[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / Ia32 / PageTbl.c

/** @file\r
Page table manipulation functions for IA-32 processors\r
\r
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "PiSmmCpuDxeSmm.h"\r
\r
/**\r
  Disable CET.\r
**/\r
VOID\r
EFIAPI\r
DisableCet (\r
  VOID\r
  );\r
\r
/**\r
  Enable CET.\r
**/\r
VOID\r
EFIAPI\r
EnableCet (\r
  VOID\r
  );\r
\r
/**\r
  Get page table base address and the depth of the page table.\r
\r
  @param[out] Base        Page table base address.\r
  @param[out] FiveLevels  TRUE means 5 level paging. FALSE means 4 level paging.\r
**/\r
VOID\r
GetPageTable (\r
  OUT UINTN   *Base,\r
  OUT BOOLEAN *FiveLevels OPTIONAL\r
  )\r
{\r
  *Base = ((mInternalCr3 == 0) ?\r
            (AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64) :\r
            mInternalCr3);\r
  if (FiveLevels != NULL) {\r
    *FiveLevels = FALSE;\r
  }\r
}\r
\r
/**\r
  Create PageTable for SMM use.\r
\r
  @return     PageTable Address\r
\r
**/\r
UINT32\r
SmmInitPageTable (\r
  VOID\r
  )\r
{\r
  UINTN                             PageFaultHandlerHookAddress;\r
  IA32_IDT_GATE_DESCRIPTOR          *IdtEntry;\r
  EFI_STATUS                        Status;\r
\r
  //\r
  // Initialize spin lock\r
  //\r
  InitializeSpinLock (mPFLock);\r
\r
  mPhysicalAddressBits = 32;\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable) ||\r
      HEAP_GUARD_NONSTOP_MODE ||\r
      NULL_DETECTION_NONSTOP_MODE) {\r
    //\r
    // Set own Page Fault entry instead of the default one, because SMM Profile\r
    // feature depends on IRET instruction to do Single Step\r
    //\r
    PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
    IdtEntry  = (IA32_IDT_GATE_DESCRIPTOR *) gcSmiIdtr.Base;\r
    IdtEntry += EXCEPT_IA32_PAGE_FAULT;\r
    IdtEntry->Bits.OffsetLow      = (UINT16)PageFaultHandlerHookAddress;\r
    IdtEntry->Bits.Reserved_0     = 0;\r
    IdtEntry->Bits.GateType       = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
    IdtEntry->Bits.OffsetHigh     = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
  } else {\r
    //\r
    // Register SMM Page Fault Handler\r
    //\r
    Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  //\r
  // Additional SMM IDT initialization for SMM stack guard\r
  //\r
  if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
    InitializeIDTSmmStackGuard ();\r
  }\r
  return Gen4GPageTable (TRUE);\r
}\r
\r
/**\r
  Page Fault handler for SMM use.\r
\r
**/\r
VOID\r
SmiDefaultPFHandler (\r
  VOID\r
  )\r
{\r
  CpuDeadLoop ();\r
}\r
\r
/**\r
  ThePage Fault handler wrapper for SMM use.\r
\r
  @param  InterruptType    Defines the type of interrupt or exception that\r
                           occurred on the processor.This parameter is processor architecture specific.\r
  @param  SystemContext    A pointer to the processor context when\r
                           the interrupt occurred on the processor.\r
**/\r
VOID\r
EFIAPI\r
SmiPFHandler (\r
  IN EFI_EXCEPTION_TYPE   InterruptType,\r
  IN EFI_SYSTEM_CONTEXT   SystemContext\r
  )\r
{\r
  UINTN             PFAddress;\r
  UINTN             GuardPageAddress;\r
  UINTN             CpuIndex;\r
\r
  ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
\r
  AcquireSpinLock (mPFLock);\r
\r
  PFAddress = AsmReadCr2 ();\r
\r
  //\r
  // If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
  // or SMM page protection violation.\r
  //\r
  if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
      (PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))) {\r
    DumpCpuContext (InterruptType, SystemContext);\r
    CpuIndex = GetCpuIndex ();\r
    GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
    if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
        (PFAddress >= GuardPageAddress) &&\r
        (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {\r
      DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
    } else {\r
      if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
        );\r
      } else {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
        );\r
      }\r
\r
