2 Page Fault (#PF) handler for X64 processors
4 Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "PiSmmCpuDxeSmm.h"
17 #define PAGE_TABLE_PAGES 8
18 #define ACC_MAX_BIT BIT3
19 LIST_ENTRY mPagePool
= INITIALIZE_LIST_HEAD_VARIABLE (mPagePool
);
21 BOOLEAN m1GPageTableSupport
= FALSE
;
24 Check if 1-GByte pages is supported by processor or not.
26 @retval TRUE 1-GByte pages is supported.
27 @retval FALSE 1-GByte pages is not supported.
38 AsmCpuid (0x80000000, &RegEax
, NULL
, NULL
, NULL
);
39 if (RegEax
>= 0x80000001) {
40 AsmCpuid (0x80000001, NULL
, NULL
, NULL
, &RegEdx
);
41 if ((RegEdx
& BIT26
) != 0) {
49 Set sub-entries number in entry.
51 @param[in, out] Entry Pointer to entry
52 @param[in] SubEntryNum Sub-entries number based on 0:
53 0 means there is 1 sub-entry under this entry
54 0x1ff means there is 512 sub-entries under this entry
64 // Sub-entries number is saved in BIT52 to BIT60 (reserved field) in Entry
66 *Entry
= BitFieldWrite64 (*Entry
, 52, 60, SubEntryNum
);
70 Return sub-entries number in entry.
72 @param[in] Entry Pointer to entry
74 @return Sub-entries number based on 0:
75 0 means there is 1 sub-entry under this entry
76 0x1ff means there is 512 sub-entries under this entry
84 // Sub-entries number is saved in BIT52 to BIT60 (reserved field) in Entry
86 return BitFieldRead64 (*Entry
, 52, 60);
90 Create PageTable for SMM use.
92 @return The address of PML4 (to set CR3).
100 EFI_PHYSICAL_ADDRESS Pages
;
102 LIST_ENTRY
*FreePage
;
104 UINTN PageFaultHandlerHookAddress
;
105 IA32_IDT_GATE_DESCRIPTOR
*IdtEntry
;
108 // Initialize spin lock
110 InitializeSpinLock (&mPFLock
);
112 m1GPageTableSupport
= Is1GPageSupport ();
114 // Generate PAE page table for the first 4GB memory space
116 Pages
= Gen4GPageTable (PAGE_TABLE_PAGES
+ 1, FALSE
);
119 // Set IA32_PG_PMNT bit to mask this entry
121 PTEntry
= (UINT64
*)(UINTN
)Pages
;
122 for (Index
= 0; Index
< 4; Index
++) {
123 PTEntry
[Index
] |= IA32_PG_PMNT
;
127 // Fill Page-Table-Level4 (PML4) entry
129 PTEntry
= (UINT64
*)(UINTN
)(Pages
- EFI_PAGES_TO_SIZE (PAGE_TABLE_PAGES
+ 1));
130 *PTEntry
= Pages
+ PAGE_ATTRIBUTE_BITS
;
131 ZeroMem (PTEntry
+ 1, EFI_PAGE_SIZE
- sizeof (*PTEntry
));
133 // Set sub-entries number
135 SetSubEntriesNum (PTEntry
, 3);
138 // Add remaining pages to page pool
140 FreePage
= (LIST_ENTRY
*)(PTEntry
+ EFI_PAGE_SIZE
/ sizeof (*PTEntry
));
141 while ((UINTN
)FreePage
< Pages
) {
142 InsertTailList (&mPagePool
, FreePage
);
143 FreePage
+= EFI_PAGE_SIZE
/ sizeof (*FreePage
);
146 if (FeaturePcdGet (PcdCpuSmmProfileEnable
)) {
148 // Set own Page Fault entry instead of the default one, because SMM Profile
149 // feature depends on IRET instruction to do Single Step
151 PageFaultHandlerHookAddress
= (UINTN
)PageFaultIdtHandlerSmmProfile
;
152 IdtEntry
= (IA32_IDT_GATE_DESCRIPTOR
*) gcSmiIdtr
.Base
;
153 IdtEntry
+= EXCEPT_IA32_PAGE_FAULT
;
154 IdtEntry
->Bits
.OffsetLow
= (UINT16
)PageFaultHandlerHookAddress
;
155 IdtEntry
->Bits
.Reserved_0
= 0;
156 IdtEntry
->Bits
.GateType
= IA32_IDT_GATE_TYPE_INTERRUPT_32
;
157 IdtEntry
->Bits
.OffsetHigh
= (UINT16
)(PageFaultHandlerHookAddress
>> 16);
158 IdtEntry
->Bits
.OffsetUpper
= (UINT32
)(PageFaultHandlerHookAddress
>> 32);
159 IdtEntry
->Bits
.Reserved_1
= 0;
162 // Register Smm Page Fault Handler
164 SmmRegisterExceptionHandler (&mSmmCpuService
, EXCEPT_IA32_PAGE_FAULT
, SmiPFHandler
);
168 // Additional SMM IDT initialization for SMM stack guard
170 if (FeaturePcdGet (PcdCpuSmmStackGuard
)) {
171 InitializeIDTSmmStackGuard ();
175 // Return the address of PML4 (to set CR3)
177 return (UINT32
)(UINTN
)PTEntry
;
