[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / Ia32 / PageTbl.c

/** @file\r
Page table manipulation functions for IA-32 processors\r
\r
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "PiSmmCpuDxeSmm.h"\r
\r
/**\r
  Disable CET.\r
**/\r
VOID\r
EFIAPI\r
DisableCet (\r
  VOID\r
  );\r
\r
/**\r
  Enable CET.\r
**/\r
VOID\r
EFIAPI\r
EnableCet (\r
  VOID\r
  );\r
\r
/**\r
  Get page table base address and the depth of the page table.\r
\r
  @param[out] Base        Page table base address.\r
  @param[out] FiveLevels  TRUE means 5 level paging. FALSE means 4 level paging.\r
**/\r
VOID\r
GetPageTable (\r
  OUT UINTN    *Base,\r
  OUT BOOLEAN  *FiveLevels OPTIONAL\r
  )\r
{\r
  *Base = ((mInternalCr3 == 0) ?\r
           (AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64) :\r
           mInternalCr3);\r
  if (FiveLevels != NULL) {\r
    *FiveLevels = FALSE;\r
  }\r
}\r
\r
/**\r
  Create PageTable for SMM use.\r
\r
  @return     PageTable Address\r
\r
**/\r
UINT32\r
SmmInitPageTable (\r
  VOID\r
  )\r
{\r
  UINTN                     PageFaultHandlerHookAddress;\r
  IA32_IDT_GATE_DESCRIPTOR  *IdtEntry;\r
  EFI_STATUS                Status;\r
\r
  //\r
  // Initialize spin lock\r
  //\r
  InitializeSpinLock (mPFLock);\r
\r
  mPhysicalAddressBits = 32;\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable) ||\r
      HEAP_GUARD_NONSTOP_MODE ||\r
      NULL_DETECTION_NONSTOP_MODE)\r
  {\r
    //\r
    // Set own Page Fault entry instead of the default one, because SMM Profile\r
    // feature depends on IRET instruction to do Single Step\r
    //\r
    PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
    IdtEntry                    = (IA32_IDT_GATE_DESCRIPTOR *)gcSmiIdtr.Base;\r
    IdtEntry                   += EXCEPT_IA32_PAGE_FAULT;\r
    IdtEntry->Bits.OffsetLow    = (UINT16)PageFaultHandlerHookAddress;\r
    IdtEntry->Bits.Reserved_0   = 0;\r
    IdtEntry->Bits.GateType     = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
    IdtEntry->Bits.OffsetHigh   = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
  } else {\r
    //\r
    // Register SMM Page Fault Handler\r
    //\r
    Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  //\r
  // Additional SMM IDT initialization for SMM stack guard\r
  //\r
  if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
    InitializeIDTSmmStackGuard ();\r
  }\r
\r
  return Gen4GPageTable (TRUE);\r
}\r
\r
/**\r
  Page Fault handler for SMM use.\r
\r
**/\r
VOID\r
SmiDefaultPFHandler (\r
  VOID\r
  )\r
{\r
  CpuDeadLoop ();\r
}\r
\r
/**\r
  ThePage Fault handler wrapper for SMM use.\r
\r
  @param  InterruptType    Defines the type of interrupt or exception that\r
                           occurred on the processor.This parameter is processor architecture specific.\r
  @param  SystemContext    A pointer to the processor context when\r
                           the interrupt occurred on the processor.\r
**/\r
VOID\r
EFIAPI\r
SmiPFHandler (\r
  IN EFI_EXCEPTION_TYPE  InterruptType,\r
  IN EFI_SYSTEM_CONTEXT  SystemContext\r
  )\r
{\r
  UINTN  PFAddress;\r
  UINTN  GuardPageAddress;\r
  UINTN  CpuIndex;\r
\r
  ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
\r
  AcquireSpinLock (mPFLock);\r
\r
  PFAddress = AsmReadCr2 ();\r
\r
  //\r
  // If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
  // or SMM page protection violation.\r
  //\r
  if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
      (PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)))\r
  {\r
    DumpCpuContext (InterruptType, SystemContext);\r
    CpuIndex         = GetCpuIndex ();\r
    GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
    if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
        (PFAddress >= GuardPageAddress) &&\r
        (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE)))\r
    {\r
      DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
    } else {\r
      if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
