1 ;------------------------------------------------------------------------------ ;
2 ; Copyright (c) 2012 - 2022, Intel Corporation. All rights reserved.<BR>
3 ; SPDX-License-Identifier: BSD-2-Clause-Patent
7 ; ExceptionHandlerAsm.Asm
11 ; x64 CPU Exception Handler
15 ;------------------------------------------------------------------------------
19 ; Equivalent NASM structure of IA32_DESCRIPTOR
27 ; Equivalent NASM structure of IA32_IDT_GATE_DESCRIPTOR
29 struc IA32_IDT_GATE_DESCRIPTOR
30 .OffsetLow CTYPE_UINT16 1
31 .Selector CTYPE_UINT16 1
32 .Reserved_0 CTYPE_UINT8 1
33 .GateType CTYPE_UINT8 1
34 .OffsetHigh CTYPE_UINT16 1
35 .OffsetUpper CTYPE_UINT32 1
36 .Reserved_1 CTYPE_UINT32 1
40 ; CommonExceptionHandler()
43 %define VC_EXCEPTION 29
45 extern ASM_PFX(mErrorCodeFlag) ; Error code flags for exceptions
46 extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag
47 extern ASM_PFX(CommonExceptionHandler)
56 ; Generate 256 IDT vectors.
60 push strict dword %[Vector] ; This instruction pushes sign-extended 8-byte value on stack
62 mov rax, strict qword 0 ; mov rax, ASM_PFX(CommonInterruptEntry)
64 %assign Vector Vector+1
68 HookAfterStubHeaderBegin:
69 push strict dword 0 ; 0 will be fixed
72 mov rax, strict qword 0 ; mov rax, HookAfterStubHeaderEnd
75 HookAfterStubHeaderEnd:
77 and sp, 0xfff0 ; make sure 16-byte aligned for exception context
78 sub rsp, 0x18 ; reserve room for filling exception data later
81 bt [ASM_PFX(mErrorCodeFlag)], ecx
83 push qword [rsp] ; push additional rcx to make stack alignment
85 xchg rcx, [rsp] ; restore rcx, save Exception Number in stack
86 push qword [rax] ; push rax into stack to keep code consistence
88 ;---------------------------------------;
89 ; CommonInterruptEntry ;
90 ;---------------------------------------;
91 ; The follow algorithm is used for the common interrupt routine.
92 ; Entry from each interrupt with a push eax and eax=interrupt number
93 ; Stack frame would be as follows as specified in IA32 manuals:
95 ; +---------------------+ <-- 16-byte aligned ensured by processor
97 ; +---------------------+
99 ; +---------------------+
101 ; +---------------------+
103 ; +---------------------+
105 ; +---------------------+
107 ; +---------------------+
109 ; +---------------------+
111 ; +---------------------+ <-- RBP, 16-byte aligned
112 ; The follow algorithm is used for the common interrupt routine.
113 global ASM_PFX(CommonInterruptEntry)
114 ASM_PFX(CommonInterruptEntry):
118 ; All interrupt handlers are invoked through interrupt gates, so
119 ; IF flag automatically cleared at the entry point
121 xchg rcx, [rsp] ; Save rcx into stack and save vector number into rcx
123 cmp ecx, 32 ; Intel reserved vector for exceptions?
