[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / Ia32 / SmmFuncsArch.c

/** @file\r
  SMM CPU misc functions for Ia32 arch specific.\r
\r
Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "PiSmmCpuDxeSmm.h"\r
\r
extern UINT64 gTaskGateDescriptor;\r
\r
EFI_PHYSICAL_ADDRESS                mGdtBuffer;\r
UINTN                               mGdtBufferSize;\r
\r
extern BOOLEAN mCetSupported;\r
extern UINTN mSmmShadowStackSize;\r
\r
X86_ASSEMBLY_PATCH_LABEL mPatchCetPl0Ssp;\r
X86_ASSEMBLY_PATCH_LABEL mPatchCetInterruptSsp;\r
UINT32 mCetPl0Ssp;\r
UINT32 mCetInterruptSsp;\r
\r
/**\r
  Initialize IDT for SMM Stack Guard.\r
\r
**/\r
VOID\r
EFIAPI\r
InitializeIDTSmmStackGuard (\r
  VOID\r
  )\r
{\r
  IA32_IDT_GATE_DESCRIPTOR  *IdtGate;\r
\r
  //\r
  // If SMM Stack Guard feature is enabled, the Page Fault Exception entry in IDT\r
  // is a Task Gate Descriptor so that when a Page Fault Exception occurs,\r
  // the processors can use a known good stack in case stack is ran out.\r
  //\r
  IdtGate = (IA32_IDT_GATE_DESCRIPTOR *)gcSmiIdtr.Base;\r
  IdtGate += EXCEPT_IA32_PAGE_FAULT;\r
  IdtGate->Uint64 = gTaskGateDescriptor;\r
}\r
\r
/**\r
  Initialize Gdt for all processors.\r
\r
  @param[in]   Cr3          CR3 value.\r
  @param[out]  GdtStepSize  The step size for GDT table.\r
\r
  @return GdtBase for processor 0.\r
          GdtBase for processor X is: GdtBase + (GdtStepSize * X)\r
**/\r
VOID *\r
InitGdt (\r
  IN  UINTN  Cr3,\r
  OUT UINTN  *GdtStepSize\r
  )\r
{\r
  UINTN                     Index;\r
  IA32_SEGMENT_DESCRIPTOR   *GdtDescriptor;\r
  UINTN                     TssBase;\r
  UINTN                     GdtTssTableSize;\r
  UINT8                     *GdtTssTables;\r
  UINTN                     GdtTableStepSize;\r
  UINTN                     InterruptShadowStack;\r
\r
  if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
    //\r
    // For IA32 SMM, if SMM Stack Guard feature is enabled, we use 2 TSS.\r
    // in this case, we allocate separate GDT/TSS for each CPUs to avoid TSS load contention\r
    // on each SMI entry.\r
    //\r
\r
    //\r
    // Enlarge GDT to contain 2 TSS descriptors\r
    //\r
    gcSmiGdtr.Limit += (UINT16)(2 * sizeof (IA32_SEGMENT_DESCRIPTOR));\r
\r
    GdtTssTableSize = (gcSmiGdtr.Limit + 1 + TSS_SIZE + EXCEPTION_TSS_SIZE + 7) & ~7; // 8 bytes aligned\r
    mGdtBufferSize = GdtTssTableSize * gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus;\r
    //\r
    // IA32 Stack Guard need use task switch to switch stack that need\r
    // write GDT and TSS, so AllocateCodePages() could not be used here\r
    // as code pages will be set to RO.\r
    //\r
    GdtTssTables = (UINT8*)AllocatePages (EFI_SIZE_TO_PAGES (mGdtBufferSize));\r
    ASSERT (GdtTssTables != NULL);\r
    mGdtBuffer = (UINTN)GdtTssTables;\r
    GdtTableStepSize = GdtTssTableSize;\r
\r
    for (Index = 0; Index < gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus; Index++) {\r
