]> git.proxmox.com Git - mirror_edk2.git/blame - EdkCompatibilityPkg/Compatibility/SmmBaseHelper/SmmBaseHelper.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
1. Use the check IsAddressValid() to prevent SMM communication buffer overflow in...
[mirror_edk2.git] / EdkCompatibilityPkg / Compatibility / SmmBaseHelper / SmmBaseHelper.c
CommitLineData
9e620719 1/** @file\r
2 SMM Base Helper SMM driver.\r
3\r
4 This driver is the counterpart of the SMM Base On SMM Base2 Thunk driver. It\r
5 provides helping services in SMM to the SMM Base On SMM Base2 Thunk driver.\r
6\r
d5bcf13e 7 Caution: This module requires additional review when modified.\r
8 This driver will have external input - communicate buffer in SMM mode.\r
9 This external input must be validated carefully to avoid security issue like\r
10 buffer overflow, integer overflow.\r
11\r
12 SmmHandlerEntry() will receive untrusted input and do validation.\r
13\r
9d00d20e 14 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
584d5652 15 This program and the accompanying materials\r
9e620719 16 are licensed and made available under the terms and conditions of the BSD License\r
17 which accompanies this distribution. The full text of the license may be found at\r
18 http://opensource.org/licenses/bsd-license.php\r
19\r
20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
21 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
22\r
23**/\r
24\r
a7932d9a 25#include <PiSmm.h>\r
26#include <Library/DebugLib.h>\r
27#include <Library/UefiBootServicesTableLib.h>\r
28#include <Library/SmmServicesTableLib.h>\r
29#include <Library/BaseLib.h>\r
30#include <Library/BaseMemoryLib.h>\r
31#include <Library/PeCoffLib.h>\r
32#include <Library/DevicePathLib.h>\r
33#include <Library/CacheMaintenanceLib.h>\r
27af6f9d 34#include <Library/MemoryAllocationLib.h>\r
ff443d3e 35#include <Library/SynchronizationLib.h>\r
36#include <Library/CpuLib.h>\r
a7932d9a 37#include <Guid/SmmBaseThunkCommunication.h>\r
38#include <Protocol/SmmBaseHelperReady.h>\r
39#include <Protocol/SmmCpu.h>\r
40#include <Protocol/LoadedImage.h>\r
41#include <Protocol/SmmCpuSaveState.h>\r
e906eae4 42#include <Protocol/MpService.h>\r
673c1498 43#include <Protocol/LoadPe32Image.h>\r
8edfbe02 44#include <Protocol/SmmReadyToLock.h>\r
d5bcf13e 45#include <Protocol/SmmAccess2.h>\r
a7932d9a 46\r
47///\r
48/// Structure for tracking paired information of registered Framework SMI handler\r
49/// and correpsonding dispatch handle for SMI handler thunk.\r
50///\r
51typedef struct {\r
52 LIST_ENTRY Link;\r
53 EFI_HANDLE DispatchHandle;\r
54 EFI_HANDLE SmmImageHandle;\r
55 EFI_SMM_CALLBACK_ENTRY_POINT CallbackAddress;\r
18e78927 56 VOID *CommunicationBuffer;\r
57 UINTN *SourceSize;\r
a7932d9a 58} CALLBACK_INFO;\r
59\r
60typedef struct {\r
61 ///\r
62 /// PI SMM CPU Save State register index\r
63 ///\r
64 EFI_SMM_SAVE_STATE_REGISTER Register;\r
65 ///\r
66 /// Offset in Framework SMST\r
67 ///\r
68 UINTN Offset;\r
69} CPU_SAVE_STATE_CONVERSION;\r
70\r
71#define CPU_SAVE_STATE_GET_OFFSET(Field) (UINTN)(&(((EFI_SMM_CPU_SAVE_STATE *) 0)->Ia32SaveState.Field))\r
72\r
9e620719 73\r
74EFI_HANDLE mDispatchHandle;\r
75EFI_SMM_CPU_PROTOCOL *mSmmCpu;\r
673c1498 76EFI_PE32_IMAGE_PROTOCOL *mLoadPe32Image;\r
9e620719 77EFI_GUID mEfiSmmCpuIoGuid = EFI_SMM_CPU_IO_GUID;\r
78EFI_SMM_BASE_HELPER_READY_PROTOCOL *mSmmBaseHelperReady;\r
79EFI_SMM_SYSTEM_TABLE *mFrameworkSmst;\r
e906eae4 80UINTN mNumberOfProcessors;\r
8edfbe02 81BOOLEAN mLocked = FALSE;\r
ff443d3e 82BOOLEAN mPageTableHookEnabled;\r
83BOOLEAN mHookInitialized;\r
84UINT64 *mCpuStatePageTable;\r
85SPIN_LOCK mPFLock;\r
86UINT64 mPhyMask;\r
87VOID *mOriginalHandler;\r
88EFI_SMM_CPU_SAVE_STATE *mShadowSaveState;\r
d5bcf13e 89EFI_SMRAM_DESCRIPTOR *mSmramRanges;\r
90UINTN mSmramRangeCount;\r
9e620719 91\r
92LIST_ENTRY mCallbackInfoListHead = INITIALIZE_LIST_HEAD_VARIABLE (mCallbackInfoListHead);\r
93\r
94CPU_SAVE_STATE_CONVERSION mCpuSaveStateConvTable[] = {\r
95 {EFI_SMM_SAVE_STATE_REGISTER_LDTBASE , CPU_SAVE_STATE_GET_OFFSET(LDTBase)},\r
96 {EFI_SMM_SAVE_STATE_REGISTER_ES , CPU_SAVE_STATE_GET_OFFSET(ES)},\r
97 {EFI_SMM_SAVE_STATE_REGISTER_CS , CPU_SAVE_STATE_GET_OFFSET(CS)},\r
98 {EFI_SMM_SAVE_STATE_REGISTER_SS , CPU_SAVE_STATE_GET_OFFSET(SS)},\r
99 {EFI_SMM_SAVE_STATE_REGISTER_DS , CPU_SAVE_STATE_GET_OFFSET(DS)},\r
100 {EFI_SMM_SAVE_STATE_REGISTER_FS , CPU_SAVE_STATE_GET_OFFSET(FS)},\r
101 {EFI_SMM_SAVE_STATE_REGISTER_GS , CPU_SAVE_STATE_GET_OFFSET(GS)},\r
102 {EFI_SMM_SAVE_STATE_REGISTER_TR_SEL , CPU_SAVE_STATE_GET_OFFSET(TR)},\r
103 {EFI_SMM_SAVE_STATE_REGISTER_DR7 , CPU_SAVE_STATE_GET_OFFSET(DR7)},\r
104 {EFI_SMM_SAVE_STATE_REGISTER_DR6 , CPU_SAVE_STATE_GET_OFFSET(DR6)},\r
105 {EFI_SMM_SAVE_STATE_REGISTER_RAX , CPU_SAVE_STATE_GET_OFFSET(EAX)},\r
106 {EFI_SMM_SAVE_STATE_REGISTER_RBX , CPU_SAVE_STATE_GET_OFFSET(EBX)},\r
107 {EFI_SMM_SAVE_STATE_REGISTER_RCX , CPU_SAVE_STATE_GET_OFFSET(ECX)},\r
108 {EFI_SMM_SAVE_STATE_REGISTER_RDX , CPU_SAVE_STATE_GET_OFFSET(EDX)},\r
109 {EFI_SMM_SAVE_STATE_REGISTER_RSP , CPU_SAVE_STATE_GET_OFFSET(ESP)},\r
110 {EFI_SMM_SAVE_STATE_REGISTER_RBP , CPU_SAVE_STATE_GET_OFFSET(EBP)},\r
111 {EFI_SMM_SAVE_STATE_REGISTER_RSI , CPU_SAVE_STATE_GET_OFFSET(ESI)},\r
112 {EFI_SMM_SAVE_STATE_REGISTER_RDI , CPU_SAVE_STATE_GET_OFFSET(EDI)},\r
113 {EFI_SMM_SAVE_STATE_REGISTER_RIP , CPU_SAVE_STATE_GET_OFFSET(EIP)},\r
114 {EFI_SMM_SAVE_STATE_REGISTER_RFLAGS , CPU_SAVE_STATE_GET_OFFSET(EFLAGS)},\r
115 {EFI_SMM_SAVE_STATE_REGISTER_CR0 , CPU_SAVE_STATE_GET_OFFSET(CR0)},\r
116 {EFI_SMM_SAVE_STATE_REGISTER_CR3 , CPU_SAVE_STATE_GET_OFFSET(CR3)}\r
117};\r
118\r
e9ba23c7
LG		 119/**\r
120 Page fault handler.\r
121\r
122**/\r
ff443d3e 123VOID\r
124PageFaultHandlerHook (\r
125 VOID\r
126 );\r
127\r
097e25cb 128/**\r
