]> git.proxmox.com Git - mirror_edk2.git/blob - UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UefiCpuPkg/PiSmmCpu: Add SMM Comm Buffer Paging Protection.
[mirror_edk2.git] / UefiCpuPkg / PiSmmCpuDxeSmm / Ia32 / PageTbl.c
1 /** @file
2 Page table manipulation functions for IA-32 processors
3
4 Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "PiSmmCpuDxeSmm.h"
16
17 /**
18 Create PageTable for SMM use.
19
20 @return PageTable Address
21
22 **/
23 UINT32
24 SmmInitPageTable (
25 VOID
26 )
27 {
28 UINTN PageFaultHandlerHookAddress;
29 IA32_IDT_GATE_DESCRIPTOR *IdtEntry;
30 EFI_STATUS Status;
31
32 //
33 // Initialize spin lock
34 //
35 InitializeSpinLock (mPFLock);
36
37 if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
38 //
39 // Set own Page Fault entry instead of the default one, because SMM Profile
40 // feature depends on IRET instruction to do Single Step
41 //
42 PageFaultHandlerHookAddress = (UINTN)PageFaultIdtHandlerSmmProfile;
43 IdtEntry = (IA32_IDT_GATE_DESCRIPTOR *) gcSmiIdtr.Base;
44 IdtEntry += EXCEPT_IA32_PAGE_FAULT;
45 IdtEntry->Bits.OffsetLow = (UINT16)PageFaultHandlerHookAddress;
46 IdtEntry->Bits.Reserved_0 = 0;
47 IdtEntry->Bits.GateType = IA32_IDT_GATE_TYPE_INTERRUPT_32;
48 IdtEntry->Bits.OffsetHigh = (UINT16)(PageFaultHandlerHookAddress >> 16);
49 } else {
50 //
51 // Register SMM Page Fault Handler
52 //
53 Status = SmmRegisterExceptionHandler (&mSmmCpuService, EXCEPT_IA32_PAGE_FAULT, SmiPFHandler);
54 ASSERT_EFI_ERROR (Status);
55 }
56
57 //
58 // Additional SMM IDT initialization for SMM stack guard
59 //
60 if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
61 InitializeIDTSmmStackGuard ();
62 }
63 return Gen4GPageTable (TRUE);
64 }
65
66 /**
67 Page Fault handler for SMM use.
68
69 **/
70 VOID
71 SmiDefaultPFHandler (
72 VOID
73 )
74 {
75 CpuDeadLoop ();
76 }
77
78 /**
79 ThePage Fault handler wrapper for SMM use.
80
81 @param InterruptType Defines the type of interrupt or exception that
82 occurred on the processor.This parameter is processor architecture specific.
83 @param SystemContext A pointer to the processor context when
84 the interrupt occurred on the processor.
85 **/
86 VOID
87 EFIAPI
88 SmiPFHandler (
89 IN EFI_EXCEPTION_TYPE InterruptType,
90 IN EFI_SYSTEM_CONTEXT SystemContext
91 )
92 {
93 UINTN PFAddress;
94 UINTN GuardPageAddress;
95 UINTN CpuIndex;
96
97 ASSERT (InterruptType == EXCEPT_IA32_PAGE_FAULT);
98
99 AcquireSpinLock (mPFLock);
100
101 PFAddress = AsmReadCr2 ();
102
103 //
104 // If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,
105 // or SMM page protection violation.