          );\r
      } else {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
          );\r
      }\r
\r
      if (HEAP_GUARD_NONSTOP_MODE) {\r
        GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
        goto Exit;\r
      }\r
    }\r
\r
    CpuDeadLoop ();\r
    goto Exit;\r
  }\r
\r
  //\r
  // If a page fault occurs in non-SMRAM range.\r
  //\r
  if ((PFAddress < mCpuHotPlugData.SmrrBase) ||\r
      (PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))\r
  {\r
    if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
        );\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
\r
    //\r
    // If NULL pointer was just accessed\r
    //\r
    if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&\r
        (PFAddress < EFI_PAGE_SIZE))\r
    {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
        );\r
\r
      if (NULL_DETECTION_NONSTOP_MODE) {\r
        GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
        goto Exit;\r
      }\r
\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
\r
    if (IsSmmCommBufferForbiddenAddress (PFAddress)) {\r
      DumpCpuContext (InterruptType, SystemContext);\r
      DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%x)!\n", PFAddress));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
        );\r
      CpuDeadLoop ();\r
      goto Exit;\r
    }\r
  }\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    SmmProfilePFHandler (\r
      SystemContext.SystemContextIa32->Eip,\r
      SystemContext.SystemContextIa32->ExceptionData\r
      );\r
  } else {\r
    DumpCpuContext (InterruptType, SystemContext);\r
    SmiDefaultPFHandler ();\r
  }\r
\r
Exit:\r
  ReleaseSpinLock (mPFLock);\r
}\r
\r
/**\r
  This function sets memory attribute for page table.\r
**/\r
VOID\r
SetPageTableAttributes (\r
  VOID\r
  )\r
{\r
  UINTN    Index2;\r
  UINTN    Index3;\r
  UINT64   *L1PageTable;\r
  UINT64   *L2PageTable;\r
  UINT64   *L3PageTable;\r
  UINTN    PageTableBase;\r
  BOOLEAN  IsSplitted;\r
  BOOLEAN  PageTableSplitted;\r
  BOOLEAN  CetEnabled;\r
\r
  //\r
  // Don't mark page table to read-only if heap guard is enabled.\r
  //\r
  //      BIT2: SMM page guard enabled\r
  //      BIT3: SMM pool guard enabled\r
  //\r
  if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) {\r
    DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as heap guard is enabled\n"));\r
    return;\r
  }\r
\r
  //\r
  // Don't mark page table to read-only if SMM profile is enabled.\r
  //\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as SMM profile is enabled\n"));\r
    return;\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
\r
  //\r
  // Disable write protection, because we need mark page table to be write protected.\r
  // We need *write* page table memory, to mark itself to be *read only*.\r
  //\r
  CetEnabled = ((AsmReadCr4 () & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;\r
  if (CetEnabled) {\r
    //\r
    // CET must be disabled if WP is disabled.\r
    //\r
    DisableCet ();\r
  }\r
\r
  AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP);\r
\r
  do {\r
    DEBUG ((DEBUG_INFO, "Start...\n"));\r
    PageTableSplitted = FALSE;\r
\r
    GetPageTable (&PageTableBase, NULL);\r
    L3PageTable = (UINT64 *)PageTableBase;\r
\r
    SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)PageTableBase, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
    PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
    for (Index3 = 0; Index3 < 4; Index3++) {\r
      L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
      if (L2PageTable == NULL) {\r
        continue;\r
      }\r
\r
      SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
      PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
      for (Index2 = 0; Index2 < SIZE_4KB/sizeof (UINT64); Index2++) {\r
        if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
          // 2M\r