      CopyMem (GdtTssTables + GdtTableStepSize * Index, (VOID*)(UINTN)gcSmiGdtr.Base, gcSmiGdtr.Limit + 1 + TSS_SIZE + EXCEPTION_TSS_SIZE);\r
      //\r
      // Fixup TSS descriptors\r
      //\r
      TssBase = (UINTN)(GdtTssTables + GdtTableStepSize * Index + gcSmiGdtr.Limit + 1);\r
      GdtDescriptor = (IA32_SEGMENT_DESCRIPTOR *)(TssBase) - 2;\r
      GdtDescriptor->Bits.BaseLow = (UINT16)TssBase;\r
      GdtDescriptor->Bits.BaseMid = (UINT8)(TssBase >> 16);\r
      GdtDescriptor->Bits.BaseHigh = (UINT8)(TssBase >> 24);\r
\r
      TssBase += TSS_SIZE;\r
      GdtDescriptor++;\r
      GdtDescriptor->Bits.BaseLow = (UINT16)TssBase;\r
      GdtDescriptor->Bits.BaseMid = (UINT8)(TssBase >> 16);\r
      GdtDescriptor->Bits.BaseHigh = (UINT8)(TssBase >> 24);\r
      //\r
      // Fixup TSS segments\r
      //\r
      // ESP as known good stack\r
      //\r
      *(UINTN *)(TssBase + TSS_IA32_ESP_OFFSET) =  mSmmStackArrayBase + EFI_PAGE_SIZE + Index * mSmmStackSize;\r
      *(UINT32 *)(TssBase + TSS_IA32_CR3_OFFSET) = Cr3;\r
\r
      //\r
      // Setup ShadowStack for stack switch\r
      //\r
      if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {\r
        InterruptShadowStack = (UINTN)(mSmmStackArrayBase + mSmmStackSize + EFI_PAGES_TO_SIZE (1) - sizeof(UINT64) + (mSmmStackSize + mSmmShadowStackSize) * Index);\r
        *(UINT32 *)(TssBase + TSS_IA32_SSP_OFFSET) = (UINT32)InterruptShadowStack;\r
      }\r
    }\r
  } else {\r
    //\r
    // Just use original table, AllocatePage and copy them here to make sure GDTs are covered in page memory.\r
    //\r
    GdtTssTableSize = gcSmiGdtr.Limit + 1;\r
    mGdtBufferSize = GdtTssTableSize * gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus;\r
    GdtTssTables = (UINT8*)AllocateCodePages (EFI_SIZE_TO_PAGES (mGdtBufferSize));\r
    ASSERT (GdtTssTables != NULL);\r
    mGdtBuffer = (UINTN)GdtTssTables;\r
    GdtTableStepSize = GdtTssTableSize;\r
\r
    for (Index = 0; Index < gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus; Index++) {\r
      CopyMem (GdtTssTables + GdtTableStepSize * Index, (VOID*)(UINTN)gcSmiGdtr.Base, gcSmiGdtr.Limit + 1);\r
    }\r
  }\r
\r
  *GdtStepSize = GdtTableStepSize;\r
  return GdtTssTables;\r
}\r
\r
/**\r
  Transfer AP to safe hlt-loop after it finished restore CPU features on S3 patch.\r
\r
  @param[in] ApHltLoopCode          The address of the safe hlt-loop function.\r
  @param[in] TopOfStack             A pointer to the new stack to use for the ApHltLoopCode.\r
  @param[in] NumberToFinishAddress  Address of Semaphore of APs finish count.\r
\r
**/\r
VOID\r
TransferApToSafeState (\r
  IN UINTN  ApHltLoopCode,\r
  IN UINTN  TopOfStack,\r
  IN UINTN  NumberToFinishAddress\r
  )\r
{\r
  SwitchStack (\r
    (SWITCH_STACK_ENTRY_POINT)ApHltLoopCode,\r
    (VOID *)NumberToFinishAddress,\r
    NULL,\r
    (VOID *)TopOfStack\r
    );\r
  //\r
  // It should never reach here\r
  //\r
  ASSERT (FALSE);\r
}\r
\r
/**\r
  Initialize the shadow stack related data structure.\r
\r
  @param CpuIndex     The index of CPU.\r