129 Read CpuSaveStates from PI for Framework use.\r
130\r
131 The function reads PI style CpuSaveStates of CpuIndex-th CPU for Framework driver use. If\r
132 ToRead is specified, the CpuSaveStates will be copied to ToRead, otherwise copied to\r
133 mFrameworkSmst->CpuSaveState[CpuIndex].\r
134\r
135 @param[in] CpuIndex The zero-based CPU index.\r
136 @param[in, out] ToRead If not NULL, CpuSaveStates will be copied to it.\r
137\r
138**/\r
ff443d3e 139VOID\r
140ReadCpuSaveState (\r
097e25cb 141 IN UINTN CpuIndex,\r
142 IN OUT EFI_SMM_CPU_SAVE_STATE *ToRead\r
ff443d3e 143 )\r
144{\r
145 EFI_STATUS Status;\r
146 UINTN Index;\r
147 EFI_SMM_CPU_STATE *State;\r
148 EFI_SMI_CPU_SAVE_STATE *SaveState;\r
149\r
150 State = (EFI_SMM_CPU_STATE *)gSmst->CpuSaveState[CpuIndex];\r
151 if (ToRead != NULL) {\r
152 SaveState = &ToRead->Ia32SaveState;\r
153 } else {\r
154 SaveState = &mFrameworkSmst->CpuSaveState[CpuIndex].Ia32SaveState;\r
155 }\r
156\r
2e7c8ac4 157 //\r
158 // Note that SMBASE/SMMRevId/IORestart/AutoHALTRestart are in same location in IA32 and X64 CPU Save State Map.\r
159 //\r
160 SaveState->SMBASE = State->x86.SMBASE;\r
161 SaveState->SMMRevId = State->x86.SMMRevId;\r
162 SaveState->IORestart = State->x86.IORestart;\r
163 SaveState->AutoHALTRestart = State->x86.AutoHALTRestart;\r
ff443d3e 164\r
165 for (Index = 0; Index < sizeof (mCpuSaveStateConvTable) / sizeof (CPU_SAVE_STATE_CONVERSION); Index++) {\r
166 ///\r
167 /// Try to use SMM CPU Protocol to access CPU save states if possible\r
168 ///\r
169 Status = mSmmCpu->ReadSaveState (\r
170 mSmmCpu,\r
171 (UINTN)sizeof (UINT32),\r
172 mCpuSaveStateConvTable[Index].Register,\r
173 CpuIndex,\r
174 ((UINT8 *)SaveState) + mCpuSaveStateConvTable[Index].Offset\r
175 );\r
176 ASSERT_EFI_ERROR (Status);\r
177 }\r
178}\r
179\r
097e25cb 180/**\r
181 Write CpuSaveStates from Framework into PI.\r
182\r
183 The function writes back CpuSaveStates of CpuIndex-th CPU from PI to Framework. If\r
184 ToWrite is specified, it contains the CpuSaveStates to write from, otherwise CpuSaveStates\r
185 to write from mFrameworkSmst->CpuSaveState[CpuIndex].\r
186\r
187 @param[in] CpuIndex The zero-based CPU index.\r
188 @param[in] ToWrite If not NULL, CpuSaveStates to write from.\r
189\r
190**/\r
ff443d3e 191VOID\r
192WriteCpuSaveState (\r
097e25cb 193 IN UINTN CpuIndex,\r
194 IN EFI_SMM_CPU_SAVE_STATE *ToWrite\r
ff443d3e 195 )\r
196{\r
2e7c8ac4 197 EFI_STATUS Status;\r
198 UINTN Index;\r
199 EFI_SMM_CPU_STATE *State;\r
ff443d3e 200 EFI_SMI_CPU_SAVE_STATE *SaveState;\r
201\r
2e7c8ac4 202 State = (EFI_SMM_CPU_STATE *)gSmst->CpuSaveState[CpuIndex];\r
203\r
ff443d3e 204 if (ToWrite != NULL) {\r
205 SaveState = &ToWrite->Ia32SaveState;\r
206 } else {\r
207 SaveState = &mFrameworkSmst->CpuSaveState[CpuIndex].Ia32SaveState;\r
208 }\r
2e7c8ac4 209\r
210 //\r
211 // SMMRevId is read-only.\r
212 // Note that SMBASE/IORestart/AutoHALTRestart are in same location in IA32 and X64 CPU Save State Map.\r
213 //\r
214 State->x86.SMBASE = SaveState->SMBASE;\r
215 State->x86.IORestart = SaveState->IORestart;\r
216 State->x86.AutoHALTRestart = SaveState->AutoHALTRestart;\r
ff443d3e 217 \r
218 for (Index = 0; Index < sizeof (mCpuSaveStateConvTable) / sizeof (CPU_SAVE_STATE_CONVERSION); Index++) {\r
219 Status = mSmmCpu->WriteSaveState (\r
220 mSmmCpu,\r
221 (UINTN)sizeof (UINT32),\r
222 mCpuSaveStateConvTable[Index].Register,\r
223 CpuIndex,\r
224 ((UINT8 *)SaveState) + \r
225 mCpuSaveStateConvTable[Index].Offset\r
226 );\r
227 }\r
228}\r
229\r
097e25cb 230/**\r
231 Read or write a page that contains CpuSaveStates. Read is from PI to Framework.\r
232 Write is from Framework to PI.\r
233\r
234 This function reads or writes a page that contains CpuSaveStates. The page contains Framework\r
235 CpuSaveStates. On read, it reads PI style CpuSaveStates and fill the page up. On write, it\r
236 writes back from the page content to PI CpuSaveStates struct.\r
237 The first Framework CpuSaveStates (for CPU 0) is from mFrameworkSmst->CpuSaveState which is\r
238 page aligned. Because Framework CpuSaveStates are continuous, we can know which CPUs' SaveStates\r
239 are in the page start from PageAddress.\r
240\r
241 @param[in] PageAddress The base address for a page.\r
242 @param[in] IsRead TRUE for Read, FALSE for Write.\r
243\r
244**/\r
ff443d3e 245VOID\r
246ReadWriteCpuStatePage (\r
097e25cb 247 IN UINT64 PageAddress,\r
248 IN BOOLEAN IsRead\r
ff443d3e 249 )\r
250{\r
251 UINTN FirstSSIndex; // Index of first CpuSaveState in the page\r
252 UINTN LastSSIndex; // Index of last CpuSaveState in the page\r
253 BOOLEAN FirstSSAligned; // Whether first CpuSaveState is page-aligned\r
254 BOOLEAN LastSSAligned; // Whether the end of last CpuSaveState is page-aligned\r
255 UINTN ClippedSize;\r
256 UINTN CpuIndex;\r
257\r
258 FirstSSIndex = ((UINTN)PageAddress - (UINTN)mFrameworkSmst->CpuSaveState) / sizeof (EFI_SMM_CPU_SAVE_STATE);\r
259 FirstSSAligned = TRUE;\r
260 if (((UINTN)PageAddress - (UINTN)mFrameworkSmst->CpuSaveState) % sizeof (EFI_SMM_CPU_SAVE_STATE) != 0) {\r
261 FirstSSIndex++;\r
262 FirstSSAligned = FALSE;\r
263 }\r
264 LastSSIndex = ((UINTN)PageAddress + SIZE_4KB - (UINTN)mFrameworkSmst->CpuSaveState - 1) / sizeof (EFI_SMM_CPU_SAVE_STATE);\r
265 LastSSAligned = TRUE;\r
266 if (((UINTN)PageAddress + SIZE_4KB - (UINTN)mFrameworkSmst->CpuSaveState) % sizeof (EFI_SMM_CPU_SAVE_STATE) != 0) {\r
267 LastSSIndex--;\r
268 LastSSAligned = FALSE;\r
269 }\r
270 for (CpuIndex = FirstSSIndex; CpuIndex <= LastSSIndex && CpuIndex < mNumberOfProcessors; CpuIndex++) {\r
271 if (IsRead) {\r
272 ReadCpuSaveState (CpuIndex, NULL);\r
273 } else {\r
274 WriteCpuSaveState (CpuIndex, NULL);\r
275 }\r
276 }\r
277 if (!FirstSSAligned) {\r
278 ReadCpuSaveState (FirstSSIndex - 1, mShadowSaveState);\r