      if (HEAP_GUARD_NONSTOP_MODE) {\r
        GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
        goto Exit;\r
      }\r
    }\r
    CpuDeadLoop ();\r
    goto Exit;\r
  }\r
\r
  //\r
  // If a page fault occurs in non-SMRAM range.\r
  //\r
  if ((PFAddress < mCpuHotPlugData.SmrrBase) ||\r
      (PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)) {\r
    if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
      );\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
\r
    //\r
    // If NULL pointer was just accessed\r
    //\r
    if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0 &&\r
        (PFAddress < EFI_PAGE_SIZE)) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
      );\r
\r
      if (NULL_DETECTION_NONSTOP_MODE) {\r
        GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
        goto Exit;\r
      }\r
\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
\r
    if (IsSmmCommBufferForbiddenAddress (PFAddress)) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%x)!\n", PFAddress));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
      );\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
  }\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    SmmProfilePFHandler (\r
      SystemContext.SystemContextIa32->Eip,\r
      SystemContext.SystemContextIa32->ExceptionData\r
      );\r
  } else {\r
    DumpCpuContext (InterruptType, SystemContext);\r
    SmiDefaultPFHandler ();\r
  }\r
\r
Exit:\r
  ReleaseSpinLock (mPFLock);\r
}\r
\r
/**\r
  This function sets memory attribute for page table.\r
**/\r
VOID\r
SetPageTableAttributes (\r
  VOID\r
  )\r
{\r
  UINTN                 Index2;\r
  UINTN                 Index3;\r
  UINT64                *L1PageTable;\r
  UINT64                *L2PageTable;\r
  UINT64                *L3PageTable;\r
  UINTN                 PageTableBase;\r
  BOOLEAN               IsSplitted;\r
  BOOLEAN               PageTableSplitted;\r
  BOOLEAN               CetEnabled;\r
\r
  //\r
  // Don't mark page table to read-only if heap guard is enabled.\r
  //\r
  //      BIT2: SMM page guard enabled\r
  //      BIT3: SMM pool guard enabled\r
  //\r
  if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) {\r
    DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as heap guard is enabled\n"));\r
    return ;\r
  }\r
\r
  //\r
  // Don't mark page table to read-only if SMM profile is enabled.\r
  //\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as SMM profile is enabled\n"));\r
    return ;\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
\r
  //\r
  // Disable write protection, because we need mark page table to be write protected.\r
  // We need *write* page table memory, to mark itself to be *read only*.\r
  //\r
  CetEnabled = ((AsmReadCr4() & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;\r
  if (CetEnabled) {\r
    //\r
    // CET must be disabled if WP is disabled.\r
    //\r
    DisableCet();\r
  }\r
  AsmWriteCr0 (AsmReadCr0() & ~CR0_WP);\r
\r
  do {\r
    DEBUG ((DEBUG_INFO, "Start...\n"));\r
    PageTableSplitted = FALSE;\r
\r
    GetPageTable (&PageTableBase, NULL);\r
    L3PageTable = (UINT64 *)PageTableBase;\r
\r
    SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)PageTableBase, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
    PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
    for (Index3 = 0; Index3 < 4; Index3++) {\r
      L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
      if (L2PageTable == NULL) {\r
        continue;\r
      }\r
\r
      SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
      PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
      for (Index2 = 0; Index2 < SIZE_4KB/sizeof(UINT64); Index2++) {\r
        if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
          // 2M\r
          continue;\r
        }\r
        L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
        if (L1PageTable == NULL) {\r
          continue;\r
        }\r
        SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
        PageTableSplitted = (PageTableSplitted || IsSplitted);\r