181 Set access record in entry.
183 @param[in, out] Entry Pointer to entry
184 @param[in] Acc Access record value
189 IN OUT UINT64
*Entry
,
194 // Access record is saved in BIT9 to BIT11 (reserved field) in Entry
196 *Entry
= BitFieldWrite64 (*Entry
, 9, 11, Acc
);
200 Return access record in entry.
202 @param[in] Entry Pointer to entry
204 @return Access record value.
213 // Access record is saved in BIT9 to BIT11 (reserved field) in Entry
215 return BitFieldRead64 (*Entry
, 9, 11);
219 Return and update the access record in entry.
221 @param[in, out] Entry Pointer to entry
223 @return Access record value.
233 Acc
= GetAccNum (Entry
);
234 if ((*Entry
& IA32_PG_A
) != 0) {
236 // If this entry has been accessed, clear access flag in Entry and update access record
237 // to the initial value 7, adding ACC_MAX_BIT is to make it larger than others
239 *Entry
&= ~(UINT64
)(UINTN
)IA32_PG_A
;
240 SetAccNum (Entry
, 0x7);
241 return (0x7 + ACC_MAX_BIT
);
245 // If the access record is not the smallest value 0, minus 1 and update the access record field
247 SetAccNum (Entry
, Acc
- 1);
254 Reclaim free pages for PageFault handler.
256 Search the whole entries tree to find the leaf entry that has the smallest
257 access record value. Insert the page pointed by this leaf entry into the
258 page pool. And check its upper entries if need to be inserted into the page
278 UINT64 SubEntriesNum
;
281 UINT64
*ReleasePageAddress
;
291 ReleasePageAddress
= 0;
294 // First, find the leaf entry has the smallest access record value
296 Pml4
= (UINT64
*)(UINTN
)(AsmReadCr3 () & gPhyMask
);
297 for (Pml4Index
= 0; Pml4Index
< EFI_PAGE_SIZE
/ sizeof (*Pml4
); Pml4Index
++) {
298 if ((Pml4
[Pml4Index
] & IA32_PG_P
) == 0 || (Pml4
[Pml4Index
] & IA32_PG_PMNT
) != 0) {
300 // If the PML4 entry is not present or is masked, skip it
304 Pdpt
= (UINT64
*)(UINTN
)(Pml4
[Pml4Index
] & gPhyMask
);
306 for (PdptIndex
= 0; PdptIndex
< EFI_PAGE_SIZE
/ sizeof (*Pdpt
); PdptIndex
++) {
307 if ((Pdpt
[PdptIndex
] & IA32_PG_P
) == 0 || (Pdpt
[PdptIndex
] & IA32_PG_PMNT
) != 0) {
309 // If the PDPT entry is not present or is masked, skip it
311 if ((Pdpt
[PdptIndex
] & IA32_PG_PMNT
) != 0) {
313 // If the PDPT entry is masked, we will ignore checking the PML4 entry
319 if ((Pdpt
[PdptIndex
] & IA32_PG_PS
) == 0) {
321 // It's not 1-GByte pages entry, it should be a PDPT entry,
322 // we will not check PML4 entry more
325 Pdt
= (UINT64
*)(UINTN
)(Pdpt
[PdptIndex
] & gPhyMask
);
327 for (PdtIndex
= 0; PdtIndex
< EFI_PAGE_SIZE
/ sizeof(*Pdt
); PdtIndex
++) {
328 if ((Pdt
[PdtIndex
] & IA32_PG_P
) == 0 || (Pdt
[PdtIndex
] & IA32_PG_PMNT
) != 0) {
330 // If the PD entry is not present or is masked, skip it
332 if ((Pdt
[PdtIndex
] & IA32_PG_PMNT
) != 0) {
334 // If the PD entry is masked, we will not PDPT entry more
340 if ((Pdt
[PdtIndex
] & IA32_PG_PS
) == 0) {
342 // It's not 2 MByte page table entry, it should be PD entry