279 ClippedSize = (UINTN)&mFrameworkSmst->CpuSaveState[FirstSSIndex] & (SIZE_4KB - 1);\r
280 if (IsRead) {\r
281 CopyMem ((VOID*)(UINTN)PageAddress, (VOID*)((UINTN)(mShadowSaveState + 1) - ClippedSize), ClippedSize);\r
282 } else {\r
283 CopyMem ((VOID*)((UINTN)(mShadowSaveState + 1) - ClippedSize), (VOID*)(UINTN)PageAddress, ClippedSize);\r
284 WriteCpuSaveState (FirstSSIndex - 1, mShadowSaveState);\r
285 }\r
286 }\r
287 if (!LastSSAligned && LastSSIndex + 1 < mNumberOfProcessors) {\r
288 ReadCpuSaveState (LastSSIndex + 1, mShadowSaveState);\r
289 ClippedSize = SIZE_4KB - ((UINTN)&mFrameworkSmst->CpuSaveState[LastSSIndex + 1] & (SIZE_4KB - 1));\r
290 if (IsRead) {\r
291 CopyMem (&mFrameworkSmst->CpuSaveState[LastSSIndex + 1], mShadowSaveState, ClippedSize);\r
292 } else {\r
293 CopyMem (mShadowSaveState, &mFrameworkSmst->CpuSaveState[LastSSIndex + 1], ClippedSize);\r
294 WriteCpuSaveState (LastSSIndex + 1, mShadowSaveState);\r
295 }\r
296 }\r
297}\r
298\r
097e25cb 299/**\r
300 The page fault handler that on-demand read PI CpuSaveStates for framework use. If the fault\r
301 is not targeted to mFrameworkSmst->CpuSaveState range, the function will return FALSE to let\r
302 PageFaultHandlerHook know it needs to pass the fault over to original page fault handler.\r
303 \r
304 @retval TRUE The page fault is correctly handled.\r
305 @retval FALSE The page fault is not handled and is passed through to original handler.\r
306\r
307**/\r
ff443d3e 308BOOLEAN\r
309PageFaultHandler (\r
310 VOID\r
311 )\r
312{\r
313 BOOLEAN IsHandled;\r
314 UINT64 *PageTable;\r
315 UINT64 PFAddress;\r
316 UINTN NumCpuStatePages;\r
317 \r
318 ASSERT (mPageTableHookEnabled);\r
319 AcquireSpinLock (&mPFLock);\r
320\r
321 PageTable = (UINT64*)(UINTN)(AsmReadCr3 () & mPhyMask);\r
322 PFAddress = AsmReadCr2 ();\r
323 NumCpuStatePages = EFI_SIZE_TO_PAGES (mNumberOfProcessors * sizeof (EFI_SMM_CPU_SAVE_STATE));\r
324 IsHandled = FALSE;\r
325 if (((UINTN)mFrameworkSmst->CpuSaveState & ~(SIZE_2MB-1)) == (PFAddress & ~(SIZE_2MB-1))) {\r
326 if ((UINTN)mFrameworkSmst->CpuSaveState <= PFAddress &&\r
327 PFAddress < (UINTN)mFrameworkSmst->CpuSaveState + EFI_PAGES_TO_SIZE (NumCpuStatePages)\r
328 ) {\r
329 mCpuStatePageTable[BitFieldRead64 (PFAddress, 12, 20)] |= BIT0 | BIT1; // present and rw\r
330 CpuFlushTlb ();\r
331 ReadWriteCpuStatePage (PFAddress & ~(SIZE_4KB-1), TRUE);\r
332 IsHandled = TRUE;\r
333 } else {\r
334 ASSERT (FALSE);\r
335 }\r
336 }\r
337\r
338 ReleaseSpinLock (&mPFLock);\r
339 return IsHandled;\r
340}\r
341\r
097e25cb 342/**\r
343 Write back the dirty Framework CpuSaveStates to PI.\r
344 \r
345 The function scans the page table for dirty pages in mFrameworkSmst->CpuSaveState\r
346 to write back to PI CpuSaveStates. It is meant to be called on each SmmBaseHelper SMI\r
347 callback after Framework handler is called.\r
348\r
349**/\r
ff443d3e 350VOID\r
351WriteBackDirtyPages (\r
352 VOID\r
353 )\r
354{\r
355 UINTN NumCpuStatePages;\r
356 UINTN PTIndex;\r
357 UINTN PTStartIndex;\r
358 UINTN PTEndIndex;\r
359\r
360 NumCpuStatePages = EFI_SIZE_TO_PAGES (mNumberOfProcessors * sizeof (EFI_SMM_CPU_SAVE_STATE));\r
9af300fc
LG		 361 PTStartIndex = (UINTN)BitFieldRead64 ((UINT64) (UINTN) mFrameworkSmst->CpuSaveState, 12, 20);\r
362 PTEndIndex = (UINTN)BitFieldRead64 ((UINT64) (UINTN) mFrameworkSmst->CpuSaveState + EFI_PAGES_TO_SIZE(NumCpuStatePages) - 1, 12, 20);\r
ff443d3e 363 for (PTIndex = PTStartIndex; PTIndex <= PTEndIndex; PTIndex++) {\r
364 if ((mCpuStatePageTable[PTIndex] & (BIT0|BIT6)) == (BIT0|BIT6)) { // present and dirty?\r
365 ReadWriteCpuStatePage (mCpuStatePageTable[PTIndex] & mPhyMask, FALSE);\r
366 }\r
367 }\r
368}\r
369\r
097e25cb 370/**\r
371 Hook IDT with our page fault handler so that the on-demand paging works on page fault.\r
372 \r
373 The function hooks the IDT with PageFaultHandlerHook to get on-demand paging work for\r
374 PI<->Framework CpuSaveStates marshalling. It also saves original handler for pass-through\r
375 purpose.\r
376\r
377**/\r
ff443d3e 378VOID\r
379HookPageFaultHandler (\r
380 VOID\r
381 )\r
382{\r
383 IA32_DESCRIPTOR Idtr;\r
384 IA32_IDT_GATE_DESCRIPTOR *IdtGateDesc;\r
385 UINT32 OffsetUpper;\r
386 \r
387 InitializeSpinLock (&mPFLock);\r
388 \r
389 AsmReadIdtr (&Idtr);\r
390 IdtGateDesc = (IA32_IDT_GATE_DESCRIPTOR *) Idtr.Base;\r
391 OffsetUpper = *(UINT32*)((UINT64*)IdtGateDesc + 1);\r
392 mOriginalHandler = (VOID *)(UINTN)(LShiftU64 (OffsetUpper, 32) + IdtGateDesc[14].Bits.OffsetLow + (IdtGateDesc[14].Bits.OffsetHigh << 16));\r
393 IdtGateDesc[14].Bits.OffsetLow = (UINT32)((UINTN)PageFaultHandlerHook & ((1 << 16) - 1));\r
394 IdtGateDesc[14].Bits.OffsetHigh = (UINT32)(((UINTN)PageFaultHandlerHook >> 16) & ((1 << 16) - 1));\r
395}\r
396\r
097e25cb 397/**\r
398 Initialize page table for pages contain HookData.\r
399 \r
400 The function initialize PDE for 2MB range that contains HookData. If the related PDE points\r
401 to a 2MB page, a page table will be allocated and initialized for 4KB pages. Otherwise we juse\r
402 use the original page table.\r
403\r
404 @param[in] HookData Based on which to initialize page table.\r
405\r
406 @return The pointer to a Page Table that points to 4KB pages which contain HookData.\r
407**/\r
ff443d3e 408UINT64 *\r
409InitCpuStatePageTable (\r
097e25cb 410 IN VOID *HookData\r
ff443d3e 411 )\r
412{\r
413 UINTN Index;\r
414 UINT64 *PageTable;\r
e9ba23c7 415 UINT64 *Pdpte;\r
ff443d3e 416 UINT64 HookAddress;\r
e9ba23c7 417 UINT64 Pde;\r
ff443d3e 418 UINT64 Address;\r
419 \r
420 //\r
421 // Initialize physical address mask\r
422 // NOTE: Physical memory above virtual address limit is not supported !!!\r
423 //\r
424 AsmCpuid (0x80000008, (UINT32*)&Index, NULL, NULL, NULL);\r
425 mPhyMask = LShiftU64 (1, (UINT8)Index) - 1;\r