  @param ShadowStack  The bottom of the shadow stack for this CPU.\r
**/\r
VOID\r
InitShadowStack (\r
  IN UINTN  CpuIndex,\r
  IN VOID   *ShadowStack\r
  )\r
{\r
  UINTN       SmmShadowStackSize;\r
\r
  if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {\r
    SmmShadowStackSize = EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (PcdGet32 (PcdCpuSmmShadowStackSize)));\r
    if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
      SmmShadowStackSize += EFI_PAGES_TO_SIZE (2);\r
    }\r
    mCetPl0Ssp = (UINT32)((UINTN)ShadowStack + SmmShadowStackSize - sizeof(UINT64));\r
    PatchInstructionX86 (mPatchCetPl0Ssp, mCetPl0Ssp, 4);\r
    DEBUG ((DEBUG_INFO, "mCetPl0Ssp - 0x%x\n", mCetPl0Ssp));\r
    DEBUG ((DEBUG_INFO, "ShadowStack - 0x%x\n", ShadowStack));\r
    DEBUG ((DEBUG_INFO, "  SmmShadowStackSize - 0x%x\n", SmmShadowStackSize));\r
\r
    if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
      mCetInterruptSsp = (UINT32)((UINTN)ShadowStack + EFI_PAGES_TO_SIZE(1) - sizeof(UINT64));\r
      PatchInstructionX86 (mPatchCetInterruptSsp, mCetInterruptSsp, 4);\r
      DEBUG ((DEBUG_INFO, "mCetInterruptSsp - 0x%x\n", mCetInterruptSsp));\r
    }\r
  }\r
}\r
\r
Commit	Line	Data
fe5f1949 JY	1	/** @file\r
fe5f1949 JY	2	SMM CPU misc functions for Ia32 arch specific.\r
7367cc6c	3	\r
3eb69b08	4	Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>\r
0acd8697	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
fe5f1949 JY	6	\r
	7	**/\r
	8	\r
	9	#include "PiSmmCpuDxeSmm.h"\r
	10	\r
717fb604 JY	11	extern UINT64 gTaskGateDescriptor;\r
	12	\r
	13	EFI_PHYSICAL_ADDRESS mGdtBuffer;\r
	14	UINTN mGdtBufferSize;\r
	15	\r
3eb69b08 JY	16	extern BOOLEAN mCetSupported;\r
	17	extern UINTN mSmmShadowStackSize;\r
	18	\r
	19	X86_ASSEMBLY_PATCH_LABEL mPatchCetPl0Ssp;\r
	20	X86_ASSEMBLY_PATCH_LABEL mPatchCetInterruptSsp;\r
	21	UINT32 mCetPl0Ssp;\r
	22	UINT32 mCetInterruptSsp;\r
	23	\r
717fb604 JY	24	/**\r
	25	Initialize IDT for SMM Stack Guard.\r
	26	\r
	27	**/\r
	28	VOID\r
	29	EFIAPI\r
	30	InitializeIDTSmmStackGuard (\r
	31	VOID\r
	32	)\r
	33	{\r
	34	IA32_IDT_GATE_DESCRIPTOR *IdtGate;\r
	35	\r
	36	//\r
	37	// If SMM Stack Guard feature is enabled, the Page Fault Exception entry in IDT\r
	38	// is a Task Gate Descriptor so that when a Page Fault Exception occurs,\r
	39	// the processors can use a known good stack in case stack is ran out.\r
	40	//\r
	41	IdtGate = (IA32_IDT_GATE_DESCRIPTOR *)gcSmiIdtr.Base;\r
	42	IdtGate += EXCEPT_IA32_PAGE_FAULT;\r
	43	IdtGate->Uint64 = gTaskGateDescriptor;\r
	44	}\r
	45	\r
fe5f1949 JY	46	/**\r
fe5f1949 JY	47	Initialize Gdt for all processors.\r
7367cc6c	48	\r
fe5f1949 JY	49	@param[in] Cr3 CR3 value.\r
	50	@param[out] GdtStepSize The step size for GDT table.\r
	51	\r
	52	@return GdtBase for processor 0.\r
	53	GdtBase for processor X is: GdtBase + (GdtStepSize * X)\r
	54	**/\r
	55	VOID *\r
	56	InitGdt (\r
	57	IN UINTN Cr3,\r
	58	OUT UINTN *GdtStepSize\r
	59	)\r
	60	{\r
	61	UINTN Index;\r
	62	IA32_SEGMENT_DESCRIPTOR *GdtDescriptor;\r
