[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / Ia32 / PageTbl.c

/** @file\r
Page table manipulation functions for IA-32 processors\r
\r
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "PiSmmCpuDxeSmm.h"\r
\r
/**\r
  Disable CET.\r
**/\r
VOID\r
EFIAPI\r
DisableCet (\r
  VOID\r
  );\r
\r
/**\r
  Enable CET.\r
**/\r
VOID\r
EFIAPI\r
EnableCet (\r
  VOID\r
  );\r
\r
/**\r
  Create PageTable for SMM use.\r
\r
  @return     PageTable Address\r
\r
**/\r
UINT32\r
SmmInitPageTable (\r
  VOID\r
  )\r
{\r
  UINTN                             PageFaultHandlerHookAddress;\r
  IA32_IDT_GATE_DESCRIPTOR          *IdtEntry;\r
  EFI_STATUS                        Status;\r
\r
  //\r
  // Initialize spin lock\r
  //\r
  InitializeSpinLock (mPFLock);\r
\r
  mPhysicalAddressBits = 32;\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable) ||\r
      HEAP_GUARD_NONSTOP_MODE ||\r
      NULL_DETECTION_NONSTOP_MODE) {\r
    //\r
    // Set own Page Fault entry instead of the default one, because SMM Profile\r
    // feature depends on IRET instruction to do Single Step\r
    //\r
    PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
    IdtEntry  = (IA32_IDT_GATE_DESCRIPTOR *) gcSmiIdtr.Base;\r
    IdtEntry += EXCEPT_IA32_PAGE_FAULT;\r
    IdtEntry->Bits.OffsetLow      = (UINT16)PageFaultHandlerHookAddress;\r
    IdtEntry->Bits.Reserved_0     = 0;\r
    IdtEntry->Bits.GateType       = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
    IdtEntry->Bits.OffsetHigh     = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
  } else {\r
    //\r
    // Register SMM Page Fault Handler\r
    //\r
    Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  //\r
  // Additional SMM IDT initialization for SMM stack guard\r
  //\r
  if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
    InitializeIDTSmmStackGuard ();\r
  }\r
  return Gen4GPageTable (TRUE);\r
}\r
\r
/**\r
  Page Fault handler for SMM use.\r
\r
**/\r
VOID\r
SmiDefaultPFHandler (\r
  VOID\r
  )\r
{\r
  CpuDeadLoop ();\r
}\r
\r
/**\r
  ThePage Fault handler wrapper for SMM use.\r
\r
  @param  InterruptType    Defines the type of interrupt or exception that\r
                           occurred on the processor.This parameter is processor architecture specific.\r
  @param  SystemContext    A pointer to the processor context when\r
                           the interrupt occurred on the processor.\r
**/\r
VOID\r
EFIAPI\r
SmiPFHandler (\r
  IN EFI_EXCEPTION_TYPE   InterruptType,\r
  IN EFI_SYSTEM_CONTEXT   SystemContext\r
  )\r
{\r
  UINTN             PFAddress;\r
  UINTN             GuardPageAddress;\r
  UINTN             CpuIndex;\r
\r
  ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
\r
  AcquireSpinLock (mPFLock);\r
\r
  PFAddress = AsmReadCr2 ();\r
\r
  //\r
  // If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
  // or SMM page protection violation.\r
  //\r
  if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
      (PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))) {\r
    DumpCpuContext (InterruptType, SystemContext);\r
    CpuIndex = GetCpuIndex ();\r
    GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
    if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
        (PFAddress >= GuardPageAddress) &&\r
        (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {\r
      DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
    } else {\r
      if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
        );\r
      } else {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
        );\r
      }\r
\r
      if (HEAP_GUARD_NONSTOP_MODE) {\r
        GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
        goto Exit;\r
      }\r
    }\r
    CpuDeadLoop ();\r
    goto Exit;\r
  }\r
\r
  //\r
