Skip to content

Commit

Permalink
SysCall: Made SMEP, SMAP, PAN optional features.
Browse files Browse the repository at this point in the history
  • Loading branch information
Mikhail Krichanov committed Sep 2, 2024
1 parent 490b66d commit edf576c
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 31 deletions.
11 changes: 6 additions & 5 deletions MdeModulePkg/Core/Dxe/SysCall/AARCH64/InitializeMsr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,9 +173,6 @@ InitializeMsr (
// Enable Privileged Access Never feature.
//
ArmSetPan ();
} else {
DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
ASSERT (FALSE);
}

InitializeSysCallHandler ((VOID *)SysCallBootService);
Expand All @@ -187,7 +184,9 @@ DisableSMAP (
VOID
)
{
ArmClearPan ();
if (ArmHasPan ()) {
ArmClearPan ();
}
}

VOID
Expand All @@ -196,7 +195,9 @@ EnableSMAP (
VOID
)
{
ArmSetPan ();
if (ArmHasPan ()) {
ArmSetPan ();
}
}

EFI_STATUS
Expand Down
6 changes: 0 additions & 6 deletions MdeModulePkg/Core/Dxe/SysCall/ARM/InitializeMsr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,12 +105,6 @@ InitializeMsr (
// Enable Privileged Access Never feature.
//
ArmSetPan ();
} else {
//
// TODO: Refactoring.
//
DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
// ASSERT (FALSE);
}

InitializeSysCallHandler (SysCallBootService);
Expand Down
19 changes: 10 additions & 9 deletions MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,9 @@ InitializeMsr (

//
// Forbid supervisor-mode accesses to any user-mode pages.
// SMEP and SMAP must be supported.
//
AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL);
//
// SYSENTER and SYSEXIT must be also supported.
//
AsmCpuidEx (0x01, 0x0, NULL, NULL, NULL, &Edx);
if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0) && ((Edx & BIT11) != 0)) {
if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) {
Cr4.UintN = AsmReadCr4 ();
Cr4.Bits.SMAP = 1;
Cr4.Bits.SMEP = 1;
Expand All @@ -43,9 +38,15 @@ InitializeMsr (
Eflags.UintN = AsmReadEflags ();
Eflags.Bits.AC = 0;
AsmWriteEflags (Eflags.UintN);
} else {
DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
ASSERT (FALSE);
}

//
// SYSENTER and SYSEXIT must be supported.
//
AsmCpuidEx (0x01, 0x0, NULL, NULL, NULL, &Edx);
if ((Edx & BIT11) == 0) {
DEBUG ((DEBUG_ERROR, "Core: SYSENTER and SYSEXIT are not supported.\n"));
CpuDeadLoop ();
}

//
Expand Down
21 changes: 10 additions & 11 deletions MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,9 @@ InitializeMsr (

//
// Forbid supervisor-mode accesses to any user-mode pages.
// SMEP and SMAP must be supported.
//
AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL);
//
// SYSCALL and SYSRET must be also supported.
//
AsmCpuidEx (0x80000001, 0x0, NULL, NULL, NULL, &Edx);
if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0) && ((Edx & BIT11) != 0)) {
if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) {
Cr4.UintN = AsmReadCr4 ();
Cr4.Bits.SMAP = 1;
Cr4.Bits.SMEP = 1;
Expand All @@ -44,15 +39,19 @@ InitializeMsr (
Eflags.UintN = AsmReadEflags ();
Eflags.Bits.AC = 0;
AsmWriteEflags (Eflags.UintN);
//
// Enable SYSCALL and SYSRET.
//
}

//
// Enable SYSCALL and SYSRET.
//
AsmCpuidEx (0x80000001, 0x0, NULL, NULL, NULL, &Edx);
if ((Edx & BIT11) != 0) {
MsrEfer.Uint64 = AsmReadMsr64 (MSR_IA32_EFER);
MsrEfer.Bits.SCE = 1;
AsmWriteMsr64 (MSR_IA32_EFER, MsrEfer.Uint64);
} else {
DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n"));
ASSERT (FALSE);
DEBUG ((DEBUG_ERROR, "Core: SYSCALL and SYSRET are not supported.\n"));
CpuDeadLoop ();
}

//
Expand Down

0 comments on commit edf576c

Please sign in to comment.