125 bt [ASM_PFX(mErrorCodeFlag)], ecx
131 ; Push a dummy error code on the stack
132 ; to maintain coherent stack map
135 mov qword [rsp + 8], 0
139 push 0 ; clear EXCEPTION_HANDLER_CONTEXT.OldIdtHandler
140 push 0 ; clear EXCEPTION_HANDLER_CONTEXT.ExceptionDataFlag
144 ; +---------------------+ <-- 16-byte aligned ensured by processor
146 ; +---------------------+
148 ; +---------------------+
150 ; +---------------------+
152 ; +---------------------+
154 ; +---------------------+
156 ; +---------------------+
157 ; + RCX / Vector Number +
158 ; +---------------------+
160 ; +---------------------+ <-- RBP, 16-byte aligned
164 ; Since here the stack pointer is 16-byte aligned, so
165 ; EFI_FX_SAVE_STATE_X64 of EFI_SYSTEM_CONTEXT_x64
169 ;; UINT64 Rdi, Rsi, Rbp, Rsp, Rbx, Rdx, Rcx, Rax;
170 ;; UINT64 R8, R9, R10, R11, R12, R13, R14, R15;
180 push qword [rbp + 8] ; RCX
183 push qword [rbp + 48] ; RSP
184 push qword [rbp] ; RBP
188 ;; UINT64 Gs, Fs, Es, Ds, Cs, Ss; insure high 16 bits of each is zero
189 movzx rax, word [rbp + 56]
191 movzx rax, word [rbp + 32]
202 mov [rbp + 8], rcx ; save vector number
205 push qword [rbp + 24]
207 ;; UINT64 Gdtr[2], Idtr[2];
213 mov rax, qword [rsp + 2]
215 mov word [rsp + 8], bx
222 mov rax, qword [rsp + 2]
224 mov word [rsp + 8], bx
234 push qword [rbp + 40]
236 ;; UINT64 Cr0, Cr1, Cr2, Cr3, Cr4, Cr8;
252 ;; UINT64 Dr0, Dr1, Dr2, Dr3, Dr6, Dr7;
253 cmp qword [rbp + 8], VC_EXCEPTION
254 je VcDebugRegs ; For SEV-ES (#VC) Debug registers ignored
271 ;; UINT64 Dr0, Dr1, Dr2, Dr3, Dr6, Dr7 are skipped for #VC to avoid exception recursion
281 ;; FX_SAVE_STATE_X64 FxSaveState;
286 ;; UEFI calling convention for x64 requires that Direction flag in EFLAGs is clear
289 ;; UINT32 ExceptionData;
290 push qword [rbp + 16]
292 ;; Prepare parameter and call
296 ; Per X64 calling convention, allocate maximum parameter stack space
297 ; and make sure RSP is 16-byte aligned
300 call ASM_PFX(CommonExceptionHandler)
303 ; The follow algorithm is used for clear shadow stack token busy bit.
304 ; The comment is based on the sample shadow stack.
305 ; Shadow stack is 32 bytes aligned.
306 ; The sample shadow stack layout :
308 ; +-------------------------+
309 ; 0xFB8 | FREE | It is 0xFC0|0x02|(LMA & CS.L), after SAVEPREVSSP.
310 ; +-------------------------+
312 ; +-------------------------+
314 ; +-------------------------+
316 ; +-------------------------+
317 ; 0xFD8 | 0xFD8 | BUSY | BUSY flag cleared after CLRSSBSY
318 ; +-------------------------+
319 ; 0xFE0 | 0xFC0|0x02|(LMA & CS.L) |
320 ; +-------------------------+
321 ; Instructions for Intel Control Flow Enforcement Technology (CET) are supported since NASM version 2.15.01.
322 cmp qword [ASM_PFX(mDoFarReturnFlag)], 0
325 and rax, 0x800000 ; Check if CET is enabled
329 mov rcx, qword [rsp + IA32_DESCRIPTOR.Base]; Get IDT base address
331 mov rax, qword [rbp + 8]; Get exception number
332 sal rax, 0x04 ; Get IDT offset
333 add rax, rcx ; Get IDT gate descriptor address
334 mov al, byte [rax + IA32_IDT_GATE_DESCRIPTOR.Reserved_0]
335 and rax, 0x01 ; Check IST field
337 ; SSP should be 0xFC0 at this point
338 mov rax, 0x04 ; advance past cs:lip:prevssp;supervisor shadow stack token
339 incsspq rax ; After this SSP should be 0xFE0
340 saveprevssp ; now the shadow stack restore token will be created at 0xFB8
341 rdsspq rax ; Read new SSP, SSP should be 0xFE8
343 clrssbsy [rax] ; Clear token at 0xFD8, SSP should be 0 after this
345 rstorssp [rax] ; Restore to token at 0xFB8, new SSP will be 0xFB8
346 mov rax, 0x01 ; Pop off the new save token created
347 incsspq rax ; SSP should be 0xFC0 now
351 ;; UINT64 ExceptionData;
354 ;; FX_SAVE_STATE_X64 FxSaveState;
360 ;; UINT64 Dr0, Dr1, Dr2, Dr3, Dr6, Dr7;
361 ;; Skip restoration of DRx registers to support in-circuit emualators
362 ;; or debuggers set breakpoint in interrupt/exception context
365 ;; UINT64 Cr0, Cr1, Cr2, Cr3, Cr4, Cr8;
368 add rsp, 8 ; not for Cr1
382 ;; UINT64 Gdtr[2], Idtr[2];
383 ;; Best not let anyone mess with these particular registers...