  // If a page fault occurs in non-SMRAM range.\r
  //\r
  if ((PFAddress < mCpuHotPlugData.SmrrBase) ||\r
      (PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)) {\r
    if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
      );\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
\r
    //\r
    // If NULL pointer was just accessed\r
    //\r
    if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0 &&\r
        (PFAddress < EFI_PAGE_SIZE)) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
      );\r
\r
      if (NULL_DETECTION_NONSTOP_MODE) {\r
        GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
        goto Exit;\r
      }\r
\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
\r
    if (IsSmmCommBufferForbiddenAddress (PFAddress)) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%x)!\n", PFAddress));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
      );\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
  }\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    SmmProfilePFHandler (\r
      SystemContext.SystemContextIa32->Eip,\r
      SystemContext.SystemContextIa32->ExceptionData\r
      );\r
  } else {\r
    DumpCpuContext (InterruptType, SystemContext);\r
    SmiDefaultPFHandler ();\r
  }\r
\r
Exit:\r
  ReleaseSpinLock (mPFLock);\r
}\r
\r
/**\r
  This function sets memory attribute for page table.\r
**/\r
VOID\r
SetPageTableAttributes (\r
  VOID\r
  )\r
{\r
  UINTN                 Index2;\r
  UINTN                 Index3;\r
  UINT64                *L1PageTable;\r
  UINT64                *L2PageTable;\r
  UINT64                *L3PageTable;\r
  BOOLEAN               IsSplitted;\r
  BOOLEAN               PageTableSplitted;\r
  BOOLEAN               CetEnabled;\r
\r
  //\r
  // Don't mark page table to read-only if heap guard is enabled.\r
  //\r
  //      BIT2: SMM page guard enabled\r
  //      BIT3: SMM pool guard enabled\r
  //\r
  if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) {\r
    DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as heap guard is enabled\n"));\r
    return ;\r
  }\r
\r
  //\r
  // Don't mark page table to read-only if SMM profile is enabled.\r
  //\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as SMM profile is enabled\n"));\r
    return ;\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
\r
  //\r
  // Disable write protection, because we need mark page table to be write protected.\r
  // We need *write* page table memory, to mark itself to be *read only*.\r
  //\r
  CetEnabled = ((AsmReadCr4() & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;\r
  if (CetEnabled) {\r
    //\r
    // CET must be disabled if WP is disabled.\r
    //\r
    DisableCet();\r
  }\r
  AsmWriteCr0 (AsmReadCr0() & ~CR0_WP);\r
\r
  do {\r
    DEBUG ((DEBUG_INFO, "Start...\n"));\r
    PageTableSplitted = FALSE;\r
\r
    L3PageTable = (UINT64 *)GetPageTableBase ();\r
\r
    SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L3PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
    PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
    for (Index3 = 0; Index3 < 4; Index3++) {\r
      L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
      if (L2PageTable == NULL) {\r
        continue;\r
      }\r
\r
      SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
      PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
      for (Index2 = 0; Index2 < SIZE_4KB/sizeof(UINT64); Index2++) {\r
        if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
          // 2M\r
          continue;\r
        }\r
        L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
        if (L1PageTable == NULL) {\r
          continue;\r
        }\r
        SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
