tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow 

Use SMM stack guard feature to detect SMM shadow stack overflow.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3280

Signed-off-by: Sheng Wei <w.sheng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Cc: Roger Feng <roger.feng@intel.com>
This commit is contained in:
Sheng, W 2021-03-26 14:04:13 +08:00 committed by mergify[bot]
parent bce0328431
commit efa7f4df0f
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
View File

@ -1016,6 +1016,7 @@ SmiPFHandler (
{ {
UINTN PFAddress; UINTN PFAddress;
UINTN GuardPageAddress; UINTN GuardPageAddress;
UINTN ShadowStackGuardPageAddress;
UINTN CpuIndex; UINTN CpuIndex;
ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT); ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);
@ -1032,7 +1033,7 @@ SmiPFHandler (
} }
// //
// If a page fault occurs in SMRAM range, it might be in a SMM stack guard page, // If a page fault occurs in SMRAM range, it might be in a SMM stack/shadow stack guard page,
// or SMM page protection violation. // or SMM page protection violation.
// //
if ((PFAddress >= mCpuHotPlugData.SmrrBase) && if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&
@ -1040,10 +1041,16 @@ SmiPFHandler (
DumpCpuContext (InterruptType, SystemContext); DumpCpuContext (InterruptType, SystemContext);
CpuIndex = GetCpuIndex (); CpuIndex = GetCpuIndex ();
GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize)); GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize));
ShadowStackGuardPageAddress = (mSmmStackArrayBase + mSmmStackSize + EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize));
if ((FeaturePcdGet (PcdCpuSmmStackGuard)) && if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&
(PFAddress >= GuardPageAddress) && (PFAddress >= GuardPageAddress) &&
(PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) { (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {
DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n")); DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));
} else if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&
(mSmmShadowStackSize > 0) &&
(PFAddress >= ShadowStackGuardPageAddress) &&
(PFAddress < (ShadowStackGuardPageAddress + EFI_PAGE_SIZE))) {
DEBUG ((DEBUG_ERROR, "SMM shadow stack overflow!\n"));
} else { } else {
if ((SystemContext.SystemContextX64->ExceptionData & IA32_PF_EC_ID) != 0) { if ((SystemContext.SystemContextX64->ExceptionData & IA32_PF_EC_ID) != 0) {
DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%lx)\n", PFAddress)); DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%lx)\n", PFAddress));