diff options
Diffstat (limited to 'MdePkg/Library/BaseLib')
| -rw-r--r-- | MdePkg/Library/BaseLib/BaseLib.inf | 3 | ||||
| -rw-r--r-- | MdePkg/Library/BaseLib/Ia32/LongJump.c | 28 | ||||
| -rw-r--r-- | MdePkg/Library/BaseLib/Ia32/LongJump.nasm | 25 | ||||
| -rw-r--r-- | MdePkg/Library/BaseLib/Ia32/SetJump.c | 28 | ||||
| -rw-r--r-- | MdePkg/Library/BaseLib/Ia32/SetJump.nasm | 23 | ||||
| -rw-r--r-- | MdePkg/Library/BaseLib/X64/LongJump.nasm | 27 | ||||
| -rw-r--r-- | MdePkg/Library/BaseLib/X64/SetJump.nasm | 23 |
7 files changed, 150 insertions, 7 deletions
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf index f25a067..a0d6c37 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -1,7 +1,7 @@ ## @file
# Base Library implementation.
#
-# Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
# Portions copyright (c) 2011 - 2013, ARM Ltd. All rights reserved.<BR>
#
@@ -620,6 +620,7 @@ gEfiMdePkgTokenSpaceGuid.PcdMaximumLinkedListLength ## SOMETIMES_CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdMaximumAsciiStringLength ## SOMETIMES_CONSUMES
gEfiMdePkgTokenSpaceGuid.PcdMaximumUnicodeStringLength ## SOMETIMES_CONSUMES
+ gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask ## SOMETIMES_CONSUMES
[FeaturePcd]
gEfiMdePkgTokenSpaceGuid.PcdVerifyNodeInList ## CONSUMES
diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.c b/MdePkg/Library/BaseLib/Ia32/LongJump.c index 73973a9..2c1feb8 100644 --- a/MdePkg/Library/BaseLib/Ia32/LongJump.c +++ b/MdePkg/Library/BaseLib/Ia32/LongJump.c @@ -1,7 +1,7 @@ /** @file
Implementation of _LongJump() on IA-32.
- Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -36,6 +36,32 @@ InternalLongJump ( )
{
_asm {
+ mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]
+ test eax, eax
+ jz CetDone
+ _emit 0x0F
+ _emit 0x20
+ _emit 0xE0 ; mov eax, cr4
+ bt eax, 23 ; check if CET is enabled
+ jnc CetDone
+
+ mov edx, [esp + 4] ; edx = JumpBuffer
+ mov edx, [edx + 24] ; edx = target SSP
+ _emit 0xF3
+ _emit 0x0F
+ _emit 0x1E
+ _emit 0xC8 ; READSSP EAX
+ sub edx, eax ; edx = delta
+ mov eax, edx ; eax = delta
+
+ shr eax, 2 ; eax = delta/sizeof(UINT32)
+ _emit 0xF3
+ _emit 0x0F
+ _emit 0xAE
+ _emit 0xE8 ; INCSSP EAX
+
+CetDone:
+
pop eax ; skip return address
pop edx ; edx <- JumpBuffer
pop eax ; eax <- Value
diff --git a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm index 7ef0346..57305d4 100644 --- a/MdePkg/Library/BaseLib/Ia32/LongJump.nasm +++ b/MdePkg/Library/BaseLib/Ia32/LongJump.nasm @@ -1,6 +1,6 @@ ;------------------------------------------------------------------------------
;
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
; This program and the accompanying materials
; are licensed and made available under the terms and conditions of the BSD License
; which accompanies this distribution. The full text of the license may be found at
@@ -19,8 +19,12 @@ ;
;------------------------------------------------------------------------------
+%include "Nasm.inc"
+
SECTION .text
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))
+
;------------------------------------------------------------------------------
; VOID
; EFIAPI
@@ -31,6 +35,25 @@ ;------------------------------------------------------------------------------
global ASM_PFX(InternalLongJump)
ASM_PFX(InternalLongJump):
+
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]
+ test eax, eax
+ jz CetDone
+ mov eax, cr4
+ bt eax, 23 ; check if CET is enabled
+ jnc CetDone
+
+ mov edx, [esp + 4] ; edx = JumpBuffer
+ mov edx, [edx + 24] ; edx = target SSP
+ READSSP_EAX
+ sub edx, eax ; edx = delta
+ mov eax, edx ; eax = delta
+
+ shr eax, 2 ; eax = delta/sizeof(UINT32)
+ INCSSP_EAX
+
+CetDone:
+
pop eax ; skip return address
pop edx ; edx <- JumpBuffer
pop eax ; eax <- Value
diff --git a/MdePkg/Library/BaseLib/Ia32/SetJump.c b/MdePkg/Library/BaseLib/Ia32/SetJump.c index 652d45d..d608fd9 100644 --- a/MdePkg/Library/BaseLib/Ia32/SetJump.c +++ b/MdePkg/Library/BaseLib/Ia32/SetJump.c @@ -1,7 +1,7 @@ /** @file
Implementation of SetJump() on IA-32.