389 ;; UINT64 Gs, Fs, Es, Ds, Cs, Ss;
391 ; mov gs, rax ; not for gs
393 ; mov fs, rax ; not for fs
394 ; (X64 will not use fs and gs, so we do not restore it)
399 pop qword [rbp + 32] ; for cs
400 pop qword [rbp + 56] ; for ss
402 ;; UINT64 Rdi, Rsi, Rbp, Rsp, Rbx, Rdx, Rcx, Rax;
403 ;; UINT64 R8, R9, R10, R11, R12, R13, R14, R15;
406 add rsp, 8 ; not for rbp
407 pop qword [rbp + 48] ; for rsp
424 cmp qword [rsp - 32], 0 ; check EXCEPTION_HANDLER_CONTEXT.OldIdtHandler
426 cmp qword [rsp - 40], 1 ; check EXCEPTION_HANDLER_CONTEXT.ExceptionDataFlag
434 cmp qword [ASM_PFX(mDoFarReturnFlag)], 0 ; Check if need to do far return instead of IRET
437 mov rax, rsp ; save old RSP to rax
438 mov rsp, [rsp + 0x20]
439 push qword [rax + 0x10] ; save CS in new location
440 push qword [rax + 0x8] ; save EIP in new location
441 push qword [rax + 0x18] ; save EFLAGS in new location
442 mov rax, [rax] ; restore rax
443 popfq ; restore EFLAGS
448 ;-------------------------------------------------------------------------------------
449 ; GetTemplateAddressMap (&AddressMap);
450 ;-------------------------------------------------------------------------------------
451 ; comments here for definition of address map
452 global ASM_PFX(AsmGetTemplateAddressMap)
453 ASM_PFX(AsmGetTemplateAddressMap):
454 lea rax, [AsmIdtVectorBegin]
456 mov qword [rcx + 0x8], (AsmIdtVectorEnd - AsmIdtVectorBegin) / 256
457 lea rax, [HookAfterStubHeaderBegin]
458 mov qword [rcx + 0x10], rax
460 ; Fix up CommonInterruptEntry address
461 lea rax, [ASM_PFX(CommonInterruptEntry)]
462 lea rcx, [AsmIdtVectorBegin]
464 mov qword [rcx + (JmpAbsoluteAddress - 8 - HookAfterStubHeaderBegin)], rax
465 add rcx, (AsmIdtVectorEnd - AsmIdtVectorBegin) / 256
467 ; Fix up HookAfterStubHeaderEnd
468 lea rax, [HookAfterStubHeaderEnd]
469 lea rcx, [JmpAbsoluteAddress]
470 mov qword [rcx - 8], rax
474 ;-------------------------------------------------------------------------------------
475 ; AsmVectorNumFixup (*NewVectorAddr, VectorNum, *OldVectorAddr);
476 ;-------------------------------------------------------------------------------------
477 global ASM_PFX(AsmVectorNumFixup)
478 ASM_PFX(AsmVectorNumFixup):
480 mov [rcx + (VectorNum - 4 - HookAfterStubHeaderBegin)], al