x20227d00
ALIGN 4096 ALIGN 4096
Padding: Padding:
@ -101,16 +106,6 @@ HookAfterStubHeaderEnd:
global ASM_PFX(CommonInterruptEntry) global ASM_PFX(CommonInterruptEntry)
ASM_PFX(CommonInterruptEntry): ASM_PFX(CommonInterruptEntry):
cli cli
; Check whether User Space process was interrupted.
mov eax, ds
and eax, 3
jz NoCr3Switch
mov eax, cr3
mov [ASM_PFX(UserPageTable)], eax
mov eax, [ASM_PFX(CorePageTable)]
mov cr3, eax
NoCr3Switch:
pop eax pop eax
; ;
; All interrupt handlers are invoked through interrupt gates, so ; All interrupt handlers are invoked through interrupt gates, so
@ -219,14 +214,30 @@ ErrorCodeAndVectorOnStack:
push 0 ; clear EXCEPTION_HANDLER_CONTEXT.OldIdtHandler push 0 ; clear EXCEPTION_HANDLER_CONTEXT.OldIdtHandler
push 0 ; clear EXCEPTION_HANDLER_CONTEXT.ExceptionDataFlag push 0 ; clear EXCEPTION_HANDLER_CONTEXT.ExceptionDataFlag
; Check whether User Space process was interrupted.
push eax
mov eax, [ebp + 4 * 4] ; CS
and eax, 3
jz NoCr3Switch
mov eax, cr3
push eax ; UserPageTable
mov eax, [ASM_PFX(CorePageTable)]
mov cr3, eax
mov eax, [esp + 4] ; eax
sub esp, 8
push eax
NoCr3Switch:
pop eax
;; UINT32 Edi, Esi, Ebp, Esp, Ebx, Edx, Ecx, Eax; ;; UINT32 Edi, Esi, Ebp, Esp, Ebx, Edx, Ecx, Eax;
push eax push eax
push ecx push ecx
push edx push edx
push ebx push ebx
lea ecx, [ebp + 6 * 4] lea ecx, [ebp + 6 * 4]
; Check whether Ring0 process was interrupted. ; Check whether User Space process was interrupted.
mov eax, ds mov eax, [ebp + 4 * 4] ; CS
and eax, 3 and eax, 3
jz sameCPL_0 jz sameCPL_0
mov ecx, [ecx] mov ecx, [ecx]
@ -238,8 +249,8 @@ sameCPL_0:
;; UINT32 Gs, Fs, Es, Ds, Cs, Ss; ;; UINT32 Gs, Fs, Es, Ds, Cs, Ss;
mov eax, ss mov eax, ss
; Check whether Ring0 process was interrupted. ; Check whether User Space process was interrupted.
mov ecx, ds mov ecx, [ebp + 4 * 4] ; CS
and ecx, 3 and ecx, 3
jz sameCPL_1 jz sameCPL_1
movzx eax, word [ebp + 7 * 4] movzx eax, word [ebp + 7 * 4]
@ -412,8 +423,8 @@ sameCPL_1:
pop es pop es
pop ds pop ds
pop dword [ebp + 4 * 4] pop dword [ebp + 4 * 4]
; Check whether Ring0 process was interrupted. ; Check whether User Space process was interrupted.
mov ecx, ds mov ecx, [ebp + 4 * 4] ; CS
and ecx, 3 and ecx, 3
jz sameCPL_2 jz sameCPL_2
pop dword [ebp + 7 * 4] pop dword [ebp + 7 * 4]
@ -432,12 +443,12 @@ continue:
pop ecx pop ecx
pop eax pop eax
; Check whether Ring3 process was interrupted. ; Check whether User Space process was interrupted.