- Copyright (c) 2006 - 2008, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -62,6 +62,32 @@ SetJump ( pop ecx
pop ecx
mov edx, [esp]
+
+ xor eax, eax
+ mov [edx + 24], eax ; save 0 to SSP
+
+ mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]
+ test eax, eax
+ jz CetDone
+ _emit 0x0F
+ _emit 0x20
+ _emit 0xE0 ; mov eax, cr4
+ bt eax, 23 ; check if CET is enabled
+ jnc CetDone
+
+ mov eax, 1
+ _emit 0xF3
+ _emit 0x0F
+ _emit 0xAE
+ _emit 0xE8 ; INCSSP EAX to read original SSP
+ _emit 0xF3
+ _emit 0x0F
+ _emit 0x1E
+ _emit 0xC8 ; READSSP EAX
+ mov [edx + 0x24], eax ; save SSP
+
+CetDone:
+
mov [edx], ebx
mov [edx + 4], esi
mov [edx + 8], edi
diff --git a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm index 6d3a5a2..840fed6 100644 --- a/MdePkg/Library/BaseLib/Ia32/SetJump.nasm +++ b/MdePkg/Library/BaseLib/Ia32/SetJump.nasm @@ -1,6 +1,6 @@ ;------------------------------------------------------------------------------
;
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
; This program and the accompanying materials
; are licensed and made available under the terms and conditions of the BSD License
; which accompanies this distribution. The full text of the license may be found at
@@ -19,9 +19,12 @@ ;
;------------------------------------------------------------------------------
+%include "Nasm.inc"
+
SECTION .text
extern ASM_PFX(InternalAssertJumpBuffer)
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))
;------------------------------------------------------------------------------
; UINTN
@@ -37,6 +40,24 @@ ASM_PFX(SetJump): pop ecx
pop ecx ; ecx <- return address
mov edx, [esp]
+
+ xor eax, eax
+ mov [edx + 24], eax ; save 0 to SSP
+
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]
+ test eax, eax
+ jz CetDone
+ mov eax, cr4
+ bt eax, 23 ; check if CET is enabled
+ jnc CetDone
+
+ mov eax, 1
+ INCSSP_EAX ; to read original SSP
+ READSSP_EAX
+ mov [edx + 0x24], eax ; save SSP
+
+CetDone:
+
mov [edx], ebx
mov [edx + 4], esi
mov [edx + 8], edi
diff --git a/MdePkg/Library/BaseLib/X64/LongJump.nasm b/MdePkg/Library/BaseLib/X64/LongJump.nasm index 3bac274..2b38ef0 100644 --- a/MdePkg/Library/BaseLib/X64/LongJump.nasm +++ b/MdePkg/Library/BaseLib/X64/LongJump.nasm @@ -1,6 +1,6 @@ ;------------------------------------------------------------------------------
;
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
; This program and the accompanying materials
; are licensed and made available under the terms and conditions of the BSD License
; which accompanies this distribution. The full text of the license may be found at
@@ -19,9 +19,13 @@ ;
;------------------------------------------------------------------------------
+%include "Nasm.inc"
+
DEFAULT REL
SECTION .text
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))
+
;------------------------------------------------------------------------------
; VOID
; EFIAPI
@@ -32,6 +36,27 @@ ;------------------------------------------------------------------------------
global ASM_PFX(InternalLongJump)
ASM_PFX(InternalLongJump):
+
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]
+ test eax, eax
+ jz CetDone
+ mov rax, cr4
+ bt eax, 23 ; check if CET is enabled
+ jnc CetDone
+
+ push rdx ; save rdx
+
+ mov rdx, [rcx + 0xF8] ; rdx = target SSP
+ READSSP_RAX
+ sub rdx, rax ; rdx = delta
+ mov rax, rdx ; rax = delta
+
+ shr rax, 3 ; rax = delta/sizeof(UINT64)
+ INCSSP_RAX
+
+ pop rdx ; restore rdx
+CetDone:
+
mov rbx, [rcx]
mov rsp, [rcx + 8]
mov rbp, [rcx + 0x10]
diff --git a/MdePkg/Library/BaseLib/X64/SetJump.nasm b/MdePkg/Library/BaseLib/X64/SetJump.nasm index b1d0ff7..b491df8 100644 --- a/MdePkg/Library/BaseLib/X64/SetJump.nasm +++ b/MdePkg/Library/BaseLib/X64/SetJump.nasm @@ -1,6 +1,6 @@ ;------------------------------------------------------------------------------
;
-; Copyright (c) 2006, Intel Corporation. All rights reserved.<BR>
+; Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
; This program and the accompanying materials
; are licensed and made available under the terms and conditions of the BSD License
; which accompanies this distribution. The full text of the license may be found at
@@ -19,10 +19,13 @@ ;
;------------------------------------------------------------------------------
+%include "Nasm.inc"
+
DEFAULT REL
SECTION .text
extern ASM_PFX(InternalAssertJumpBuffer)
+extern ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))
;------------------------------------------------------------------------------
; UINTN
@@ -39,6 +42,24 @@ ASM_PFX(SetJump): add rsp, 0x20
pop rcx
pop rdx
+
+ xor rax, rax
+ mov [rcx + 0xF8], rax ; save 0 to SSP
+
+ mov eax, [ASM_PFX(PcdGet32 (PcdControlFlowEnforcementPropertyMask))]
+ test eax, eax
+ jz CetDone
+ mov rax, cr4
+ bt eax, 23 ; check if CET is enabled
+ jnc CetDone
+
+ mov rax, 1
+ INCSSP_RAX ; to read original SSP
+ READSSP_RAX
+ mov [rcx + 0xF8], rax ; save SSP
+
+CetDone:
+
mov [rcx], rbx
mov [rcx + 8], rsp
mov [rcx + 0x10], rbp
|