      }\r
    }\r
  } while (PageTableSplitted);\r
\r
  //\r
  // Enable write protection, after page table updated.\r
  //\r
  AsmWriteCr0 (AsmReadCr0() | CR0_WP);\r
  if (CetEnabled) {\r
    //\r
    // re-enable CET.\r
    //\r
    EnableCet();\r
  }\r
\r
  return ;\r
}\r
\r
/**\r
  This function returns with no action for 32 bit.\r
\r
  @param[out]  *Cr2  Pointer to variable to hold CR2 register value.\r
**/\r
VOID\r
SaveCr2 (\r
  OUT UINTN  *Cr2\r
  )\r
{\r
  return ;\r
}\r
\r
/**\r
  This function returns with no action for 32 bit.\r
\r
  @param[in]  Cr2  Value to write into CR2 register.\r
**/\r
VOID\r
RestoreCr2 (\r
  IN UINTN  Cr2\r
  )\r
{\r
  return ;\r
}\r
\r
/**\r
  Return whether access to non-SMRAM is restricted.\r
\r
  @retval TRUE  Access to non-SMRAM is restricted.\r
  @retval FALSE Access to non-SMRAM is not restricted.\r
**/\r
BOOLEAN\r
IsRestrictedMemoryAccess (\r
  VOID\r
  )\r
{\r
  return TRUE;\r
}\r
Commit	Line	Data
7947da3c MK	1	/** @file\r
	2	Page table manipulation functions for IA-32 processors\r
	3	\r
3eb69b08	4	Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
241f9149 LD	5	Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
241f9149 LD	6	\r
0acd8697	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
7947da3c MK	8	\r
	9	**/\r
	10	\r
	11	#include "PiSmmCpuDxeSmm.h"\r
	12	\r
3eb69b08 JY	13	/**\r
	14	Disable CET.\r
	15	**/\r
	16	VOID\r
	17	EFIAPI\r
	18	DisableCet (\r
	19	VOID\r
	20	);\r
	21	\r
	22	/**\r
	23	Enable CET.\r
	24	**/\r
	25	VOID\r
	26	EFIAPI\r
	27	EnableCet (\r
	28	VOID\r
	29	);\r
	30	\r
404250c8 SW	31	/**\r
	32	Get page table base address and the depth of the page table.\r
	33	\r
	34	@param[out] Base Page table base address.\r
	35	@param[out] FiveLevels TRUE means 5 level paging. FALSE means 4 level paging.\r
	36	**/\r
	37	VOID\r
	38	GetPageTable (\r
	39	OUT UINTN *Base,\r
	40	OUT BOOLEAN *FiveLevels OPTIONAL\r
	41	)\r
	42	{\r
	43	*Base = ((mInternalCr3 == 0) ?\r
	44	(AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64) :\r
	45	mInternalCr3);\r
	46	if (FiveLevels != NULL) {\r
	47	*FiveLevels = FALSE;\r
	48	}\r
	49	}\r
	50	\r
7947da3c MK	51	/**\r
	52	Create PageTable for SMM use.\r
	53	\r
	54	@return PageTable Address\r
	55	\r
	56	**/\r
	57	UINT32\r
	58	SmmInitPageTable (\r
	59	VOID\r
	60	)\r
	61	{\r
	62	UINTN PageFaultHandlerHookAddress;\r
	63	IA32_IDT_GATE_DESCRIPTOR *IdtEntry;\r
5c88af79	64	EFI_STATUS Status;\r
7947da3c MK	65	\r
	66	//\r
	67	// Initialize spin lock\r
	68	//\r
fe3a75bc	69	InitializeSpinLock (mPFLock);\r
7947da3c	70	\r
714c2603 SZ	71	mPhysicalAddressBits = 32;\r
714c2603 SZ	72	\r
09afd9a4 JW	73	if (FeaturePcdGet (PcdCpuSmmProfileEnable) \|\|\r
	74	HEAP_GUARD_NONSTOP_MODE \|\|\r
	75	NULL_DETECTION_NONSTOP_MODE) {\r
7947da3c MK	76	//\r
	77	// Set own Page Fault entry instead of the default one, because SMM Profile\r
	78	// feature depends on IRET instruction to do Single Step\r
	79	//\r
	80	PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
	81	IdtEntry = (IA32_IDT_GATE_DESCRIPTOR *) gcSmiIdtr.Base;\r
	82	IdtEntry += EXCEPT_IA32_PAGE_FAULT;\r
	83	IdtEntry->Bits.OffsetLow = (UINT16)PageFaultHandlerHookAddress;\r
	84	IdtEntry->Bits.Reserved_0 = 0;\r
	85	IdtEntry->Bits.GateType = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
	86	IdtEntry->Bits.OffsetHigh = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
	87	} else {\r
	88	//\r
	89	// Register SMM Page Fault Handler\r
	90	//\r
5c88af79 JF	91	Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
5c88af79 JF	92	ASSERT_EFI_ERROR (Status);\r
7947da3c MK	93	}\r
	94	\r
	95	//\r
	96	// Additional SMM IDT initialization for SMM stack guard\r
	97	//\r
	98	if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
	99	InitializeIDTSmmStackGuard ();\r
	100	}\r
717fb604	101	return Gen4GPageTable (TRUE);\r
7947da3c MK	102	}\r
	103	\r
	104	/**\r
	105	Page Fault handler for SMM use.\r
	106	\r
	107	**/\r
	108	VOID\r
	109	SmiDefaultPFHandler (\r
	110	VOID\r
	111	)\r
	112	{\r
	113	CpuDeadLoop ();\r
	114	}\r
	115	\r
	116	/**\r
	117	ThePage Fault handler wrapper for SMM use.\r
	118	\r