push ecx push eax
mov ecx, ds mov eax, [ebp + 4 * 4] ; CS
and ecx, 3 and eax, 3
pop eax
jnz ReturnToRing3 jnz ReturnToRing3
pop ecx
pop dword [ebp - 8] pop dword [ebp - 8]
pop dword [ebp - 4] pop dword [ebp - 4]
@ -467,9 +478,10 @@ DoReturn:
DoIret: DoIret:
iretd iretd
ReturnToRing3: ReturnToRing3:
mov ecx, [ASM_PFX(UserPageTable)] add esp, 8
mov cr3, ecx pop eax ; UserPageTable
pop ecx mov cr3, eax
pop eax
mov esp, ebp mov esp, ebp
pop ebp pop ebp
add esp, 8 add esp, 8

54
UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm
View File

@ -48,7 +48,6 @@ endstruc
%define VC_EXCEPTION 29 %define VC_EXCEPTION 29
extern ASM_PFX(mErrorCodeFlag) ; Error code flags for exceptions
extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag
extern ASM_PFX(CommonExceptionHandler) extern ASM_PFX(CommonExceptionHandler)
@ -59,9 +58,15 @@ global ASM_PFX(CorePageTable)
ASM_PFX(CorePageTable): ASM_PFX(CorePageTable):
resq 1 resq 1
global ASM_PFX(UserPageTable) ;
ASM_PFX(UserPageTable): ; Error code flag indicating whether or not an error code will be
resq 1 ; pushed on the stack if an exception occurs.
;
; 1 means an error code will be pushed, otherwise 0
;
global ASM_PFX(mErrorCodeFlag)
ASM_PFX(mErrorCodeFlag):
dd 0x20227d00
ALIGN 4096 ALIGN 4096
Padding: Padding:
@ -136,16 +141,6 @@ HookAfterStubHeaderEnd:
global ASM_PFX(CommonInterruptEntry) global ASM_PFX(CommonInterruptEntry)
ASM_PFX(CommonInterruptEntry): ASM_PFX(CommonInterruptEntry):
cli cli
; Check whether User Space process was interrupted.
mov rax, ds
and rax, 3
jz NoCr3Switch
mov rax, cr3
mov [ASM_PFX(UserPageTable)], rax
mov rax, [ASM_PFX(CorePageTable)]
mov cr3, rax
NoCr3Switch:
pop rax pop rax
; ;
; All interrupt handlers are invoked through interrupt gates, so ; All interrupt handlers are invoked through interrupt gates, so
@ -199,6 +194,21 @@ HasErrorCode:
; is 16-byte aligned ; is 16-byte aligned
; ;
; Check whether User Space process was interrupted.
push rax
mov rax, [rbp + 8*4] ; CS
and rax, 3
jz NoCr3Switch
mov rax, cr3
push rax ; UserPageTable
mov rax, [ASM_PFX(CorePageTable)]
mov cr3, rax
mov rax, [rsp + 8] ; rax
push rax
NoCr3Switch:
pop rax
;; UINT64 Rdi, Rsi, Rbp, Rsp, Rbx, Rdx, Rcx, Rax; ;; UINT64 Rdi, Rsi, Rbp, Rsp, Rbx, Rdx, Rcx, Rax;
;; UINT64 R8, R9, R10, R11, R12, R13, R14, R15; ;; UINT64 R8, R9, R10, R11, R12, R13, R14, R15;
push r15 push r15
@ -457,12 +467,12 @@ CetDone:
pop r14 pop r14
pop r15 pop r15
; Check whether Ring3 process was interrupted. ; Check whether User Space process was interrupted.
push rcx push rax
mov rcx, ds mov rax, [rbp + 8*4] ; CS
and rcx, 3 and rax, 3
pop rax
jnz ReturnToRing3 jnz ReturnToRing3
pop rcx
mov rsp, rbp mov rsp, rbp
pop rbp pop rbp
@ -491,9 +501,9 @@ DoReturn:
DoIret: DoIret:
iretq iretq
ReturnToRing3: ReturnToRing3:
mov rcx, [ASM_PFX(UserPageTable)] pop rax ; UserPageTable
mov cr3, rcx mov cr3, rax
pop rcx pop rax
mov rsp, rbp mov rsp, rbp
pop rbp pop rbp
add rsp, 16 add rsp, 16