343 // we will find the entry has the smallest access record value
346 Acc
= GetAndUpdateAccNum (Pdt
+ PdtIndex
);
349 // If the PD entry has the smallest access record value,
350 // save the Page address to be released
356 ReleasePageAddress
= Pdt
+ PdtIndex
;
362 // If this PDPT entry has no PDT entries pointer to 4 KByte pages,
363 // it should only has the entries point to 2 MByte Pages
365 Acc
= GetAndUpdateAccNum (Pdpt
+ PdptIndex
);
368 // If the PDPT entry has the smallest access record value,
369 // save the Page address to be released
375 ReleasePageAddress
= Pdpt
+ PdptIndex
;
382 // If PML4 entry has no the PDPT entry pointer to 2 MByte pages,
383 // it should only has the entries point to 1 GByte Pages
385 Acc
= GetAndUpdateAccNum (Pml4
+ Pml4Index
);
388 // If the PML4 entry has the smallest access record value,
389 // save the Page address to be released
395 ReleasePageAddress
= Pml4
+ Pml4Index
;
400 // Make sure one PML4/PDPT/PD entry is selected
402 ASSERT (MinAcc
!= (UINT64
)-1);
405 // Secondly, insert the page pointed by this entry into page pool and clear this entry
407 InsertTailList (&mPagePool
, (LIST_ENTRY
*)(UINTN
)(*ReleasePageAddress
& gPhyMask
));
408 *ReleasePageAddress
= 0;
411 // Lastly, check this entry's upper entries if need to be inserted into page pool
415 if (MinPdt
!= (UINTN
)-1) {
417 // If 4 KByte Page Table is released, check the PDPT entry
419 Pdpt
= (UINT64
*)(UINTN
)(Pml4
[MinPml4
] & gPhyMask
);
420 SubEntriesNum
= GetSubEntriesNum(Pdpt
+ MinPdpt
);
421 if (SubEntriesNum
== 0) {
423 // Release the empty Page Directory table if there was no more 4 KByte Page Table entry
424 // clear the Page directory entry
426 InsertTailList (&mPagePool
, (LIST_ENTRY
*)(UINTN
)(Pdpt
[MinPdpt
] & gPhyMask
));
429 // Go on checking the PML4 table
435 // Update the sub-entries filed in PDPT entry and exit
437 SetSubEntriesNum (Pdpt
+ MinPdpt
, SubEntriesNum
- 1);
440 if (MinPdpt
!= (UINTN
)-1) {
442 // One 2MB Page Table is released or Page Directory table is released, check the PML4 entry
444 SubEntriesNum
= GetSubEntriesNum (Pml4
+ MinPml4
);
445 if (SubEntriesNum
== 0) {
447 // Release the empty PML4 table if there was no more 1G KByte Page Table entry
448 // clear the Page directory entry
450 InsertTailList (&mPagePool
, (LIST_ENTRY
*)(UINTN
)(Pml4
[MinPml4
] & gPhyMask
));
456 // Update the sub-entries filed in PML4 entry and exit
458 SetSubEntriesNum (Pml4
+ MinPml4
, SubEntriesNum
- 1);
462 // PLM4 table has been released before, exit it
469 Allocate free Page for PageFault handler use.
471 @return Page address.
481 if (IsListEmpty (&mPagePool
)) {
483 // If page pool is empty, reclaim the used pages and insert one into page pool
489 // Get one free page and remove it from page pool
491 RetVal
= (UINT64
)(UINTN
)mPagePool
.ForwardLink
;
492 RemoveEntryList (mPagePool
.ForwardLink
);
494 // Clean this page and return
496 ZeroMem ((VOID
*)(UINTN
)RetVal
, EFI_PAGE_SIZE
);