          continue;\r
        }\r
\r
        L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
        if (L1PageTable == NULL) {\r
          continue;\r
        }\r
\r
        SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
        PageTableSplitted = (PageTableSplitted || IsSplitted);\r
      }\r
    }\r
  } while (PageTableSplitted);\r
\r
  //\r
  // Enable write protection, after page table updated.\r
  //\r
  AsmWriteCr0 (AsmReadCr0 () | CR0_WP);\r
  if (CetEnabled) {\r
    //\r
    // re-enable CET.\r
    //\r
    EnableCet ();\r
  }\r
\r
  return;\r
}\r
\r
/**\r
  This function returns with no action for 32 bit.\r
\r
  @param[out]  *Cr2  Pointer to variable to hold CR2 register value.\r
**/\r
VOID\r
SaveCr2 (\r
  OUT UINTN  *Cr2\r
  )\r
{\r
  return;\r
}\r
\r
/**\r
  This function returns with no action for 32 bit.\r
\r
  @param[in]  Cr2  Value to write into CR2 register.\r
**/\r
VOID\r
RestoreCr2 (\r
  IN UINTN  Cr2\r
  )\r
{\r
  return;\r
}\r
\r
/**\r
  Return whether access to non-SMRAM is restricted.\r
\r
  @retval TRUE  Access to non-SMRAM is restricted.\r
  @retval FALSE Access to non-SMRAM is not restricted.\r
**/\r
BOOLEAN\r
IsRestrictedMemoryAccess (\r
  VOID\r
  )\r
{\r
  return TRUE;\r
}\r
Commit	Line	Data
	1	/** @file\r
	2	Page table manipulation functions for IA-32 processors\r
	3	\r
	4	Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
	5	Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>\r
	6	\r
	7	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	8	\r
	9	**/\r
	10	\r
	11	#include "PiSmmCpuDxeSmm.h"\r
	12	\r
	13	/**\r
	14	Disable CET.\r
	15	**/\r
	16	VOID\r
	17	EFIAPI\r
	18	DisableCet (\r
	19	VOID\r
	20	);\r
	21	\r
	22	/**\r
	23	Enable CET.\r
	24	**/\r
	25	VOID\r
	26	EFIAPI\r
	27	EnableCet (\r
	28	VOID\r
	29	);\r
	30	\r
	31	/**\r
	32	Get page table base address and the depth of the page table.\r
	33	\r
	34	@param[out] Base Page table base address.\r
	35	@param[out] FiveLevels TRUE means 5 level paging. FALSE means 4 level paging.\r
	36	**/\r
	37	VOID\r
	38	GetPageTable (\r
	39	OUT UINTN *Base,\r
	40	OUT BOOLEAN *FiveLevels OPTIONAL\r
	41	)\r
	42	{\r
	43	*Base = ((mInternalCr3 == 0) ?\r
	44	(AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64) :\r
	45	mInternalCr3);\r
	46	if (FiveLevels != NULL) {\r
	47	*FiveLevels = FALSE;\r
	48	}\r
	49	}\r
	50	\r
	51	/**\r
	52	Create PageTable for SMM use.\r
	53	\r
	54	@return PageTable Address\r
	55	\r
	56	**/\r
	57	UINT32\r
	58	SmmInitPageTable (\r
	59	VOID\r
	60	)\r
	61	{\r
	62	UINTN PageFaultHandlerHookAddress;\r
	63	IA32_IDT_GATE_DESCRIPTOR *IdtEntry;\r
	64	EFI_STATUS Status;\r
	65	\r
	66	//\r
	67	// Initialize spin lock\r
	68	//\r
	69	InitializeSpinLock (mPFLock);\r
	70	\r
	71	mPhysicalAddressBits = 32;\r
	72	\r
	73	if (FeaturePcdGet (PcdCpuSmmProfileEnable) \|\|\r
	74	HEAP_GUARD_NONSTOP_MODE \|\|\r
	75	NULL_DETECTION_NONSTOP_MODE)\r
	76	{\r
	77	//\r
	78	// Set own Page Fault entry instead of the default one, because SMM Profile\r
	79	// feature depends on IRET instruction to do Single Step\r
	80	//\r
	81	PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
	82	IdtEntry = (IA32_IDT_GATE_DESCRIPTOR *)gcSmiIdtr.Base;\r
	83	IdtEntry += EXCEPT_IA32_PAGE_FAULT;\r
	84	IdtEntry->Bits.OffsetLow = (UINT16)PageFaultHandlerHookAddress;\r
	85	IdtEntry->Bits.Reserved_0 = 0;\r
	86	IdtEntry->Bits.GateType = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
	87	IdtEntry->Bits.OffsetHigh = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
	88	} else {\r
	89	//\r
	90	// Register SMM Page Fault Handler\r
	91	//\r
	92	Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
	93	ASSERT_EFI_ERROR (Status);\r
	94	}\r
	95	\r
	96	//\r
	97	// Additional SMM IDT initialization for SMM stack guard\r
	98	//\r
	99	if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
	100	InitializeIDTSmmStackGuard ();\r
	101	}\r
	102	\r
	103	return Gen4GPageTable (TRUE);\r
	104	}\r
	105	\r
	106	/**\r
	107	Page Fault handler for SMM use.\r