426 mPhyMask &= (1ull << 48) - EFI_PAGE_SIZE;\r
427 \r
428 HookAddress = (UINT64)(UINTN)HookData;\r
429 PageTable = (UINT64 *)(UINTN)(AsmReadCr3 () & mPhyMask);\r
430 PageTable = (UINT64 *)(UINTN)(PageTable[BitFieldRead64 (HookAddress, 39, 47)] & mPhyMask);\r
431 PageTable = (UINT64 *)(UINTN)(PageTable[BitFieldRead64 (HookAddress, 30, 38)] & mPhyMask);\r
432 \r
e9ba23c7
LG		 433 Pdpte = (UINT64 *)(UINTN)PageTable;\r
434 Pde = Pdpte[BitFieldRead64 (HookAddress, 21, 29)];\r
435 ASSERT ((Pde & BIT0) != 0); // Present and 2M Page\r
ff443d3e 436 \r
e9ba23c7
LG		 437 if ((Pde & BIT7) == 0) { // 4KB Page Directory\r
438 PageTable = (UINT64 *)(UINTN)(Pde & mPhyMask);\r
ff443d3e 439 } else {\r
e9ba23c7 440 ASSERT ((Pde & mPhyMask) == (HookAddress & ~(SIZE_2MB-1))); // 2MB Page Point to HookAddress\r
ff443d3e 441 PageTable = AllocatePages (1);\r
983ae8ce 442 ASSERT (PageTable != NULL);\r
ff443d3e 443 Address = HookAddress & ~(SIZE_2MB-1);\r
444 for (Index = 0; Index < 512; Index++) {\r
445 PageTable[Index] = Address | BIT0 | BIT1; // Present and RW\r
446 Address += SIZE_4KB;\r
447 }\r
e9ba23c7 448 Pdpte[BitFieldRead64 (HookAddress, 21, 29)] = (UINT64)(UINTN)PageTable | BIT0 | BIT1; // Present and RW\r
ff443d3e 449 }\r
450 return PageTable;\r
451}\r
452\r
097e25cb 453/**\r
454 Mark all the CpuSaveStates as not present.\r
455 \r
456 The function marks all CpuSaveStates memory range as not present so that page fault can be triggered\r
457 on CpuSaveStates access. It is meant to be called on each SmmBaseHelper SMI callback before Framework\r
458 handler is called.\r
459\r
460 @param[in] CpuSaveState The base of CpuSaveStates.\r
461\r
462**/\r
ff443d3e 463VOID\r
464HookCpuStateMemory (\r
097e25cb 465 IN EFI_SMM_CPU_SAVE_STATE *CpuSaveState\r
ff443d3e 466 )\r
467{\r
468 UINT64 Index;\r
469 UINT64 PTStartIndex;\r
470 UINT64 PTEndIndex;\r
471\r
472 PTStartIndex = BitFieldRead64 ((UINTN)CpuSaveState, 12, 20);\r
473 PTEndIndex = BitFieldRead64 ((UINTN)CpuSaveState + mNumberOfProcessors * sizeof (EFI_SMM_CPU_SAVE_STATE) - 1, 12, 20);\r
474 for (Index = PTStartIndex; Index <= PTEndIndex; Index++) {\r
475 mCpuStatePageTable[Index] &= ~(BIT0|BIT5|BIT6); // not present nor accessed nor dirty\r
476 }\r
477} \r
478\r
9e620719 479/**\r
480 Framework SMST SmmInstallConfigurationTable() Thunk.\r
481\r
482 This thunk calls the PI SMM SmmInstallConfigurationTable() and then update the configuration\r
483 table related fields in the Framework SMST because the PI SMM SmmInstallConfigurationTable()\r
484 function may modify these fields.\r
485\r
486 @param[in] SystemTable A pointer to the SMM System Table.\r
487 @param[in] Guid A pointer to the GUID for the entry to add, update, or remove.\r
488 @param[in] Table A pointer to the buffer of the table to add.\r
489 @param[in] TableSize The size of the table to install.\r
490\r
491 @retval EFI_SUCCESS The (Guid, Table) pair was added, updated, or removed.\r
492 @retval EFI_INVALID_PARAMETER Guid is not valid.\r
493 @retval EFI_NOT_FOUND An attempt was made to delete a non-existent entry.\r
494 @retval EFI_OUT_OF_RESOURCES There is not enough memory available to complete the operation.\r
495**/\r
496EFI_STATUS\r
497EFIAPI\r
498SmmInstallConfigurationTable (\r
499 IN EFI_SMM_SYSTEM_TABLE *SystemTable,\r
500 IN EFI_GUID *Guid,\r
501 IN VOID *Table,\r
502 IN UINTN TableSize\r
503 )\r
504{\r
505 EFI_STATUS Status;\r
506 \r
507 Status = gSmst->SmmInstallConfigurationTable (gSmst, Guid, Table, TableSize);\r
508 if (!EFI_ERROR (Status)) {\r
509 mFrameworkSmst->NumberOfTableEntries = gSmst->NumberOfTableEntries;\r
510 mFrameworkSmst->SmmConfigurationTable = gSmst->SmmConfigurationTable;\r
511 }\r
512 return Status; \r
513}\r
514\r
097e25cb 515/**\r
516 Initialize all the stuff needed for on-demand paging hooks for PI<->Framework\r
517 CpuSaveStates marshalling.\r
518\r
519 @param[in] FrameworkSmst Framework SMM system table pointer.\r
520\r
521**/\r
ff443d3e 522VOID\r
523InitHook (\r
097e25cb 524 IN EFI_SMM_SYSTEM_TABLE *FrameworkSmst\r
ff443d3e 525 )\r
526{\r
527 UINTN NumCpuStatePages;\r
528 UINTN CpuStatePage;\r
529 UINTN Bottom2MPage;\r
530 UINTN Top2MPage;\r
531 \r
532 mPageTableHookEnabled = FALSE;\r
533 NumCpuStatePages = EFI_SIZE_TO_PAGES (mNumberOfProcessors * sizeof (EFI_SMM_CPU_SAVE_STATE));\r
534 //\r
535 // Only hook page table for X64 image and less than 2MB needed to hold all CPU Save States\r
536 //\r
537 if (EFI_IMAGE_MACHINE_TYPE_SUPPORTED(EFI_IMAGE_MACHINE_X64) && NumCpuStatePages <= EFI_SIZE_TO_PAGES (SIZE_2MB)) {\r
538 //\r
539 // Allocate double page size to make sure all CPU Save States are in one 2MB page.\r
540 //\r
541 CpuStatePage = (UINTN)AllocatePages (NumCpuStatePages * 2);\r
542 ASSERT (CpuStatePage != 0);\r
543 Bottom2MPage = CpuStatePage & ~(SIZE_2MB-1);\r
544 Top2MPage = (CpuStatePage + EFI_PAGES_TO_SIZE (NumCpuStatePages * 2) - 1) & ~(SIZE_2MB-1);\r
545 if (Bottom2MPage == Top2MPage ||\r
546 CpuStatePage + EFI_PAGES_TO_SIZE (NumCpuStatePages * 2) - Top2MPage >= EFI_PAGES_TO_SIZE (NumCpuStatePages)\r
547 ) {\r
548 //\r
549 // If the allocated 4KB pages are within the same 2MB page or higher portion is larger, use higher portion pages.\r
550 //\r
551 FrameworkSmst->CpuSaveState = (EFI_SMM_CPU_SAVE_STATE *)(CpuStatePage + EFI_PAGES_TO_SIZE (NumCpuStatePages));\r
552 FreePages ((VOID*)CpuStatePage, NumCpuStatePages);\r
553 } else {\r
554 FrameworkSmst->CpuSaveState = (EFI_SMM_CPU_SAVE_STATE *)CpuStatePage;\r
555 FreePages ((VOID*)(CpuStatePage + EFI_PAGES_TO_SIZE (NumCpuStatePages)), NumCpuStatePages);\r
556 }\r
557 //\r
558 // Add temporary working buffer for hooking\r
559 //\r
560 mShadowSaveState = (EFI_SMM_CPU_SAVE_STATE*) AllocatePool (sizeof (EFI_SMM_CPU_SAVE_STATE));\r
561 ASSERT (mShadowSaveState != NULL);\r
562 //\r