        PageTableSplitted = (PageTableSplitted || IsSplitted);\r
      }\r
    }\r
  } while (PageTableSplitted);\r
\r
  //\r
  // Enable write protection, after page table updated.\r
  //\r
  AsmWriteCr0 (AsmReadCr0() | CR0_WP);\r
  if (CetEnabled) {\r
    //\r
    // re-enable CET.\r
    //\r
    EnableCet();\r
  }\r
\r
  return ;\r
}\r
\r
/**\r
  This function returns with no action for 32 bit.\r
\r
  @param[out]  *Cr2  Pointer to variable to hold CR2 register value.\r
**/\r
VOID\r
SaveCr2 (\r
  OUT UINTN  *Cr2\r
  )\r
{\r
  return ;\r
}\r
\r
/**\r
  This function returns with no action for 32 bit.\r
\r
  @param[in]  Cr2  Value to write into CR2 register.\r
**/\r
VOID\r
RestoreCr2 (\r
  IN UINTN  Cr2\r
  )\r
{\r
  return ;\r
}\r
Commit	Line	Data
7947da3c MK	1	/** @file\r
	2	Page table manipulation functions for IA-32 processors\r
	3	\r
3eb69b08	4	Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
241f9149 LD	5	Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
241f9149 LD	6	\r
7947da3c MK	7	This program and the accompanying materials\r
	8	are licensed and made available under the terms and conditions of the BSD License\r
	9	which accompanies this distribution. The full text of the license may be found at\r
	10	http://opensource.org/licenses/bsd-license.php\r
	11	\r
	12	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	13	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	14	\r
	15	**/\r
	16	\r
	17	#include "PiSmmCpuDxeSmm.h"\r
	18	\r
3eb69b08 JY	19	/**\r
	20	Disable CET.\r
	21	**/\r
	22	VOID\r
	23	EFIAPI\r
	24	DisableCet (\r
	25	VOID\r
	26	);\r
	27	\r
	28	/**\r
	29	Enable CET.\r
	30	**/\r
	31	VOID\r
	32	EFIAPI\r
	33	EnableCet (\r
	34	VOID\r
	35	);\r
	36	\r
7947da3c MK	37	/**\r
	38	Create PageTable for SMM use.\r
	39	\r
	40	@return PageTable Address\r
	41	\r
	42	**/\r
	43	UINT32\r
	44	SmmInitPageTable (\r
	45	VOID\r
	46	)\r
	47	{\r
	48	UINTN PageFaultHandlerHookAddress;\r
	49	IA32_IDT_GATE_DESCRIPTOR *IdtEntry;\r
5c88af79	50	EFI_STATUS Status;\r
7947da3c MK	51	\r
	52	//\r
	53	// Initialize spin lock\r
	54	//\r
fe3a75bc	55	InitializeSpinLock (mPFLock);\r
7947da3c	56	\r
714c2603 SZ	57	mPhysicalAddressBits = 32;\r
714c2603 SZ	58	\r
09afd9a4 JW	59	if (FeaturePcdGet (PcdCpuSmmProfileEnable) \|\|\r
	60	HEAP_GUARD_NONSTOP_MODE \|\|\r
	61	NULL_DETECTION_NONSTOP_MODE) {\r
7947da3c MK	62	//\r
	63	// Set own Page Fault entry instead of the default one, because SMM Profile\r
	64	// feature depends on IRET instruction to do Single Step\r
	65	//\r
	66	PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
	67	IdtEntry = (IA32_IDT_GATE_DESCRIPTOR *) gcSmiIdtr.Base;\r
	68	IdtEntry += EXCEPT_IA32_PAGE_FAULT;\r
	69	IdtEntry->Bits.OffsetLow = (UINT16)PageFaultHandlerHookAddress;\r
	70	IdtEntry->Bits.Reserved_0 = 0;\r
	71	IdtEntry->Bits.GateType = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
	72	IdtEntry->Bits.OffsetHigh = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
	73	} else {\r
	74	//\r
	75	// Register SMM Page Fault Handler\r
	76	//\r
5c88af79 JF	77	Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
5c88af79 JF	78	ASSERT_EFI_ERROR (Status);\r
7947da3c MK	79	}\r
	80	\r
	81	//\r
	82	// Additional SMM IDT initialization for SMM stack guard\r
	83	//\r
	84	if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
	85	InitializeIDTSmmStackGuard ();\r
	86	}\r
717fb604	87	return Gen4GPageTable (TRUE);\r
7947da3c MK	88	}\r
	89	\r
	90	/**\r
	91	Page Fault handler for SMM use.\r
	92	\r
	93	**/\r
	94	VOID\r
	95	SmiDefaultPFHandler (\r
	96	VOID\r
	97	)\r
	98	{\r
	99	CpuDeadLoop ();\r
	100	}\r
	101	\r
	102	/**\r
	103	ThePage Fault handler wrapper for SMM use.\r
	104	\r
	105	@param InterruptType Defines the type of interrupt or exception that\r
	106	occurred on the processor.This parameter is processor architecture specific.\r
