[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / Ia32 / PageTbl.c

/** @file\r
Page table manipulation functions for IA-32 processors\r
\r
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "PiSmmCpuDxeSmm.h"\r
\r
/**\r
  Create PageTable for SMM use.\r
\r
  @return     PageTable Address\r
\r
**/\r
UINT32\r
SmmInitPageTable (\r
  VOID\r
  )\r
{\r
  UINTN                             PageFaultHandlerHookAddress;\r
  IA32_IDT_GATE_DESCRIPTOR          *IdtEntry;\r
  EFI_STATUS                        Status;\r
\r
  //\r
  // Initialize spin lock\r
  //\r
  InitializeSpinLock (mPFLock);\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    //\r
    // Set own Page Fault entry instead of the default one, because SMM Profile\r
    // feature depends on IRET instruction to do Single Step\r
    //\r
    PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
    IdtEntry  = (IA32_IDT_GATE_DESCRIPTOR *) gcSmiIdtr.Base;\r
    IdtEntry += EXCEPT_IA32_PAGE_FAULT;\r
    IdtEntry->Bits.OffsetLow      = (UINT16)PageFaultHandlerHookAddress;\r
    IdtEntry->Bits.Reserved_0     = 0;\r
    IdtEntry->Bits.GateType       = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
    IdtEntry->Bits.OffsetHigh     = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
  } else {\r
    //\r
    // Register SMM Page Fault Handler\r
    //\r
    Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  //\r
  // Additional SMM IDT initialization for SMM stack guard\r
  //\r
  if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
    InitializeIDTSmmStackGuard ();\r
  }\r
  return Gen4GPageTable (TRUE);\r
}\r
\r
/**\r
  Page Fault handler for SMM use.\r
\r
**/\r
VOID\r
SmiDefaultPFHandler (\r
  VOID\r
  )\r
{\r
  CpuDeadLoop ();\r
}\r
\r
/**\r
  ThePage Fault handler wrapper for SMM use.\r
\r
  @param  InterruptType    Defines the type of interrupt or exception that\r
                           occurred on the processor.This parameter is processor architecture specific.\r
  @param  SystemContext    A pointer to the processor context when\r
                           the interrupt occurred on the processor.\r
**/\r
VOID\r
EFIAPI\r
SmiPFHandler (\r
    IN EFI_EXCEPTION_TYPE   InterruptType,\r
    IN EFI_SYSTEM_CONTEXT   SystemContext\r
  )\r
{\r
  UINTN             PFAddress;\r
  UINTN             GuardPageAddress;\r
  UINTN             CpuIndex;\r
\r
  ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
\r
  AcquireSpinLock (mPFLock);\r
\r
  PFAddress = AsmReadCr2 ();\r
\r
  //\r
  // If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
  // or SMM page protection violation.\r
  //\r
  if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
      (PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))) {\r
    CpuIndex = GetCpuIndex ();\r
    GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
    if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
        (PFAddress >= GuardPageAddress) &&\r
        (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {\r
      DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
    } else {\r
      DEBUG ((DEBUG_ERROR, "SMM exception data - 0x%x(", SystemContext.SystemContextIa32->ExceptionData));\r
      DEBUG ((DEBUG_ERROR, "I:%x, R:%x, U:%x, W:%x, P:%x",\r
        (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0,\r
        (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_RSVD) != 0,\r
        (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_US) != 0,\r
        (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_WR) != 0,\r
        (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_P) != 0\r
        ));\r
      DEBUG ((DEBUG_ERROR, ")\n"));\r
      if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
        );\r
      } else {\r
        DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
        DEBUG_CODE (\r
          DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
        );\r
      }\r
    }\r
    CpuDeadLoop ();\r
  }\r
\r
  //\r
  // If a page fault occurs in SMM range\r
  //\r
  if ((PFAddress < mCpuHotPlugData.SmrrBase) ||\r
      (PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)) {\r
    if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
      DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
      DEBUG_CODE (\r
        DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);\r
      );\r
      CpuDeadLoop ();\r
    }\r
  }\r
\r
  if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
    SmmProfilePFHandler (\r
      SystemContext.SystemContextIa32->Eip,\r