563 // Allocate and initialize 4KB Page Table for hooking CpuSaveState.\r
564 // Replace the original 2MB PDE with new 4KB page table.\r
565 //\r
566 mCpuStatePageTable = InitCpuStatePageTable (FrameworkSmst->CpuSaveState);\r
567 //\r
568 // Mark PTE for CpuSaveState as non-exist.\r
569 //\r
570 HookCpuStateMemory (FrameworkSmst->CpuSaveState);\r
571 HookPageFaultHandler ();\r
572 CpuFlushTlb ();\r
573 mPageTableHookEnabled = TRUE;\r
574 }\r
575 mHookInitialized = TRUE;\r
576}\r
577\r
9e620719 578/**\r
579 Construct a Framework SMST based on the PI SMM SMST.\r
580\r
581 @return Pointer to the constructed Framework SMST.\r
582**/\r
583EFI_SMM_SYSTEM_TABLE *\r
584ConstructFrameworkSmst (\r
585 VOID\r
586 )\r
587{\r
9e620719 588 EFI_SMM_SYSTEM_TABLE *FrameworkSmst;\r
589\r
27af6f9d 590 FrameworkSmst = (EFI_SMM_SYSTEM_TABLE *)AllocatePool (sizeof (EFI_SMM_SYSTEM_TABLE));\r
591 ASSERT (FrameworkSmst != NULL);\r
9e620719 592\r
593 ///\r
594 /// Copy same things from PI SMST to Framework SMST\r
595 ///\r
596 CopyMem (FrameworkSmst, gSmst, (UINTN)(&((EFI_SMM_SYSTEM_TABLE *)0)->SmmIo));\r
597 CopyMem (\r
598 &FrameworkSmst->SmmIo, \r
599 &gSmst->SmmIo,\r
600 sizeof (EFI_SMM_SYSTEM_TABLE) - (UINTN)(&((EFI_SMM_SYSTEM_TABLE *)0)->SmmIo)\r
601 );\r
602\r
603 ///\r
604 /// Update Framework SMST\r
605 ///\r
606 FrameworkSmst->Hdr.Revision = EFI_SMM_SYSTEM_TABLE_REVISION;\r
607 CopyGuid (&FrameworkSmst->EfiSmmCpuIoGuid, &mEfiSmmCpuIoGuid);\r
608\r
ff443d3e 609 mHookInitialized = FALSE;\r
e906eae4 610 FrameworkSmst->CpuSaveState = (EFI_SMM_CPU_SAVE_STATE *)AllocateZeroPool (mNumberOfProcessors * sizeof (EFI_SMM_CPU_SAVE_STATE));\r
27af6f9d 611 ASSERT (FrameworkSmst->CpuSaveState != NULL);\r
9e620719 612\r
613 ///\r
614 /// Do not support floating point state now\r
615 ///\r
616 FrameworkSmst->CpuOptionalFloatingPointState = NULL;\r
617\r
618 FrameworkSmst->SmmInstallConfigurationTable = SmmInstallConfigurationTable;\r
619\r
620 return FrameworkSmst;\r
621}\r
622\r
623/**\r
624 Load a given Framework SMM driver into SMRAM and invoke its entry point.\r
625\r
673c1498 626 @param[in] ParentImageHandle Parent Image Handle.\r
9e620719 627 @param[in] FilePath Location of the image to be installed as the handler.\r
628 @param[in] SourceBuffer Optional source buffer in case the image file\r
629 is in memory.\r
630 @param[in] SourceSize Size of the source image file, if in memory.\r
631 @param[out] ImageHandle The handle that the base driver uses to decode \r
632 the handler. Unique among SMM handlers only, \r
633 not unique across DXE/EFI.\r
634\r
635 @retval EFI_SUCCESS The operation was successful.\r
636 @retval EFI_OUT_OF_RESOURCES There were no additional SMRAM resources to load the handler\r
637 @retval EFI_UNSUPPORTED Can not find its copy in normal memory.\r
638 @retval EFI_INVALID_PARAMETER The handlers was not the correct image type\r
639**/\r
640EFI_STATUS\r
641LoadImage (\r
673c1498 642 IN EFI_HANDLE ParentImageHandle,\r
9e620719 643 IN EFI_DEVICE_PATH_PROTOCOL *FilePath,\r
644 IN VOID *SourceBuffer,\r
645 IN UINTN SourceSize,\r
646 OUT EFI_HANDLE *ImageHandle\r
647 )\r
648{\r
673c1498 649 EFI_STATUS Status;\r
650 UINTN PageCount;\r
651 UINTN OrgPageCount;\r
652 EFI_PHYSICAL_ADDRESS DstBuffer;\r
9e620719 653\r
654 if (FilePath == NULL || ImageHandle == NULL) { \r
655 return EFI_INVALID_PARAMETER;\r
656 }\r
657\r
673c1498 658 PageCount = 1;\r
659 do {\r
660 OrgPageCount = PageCount;\r
661 DstBuffer = (UINTN)-1;\r
662 Status = gSmst->SmmAllocatePages (\r
663 AllocateMaxAddress,\r
664 EfiRuntimeServicesCode,\r
665 PageCount,\r
666 &DstBuffer\r
9e620719 667 );\r
673c1498 668 if (EFI_ERROR (Status)) {\r
669 return Status;\r
9e620719 670 }\r
671\r
673c1498 672 Status = mLoadPe32Image->LoadPeImage (\r
673 mLoadPe32Image,\r
674 ParentImageHandle,\r
675 FilePath,\r
676 SourceBuffer,\r
677 SourceSize,\r
678 DstBuffer,\r
679 &PageCount,\r
680 ImageHandle,\r
681 NULL,\r
682 EFI_LOAD_PE_IMAGE_ATTRIBUTE_NONE\r
683 );\r
684 if (EFI_ERROR (Status)) {\r
685 FreePages ((VOID *)(UINTN)DstBuffer, OrgPageCount);\r
9e620719 686 }\r
673c1498 687 } while (Status == EFI_BUFFER_TOO_SMALL);\r
9e620719 688\r
9e620719 689 if (!EFI_ERROR (Status)) {\r
673c1498 690 ///\r
691 /// Update MP state in Framework SMST before transferring control to Framework SMM driver entry point\r
673c1498 692 ///\r
5b9fc2f0 693 mFrameworkSmst->SmmStartupThisAp = gSmst->SmmStartupThisAp;\r
694 mFrameworkSmst->NumberOfCpus = mNumberOfProcessors;\r
673c1498 695 mFrameworkSmst->CurrentlyExecutingCpu = gSmst->CurrentlyExecutingCpu;\r
696\r
697 Status = gBS->StartImage (*ImageHandle, NULL, NULL);\r
698 if (EFI_ERROR (Status)) {\r
699 mLoadPe32Image->UnLoadPeImage (mLoadPe32Image, *ImageHandle);\r
700 *ImageHandle = NULL;\r
701 FreePages ((VOID *)(UINTN)DstBuffer, PageCount);\r
702 }\r
9e620719 703 }\r
704\r
673c1498 705 return Status;\r
9e620719 706}\r
707\r
d5bcf13e 708/**\r
709 This function check if the address is in SMRAM.\r
710\r
711 @param Buffer the buffer address to be checked.\r
712 @param Length the buffer length to be checked.\r
713\r
714 @retval TRUE this address is in SMRAM.\r
715 @retval FALSE this address is NOT in SMRAM.\r
716**/\r
717BOOLEAN\r
718IsAddressInSmram (\r
719 IN EFI_PHYSICAL_ADDRESS Buffer,\r
720 IN UINT64 Length\r
721 )\r
722{\r
723 UINTN Index;\r
724\r
725 for (Index = 0; Index < mSmramRangeCount; Index ++) {\r
726 if (((Buffer >= mSmramRanges[Index].CpuStart) && (Buffer < mSmramRanges[Index].CpuStart + mSmramRanges[Index].PhysicalSize)) ||\r
727 ((mSmramRanges[Index].CpuStart >= Buffer) && (mSmramRanges[Index].CpuStart < Buffer + Length))) {\r
728 return TRUE;\r
729 }\r
730 }\r
731\r
732 return FALSE;\r
733}\r
673c1498 734\r
9d00d20e
SZ		 735/**\r
736 This function check if the address refered by Buffer and Length is valid.\r