	63	UINTN TssBase;\r
	64	UINTN GdtTssTableSize;\r
	65	UINT8 *GdtTssTables;\r
	66	UINTN GdtTableStepSize;\r
3eb69b08	67	UINTN InterruptShadowStack;\r
fe5f1949 JY	68	\r
	69	if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
	70	//\r
	71	// For IA32 SMM, if SMM Stack Guard feature is enabled, we use 2 TSS.\r
	72	// in this case, we allocate separate GDT/TSS for each CPUs to avoid TSS load contention\r
	73	// on each SMI entry.\r
	74	//\r
	75	\r
	76	//\r
	77	// Enlarge GDT to contain 2 TSS descriptors\r
	78	//\r
	79	gcSmiGdtr.Limit += (UINT16)(2 * sizeof (IA32_SEGMENT_DESCRIPTOR));\r
	80	\r
3eb69b08	81	GdtTssTableSize = (gcSmiGdtr.Limit + 1 + TSS_SIZE + EXCEPTION_TSS_SIZE + 7) & ~7; // 8 bytes aligned\r
717fb604	82	mGdtBufferSize = GdtTssTableSize * gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus;\r
6e601a41 SZ	83	//\r
	84	// IA32 Stack Guard need use task switch to switch stack that need\r
	85	// write GDT and TSS, so AllocateCodePages() could not be used here\r
7367cc6c	86	// as code pages will be set to RO.\r
6e601a41 SZ	87	//\r
6e601a41 SZ	88	GdtTssTables = (UINT8*)AllocatePages (EFI_SIZE_TO_PAGES (mGdtBufferSize));\r
fe5f1949	89	ASSERT (GdtTssTables != NULL);\r
717fb604	90	mGdtBuffer = (UINTN)GdtTssTables;\r
fe5f1949 JY	91	GdtTableStepSize = GdtTssTableSize;\r
	92	\r
	93	for (Index = 0; Index < gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus; Index++) {\r
3eb69b08	94	CopyMem (GdtTssTables + GdtTableStepSize * Index, (VOID*)(UINTN)gcSmiGdtr.Base, gcSmiGdtr.Limit + 1 + TSS_SIZE + EXCEPTION_TSS_SIZE);\r
fe5f1949 JY	95	//\r
	96	// Fixup TSS descriptors\r
	97	//\r
	98	TssBase = (UINTN)(GdtTssTables + GdtTableStepSize * Index + gcSmiGdtr.Limit + 1);\r
	99	GdtDescriptor = (IA32_SEGMENT_DESCRIPTOR *)(TssBase) - 2;\r
	100	GdtDescriptor->Bits.BaseLow = (UINT16)TssBase;\r
	101	GdtDescriptor->Bits.BaseMid = (UINT8)(TssBase >> 16);\r
	102	GdtDescriptor->Bits.BaseHigh = (UINT8)(TssBase >> 24);\r
	103	\r
	104	TssBase += TSS_SIZE;\r
	105	GdtDescriptor++;\r
	106	GdtDescriptor->Bits.BaseLow = (UINT16)TssBase;\r
	107	GdtDescriptor->Bits.BaseMid = (UINT8)(TssBase >> 16);\r
	108	GdtDescriptor->Bits.BaseHigh = (UINT8)(TssBase >> 24);\r
	109	//\r
	110	// Fixup TSS segments\r
	111	//\r
	112	// ESP as known good stack\r
	113	//\r
	114	(UINTN )(TssBase + TSS_IA32_ESP_OFFSET) = mSmmStackArrayBase + EFI_PAGE_SIZE + Index * mSmmStackSize;\r
	115	(UINT32 )(TssBase + TSS_IA32_CR3_OFFSET) = Cr3;\r
3eb69b08 JY	116	\r
	117	//\r
	118	// Setup ShadowStack for stack switch\r
	119	//\r
	120	if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {\r
	121	InterruptShadowStack = (UINTN)(mSmmStackArrayBase + mSmmStackSize + EFI_PAGES_TO_SIZE (1) - sizeof(UINT64) + (mSmmStackSize + mSmmShadowStackSize) * Index);\r
	122	(UINT32 )(TssBase + TSS_IA32_SSP_OFFSET) = (UINT32)InterruptShadowStack;\r
	123	}\r
fe5f1949 JY	124	}\r
	125	} else {\r
	126	//\r
	127	// Just use original table, AllocatePage and copy them here to make sure GDTs are covered in page memory.\r