501 Page Fault handler for SMM use.
505 SmiDefaultPFHandler (
516 SMM_PAGE_SIZE_TYPE PageSize
;
523 // Set default SMM page attribute
525 PageSize
= SmmPageSize2M
;
530 Pml4
= (UINT64
*)(AsmReadCr3 () & gPhyMask
);
531 PFAddress
= AsmReadCr2 ();
533 Status
= GetPlatformPageTableAttribute (PFAddress
, &PageSize
, &NumOfPages
, &PageAttribute
);
535 // If platform not support page table attribute, set default SMM page attribute
537 if (Status
!= EFI_SUCCESS
) {
538 PageSize
= SmmPageSize2M
;
542 if (PageSize
>= MaxSmmPageSizeType
) {
543 PageSize
= SmmPageSize2M
;
545 if (NumOfPages
> 512) {
552 // BIT12 to BIT20 is Page Table index
558 // BIT21 to BIT29 is Page Directory index
561 PageAttribute
|= (UINTN
)IA32_PG_PS
;
564 if (!m1GPageTableSupport
) {
565 DEBUG ((EFI_D_ERROR
, "1-GByte pages is not supported!"));
569 // BIT30 to BIT38 is Page Directory Pointer Table index
572 PageAttribute
|= (UINTN
)IA32_PG_PS
;
579 // If execute-disable is enabled, set NX bit
582 PageAttribute
|= IA32_PG_NX
;
585 for (Index
= 0; Index
< NumOfPages
; Index
++) {
588 for (StartBit
= 39; StartBit
> EndBit
; StartBit
-= 9) {
589 PTIndex
= BitFieldRead64 (PFAddress
, StartBit
, StartBit
+ 8);
590 if ((PageTable
[PTIndex
] & IA32_PG_P
) == 0) {
592 // If the entry is not present, allocate one page from page pool for it
594 PageTable
[PTIndex
] = AllocPage () | PAGE_ATTRIBUTE_BITS
;
597 // Save the upper entry address
599 UpperEntry
= PageTable
+ PTIndex
;
602 // BIT9 to BIT11 of entry is used to save access record,
603 // initialize value is 7
605 PageTable
[PTIndex
] |= (UINT64
)IA32_PG_A
;
606 SetAccNum (PageTable
+ PTIndex
, 7);
607 PageTable
= (UINT64
*)(UINTN
)(PageTable
[PTIndex
] & gPhyMask
);
610 PTIndex
= BitFieldRead64 (PFAddress
, StartBit
, StartBit
+ 8);
611 if ((PageTable
[PTIndex
] & IA32_PG_P
) != 0) {
613 // Check if the entry has already existed, this issue may occur when the different
614 // size page entries created under the same entry
616 DEBUG ((EFI_D_ERROR
, "PageTable = %lx, PTIndex = %x, PageTable[PTIndex] = %lx\n", PageTable
, PTIndex
, PageTable
[PTIndex
]));
617 DEBUG ((EFI_D_ERROR
, "New page table overlapped with old page table!\n"));
621 // Fill the new entry
623 PageTable
[PTIndex
] = (PFAddress
& gPhyMask
& ~((1ull << EndBit
) - 1)) |
624 PageAttribute
| IA32_PG_A
| PAGE_ATTRIBUTE_BITS
;
625 if (UpperEntry
!= NULL
) {
626 SetSubEntriesNum (UpperEntry
, GetSubEntriesNum (UpperEntry
) + 1);
629 // Get the next page address if we need to create more page tables
631 PFAddress
+= (1ull << EndBit
);
636 ThePage Fault handler wrapper for SMM use.
638 @param InterruptType Defines the type of interrupt or exception that
639 occurred on the processor.This parameter is processor architecture specific.
640 @param SystemContext A pointer to the processor context when
641 the interrupt occurred on the processor.
646 IN EFI_EXCEPTION_TYPE InterruptType
,
647 IN EFI_SYSTEM_CONTEXT SystemContext
652 ASSERT (InterruptType
== EXCEPT_IA32_PAGE_FAULT
);
654 AcquireSpinLock (&mPFLock
);
656 PFAddress
= AsmReadCr2 ();
659 // If a page fault occurs in SMRAM range, it should be in a SMM stack guard page.
661 if ((FeaturePcdGet (PcdCpuSmmStackGuard
)) &&
662 (PFAddress
>= mCpuHotPlugData
.SmrrBase
) &&
663 (PFAddress
< (mCpuHotPlugData
.SmrrBase
+ mCpuHotPlugData
.SmrrSize
))) {
664 DEBUG ((EFI_D_ERROR
, "SMM stack overflow!\n"));
669 // If a page fault occurs in SMM range
671 if ((PFAddress
< mCpuHotPlugData
.SmrrBase
) ||
672 (PFAddress
>= mCpuHotPlugData
.SmrrBase
+ mCpuHotPlugData
.SmrrSize
)) {
673 if ((SystemContext
.SystemContextX64
->ExceptionData
& IA32_PF_EC_ID
) != 0) {
674 DEBUG ((EFI_D_ERROR
, "Code executed on IP(0x%lx) out of SMM range after SMM is locked!\n", PFAddress
));
676 DumpModuleInfoByIp (*(UINTN
*)(UINTN
)SystemContext
.SystemContextX64
->Rsp
);
682 if (FeaturePcdGet (PcdCpuSmmProfileEnable
)) {
683 SmmProfilePFHandler (
684 SystemContext
.SystemContextX64
->Rip
,
685 SystemContext
.SystemContextX64
->ExceptionData
688 SmiDefaultPFHandler ();
691 ReleaseSpinLock (&mPFLock
);