737\r
738 @param Buffer the buffer address to be checked.\r
739 @param Length the buffer length to be checked.\r
740\r
741 @retval TRUE this address is valid.\r
742 @retval FALSE this address is NOT valid.\r
743**/\r
744BOOLEAN\r
745IsAddressValid (\r
746 IN UINTN Buffer,\r
747 IN UINTN Length\r
748 )\r
749{\r
750 if (Buffer > (MAX_ADDRESS - Length)) {\r
751 //\r
752 // Overflow happen\r
753 //\r
754 return FALSE;\r
755 }\r
756 if (IsAddressInSmram ((EFI_PHYSICAL_ADDRESS)Buffer, (UINT64)Length)) {\r
757 return FALSE;\r
758 }\r
759 return TRUE;\r
760}\r
761\r
9e620719 762/** \r
763 Thunk service of EFI_SMM_BASE_PROTOCOL.Register().\r
764\r
17d2c9a3 765 @param[in, out] FunctionData Pointer to SMMBASE_FUNCTION_DATA.\r
766**/\r
9e620719 767VOID\r
768Register (\r
769 IN OUT SMMBASE_FUNCTION_DATA *FunctionData\r
770 )\r
771{\r
772 EFI_STATUS Status;\r
773\r
8edfbe02 774 if (mLocked || FunctionData->Args.Register.LegacyIA32Binary) {\r
9e620719 775 Status = EFI_UNSUPPORTED;\r
776 } else {\r
777 Status = LoadImage (\r
673c1498 778 FunctionData->SmmBaseImageHandle,\r
9e620719 779 FunctionData->Args.Register.FilePath,\r
780 FunctionData->Args.Register.SourceBuffer,\r
781 FunctionData->Args.Register.SourceSize,\r
782 FunctionData->Args.Register.ImageHandle\r
783 );\r
784 }\r
785 FunctionData->Status = Status;\r
786}\r
787\r
788/** \r
789 Thunk service of EFI_SMM_BASE_PROTOCOL.UnRegister().\r
790\r
17d2c9a3 791 @param[in, out] FunctionData Pointer to SMMBASE_FUNCTION_DATA.\r
792**/\r
9e620719 793VOID\r
794UnRegister (\r
795 IN OUT SMMBASE_FUNCTION_DATA *FunctionData\r
796 )\r
797{\r
798 ///\r
799 /// Unregister not supported now\r
800 ///\r
801 FunctionData->Status = EFI_UNSUPPORTED;\r
802}\r
803\r
804/**\r
805 Search for Framework SMI handler information according to specific PI SMM dispatch handle.\r
806\r
807 @param[in] DispatchHandle The unique handle assigned by SmiHandlerRegister(). \r
808\r
17d2c9a3 809 @return Pointer to CALLBACK_INFO. If NULL, no callback info record is found.\r
9e620719 810**/\r
811CALLBACK_INFO *\r
812GetCallbackInfo (\r
813 IN EFI_HANDLE DispatchHandle\r
814 )\r
815{\r
816 LIST_ENTRY *Node;\r
817\r
818 Node = GetFirstNode (&mCallbackInfoListHead);\r
819 while (!IsNull (&mCallbackInfoListHead, Node)) {\r
820 if (((CALLBACK_INFO *)Node)->DispatchHandle == DispatchHandle) {\r
821 return (CALLBACK_INFO *)Node;\r
822 }\r
823 Node = GetNextNode (&mCallbackInfoListHead, Node);\r
824 }\r
825 return NULL;\r
826}\r
827\r
828/**\r
829 Callback thunk for Framework SMI handler.\r
830\r
831 This thunk functions calls the Framework SMI handler and converts the return value\r
832 defined from Framework SMI handlers to a correpsonding return value defined by PI SMM.\r
833\r
834 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
835 @param[in] Context Points to an optional handler context which was specified when the\r
836 handler was registered.\r
26a76fbc 837 @param[in, out] CommBuffer A pointer to a collection of data in memory that will\r
9e620719 838 be conveyed from a non-SMM environment into an SMM environment.\r
26a76fbc 839 @param[in, out] CommBufferSize The size of the CommBuffer.\r
9e620719 840\r
841 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers \r
842 should still be called.\r
843 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should \r
844 still be called.\r
845 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still \r
846 be called.\r
847 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r
848**/\r
849EFI_STATUS\r
850EFIAPI\r
851CallbackThunk (\r
852 IN EFI_HANDLE DispatchHandle,\r
853 IN CONST VOID *Context OPTIONAL,\r
854 IN OUT VOID *CommBuffer OPTIONAL,\r
855 IN OUT UINTN *CommBufferSize OPTIONAL\r
856 )\r
857{\r
858 EFI_STATUS Status;\r
859 CALLBACK_INFO *CallbackInfo;\r
9e620719 860 UINTN CpuIndex;\r
9e620719 861\r
862 ///\r
863 /// Before transferring the control into the Framework SMI handler, update CPU Save States\r
864 /// and MP states in the Framework SMST.\r
865 ///\r
866\r
ff443d3e 867 if (!mHookInitialized) {\r
868 InitHook (mFrameworkSmst);\r
869 }\r
870 if (mPageTableHookEnabled) {\r
871 HookCpuStateMemory (mFrameworkSmst->CpuSaveState);\r
872 CpuFlushTlb ();\r
873 } else {\r
874 for (CpuIndex = 0; CpuIndex < mNumberOfProcessors; CpuIndex++) {\r
875 ReadCpuSaveState (CpuIndex, NULL);\r
9e620719 876 }\r
877 }\r
878\r
33f30f1e 879 mFrameworkSmst->SmmStartupThisAp = gSmst->SmmStartupThisAp;\r
880 mFrameworkSmst->NumberOfCpus = mNumberOfProcessors;\r
9e620719 881 mFrameworkSmst->CurrentlyExecutingCpu = gSmst->CurrentlyExecutingCpu;\r
882\r
883 ///\r
884 /// Search for Framework SMI handler information\r
885 ///\r
886 CallbackInfo = GetCallbackInfo (DispatchHandle);\r
887 ASSERT (CallbackInfo != NULL);\r
888\r
889 ///\r
890 /// Thunk into original Framwork SMI handler\r
891 ///\r
892 Status = (CallbackInfo->CallbackAddress) (\r
893 CallbackInfo->SmmImageHandle,\r
18e78927 894 CallbackInfo->CommunicationBuffer,\r
895 CallbackInfo->SourceSize\r
9e620719 896 );\r
897 ///\r
898 /// Save CPU Save States in case any of them was modified\r
899 ///\r
ff443d3e 900 if (mPageTableHookEnabled) {\r
901 WriteBackDirtyPages ();\r
902 } else {\r
903 for (CpuIndex = 0; CpuIndex < mNumberOfProcessors; CpuIndex++) {\r
904 WriteCpuSaveState (CpuIndex, NULL);\r
9e620719 905 }\r
906 }\r
907\r
908 ///\r
909 /// Conversion of returned status code\r
910 ///\r
911 switch (Status) {\r
912 case EFI_HANDLER_SUCCESS:\r
913 Status = EFI_WARN_INTERRUPT_SOURCE_QUIESCED;\r
914 break;\r
915 case EFI_HANDLER_CRITICAL_EXIT:\r
916 case EFI_HANDLER_SOURCE_QUIESCED:\r
917 Status = EFI_SUCCESS;\r
918 break;\r
919 case EFI_HANDLER_SOURCE_PENDING:\r
920 Status = EFI_WARN_INTERRUPT_SOURCE_PENDING;\r
921 break;\r
922 }\r
923 return Status;\r
924}\r
925\r