	119	@param InterruptType Defines the type of interrupt or exception that\r
	120	occurred on the processor.This parameter is processor architecture specific.\r
	121	@param SystemContext A pointer to the processor context when\r
	122	the interrupt occurred on the processor.\r
	123	**/\r
	124	VOID\r
	125	EFIAPI\r
	126	SmiPFHandler (\r
b8caae19 JF	127	IN EFI_EXCEPTION_TYPE InterruptType,\r
b8caae19 JF	128	IN EFI_SYSTEM_CONTEXT SystemContext\r
7947da3c MK	129	)\r
	130	{\r
	131	UINTN PFAddress;\r
7fa1376c JY	132	UINTN GuardPageAddress;\r
7fa1376c JY	133	UINTN CpuIndex;\r
7947da3c MK	134	\r
	135	ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
	136	\r
fe3a75bc	137	AcquireSpinLock (mPFLock);\r
7947da3c MK	138	\r
	139	PFAddress = AsmReadCr2 ();\r
	140	\r
7fa1376c JY	141	//\r
	142	// If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
	143	// or SMM page protection violation.\r
	144	//\r
	145	if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
7947da3c	146	(PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))) {\r
b8caae19	147	DumpCpuContext (InterruptType, SystemContext);\r
7fa1376c JY	148	CpuIndex = GetCpuIndex ();\r
	149	GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
	150	if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
	151	(PFAddress >= GuardPageAddress) &&\r
	152	(PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {\r
	153	DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
	154	} else {\r
7fa1376c JY	155	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
	156	DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
	157	DEBUG_CODE (\r
	158	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	159	);\r
	160	} else {\r
	161	DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
	162	DEBUG_CODE (\r
	163	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	164	);\r
	165	}\r
09afd9a4 JW	166	\r
	167	if (HEAP_GUARD_NONSTOP_MODE) {\r
	168	GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
	169	goto Exit;\r
	170	}\r
7fa1376c	171	}\r
7947da3c	172	CpuDeadLoop ();\r
3eb69b08	173	goto Exit;\r
7947da3c MK	174	}\r
	175	\r
	176	//\r
8bf0380e	177	// If a page fault occurs in non-SMRAM range.\r
7947da3c MK	178	//\r
	179	if ((PFAddress < mCpuHotPlugData.SmrrBase) \|\|\r
	180	(PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)) {\r
	181	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
8bf0380e	182	DumpCpuContext (InterruptType, SystemContext);\r
717fb604	183	DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
7947da3c MK	184	DEBUG_CODE (\r
	185	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	186	);\r
	187	CpuDeadLoop ();\r
3eb69b08	188	goto Exit;\r
7947da3c	189	}\r
09afd9a4 JW	190	\r
	191	//\r
	192	// If NULL pointer was just accessed\r
	193	//\r
	194	if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0 &&\r
	195	(PFAddress < EFI_PAGE_SIZE)) {\r
	196	DumpCpuContext (InterruptType, SystemContext);\r
	197	DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
	198	DEBUG_CODE (\r
	199	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	200	);\r
	201	\r
	202	if (NULL_DETECTION_NONSTOP_MODE) {\r
	203	GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
	204	goto Exit;\r
	205	}\r
	206	\r
	207	CpuDeadLoop ();\r
3eb69b08	208	goto Exit;\r
09afd9a4 JW	209	}\r
09afd9a4 JW	210	\r
d2fc7711	211	if (IsSmmCommBufferForbiddenAddress (PFAddress)) {\r
8bf0380e	212	DumpCpuContext (InterruptType, SystemContext);\r
d2fc7711 JY	213	DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%x)!\n", PFAddress));\r
	214	DEBUG_CODE (\r
	215	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	216	);\r
	217	CpuDeadLoop ();\r
3eb69b08	218	goto Exit;\r
d2fc7711	219	}\r
7947da3c MK	220	}\r
	221	\r
	222	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	223	SmmProfilePFHandler (\r
	224	SystemContext.SystemContextIa32->Eip,\r
	225	SystemContext.SystemContextIa32->ExceptionData\r
	226	);\r
	227	} else {\r
b8caae19	228	DumpCpuContext (InterruptType, SystemContext);\r
7947da3c MK	229	SmiDefaultPFHandler ();\r
	230	}\r
	231	\r
09afd9a4	232	Exit:\r
fe3a75bc	233	ReleaseSpinLock (mPFLock);\r
7947da3c	234	}\r
717fb604 JY	235	\r
	236	/**\r