      SystemContext.SystemContextIa32->ExceptionData\r
      );\r
  } else {\r
    SmiDefaultPFHandler ();\r
  }\r
\r
  ReleaseSpinLock (mPFLock);\r
}\r
\r
/**\r
  This function sets memory attribute for page table.\r
**/\r
VOID\r
SetPageTableAttributes (\r
  VOID\r
  )\r
{\r
  UINTN                 Index2;\r
  UINTN                 Index3;\r
  UINT64                *L1PageTable;\r
  UINT64                *L2PageTable;\r
  UINT64                *L3PageTable;\r
  BOOLEAN               IsSplitted;\r
  BOOLEAN               PageTableSplitted;\r
\r
  DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
\r
  //\r
  // Disable write protection, because we need mark page table to be write protected.\r
  // We need *write* page table memory, to mark itself to be *read only*.\r
  //\r
  AsmWriteCr0 (AsmReadCr0() & ~CR0_WP);\r
\r
  do {\r
    DEBUG ((DEBUG_INFO, "Start...\n"));\r
    PageTableSplitted = FALSE;\r
\r
    L3PageTable = (UINT64 *)GetPageTableBase ();\r
\r
    SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L3PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
    PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
    for (Index3 = 0; Index3 < 4; Index3++) {\r
      L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & PAGING_4K_ADDRESS_MASK_64);\r
      if (L2PageTable == NULL) {\r
        continue;\r
      }\r
\r
      SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
      PageTableSplitted = (PageTableSplitted || IsSplitted);\r
\r
      for (Index2 = 0; Index2 < SIZE_4KB/sizeof(UINT64); Index2++) {\r
        if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
          // 2M\r
          continue;\r
        }\r
        L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & PAGING_4K_ADDRESS_MASK_64);\r
        if (L1PageTable == NULL) {\r
          continue;\r
        }\r
        SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
        PageTableSplitted = (PageTableSplitted || IsSplitted);\r
      }\r
    }\r
  } while (PageTableSplitted);\r
\r
  //\r
  // Enable write protection, after page table updated.\r
  //\r
  AsmWriteCr0 (AsmReadCr0() | CR0_WP);\r
\r
  return ;\r
}\r
Commit	Line	Data
	1	/** @file\r
	2	Page table manipulation functions for IA-32 processors\r
	3	\r
	4	Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include "PiSmmCpuDxeSmm.h"\r
	16	\r
	17	/**\r
	18	Create PageTable for SMM use.\r
	19	\r
	20	@return PageTable Address\r
	21	\r
	22	**/\r
	23	UINT32\r
	24	SmmInitPageTable (\r
	25	VOID\r
	26	)\r
	27	{\r
	28	UINTN PageFaultHandlerHookAddress;\r
	29	IA32_IDT_GATE_DESCRIPTOR *IdtEntry;\r
	30	EFI_STATUS Status;\r
	31	\r
	32	//\r
	33	// Initialize spin lock\r
	34	//\r
	35	InitializeSpinLock (mPFLock);\r
	36	\r
	37	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	38	//\r
	39	// Set own Page Fault entry instead of the default one, because SMM Profile\r
	40	// feature depends on IRET instruction to do Single Step\r
	41	//\r
	42	PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;\r
	43	IdtEntry = (IA32_IDT_GATE_DESCRIPTOR *) gcSmiIdtr.Base;\r
	44	IdtEntry += EXCEPT_IA32_PAGE_FAULT;\r
	45	IdtEntry->Bits.OffsetLow = (UINT16)PageFaultHandlerHookAddress;\r
	46	IdtEntry->Bits.Reserved_0 = 0;\r
	47	IdtEntry->Bits.GateType = IA32_IDT_GATE_TYPE_INTERRUPT_32;\r
	48	IdtEntry->Bits.OffsetHigh = (UINT16)(PageFaultHandlerHookAddress >> 16);\r
	49	} else {\r
	50	//\r
	51	// Register SMM Page Fault Handler\r
	52	//\r
	53	Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);\r
	54	ASSERT_EFI_ERROR (Status);\r
	55	}\r
	56	\r
	57	//\r
	58	// Additional SMM IDT initialization for SMM stack guard\r
	59	//\r
	60	if (FeaturePcdGet (PcdCpuSmmStackGuard)) {\r
	61	InitializeIDTSmmStackGuard ();\r
	62	}\r
	63	return Gen4GPageTable (TRUE);\r
	64	}\r
	65	\r
	66	/**\r
	67	Page Fault handler for SMM use.\r
	68	\r
	69	**/\r
	70	VOID\r
	71	SmiDefaultPFHandler (\r
	72	VOID\r
	73	)\r
	74	{\r
	75	CpuDeadLoop ();\r
	76	}\r
	77	\r
	78	/**\r
	79	ThePage Fault handler wrapper for SMM use.\r
	80	\r
	81	@param InterruptType Defines the type of interrupt or exception that\r
	82	occurred on the processor.This parameter is processor architecture specific.\r
	83	@param SystemContext A pointer to the processor context when\r
	84	the interrupt occurred on the processor.\r
	85	**/\r
	86	VOID\r
	87	EFIAPI\r
	88	SmiPFHandler (\r
	89	IN EFI_EXCEPTION_TYPE InterruptType,\r
	90	IN EFI_SYSTEM_CONTEXT SystemContext\r
	91	)\r
	92	{\r
	93	UINTN PFAddress;\r
	94	UINTN GuardPageAddress;\r
	95	UINTN CpuIndex;\r
	96	\r
	97	ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);\r
