diff --git a/MdeModulePkg/Core/Dxe/SysCall/AARCH64/InitializeMsr.c b/MdeModulePkg/Core/Dxe/SysCall/AARCH64/InitializeMsr.c index ab2f1b536b..f764309f11 100644 --- a/MdeModulePkg/Core/Dxe/SysCall/AARCH64/InitializeMsr.c +++ b/MdeModulePkg/Core/Dxe/SysCall/AARCH64/InitializeMsr.c @@ -173,9 +173,6 @@ InitializeMsr ( // Enable Privileged Access Never feature. // ArmSetPan (); - } else { - DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n")); - ASSERT (FALSE); } InitializeSysCallHandler ((VOID *)SysCallBootService); @@ -187,7 +184,9 @@ DisableSMAP ( VOID ) { - ArmClearPan (); + if (ArmHasPan ()) { + ArmClearPan (); + } } VOID @@ -196,7 +195,9 @@ EnableSMAP ( VOID ) { - ArmSetPan (); + if (ArmHasPan ()) { + ArmSetPan (); + } } EFI_STATUS diff --git a/MdeModulePkg/Core/Dxe/SysCall/ARM/InitializeMsr.c b/MdeModulePkg/Core/Dxe/SysCall/ARM/InitializeMsr.c index d08066df46..79ca473028 100644 --- a/MdeModulePkg/Core/Dxe/SysCall/ARM/InitializeMsr.c +++ b/MdeModulePkg/Core/Dxe/SysCall/ARM/InitializeMsr.c @@ -105,12 +105,6 @@ InitializeMsr ( // Enable Privileged Access Never feature. // ArmSetPan (); - } else { - // - // TODO: Refactoring. - // - DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n")); - // ASSERT (FALSE); } InitializeSysCallHandler (SysCallBootService); diff --git a/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c b/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c index e08d97a336..aabfb9e5c4 100644 --- a/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c +++ b/MdeModulePkg/Core/Dxe/SysCall/IA32/InitializeMsr.c @@ -27,14 +27,9 @@ InitializeMsr ( // // Forbid supervisor-mode accesses to any user-mode pages. - // SMEP and SMAP must be supported. // AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL); - // - // SYSENTER and SYSEXIT must be also supported. - // - AsmCpuidEx (0x01, 0x0, NULL, NULL, NULL, &Edx); - if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0) && ((Edx & BIT11) != 0)) { + if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) { Cr4.UintN = AsmReadCr4 (); Cr4.Bits.SMAP = 1; Cr4.Bits.SMEP = 1; @@ -43,9 +38,15 @@ InitializeMsr ( Eflags.UintN = AsmReadEflags (); Eflags.Bits.AC = 0; AsmWriteEflags (Eflags.UintN); - } else { - DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n")); - ASSERT (FALSE); + } + + // + // SYSENTER and SYSEXIT must be supported. + // + AsmCpuidEx (0x01, 0x0, NULL, NULL, NULL, &Edx); + if ((Edx & BIT11) == 0) { + DEBUG ((DEBUG_ERROR, "Core: SYSENTER and SYSEXIT are not supported.\n")); + CpuDeadLoop (); } // diff --git a/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c b/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c index fded58d6fa..348d850f1c 100644 --- a/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c +++ b/MdeModulePkg/Core/Dxe/SysCall/X64/InitializeMsr.c @@ -28,14 +28,9 @@ InitializeMsr ( // // Forbid supervisor-mode accesses to any user-mode pages. - // SMEP and SMAP must be supported. // AsmCpuidEx (0x07, 0x0, NULL, &Ebx, NULL, NULL); - // - // SYSCALL and SYSRET must be also supported. - // - AsmCpuidEx (0x80000001, 0x0, NULL, NULL, NULL, &Edx); - if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0) && ((Edx & BIT11) != 0)) { + if (((Ebx & BIT20) != 0) && ((Ebx & BIT7) != 0)) { Cr4.UintN = AsmReadCr4 (); Cr4.Bits.SMAP = 1; Cr4.Bits.SMEP = 1; @@ -44,15 +39,19 @@ InitializeMsr ( Eflags.UintN = AsmReadEflags (); Eflags.Bits.AC = 0; AsmWriteEflags (Eflags.UintN); - // - // Enable SYSCALL and SYSRET. - // + } + + // + // Enable SYSCALL and SYSRET. + // + AsmCpuidEx (0x80000001, 0x0, NULL, NULL, NULL, &Edx); + if ((Edx & BIT11) != 0) { MsrEfer.Uint64 = AsmReadMsr64 (MSR_IA32_EFER); MsrEfer.Bits.SCE = 1; AsmWriteMsr64 (MSR_IA32_EFER, MsrEfer.Uint64); } else { - DEBUG ((DEBUG_ERROR, "Core: Failed to initialize MSRs for Ring3.\n")); - ASSERT (FALSE); + DEBUG ((DEBUG_ERROR, "Core: SYSCALL and SYSRET are not supported.\n")); + CpuDeadLoop (); } //