	107	@param SystemContext A pointer to the processor context when\r
	108	the interrupt occurred on the processor.\r
	109	**/\r
	110	VOID\r
	111	EFIAPI\r
	112	SmiPFHandler (\r
b8caae19 JF	113	IN EFI_EXCEPTION_TYPE InterruptType,\r
b8caae19 JF	114	IN EFI_SYSTEM_CONTEXT SystemContext\r
7947da3c MK	115	)\r
	116	{\r
	117	UINTN PFAddress;\r
7fa1376c JY	118	UINTN GuardPageAddress;\r
7fa1376c JY	119	UINTN CpuIndex;\r
7947da3c MK	120	\r
	121	ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
	122	\r
fe3a75bc	123	AcquireSpinLock (mPFLock);\r
7947da3c MK	124	\r
	125	PFAddress = AsmReadCr2 ();\r
	126	\r
7fa1376c JY	127	//\r
	128	// If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
	129	// or SMM page protection violation.\r
	130	//\r
	131	if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
7947da3c	132	(PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))) {\r
b8caae19	133	DumpCpuContext (InterruptType, SystemContext);\r
7fa1376c JY	134	CpuIndex = GetCpuIndex ();\r
	135	GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
	136	if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
	137	(PFAddress >= GuardPageAddress) &&\r
	138	(PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {\r
	139	DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
	140	} else {\r
7fa1376c JY	141	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
	142	DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
	143	DEBUG_CODE (\r
	144	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	145	);\r
	146	} else {\r
	147	DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
	148	DEBUG_CODE (\r
	149	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	150	);\r
	151	}\r
09afd9a4 JW	152	\r
	153	if (HEAP_GUARD_NONSTOP_MODE) {\r
	154	GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
	155	goto Exit;\r
	156	}\r
7fa1376c	157	}\r
7947da3c	158	CpuDeadLoop ();\r
3eb69b08	159	goto Exit;\r
7947da3c MK	160	}\r
	161	\r
	162	//\r
8bf0380e	163	// If a page fault occurs in non-SMRAM range.\r
7947da3c MK	164	//\r
	165	if ((PFAddress < mCpuHotPlugData.SmrrBase) \|\|\r
	166	(PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)) {\r
	167	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
8bf0380e	168	DumpCpuContext (InterruptType, SystemContext);\r
717fb604	169	DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
7947da3c MK	170	DEBUG_CODE (\r
	171	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	172	);\r
	173	CpuDeadLoop ();\r
3eb69b08	174	goto Exit;\r
7947da3c	175	}\r
09afd9a4 JW	176	\r
	177	//\r
	178	// If NULL pointer was just accessed\r
	179	//\r
	180	if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0 &&\r
	181	(PFAddress < EFI_PAGE_SIZE)) {\r
	182	DumpCpuContext (InterruptType, SystemContext);\r
	183	DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
	184	DEBUG_CODE (\r
	185	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	186	);\r
	187	\r
	188	if (NULL_DETECTION_NONSTOP_MODE) {\r
	189	GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
	190	goto Exit;\r
	191	}\r
	192	\r
	193	CpuDeadLoop ();\r
3eb69b08	194	goto Exit;\r
09afd9a4 JW	195	}\r
09afd9a4 JW	196	\r
d2fc7711	197	if (IsSmmCommBufferForbiddenAddress (PFAddress)) {\r
8bf0380e	198	DumpCpuContext (InterruptType, SystemContext);\r
d2fc7711 JY	199	DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%x)!\n", PFAddress));\r
	200	DEBUG_CODE (\r
	201	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	202	);\r
	203	CpuDeadLoop ();\r
3eb69b08	204	goto Exit;\r
d2fc7711	205	}\r
7947da3c MK	206	}\r
	207	\r
	208	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	209	SmmProfilePFHandler (\r
	210	SystemContext.SystemContextIa32->Eip,\r
	211	SystemContext.SystemContextIa32->ExceptionData\r
	212	);\r
	213	} else {\r
b8caae19	214	DumpCpuContext (InterruptType, SystemContext);\r