	108	\r
	109	**/\r
	110	VOID\r
	111	SmiDefaultPFHandler (\r
	112	VOID\r
	113	)\r
	114	{\r
	115	CpuDeadLoop ();\r
	116	}\r
	117	\r
	118	/**\r
	119	ThePage Fault handler wrapper for SMM use.\r
	120	\r
	121	@param InterruptType Defines the type of interrupt or exception that\r
	122	occurred on the processor.This parameter is processor architecture specific.\r
	123	@param SystemContext A pointer to the processor context when\r
	124	the interrupt occurred on the processor.\r
	125	**/\r
	126	VOID\r
	127	EFIAPI\r
	128	SmiPFHandler (\r
	129	IN EFI_EXCEPTION_TYPE InterruptType,\r
	130	IN EFI_SYSTEM_CONTEXT SystemContext\r
	131	)\r
	132	{\r
	133	UINTN PFAddress;\r
	134	UINTN GuardPageAddress;\r
	135	UINTN CpuIndex;\r
	136	\r
	137	ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
	138	\r
	139	AcquireSpinLock (mPFLock);\r
	140	\r
	141	PFAddress = AsmReadCr2 ();\r
	142	\r
	143	//\r
	144	// If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
	145	// or SMM page protection violation.\r
	146	//\r
	147	if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
	148	(PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)))\r
	149	{\r
	150	DumpCpuContext (InterruptType, SystemContext);\r
	151	CpuIndex = GetCpuIndex ();\r
	152	GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
	153	if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
	154	(PFAddress >= GuardPageAddress) &&\r
	155	(PFAddress < (GuardPageAddress + EFI_PAGE_SIZE)))\r
	156	{\r
	157	DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
	158	} else {\r
	159	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
	160	DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
	161	DEBUG_CODE (\r
	162	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	163	);\r
	164	} else {\r
	165	DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
	166	DEBUG_CODE (\r
	167	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	168	);\r
	169	}\r
	170	\r
	171	if (HEAP_GUARD_NONSTOP_MODE) {\r
	172	GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
	173	goto Exit;\r
	174	}\r
	175	}\r
	176	\r
	177	CpuDeadLoop ();\r
	178	goto Exit;\r
	179	}\r
	180	\r
	181	//\r
	182	// If a page fault occurs in non-SMRAM range.\r
	183	//\r
	184	if ((PFAddress < mCpuHotPlugData.SmrrBase) \|\|\r
	185	(PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))\r
	186	{\r
	187	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
	188	DumpCpuContext (InterruptType, SystemContext);\r
	189	DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
	190	DEBUG_CODE (\r
	191	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	192	);\r
	193	CpuDeadLoop ();\r
	194	goto Exit;\r
	195	}\r
	196	\r
	197	//\r
	198	// If NULL pointer was just accessed\r
	199	//\r
	200	if (((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) &&\r
	201	(PFAddress < EFI_PAGE_SIZE))\r
	202	{\r
	203	DumpCpuContext (InterruptType, SystemContext);\r
	204	DEBUG ((DEBUG_ERROR, "!!! NULL pointer access !!!\n"));\r
	205	DEBUG_CODE (\r
	206	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	207	);\r
	208	\r
	209	if (NULL_DETECTION_NONSTOP_MODE) {\r
	210	GuardPagePFHandler (SystemContext.SystemContextIa32->ExceptionData);\r
	211	goto Exit;\r
	212	}\r
	213	\r
	214	CpuDeadLoop ();\r
	215	goto Exit;\r
	216	}\r
	217	\r
	218	if (IsSmmCommBufferForbiddenAddress (PFAddress)) {\r
	219	DumpCpuContext (InterruptType, SystemContext);\r
	220	DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%x)!\n", PFAddress));\r
	221	DEBUG_CODE (\r
	222	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	223	);\r
	224	CpuDeadLoop ();\r
	225	goto Exit;\r
	226	}\r
	227	}\r
	228	\r
	229	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	230	SmmProfilePFHandler (\r
	231	SystemContext.SystemContextIa32->Eip,\r
	232	SystemContext.SystemContextIa32->ExceptionData\r
	233	);\r
	234	} else {\r
	235	DumpCpuContext (InterruptType, SystemContext);\r
	236	SmiDefaultPFHandler ();\r
	237	}\r
	238	\r
	239	Exit:\r
	240	ReleaseSpinLock (mPFLock);\r