106 //
107 if ((PFAddress >= mCpuHotPlugData.SmrrBase) &&
108 (PFAddress < (mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize))) {
109 CpuIndex = GetCpuIndex ();
110 GuardPageAddress = (mSmmStackArrayBase + EFI_PAGE_SIZE + CpuIndex * mSmmStackSize);
111 if ((FeaturePcdGet (PcdCpuSmmStackGuard)) &&
112 (PFAddress >= GuardPageAddress) &&
113 (PFAddress < (GuardPageAddress + EFI_PAGE_SIZE))) {
114 DEBUG ((DEBUG_ERROR, "SMM stack overflow!\n"));
115 } else {
116 DEBUG ((DEBUG_ERROR, "SMM exception data - 0x%x(", SystemContext.SystemContextIa32->ExceptionData));
117 DEBUG ((DEBUG_ERROR, "I:%x, R:%x, U:%x, W:%x, P:%x",
118 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0,
119 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_RSVD) != 0,
120 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_US) != 0,
121 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_WR) != 0,
122 (SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_P) != 0
123 ));
124 DEBUG ((DEBUG_ERROR, ")\n"));
125 if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {
126 DEBUG ((DEBUG_ERROR, "SMM exception at execution (0x%x)\n", PFAddress));
127 DEBUG_CODE (
128 DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);
129 );
130 } else {
131 DEBUG ((DEBUG_ERROR, "SMM exception at access (0x%x)\n", PFAddress));
132 DEBUG_CODE (
133 DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);
134 );
135 }
136 }
137 CpuDeadLoop ();
138 }
139
140 //
141 // If a page fault occurs in SMM range
142 //
143 if ((PFAddress < mCpuHotPlugData.SmrrBase) ||
144 (PFAddress >= mCpuHotPlugData.SmrrBase + mCpuHotPlugData.SmrrSize)) {
145 if ((SystemContext.SystemContextIa32->ExceptionData & IA32_PF_EC_ID) != 0) {
146 DEBUG ((DEBUG_ERROR, "Code executed on IP(0x%x) out of SMM range after SMM is locked!\n", PFAddress));
147 DEBUG_CODE (
148 DumpModuleInfoByIp (*(UINTN *)(UINTN)SystemContext.SystemContextIa32->Esp);
149 );
150 CpuDeadLoop ();
151 }
152 if (IsSmmCommBufferForbiddenAddress (PFAddress)) {
153 DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%x)!\n", PFAddress));
154 DEBUG_CODE (
155 DumpModuleInfoByIp ((UINTN)SystemContext.SystemContextIa32->Eip);
156 );
157 CpuDeadLoop ();
158 }
159 }
160
161 if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
162 SmmProfilePFHandler (
163 SystemContext.SystemContextIa32->Eip,
164 SystemContext.SystemContextIa32->ExceptionData
165 );
166 } else {
167 SmiDefaultPFHandler ();
168 }
169
170 ReleaseSpinLock (mPFLock);
171 }
172
173 /**
174 This function sets memory attribute for page table.
175 **/
176 VOID
177 SetPageTableAttributes (
178 VOID
179 )
180 {
181 UINTN Index2;
182 UINTN Index3;
183 UINT64 *L1PageTable;
184 UINT64 *L2PageTable;
185 UINT64 *L3PageTable;
186 BOOLEAN IsSplitted;
187 BOOLEAN PageTableSplitted;
188
189 DEBUG ((DEBUG_INFO, "SetPageTableAttributes\n"));
190
191 //
192 // Disable write protection, because we need mark page table to be write protected.
193 // We need *write* page table memory, to mark itself to be *read only*.
194 //
195 AsmWriteCr0 (AsmReadCr0() & ~CR0_WP);
196
197 do {
198 DEBUG ((DEBUG_INFO, "Start...\n"));
199 PageTableSplitted = FALSE;
200
201 L3PageTable = (UINT64 *)GetPageTableBase ();
202
203 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L3PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);
204 PageTableSplitted = (PageTableSplitted || IsSplitted);
205
206 for (Index3 = 0; Index3 < 4; Index3++) {
207 L2PageTable = (UINT64 *)(UINTN)(L3PageTable[Index3] & PAGING_4K_ADDRESS_MASK_64);
208 if (L2PageTable == NULL) {
209 continue;
210 }
211
212 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L2PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);
213 PageTableSplitted = (PageTableSplitted || IsSplitted);
214
215 for (Index2 = 0; Index2 < SIZE_4KB/sizeof(UINT64); Index2++) {
216 if ((L2PageTable[Index2] & IA32_PG_PS) != 0) {
217 // 2M
218 continue;
219 }
220 L1PageTable = (UINT64 *)(UINTN)(L2PageTable[Index2] & PAGING_4K_ADDRESS_MASK_64);
221 if (L1PageTable == NULL) {
222 continue;
223 }
224 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS)(UINTN)L1PageTable, SIZE_4KB, EFI_MEMORY_RO, &IsSplitted);
225 PageTableSplitted = (PageTableSplitted || IsSplitted);
226 }
227 }
228 } while (PageTableSplitted);
229
230 //
231 // Enable write protection, after page table updated.
232 //
233 AsmWriteCr0 (AsmReadCr0() | CR0_WP);
234
235 return ;
236 }
EFI Development Kit II mirror for PVE