2 Page Fault (#PF) handler for X64 processors
4 Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
5 Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
7 SPDX-License-Identifier: BSD-2-Clause-Patent
11 #include "PiSmmCpuDxeSmm.h"
13 #define PAGE_TABLE_PAGES 8
14 #define ACC_MAX_BIT BIT3
16 LIST_ENTRY mPagePool
= INITIALIZE_LIST_HEAD_VARIABLE (mPagePool
);
17 BOOLEAN m1GPageTableSupport
= FALSE
;
18 BOOLEAN mCpuSmmRestrictedMemoryAccess
;
19 BOOLEAN m5LevelPagingNeeded
;
20 X86_ASSEMBLY_PATCH_LABEL gPatch5LevelPagingNeeded
;
41 Check if 1-GByte pages is supported by processor or not.
43 @retval TRUE 1-GByte pages is supported.
44 @retval FALSE 1-GByte pages is not supported.
55 AsmCpuid (0x80000000, &RegEax
, NULL
, NULL
, NULL
);
56 if (RegEax
>= 0x80000001) {
57 AsmCpuid (0x80000001, NULL
, NULL
, NULL
, &RegEdx
);
58 if ((RegEdx
& BIT26
) != 0) {
66 The routine returns TRUE when CPU supports it (CPUID[7,0].ECX.BIT[16] is set) and
67 the max physical address bits is bigger than 48. Because 4-level paging can support
68 to address physical address up to 2^48 - 1, there is no need to enable 5-level paging
69 with max physical address bits <= 48.
71 @retval TRUE 5-level paging enabling is needed.
72 @retval FALSE 5-level paging enabling is not needed.
75 Is5LevelPagingNeeded (
79 CPUID_VIR_PHY_ADDRESS_SIZE_EAX VirPhyAddressSize
;
80 CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX ExtFeatureEcx
;
81 UINT32 MaxExtendedFunctionId
;
83 AsmCpuid (CPUID_EXTENDED_FUNCTION
, &MaxExtendedFunctionId
, NULL
, NULL
, NULL
);
84 if (MaxExtendedFunctionId
>= CPUID_VIR_PHY_ADDRESS_SIZE
) {
85 AsmCpuid (CPUID_VIR_PHY_ADDRESS_SIZE
, &VirPhyAddressSize
.Uint32
, NULL
, NULL
, NULL
);
87 VirPhyAddressSize
.Bits
.PhysicalAddressBits
= 36;
90 CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS
,
91 CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO
,
92 NULL
, NULL
, &ExtFeatureEcx
.Uint32
, NULL
95 DEBUG_INFO
, "PhysicalAddressBits = %d, 5LPageTable = %d.\n",
96 VirPhyAddressSize
.Bits
.PhysicalAddressBits
, ExtFeatureEcx
.Bits
.FiveLevelPage
99 if (VirPhyAddressSize
.Bits
.PhysicalAddressBits
> 4 * 9 + 12) {
100 ASSERT (ExtFeatureEcx
.Bits
.FiveLevelPage
== 1);
108 Get page table base address and the depth of the page table.
110 @param[out] Base Page table base address.
111 @param[out] FiveLevels TRUE means 5 level paging. FALSE means 4 level paging.
116 OUT BOOLEAN
*FiveLevels OPTIONAL
121 if (mInternalCr3
== 0) {
122 *Base
= AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64
;
123 if (FiveLevels
!= NULL
) {
124 Cr4
.UintN
= AsmReadCr4 ();
125 *FiveLevels
= (BOOLEAN
)(Cr4
.Bits
.LA57
== 1);
130 *Base
= mInternalCr3
;
131 if (FiveLevels
!= NULL
) {
132 *FiveLevels
= m5LevelPagingNeeded
;
137 Set sub-entries number in entry.
139 @param[in, out] Entry Pointer to entry
140 @param[in] SubEntryNum Sub-entries number based on 0:
141 0 means there is 1 sub-entry under this entry
142 0x1ff means there is 512 sub-entries under this entry
147 IN OUT UINT64
*Entry
,
148 IN UINT64 SubEntryNum
152 // Sub-entries number is saved in BIT52 to BIT60 (reserved field) in Entry
154 *Entry
= BitFieldWrite64 (*Entry
, 52, 60, SubEntryNum
);
158 Return sub-entries number in entry.
160 @param[in] Entry Pointer to entry
162 @return Sub-entries number based on 0:
163 0 means there is 1 sub-entry under this entry
164 0x1ff means there is 512 sub-entries under this entry
172 // Sub-entries number is saved in BIT52 to BIT60 (reserved field) in Entry
174 return BitFieldRead64 (*Entry
, 52, 60);
178 Calculate the maximum support address.
180 @return the maximum support address.