	237	This function sets memory attribute for page table.\r
	238	**/\r
	239	VOID\r
	240	SetPageTableAttributes (\r
	241	VOID\r
	242	)\r
	243	{\r
	244	UINTN Index2;\r
	245	UINTN Index3;\r
	246	UINT64 *L1PageTable;\r
	247	UINT64 *L2PageTable;\r
	248	UINT64 *L3PageTable;\r
404250c8	249	UINTN PageTableBase;\r
717fb604 JY	250	BOOLEAN IsSplitted;\r
717fb604 JY	251	BOOLEAN PageTableSplitted;\r
3eb69b08	252	BOOLEAN CetEnabled;\r
717fb604	253	\r
827330cc	254	//\r
1015fb3c	255	// Don't mark page table to read-only if heap guard is enabled.\r
827330cc JW	256	//\r
	257	// BIT2: SMM page guard enabled\r
	258	// BIT3: SMM pool guard enabled\r
	259	//\r
	260	if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 \| BIT2)) != 0) {\r
1015fb3c SZ	261	DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as heap guard is enabled\n"));\r
	262	return ;\r
	263	}\r
	264	\r
	265	//\r
	266	// Don't mark page table to read-only if SMM profile is enabled.\r
	267	//\r
	268	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	269	DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as SMM profile is enabled\n"));\r
827330cc JW	270	return ;\r
	271	}\r
	272	\r
717fb604 JY	273	DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
	274	\r
	275	//\r
	276	// Disable write protection, because we need mark page table to be write protected.\r
	277	// We need write page table memory, to mark itself to be read only.\r
	278	//\r
3eb69b08 JY	279	CetEnabled = ((AsmReadCr4() & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;\r
	280	if (CetEnabled) {\r
	281	//\r
	282	// CET must be disabled if WP is disabled.\r
	283	//\r
	284	DisableCet();\r
	285	}\r
717fb604 JY	286	AsmWriteCr0 (AsmReadCr0() & ~CR0_WP);\r
	287	\r
	288	do {\r
	289	DEBUG ((DEBUG_INFO, "Start...\n"));\r
	290	PageTableSplitted = FALSE;\r
	291	\r
404250c8 SW	292	GetPageTable (&PageTableBase, NULL);\r
404250c8 SW	293	L3PageTable = (UINT64 *)PageTableBase;\r
717fb604	294	\r
404250c8	295	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)PageTableBase, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
717fb604 JY	296	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	297	\r
	298	for (Index3 = 0; Index3 < 4; Index3++) {\r
241f9149	299	L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
717fb604 JY	300	if (L2PageTable == NULL) {\r
	301	continue;\r
	302	}\r
	303	\r
	304	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	305	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	306	\r
	307	for (Index2 = 0; Index2 < SIZE_4KB/sizeof(UINT64); Index2++) {\r
	308	if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
	309	// 2M\r
	310	continue;\r
	311	}\r
241f9149	312	L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
717fb604 JY	313	if (L1PageTable == NULL) {\r
	314	continue;\r
	315	}\r
	316	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	317	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	318	}\r
	319	}\r
	320	} while (PageTableSplitted);\r
	321	\r
	322	//\r
	323	// Enable write protection, after page table updated.\r
	324	//\r
	325	AsmWriteCr0 (AsmReadCr0() \| CR0_WP);\r
3eb69b08 JY	326	if (CetEnabled) {\r
	327	//\r
	328	// re-enable CET.\r
	329	//\r
	330	EnableCet();\r
	331	}\r
717fb604 JY	332	\r
	333	return ;\r
	334	}\r
37f9fea5 VN	335	\r
	336	/**\r
	337	This function returns with no action for 32 bit.\r
	338	\r
	339	@param[out] *Cr2 Pointer to variable to hold CR2 register value.\r
	340	**/\r
	341	VOID\r
	342	SaveCr2 (\r
	343	OUT UINTN *Cr2\r
	344	)\r
	345	{\r
	346	return ;\r
	347	}\r
	348	\r
	349	/**\r
	350	This function returns with no action for 32 bit.\r
	351	\r
	352	@param[in] Cr2 Value to write into CR2 register.\r
	353	**/\r
	354	VOID\r
	355	RestoreCr2 (\r
	356	IN UINTN Cr2\r
	357	)\r
	358	{\r
	359	return ;\r
	360	}\r
79186ddc RN	361	\r
	362	/**\r
	363	Return whether access to non-SMRAM is restricted.\r
	364	\r
	365	@retval TRUE Access to non-SMRAM is restricted.\r
	366	@retval FALSE Access to non-SMRAM is not restricted.\r
9c33f16f	367	**/\r
79186ddc RN	368	BOOLEAN\r
	369	IsRestrictedMemoryAccess (\r
	370	VOID\r
	371	)\r
	372	{\r
	373	return TRUE;\r
	374	}\r