	241	}\r
	242	\r
	243	/**\r
	244	This function sets memory attribute for page table.\r
	245	**/\r
	246	VOID\r
	247	SetPageTableAttributes (\r
	248	VOID\r
	249	)\r
	250	{\r
	251	UINTN Index2;\r
	252	UINTN Index3;\r
	253	UINT64 *L1PageTable;\r
	254	UINT64 *L2PageTable;\r
	255	UINT64 *L3PageTable;\r
	256	UINTN PageTableBase;\r
	257	BOOLEAN IsSplitted;\r
	258	BOOLEAN PageTableSplitted;\r
	259	BOOLEAN CetEnabled;\r
	260	\r
	261	//\r
	262	// Don't mark page table to read-only if heap guard is enabled.\r
	263	//\r
	264	// BIT2: SMM page guard enabled\r
	265	// BIT3: SMM pool guard enabled\r
	266	//\r
	267	if ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 \| BIT2)) != 0) {\r
	268	DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as heap guard is enabled\n"));\r
	269	return;\r
	270	}\r
	271	\r
	272	//\r
	273	// Don't mark page table to read-only if SMM profile is enabled.\r
	274	//\r
	275	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	276	DEBUG ((DEBUG_INFO, "Don't mark page table to read-only as SMM profile is enabled\n"));\r
	277	return;\r
	278	}\r
	279	\r
	280	DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
	281	\r
	282	//\r
	283	// Disable write protection, because we need mark page table to be write protected.\r
	284	// We need write page table memory, to mark itself to be read only.\r
	285	//\r
	286	CetEnabled = ((AsmReadCr4 () & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;\r
	287	if (CetEnabled) {\r
	288	//\r
	289	// CET must be disabled if WP is disabled.\r
	290	//\r
	291	DisableCet ();\r
	292	}\r
	293	\r
	294	AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP);\r
	295	\r
	296	do {\r
	297	DEBUG ((DEBUG_INFO, "Start...\n"));\r
	298	PageTableSplitted = FALSE;\r
	299	\r
	300	GetPageTable (&PageTableBase, NULL);\r
	301	L3PageTable = (UINT64 *)PageTableBase;\r
	302	\r
	303	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)PageTableBase, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	304	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	305	\r
	306	for (Index3 = 0; Index3 < 4; Index3++) {\r
	307	L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
	308	if (L2PageTable == NULL) {\r
	309	continue;\r
	310	}\r
	311	\r
	312	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	313	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	314	\r
	315	for (Index2 = 0; Index2 < SIZE_4KB/sizeof (UINT64); Index2++) {\r
	316	if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
	317	// 2M\r
	318	continue;\r
	319	}\r
	320	\r
	321	L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & ~mAddressEncMask & PAGING_4K_ADDRESS_MASK_64);\r
	322	if (L1PageTable == NULL) {\r
	323	continue;\r
	324	}\r
	325	\r
	326	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	327	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	328	}\r
	329	}\r
	330	} while (PageTableSplitted);\r
	331	\r
	332	//\r
	333	// Enable write protection, after page table updated.\r
	334	//\r
	335	AsmWriteCr0 (AsmReadCr0 () \| CR0_WP);\r
	336	if (CetEnabled) {\r
	337	//\r
	338	// re-enable CET.\r
	339	//\r
	340	EnableCet ();\r
	341	}\r
	342	\r
	343	return;\r
	344	}\r
	345	\r
	346	/**\r
	347	This function returns with no action for 32 bit.\r
	348	\r
	349	@param[out] *Cr2 Pointer to variable to hold CR2 register value.\r
	350	**/\r
	351	VOID\r
	352	SaveCr2 (\r
	353	OUT UINTN *Cr2\r
	354	)\r
	355	{\r
	356	return;\r
	357	}\r
	358	\r
	359	/**\r
	360	This function returns with no action for 32 bit.\r
	361	\r
	362	@param[in] Cr2 Value to write into CR2 register.\r
	363	**/\r
	364	VOID\r
	365	RestoreCr2 (\r
	366	IN UINTN Cr2\r
	367	)\r
	368	{\r
	369	return;\r
	370	}\r
	371	\r
	372	/**\r
	373	Return whether access to non-SMRAM is restricted.\r
	374	\r
	375	@retval TRUE Access to non-SMRAM is restricted.\r
	376	@retval FALSE Access to non-SMRAM is not restricted.\r
	377	**/\r
	378	BOOLEAN\r
	379	IsRestrictedMemoryAccess (\r
	380	VOID\r
	381	)\r
	382	{\r
	383	return TRUE;\r
	384	}\r