183 CalculateMaximumSupportAddress (
188 UINT8 PhysicalAddressBits
;
192 // Get physical address bits supported.
194 Hob
= GetFirstHob (EFI_HOB_TYPE_CPU
);
196 PhysicalAddressBits
= ((EFI_HOB_CPU
*) Hob
)->SizeOfMemorySpace
;
198 AsmCpuid (0x80000000, &RegEax
, NULL
, NULL
, NULL
);
199 if (RegEax
>= 0x80000008) {
200 AsmCpuid (0x80000008, &RegEax
, NULL
, NULL
, NULL
);
201 PhysicalAddressBits
= (UINT8
) RegEax
;
203 PhysicalAddressBits
= 36;
206 return PhysicalAddressBits
;
210 Set static page table.
212 @param[in] PageTable Address of page table.
220 UINTN NumberOfPml5EntriesNeeded
;
221 UINTN NumberOfPml4EntriesNeeded
;
222 UINTN NumberOfPdpEntriesNeeded
;
223 UINTN IndexOfPml5Entries
;
224 UINTN IndexOfPml4Entries
;
225 UINTN IndexOfPdpEntries
;
226 UINTN IndexOfPageDirectoryEntries
;
227 UINT64
*PageMapLevel5Entry
;
228 UINT64
*PageMapLevel4Entry
;
230 UINT64
*PageDirectoryPointerEntry
;
231 UINT64
*PageDirectory1GEntry
;
232 UINT64
*PageDirectoryEntry
;
235 // IA-32e paging translates 48-bit linear addresses to 52-bit physical addresses
236 // when 5-Level Paging is disabled.
238 ASSERT (mPhysicalAddressBits
<= 52);
239 if (!m5LevelPagingNeeded
&& mPhysicalAddressBits
> 48) {
240 mPhysicalAddressBits
= 48;
243 NumberOfPml5EntriesNeeded
= 1;
244 if (mPhysicalAddressBits
> 48) {
245 NumberOfPml5EntriesNeeded
= (UINTN
) LShiftU64 (1, mPhysicalAddressBits
- 48);
246 mPhysicalAddressBits
= 48;
249 NumberOfPml4EntriesNeeded
= 1;
250 if (mPhysicalAddressBits
> 39) {
251 NumberOfPml4EntriesNeeded
= (UINTN
) LShiftU64 (1, mPhysicalAddressBits
- 39);
252 mPhysicalAddressBits
= 39;
255 NumberOfPdpEntriesNeeded
= 1;
256 ASSERT (mPhysicalAddressBits
> 30);
257 NumberOfPdpEntriesNeeded
= (UINTN
) LShiftU64 (1, mPhysicalAddressBits
- 30);
260 // By architecture only one PageMapLevel4 exists - so lets allocate storage for it.
262 PageMap
= (VOID
*) PageTable
;
264 PageMapLevel4Entry
= PageMap
;
265 PageMapLevel5Entry
= NULL
;
266 if (m5LevelPagingNeeded
) {
268 // By architecture only one PageMapLevel5 exists - so lets allocate storage for it.
270 PageMapLevel5Entry
= PageMap
;
274 for ( IndexOfPml5Entries
= 0
275 ; IndexOfPml5Entries
< NumberOfPml5EntriesNeeded
276 ; IndexOfPml5Entries
++, PageMapLevel5Entry
++) {
278 // Each PML5 entry points to a page of PML4 entires.
279 // So lets allocate space for them and fill them in in the IndexOfPml4Entries loop.
280 // When 5-Level Paging is disabled, below allocation happens only once.