926/** \r
927 Thunk service of EFI_SMM_BASE_PROTOCOL.RegisterCallback().\r
928\r
17d2c9a3 929 @param[in, out] FunctionData Pointer to SMMBASE_FUNCTION_DATA.\r
930**/\r
9e620719 931VOID\r
932RegisterCallback (\r
27af6f9d 933 IN OUT SMMBASE_FUNCTION_DATA *FunctionData\r
9e620719 934 )\r
935{\r
9e620719 936 CALLBACK_INFO *Buffer;\r
937\r
8edfbe02 938 if (mLocked) {\r
939 FunctionData->Status = EFI_UNSUPPORTED;\r
940 return;\r
941 }\r
942\r
9e620719 943 ///\r
944 /// Note that MakeLast and FloatingPointSave options are not supported in PI SMM\r
945 ///\r
946\r
947 ///\r
948 /// Allocate buffer for callback thunk information\r
949 ///\r
18e78927 950 Buffer = (CALLBACK_INFO *)AllocateZeroPool (sizeof (CALLBACK_INFO));\r
27af6f9d 951 if (Buffer == NULL) {\r
952 FunctionData->Status = EFI_OUT_OF_RESOURCES;\r
953 return;\r
9e620719 954 }\r
27af6f9d 955\r
956 ///\r
957 /// Fill SmmImageHandle and CallbackAddress into the thunk\r
958 ///\r
959 Buffer->SmmImageHandle = FunctionData->Args.RegisterCallback.SmmImageHandle;\r
960 Buffer->CallbackAddress = FunctionData->Args.RegisterCallback.CallbackAddress;\r
961\r
962 ///\r
963 /// Register the thunk code as a root SMI handler\r
964 ///\r
965 FunctionData->Status = gSmst->SmiHandlerRegister (\r
966 CallbackThunk,\r
967 NULL,\r
968 &Buffer->DispatchHandle\r
969 );\r
970 if (EFI_ERROR (FunctionData->Status)) {\r
971 FreePool (Buffer);\r
972 return;\r
973 }\r
974\r
975 ///\r
976 /// Save this callback info\r
977 ///\r
978 InsertTailList (&mCallbackInfoListHead, &Buffer->Link);\r
9e620719 979}\r
980\r
981\r
982/** \r
983 Thunk service of EFI_SMM_BASE_PROTOCOL.SmmAllocatePool().\r
984\r
17d2c9a3 985 @param[in, out] FunctionData Pointer to SMMBASE_FUNCTION_DATA.\r
986**/\r
9e620719 987VOID\r
988HelperAllocatePool (\r
989 IN OUT SMMBASE_FUNCTION_DATA *FunctionData\r
990 )\r
991{\r
8edfbe02 992 if (mLocked) {\r
993 FunctionData->Status = EFI_UNSUPPORTED;\r
994 } else {\r
995 FunctionData->Status = gSmst->SmmAllocatePool (\r
996 FunctionData->Args.AllocatePool.PoolType,\r
997 FunctionData->Args.AllocatePool.Size,\r
998 FunctionData->Args.AllocatePool.Buffer\r
999 );\r
1000 }\r
9e620719 1001}\r
1002\r
1003/** \r
1004 Thunk service of EFI_SMM_BASE_PROTOCOL.SmmFreePool().\r
1005\r
17d2c9a3 1006 @param[in, out] FunctionData Pointer to SMMBASE_FUNCTION_DATA.\r
1007**/\r
9e620719 1008VOID\r
1009HelperFreePool (\r
1010 IN OUT SMMBASE_FUNCTION_DATA *FunctionData\r
1011 )\r
1012{\r
8edfbe02 1013 if (mLocked) {\r
1014 FunctionData->Status = EFI_UNSUPPORTED;\r
1015 } else {\r
1016 FreePool (FunctionData->Args.FreePool.Buffer);\r
1017 FunctionData->Status = EFI_SUCCESS;\r
1018 }\r
9e620719 1019}\r
1020\r
bade9bf5 1021/** \r
1022 Thunk service of EFI_SMM_BASE_PROTOCOL.Communicate().\r
1023\r
1024 @param[in, out] FunctionData Pointer to SMMBASE_FUNCTION_DATA.\r
1025**/\r
1026VOID\r
1027HelperCommunicate (\r
1028 IN OUT SMMBASE_FUNCTION_DATA *FunctionData\r
1029 )\r
1030{\r
1031 LIST_ENTRY *Node;\r
1032 CALLBACK_INFO *CallbackInfo;\r
1033\r
1034 if (FunctionData->Args.Communicate.CommunicationBuffer == NULL) {\r
1035 FunctionData->Status = EFI_INVALID_PARAMETER;\r
1036 return;\r
1037 }\r
1038\r
1039 Node = GetFirstNode (&mCallbackInfoListHead);\r
1040 while (!IsNull (&mCallbackInfoListHead, Node)) {\r
1041 CallbackInfo = (CALLBACK_INFO *)Node;\r
1042\r
1043 if (FunctionData->Args.Communicate.ImageHandle == CallbackInfo->SmmImageHandle) {\r
18e78927 1044 CallbackInfo->CommunicationBuffer = FunctionData->Args.Communicate.CommunicationBuffer;\r
1045 CallbackInfo->SourceSize = FunctionData->Args.Communicate.SourceSize;\r
1046\r
bade9bf5 1047 ///\r
1048 /// The message was successfully posted.\r
1049 ///\r
1050 FunctionData->Status = EFI_SUCCESS;\r
1051 return;\r
1052 }\r
1053 Node = GetNextNode (&mCallbackInfoListHead, Node);\r
1054 }\r
1055\r
1056 FunctionData->Status = EFI_INVALID_PARAMETER;\r
1057}\r
1058\r
9e620719 1059/**\r
1060 Communication service SMI Handler entry.\r
1061\r
1062 This SMI handler provides services for the SMM Base Thunk driver.\r
1063\r
d5bcf13e 1064 Caution: This function may receive untrusted input during runtime.\r
1065 The communicate buffer is external input, so this function will do operations only if the communicate\r
1066 buffer is outside of SMRAM so that returning the status code in the buffer won't overwrite anywhere in SMRAM.\r
1067\r
9e620719 1068 @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister().\r
26a76fbc 1069 @param[in] RegisterContext Points to an optional handler context which was specified when the\r
9e620719 1070 handler was registered.\r
26a76fbc 1071 @param[in, out] CommBuffer A pointer to a collection of data in memory that will\r
9e620719 1072 be conveyed from a non-SMM environment into an SMM environment.\r
26a76fbc 1073 @param[in, out] CommBufferSize The size of the CommBuffer.\r
9e620719 1074\r
1075 @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers \r
1076 should still be called.\r
1077 @retval EFI_WARN_INTERRUPT_SOURCE_QUIESCED The interrupt has been quiesced but other handlers should \r
1078 still be called.\r
1079 @retval EFI_WARN_INTERRUPT_SOURCE_PENDING The interrupt is still pending and other handlers should still \r
1080 be called.\r
1081 @retval EFI_INTERRUPT_PENDING The interrupt could not be quiesced.\r
1082**/\r
1083EFI_STATUS\r
1084EFIAPI\r
1085SmmHandlerEntry (\r
1086 IN EFI_HANDLE DispatchHandle,\r
1087 IN CONST VOID *RegisterContext,\r
1088 IN OUT VOID *CommBuffer,\r
1089 IN OUT UINTN *CommBufferSize\r
1090 )\r
1091{\r
1092 SMMBASE_FUNCTION_DATA *FunctionData;\r
1093\r
1094 ASSERT (CommBuffer != NULL);\r
d5bcf13e 1095 ASSERT (CommBufferSize != NULL);\r
1096\r
1097 if (*CommBufferSize == sizeof (SMMBASE_FUNCTION_DATA) &&\r
9d00d20e 1098 IsAddressValid ((UINTN)CommBuffer, *CommBufferSize)) {\r