7947da3c MK	215	SmiDefaultPFHandler ();\r
	216	}\r
	217	\r
09afd9a4	218	Exit:\r
fe3a75bc	219	ReleaseSpinLock (mPFLock);\r
7947da3c	220	}\r
717fb604 JY	221	\r
	222	/**\r
	223	This function sets memory attribute for page table.\r
	224	**/\r
	225	VOID\r
	226	SetPageTableAttributes (\r
	227	VOID\r
	228	)\r
	229	{\r
	230	UINTN Index2;\r
	231	UINTN Index3;\r
	232	UINT64 *L1PageTable;\r
	233	UINT64 *L2PageTable;\r
	234	UINT64 *L3PageTable;\r
	235	BOOLEAN IsSplitted;\r
	236	BOOLEAN PageTableSplitted;\r
3eb69b08	237	BOOLEAN CetEnabled;\r
717fb604	238	\r
827330cc	239	//\r
1015fb3c	240	// Don't mark page table to read-only if heap guard is enabled.\r
827330cc JW	241	//\r
	242	// BIT2: SMM page guard enabled\r
	243	// BIT3: SMM pool guard enabled\r
	244	//\r
	245	if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 \| BIT2)) != 0) {\r
1015fb3c SZ	246	DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as heap guard is enabled\n"));\r
	247	return ;\r
	248	}\r
	249	\r
	250	//\r
	251	// Don't mark page table to read-only if SMM profile is enabled.\r
	252	//\r
	253	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	254	DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as SMM profile is enabled\n"));\r
827330cc JW	255	return ;\r
	256	}\r
	257	\r
717fb604 JY	258	DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
	259	\r
	260	//\r
	261	// Disable write protection, because we need mark page table to be write protected.\r
	262	// We need write page table memory, to mark itself to be read only.\r
	263	//\r
3eb69b08 JY	264	CetEnabled = ((AsmReadCr4() & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;\r
	265	if (CetEnabled) {\r
	266	//\r
	267	// CET must be disabled if WP is disabled.\r
	268	//\r
	269	DisableCet();\r
	270	}\r
717fb604 JY	271	AsmWriteCr0 (AsmReadCr0() & ~CR0_WP);\r
	272	\r
	273	do {\r
	274	DEBUG ((DEBUG_INFO, "Start...\n"));\r
	275	PageTableSplitted = FALSE;\r
	276	\r
	277	L3PageTable = (UINT64 *)GetPageTableBase ();\r
	278	\r
	279	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L3PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	280	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	281	\r
	282	for (Index3 = 0; Index3 < 4; Index3++) {\r
241f9149	283	L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
717fb604 JY	284	if (L2PageTable == NULL) {\r
	285	continue;\r
	286	}\r
	287	\r
	288	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	289	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	290	\r
	291	for (Index2 = 0; Index2 < SIZE_4KB/sizeof(UINT64); Index2++) {\r
	292	if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
	293	// 2M\r
	294	continue;\r
	295	}\r
241f9149	296	L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
717fb604 JY	297	if (L1PageTable == NULL) {\r
	298	continue;\r
	299	}\r
	300	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	301	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	302	}\r
	303	}\r
	304	} while (PageTableSplitted);\r
	305	\r
	306	//\r
	307	// Enable write protection, after page table updated.\r
	308	//\r
	309	AsmWriteCr0 (AsmReadCr0() \| CR0_WP);\r
3eb69b08 JY	310	if (CetEnabled) {\r
	311	//\r
	312	// re-enable CET.\r
	313	//\r
	314	EnableCet();\r
	315	}\r
717fb604 JY	316	\r
	317	return ;\r
	318	}\r
37f9fea5 VN	319	\r
	320	/**\r
	321	This function returns with no action for 32 bit.\r
	322	\r
	323	@param[out] *Cr2 Pointer to variable to hold CR2 register value.\r
	324	**/\r
	325	VOID\r
	326	SaveCr2 (\r
	327	OUT UINTN *Cr2\r
	328	)\r
	329	{\r
	330	return ;\r
	331	}\r
	332	\r
	333	/**\r
	334	This function returns with no action for 32 bit.\r
	335	\r
	336	@param[in] Cr2 Value to write into CR2 register.\r
	337	**/\r
	338	VOID\r
	339	RestoreCr2 (\r
	340	IN UINTN Cr2\r
	341	)\r
	342	{\r
	343	return ;\r
	344	}\r