	98	\r
	99	AcquireSpinLock (mPFLock);\r
	100	\r
	101	PFAddress = AsmReadCr2 ();\r
	102	\r
	103	//\r
	104	// If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,\r
	105	// or SMM page protection violation.\r
	106	//\r
	107	if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&\r
	108	(PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))) {\r
	109	CpuIndex = GetCpuIndex ();\r
	110	GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);\r
	111	if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&\r
	112	(PFAddress >= GuardPageAddress) &&\r
	113	(PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {\r
	114	DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));\r
	115	} else {\r
	116	DEBUG ((DEBUG_ERROR, "SMM exception data - 0x%x(", SystemContext.SystemContextIa32->ExceptionData));\r
	117	DEBUG ((DEBUG_ERROR, "I:%x, R:%x, U:%x, W:%x, P:%x",\r
	118	(SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0,\r
	119	(SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_RSVD) != 0,\r
	120	(SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_US) != 0,\r
	121	(SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_WR) != 0,\r
	122	(SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_P) != 0\r
	123	));\r
	124	DEBUG ((DEBUG_ERROR, ")\n"));\r
	125	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
	126	DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));\r
	127	DEBUG_CODE (\r
	128	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	129	);\r
	130	} else {\r
	131	DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));\r
	132	DEBUG_CODE (\r
	133	DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);\r
	134	);\r
	135	}\r
	136	}\r
	137	CpuDeadLoop ();\r
	138	}\r
	139	\r
	140	//\r
	141	// If a page fault occurs in SMM range\r
	142	//\r
	143	if ((PFAddress < mCpuHotPlugData.SmrrBase) \|\|\r
	144	(PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)) {\r
	145	if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {\r
	146	DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));\r
	147	DEBUG_CODE (\r
	148	DumpModuleInfoByIp ((UINTN )(UINTN)SystemContext.SystemContextIa32->Esp);\r
	149	);\r
	150	CpuDeadLoop ();\r
	151	}\r
	152	}\r
	153	\r
	154	if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {\r
	155	SmmProfilePFHandler (\r
	156	SystemContext.SystemContextIa32->Eip,\r
	157	SystemContext.SystemContextIa32->ExceptionData\r
	158	);\r
	159	} else {\r
	160	SmiDefaultPFHandler ();\r
	161	}\r
	162	\r
	163	ReleaseSpinLock (mPFLock);\r
	164	}\r
	165	\r
	166	/**\r
	167	This function sets memory attribute for page table.\r
	168	**/\r
	169	VOID\r
	170	SetPageTableAttributes (\r
	171	VOID\r
	172	)\r
	173	{\r
	174	UINTN Index2;\r
	175	UINTN Index3;\r
	176	UINT64 *L1PageTable;\r
	177	UINT64 *L2PageTable;\r
	178	UINT64 *L3PageTable;\r
	179	BOOLEAN IsSplitted;\r
	180	BOOLEAN PageTableSplitted;\r
	181	\r
	182	DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));\r
	183	\r
	184	//\r
	185	// Disable write protection, because we need mark page table to be write protected.\r
	186	// We need write page table memory, to mark itself to be read only.\r
	187	//\r
	188	AsmWriteCr0 (AsmReadCr0() & ~CR0_WP);\r
	189	\r
	190	do {\r
	191	DEBUG ((DEBUG_INFO, "Start...\n"));\r
	192	PageTableSplitted = FALSE;\r
	193	\r
	194	L3PageTable = (UINT64 *)GetPageTableBase ();\r
	195	\r
	196	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L3PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	197	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	198	\r
	199	for (Index3 = 0; Index3 < 4; Index3++) {\r
	200	L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & PAGING_4K_ADDRESS_MASK_64);\r
	201	if (L2PageTable == NULL) {\r
	202	continue;\r
	203	}\r
	204	\r
	205	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	206	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	207	\r
	208	for (Index2 = 0; Index2 < SIZE_4KB/sizeof(UINT64); Index2++) {\r
	209	if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {\r
	210	// 2M\r
	211	continue;\r
	212	}\r
	213	L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & PAGING_4K_ADDRESS_MASK_64);\r
	214	if (L1PageTable == NULL) {\r
	215	continue;\r
	216	}\r
	217	SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);\r
	218	PageTableSplitted = (PageTableSplitted \|\| IsSplitted);\r
	219	}\r
	220	}\r
	221	} while (PageTableSplitted);\r
	222	\r
	223	//\r
	224	// Enable write protection, after page table updated.\r
	225	//\r
	226	AsmWriteCr0 (AsmReadCr0() \| CR0_WP);\r
	227	\r
	228	return ;\r
	229	}\r