d5bcf13e 1099 FunctionData = (SMMBASE_FUNCTION_DATA *)CommBuffer;\r
1100\r
1101 switch (FunctionData->Function) {\r
1102 case SmmBaseFunctionRegister:\r
1103 Register (FunctionData);\r
1104 break;\r
1105 case SmmBaseFunctionUnregister:\r
1106 UnRegister (FunctionData);\r
1107 break;\r
1108 case SmmBaseFunctionRegisterCallback:\r
1109 RegisterCallback (FunctionData);\r
1110 break;\r
1111 case SmmBaseFunctionAllocatePool:\r
1112 HelperAllocatePool (FunctionData);\r
1113 break;\r
1114 case SmmBaseFunctionFreePool:\r
1115 HelperFreePool (FunctionData);\r
1116 break;\r
1117 case SmmBaseFunctionCommunicate:\r
1118 HelperCommunicate (FunctionData);\r
1119 break;\r
1120 default:\r
1121 DEBUG ((EFI_D_WARN, "SmmBaseHelper: invalid SMM Base function.\n"));\r
1122 FunctionData->Status = EFI_UNSUPPORTED;\r
1123 }\r
9e620719 1124 }\r
1125 return EFI_SUCCESS;\r
1126}\r
1127\r
8edfbe02 1128/**\r
1129 Smm Ready To Lock event notification handler.\r
1130\r
1131 It sets a flag indicating that SMRAM has been locked.\r
1132 \r
1133 @param[in] Protocol Points to the protocol's unique identifier.\r
1134 @param[in] Interface Points to the interface instance.\r
1135 @param[in] Handle The handle on which the interface was installed.\r
1136\r
1137 @retval EFI_SUCCESS Notification handler runs successfully.\r
1138 **/\r
1139EFI_STATUS\r
1140EFIAPI\r
1141SmmReadyToLockEventNotify (\r
1142 IN CONST EFI_GUID *Protocol,\r
1143 IN VOID *Interface,\r
1144 IN EFI_HANDLE Handle\r
1145 )\r
1146{\r
1147 mLocked = TRUE;\r
1148 return EFI_SUCCESS;\r
1149}\r
1150\r
9e620719 1151/**\r
1152 Entry point function of the SMM Base Helper SMM driver.\r
1153\r
1154 @param[in] ImageHandle The firmware allocated handle for the EFI image. \r
1155 @param[in] SystemTable A pointer to the EFI System Table.\r
1156 \r
1157 @retval EFI_SUCCESS The entry point is executed successfully.\r
1158 @retval other Some error occurs when executing this entry point.\r
1159**/\r
1160EFI_STATUS\r
1161EFIAPI\r
1162SmmBaseHelperMain (\r
1163 IN EFI_HANDLE ImageHandle,\r
1164 IN EFI_SYSTEM_TABLE *SystemTable\r
1165 )\r
1166{\r
1167 EFI_STATUS Status;\r
e906eae4 1168 EFI_MP_SERVICES_PROTOCOL *MpServices;\r
26a76fbc 1169 EFI_HANDLE Handle;\r
e906eae4 1170 UINTN NumberOfEnabledProcessors;\r
8edfbe02 1171 VOID *Registration;\r
d5bcf13e 1172 EFI_SMM_ACCESS2_PROTOCOL *SmmAccess;\r
1173 UINTN Size;\r
26a76fbc
LG		 1174 \r
1175 Handle = NULL;\r
9e620719 1176 ///\r
17d2c9a3 1177 /// Locate SMM CPU Protocol which is used later to retrieve/update CPU Save States\r
9e620719 1178 ///\r
1179 Status = gSmst->SmmLocateProtocol (&gEfiSmmCpuProtocolGuid, NULL, (VOID **) &mSmmCpu);\r
1180 ASSERT_EFI_ERROR (Status);\r
1181\r
673c1498 1182 ///\r
1183 /// Locate PE32 Image Protocol which is used later to load Framework SMM driver\r
1184 ///\r
1185 Status = SystemTable->BootServices->LocateProtocol (&gEfiLoadPeImageProtocolGuid, NULL, (VOID **) &mLoadPe32Image);\r
1186 ASSERT_EFI_ERROR (Status);\r
1187\r
e906eae4 1188 //\r
1189 // Get MP Services Protocol\r
1190 //\r
1191 Status = SystemTable->BootServices->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **)&MpServices);\r
1192 ASSERT_EFI_ERROR (Status);\r
1193\r
1194 //\r
1195 // Use MP Services Protocol to retrieve the number of processors and number of enabled processors\r
1196 //\r
1197 Status = MpServices->GetNumberOfProcessors (MpServices, &mNumberOfProcessors, &NumberOfEnabledProcessors);\r
1198 ASSERT_EFI_ERROR (Status);\r
1199 \r
9e620719 1200 ///\r
1201 /// Interface structure of SMM BASE Helper Ready Protocol is allocated from UEFI pool\r
1202 /// instead of SMM pool so that SMM Base Thunk driver can access it in Non-SMM mode.\r
1203 ///\r
1204 Status = gBS->AllocatePool (\r
1205 EfiBootServicesData,\r
1206 sizeof (EFI_SMM_BASE_HELPER_READY_PROTOCOL),\r
1207 (VOID **)&mSmmBaseHelperReady\r
1208 );\r
1209 ASSERT_EFI_ERROR (Status);\r
1210\r
1211 ///\r
1212 /// Construct Framework SMST from PI SMST\r
1213 ///\r
1214 mFrameworkSmst = ConstructFrameworkSmst ();\r
1215 mSmmBaseHelperReady->FrameworkSmst = mFrameworkSmst;\r
1216 mSmmBaseHelperReady->ServiceEntry = SmmHandlerEntry;\r
1217\r
d5bcf13e 1218 //\r
1219 // Get SMRAM information\r
1220 //\r
1221 Status = gBS->LocateProtocol (&gEfiSmmAccess2ProtocolGuid, NULL, (VOID **)&SmmAccess);\r
1222 ASSERT_EFI_ERROR (Status);\r
1223\r
1224 Size = 0;\r
1225 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, NULL);\r
1226 ASSERT (Status == EFI_BUFFER_TOO_SMALL);\r
1227\r
1228 Status = gSmst->SmmAllocatePool (\r
1229 EfiRuntimeServicesData,\r
1230 Size,\r
1231 (VOID **)&mSmramRanges\r
1232 );\r
1233 ASSERT_EFI_ERROR (Status);\r
1234\r
1235 Status = SmmAccess->GetCapabilities (SmmAccess, &Size, mSmramRanges);\r
1236 ASSERT_EFI_ERROR (Status);\r
1237\r
1238 mSmramRangeCount = Size / sizeof (EFI_SMRAM_DESCRIPTOR);\r
1239\r
8edfbe02 1240 //\r
1241 // Register SMM Ready To Lock Protocol notification\r
1242 //\r
1243 Status = gSmst->SmmRegisterProtocolNotify (\r
1244 &gEfiSmmReadyToLockProtocolGuid,\r
1245 SmmReadyToLockEventNotify,\r
1246 &Registration\r
1247 );\r
1248 ASSERT_EFI_ERROR (Status);\r
1249\r
9e620719 1250 ///\r
1251 /// Register SMM Base Helper services for SMM Base Thunk driver\r
1252 ///\r
1253 Status = gSmst->SmiHandlerRegister (SmmHandlerEntry, &gEfiSmmBaseThunkCommunicationGuid, &mDispatchHandle);\r
1254 ASSERT_EFI_ERROR (Status);\r
1255\r
1256 ///\r
1257 /// Install EFI SMM Base Helper Protocol in the UEFI handle database\r
1258 ///\r
1259 Status = gBS->InstallProtocolInterface (\r
1260 &Handle,\r
1261 &gEfiSmmBaseHelperReadyProtocolGuid,\r
1262 EFI_NATIVE_INTERFACE,\r
1263 mSmmBaseHelperReady\r
1264 );\r
1265 ASSERT_EFI_ERROR (Status);\r
1266\r
1267 return Status;\r
1268}\r
1269\r
EFI Development Kit II mirror for PVE