282 if (m5LevelPagingNeeded
) {
283 PageMapLevel4Entry
= (UINT64
*) ((*PageMapLevel5Entry
) & ~mAddressEncMask
& gPhyMask
);
284 if (PageMapLevel4Entry
== NULL
) {
285 PageMapLevel4Entry
= AllocatePageTableMemory (1);
286 ASSERT(PageMapLevel4Entry
!= NULL
);
287 ZeroMem (PageMapLevel4Entry
, EFI_PAGES_TO_SIZE(1));
289 *PageMapLevel5Entry
= (UINT64
)(UINTN
)PageMapLevel4Entry
| mAddressEncMask
| PAGE_ATTRIBUTE_BITS
;
293 for (IndexOfPml4Entries
= 0; IndexOfPml4Entries
< (NumberOfPml5EntriesNeeded
== 1 ? NumberOfPml4EntriesNeeded
: 512); IndexOfPml4Entries
++, PageMapLevel4Entry
++) {
295 // Each PML4 entry points to a page of Page Directory Pointer entries.
297 PageDirectoryPointerEntry
= (UINT64
*) ((*PageMapLevel4Entry
) & ~mAddressEncMask
& gPhyMask
);
298 if (PageDirectoryPointerEntry
== NULL
) {
299 PageDirectoryPointerEntry
= AllocatePageTableMemory (1);
300 ASSERT(PageDirectoryPointerEntry
!= NULL
);
301 ZeroMem (PageDirectoryPointerEntry
, EFI_PAGES_TO_SIZE(1));
303 *PageMapLevel4Entry
= (UINT64
)(UINTN
)PageDirectoryPointerEntry
| mAddressEncMask
| PAGE_ATTRIBUTE_BITS
;
306 if (m1GPageTableSupport
) {
307 PageDirectory1GEntry
= PageDirectoryPointerEntry
;
308 for (IndexOfPageDirectoryEntries
= 0; IndexOfPageDirectoryEntries
< 512; IndexOfPageDirectoryEntries
++, PageDirectory1GEntry
++, PageAddress
+= SIZE_1GB
) {
309 if (IndexOfPml4Entries
== 0 && IndexOfPageDirectoryEntries
< 4) {
311 // Skip the < 4G entries
316 // Fill in the Page Directory entries
318 *PageDirectory1GEntry
= PageAddress
| mAddressEncMask
| IA32_PG_PS
| PAGE_ATTRIBUTE_BITS
;
321 PageAddress
= BASE_4GB
;
322 for (IndexOfPdpEntries
= 0; IndexOfPdpEntries
< (NumberOfPml4EntriesNeeded
== 1 ? NumberOfPdpEntriesNeeded
: 512); IndexOfPdpEntries
++, PageDirectoryPointerEntry
++) {
323 if (IndexOfPml4Entries
== 0 && IndexOfPdpEntries
< 4) {
325 // Skip the < 4G entries
330 // Each Directory Pointer entries points to a page of Page Directory entires.
331 // So allocate space for them and fill them in in the IndexOfPageDirectoryEntries loop.
333 PageDirectoryEntry
= (UINT64
*) ((*PageDirectoryPointerEntry
) & ~mAddressEncMask
& gPhyMask
);
334 if (PageDirectoryEntry
== NULL
) {
335 PageDirectoryEntry
= AllocatePageTableMemory (1);
336 ASSERT(PageDirectoryEntry
!= NULL
);
337 ZeroMem (PageDirectoryEntry
, EFI_PAGES_TO_SIZE(1));
340 // Fill in a Page Directory Pointer Entries
342 *PageDirectoryPointerEntry
= (UINT64
)(UINTN
)PageDirectoryEntry
| mAddressEncMask
| PAGE_ATTRIBUTE_BITS
;
345 for (IndexOfPageDirectoryEntries
= 0; IndexOfPageDirectoryEntries
< 512; IndexOfPageDirectoryEntries
++, PageDirectoryEntry
++, PageAddress
+= SIZE_2MB
) {
347 // Fill in the Page Directory entries
349 *PageDirectoryEntry
= PageAddress
| mAddressEncMask
| IA32_PG_PS
| PAGE_ATTRIBUTE_BITS
;
358 Create PageTable for SMM use.
360 @return The address of PML4 (to set CR3).
