[edk2-devel] [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow

Thu, 25 Mar 2021 23:04:30 -0700 

Use SMM stack guard feature to detect SMM shadow stack overflow.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3280

Signed-off-by: Sheng Wei <w.sh...@intel.com>
Cc: Eric Dong <eric.d...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Laszlo Ersek <ler...@redhat.com>
Cc: Rahul Kumar <rahul1.ku...@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Roger Feng <roger.f...@intel.com>
---
 UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c 
b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index 07e7ea70de..6902584b1f 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -1016,6 +1016,7 @@ SmiPFHandler (
 {
   UINTN             PFAddress;
   UINTN             GuardPageAddress;
+  UINTN             ShadowStackGuardPageAddress;
   UINTN             CpuIndex;
 
   ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);
@@ -1032,7 +1033,7 @@ SmiPFHandler (
   }
 
   //
-  // If a page fault occurs in SMRAM range, it might be in a SMM stack guard 
page,
+  // If a page fault occurs in SMRAM range, it might be in a SMM stack/shadow 
stack guard page,
   // or SMM page protection violation.
   //
   if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&
@@ -1040,10 +1041,16 @@ SmiPFHandler (
     DumpCpuContext (InterruptType, SystemContext);
     CpuIndex = GetCpuIndex ();
     GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * 
(mSmmStackSize + mSmmShadowStackSize));
+    ShadowStackGuardPageAddress = (mSmmStackArrayBase + mSmmStackSize + 
EFI_PAGE_SIZE + CpuIndex * (mSmmStackSize + mSmmShadowStackSize));
     if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&
         (PFAddress >= GuardPageAddress) &&
         (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {
       DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));
+    } else if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&
+        (mSmmShadowStackSize > 0) &&
+        (PFAddress >= ShadowStackGuardPageAddress) &&
+        (PFAddress < (ShadowStackGuardPageAddress + EFI_PAGE_SIZE))) {
+      DEBUG ((DEBUG_ERROR, "SMM shadow stack overflow!\n"));
     } else {
       if ((SystemContext.SystemContextX64->ExceptionData & IA32_PF_EC_ID) != 
0) {
         DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%lx)\n", 
PFAddress));
-- 
2.16.2.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#73309): https://edk2.groups.io/g/devel/message/73309
Mute This Topic: https://groups.io/mt/81621994/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to