	128	//\r
	129	GdtTssTableSize = gcSmiGdtr.Limit + 1;\r
717fb604 JY	130	mGdtBufferSize = GdtTssTableSize * gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus;\r
717fb604 JY	131	GdtTssTables = (UINT8*)AllocateCodePages (EFI_SIZE_TO_PAGES (mGdtBufferSize));\r
fe5f1949	132	ASSERT (GdtTssTables != NULL);\r
717fb604	133	mGdtBuffer = (UINTN)GdtTssTables;\r
fe5f1949 JY	134	GdtTableStepSize = GdtTssTableSize;\r
	135	\r
	136	for (Index = 0; Index < gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus; Index++) {\r
	137	CopyMem (GdtTssTables + GdtTableStepSize * Index, (VOID*)(UINTN)gcSmiGdtr.Base, gcSmiGdtr.Limit + 1);\r
	138	}\r
	139	}\r
	140	\r
	141	*GdtStepSize = GdtTableStepSize;\r
	142	return GdtTssTables;\r
	143	}\r
4a0f88dd JF	144	\r
	145	/**\r
	146	Transfer AP to safe hlt-loop after it finished restore CPU features on S3 patch.\r
	147	\r
672b80c8 MK	148	@param[in] ApHltLoopCode The address of the safe hlt-loop function.\r
	149	@param[in] TopOfStack A pointer to the new stack to use for the ApHltLoopCode.\r
	150	@param[in] NumberToFinishAddress Address of Semaphore of APs finish count.\r
4a0f88dd JF	151	\r
	152	**/\r
	153	VOID\r
	154	TransferApToSafeState (\r
672b80c8 MK	155	IN UINTN ApHltLoopCode,\r
	156	IN UINTN TopOfStack,\r
	157	IN UINTN NumberToFinishAddress\r
4a0f88dd JF	158	)\r
	159	{\r
	160	SwitchStack (\r
672b80c8 MK	161	(SWITCH_STACK_ENTRY_POINT)ApHltLoopCode,\r
672b80c8 MK	162	(VOID *)NumberToFinishAddress,\r
4a0f88dd	163	NULL,\r
672b80c8	164	(VOID *)TopOfStack\r
4a0f88dd JF	165	);\r
	166	//\r
	167	// It should never reach here\r
	168	//\r
	169	ASSERT (FALSE);\r
	170	}\r
3eb69b08 JY	171	\r
	172	/**\r
	173	Initialize the shadow stack related data structure.\r
	174	\r
	175	@param CpuIndex The index of CPU.\r
	176	@param ShadowStack The bottom of the shadow stack for this CPU.\r
	177	**/\r
	178	VOID\r
	179	InitShadowStack (\r
	180	IN UINTN CpuIndex,\r
	181	IN VOID *ShadowStack\r
	182	)\r
	183	{\r
	184	UINTN SmmShadowStackSize;\r
	185	\r
	186	if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {\r
	187	SmmShadowStackSize = EFI_PAGES_TO_SIZE (EFI_SIZE_TO_PAGES (PcdGet32 (PcdCpuSmmShadowStackSize)));\r
	188	if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
	189	SmmShadowStackSize += EFI_PAGES_TO_SIZE (2);\r
	190	}\r
	191	mCetPl0Ssp = (UINT32)((UINTN)ShadowStack + SmmShadowStackSize - sizeof(UINT64));\r
	192	PatchInstructionX86 (mPatchCetPl0Ssp, mCetPl0Ssp, 4);\r
	193	DEBUG ((DEBUG_INFO, "mCetPl0Ssp - 0x%x\n", mCetPl0Ssp));\r
	194	DEBUG ((DEBUG_INFO, "ShadowStack - 0x%x\n", ShadowStack));\r
	195	DEBUG ((DEBUG_INFO, " SmmShadowStackSize - 0x%x\n", SmmShadowStackSize));\r
	196	\r
	197	if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
	198	mCetInterruptSsp = (UINT32)((UINTN)ShadowStack + EFI_PAGES_TO_SIZE(1) - sizeof(UINT64));\r
	199	PatchInstructionX86 (mPatchCetInterruptSsp, mCetInterruptSsp, 4);\r
	200	DEBUG ((DEBUG_INFO, "mCetInterruptSsp - 0x%x\n", mCetInterruptSsp));\r
	201	}\r
	202	}\r
	203	}\r
	204	\r