368 EFI_PHYSICAL_ADDRESS Pages
;
370 LIST_ENTRY
*FreePage
;
372 UINTN PageFaultHandlerHookAddress
;
373 IA32_IDT_GATE_DESCRIPTOR
*IdtEntry
;
379 // Initialize spin lock
381 InitializeSpinLock (mPFLock
);
383 mCpuSmmRestrictedMemoryAccess
= PcdGetBool (PcdCpuSmmRestrictedMemoryAccess
);
384 m1GPageTableSupport
= Is1GPageSupport ();
385 m5LevelPagingNeeded
= Is5LevelPagingNeeded ();
386 mPhysicalAddressBits
= CalculateMaximumSupportAddress ();
387 PatchInstructionX86 (gPatch5LevelPagingNeeded
, m5LevelPagingNeeded
, 1);
388 DEBUG ((DEBUG_INFO
, "5LevelPaging Needed - %d\n", m5LevelPagingNeeded
));
389 DEBUG ((DEBUG_INFO
, "1GPageTable Support - %d\n", m1GPageTableSupport
));
390 DEBUG ((DEBUG_INFO
, "PcdCpuSmmRestrictedMemoryAccess - %d\n", mCpuSmmRestrictedMemoryAccess
));
391 DEBUG ((DEBUG_INFO
, "PhysicalAddressBits - %d\n", mPhysicalAddressBits
));
393 // Generate PAE page table for the first 4GB memory space
395 Pages
= Gen4GPageTable (FALSE
);
398 // Set IA32_PG_PMNT bit to mask this entry
400 PTEntry
= (UINT64
*)(UINTN
)Pages
;
401 for (Index
= 0; Index
< 4; Index
++) {
402 PTEntry
[Index
] |= IA32_PG_PMNT
;
406 // Fill Page-Table-Level4 (PML4) entry
408 Pml4Entry
= (UINT64
*)AllocatePageTableMemory (1);
409 ASSERT (Pml4Entry
!= NULL
);
410 *Pml4Entry
= Pages
| mAddressEncMask
| PAGE_ATTRIBUTE_BITS
;
411 ZeroMem (Pml4Entry
+ 1, EFI_PAGE_SIZE
- sizeof (*Pml4Entry
));
414 // Set sub-entries number
416 SetSubEntriesNum (Pml4Entry
, 3);
419 if (m5LevelPagingNeeded
) {
423 Pml5Entry
= (UINT64
*)AllocatePageTableMemory (1);
424 ASSERT (Pml5Entry
!= NULL
);
425 *Pml5Entry
= (UINTN
) Pml4Entry
| mAddressEncMask
| PAGE_ATTRIBUTE_BITS
;
426 ZeroMem (Pml5Entry
+ 1, EFI_PAGE_SIZE
- sizeof (*Pml5Entry
));
428 // Set sub-entries number
430 SetSubEntriesNum (Pml5Entry
, 1);
434 if (mCpuSmmRestrictedMemoryAccess
) {
436 // When access to non-SMRAM memory is restricted, create page table
437 // that covers all memory space.
439 SetStaticPageTable ((UINTN
)PTEntry
);
442 // Add pages to page pool
444 FreePage
= (LIST_ENTRY
*)AllocatePageTableMemory (PAGE_TABLE_PAGES
);
445 ASSERT (FreePage
!= NULL
);
446 for (Index
= 0; Index
< PAGE_TABLE_PAGES
; Index
++) {
447 InsertTailList (&mPagePool
, FreePage
);
448 FreePage
+= EFI_PAGE_SIZE
/ sizeof (*FreePage
);
452 if (FeaturePcdGet (PcdCpuSmmProfileEnable
) ||
453 HEAP_GUARD_NONSTOP_MODE
||
454 NULL_DETECTION_NONSTOP_MODE
) {
456 // Set own Page Fault entry instead of the default one, because SMM Profile
457 // feature depends on IRET instruction to do Single Step
459 PageFaultHandlerHookAddress
= (UINTN
)PageFaultIdtHandlerSmmProfile
;
460 IdtEntry
= (IA32_IDT_GATE_DESCRIPTOR
*) gcSmiIdtr
.Base
;
461 IdtEntry
+= EXCEPT_IA32_PAGE_FAULT
;
462 IdtEntry
->Bits
.OffsetLow
= (UINT16
)PageFaultHandlerHookAddress
;
463 IdtEntry
->Bits
.Reserved_0
= 0;
464 IdtEntry
->Bits
.GateType
= IA32_IDT_GATE_TYPE_INTERRUPT_32
;
465 IdtEntry
->Bits
.OffsetHigh
= (UINT16
)(PageFaultHandlerHookAddress
>> 16);
466 IdtEntry
->Bits
.OffsetUpper
= (UINT32
)(PageFaultHandlerHookAddress
>> 32);
467 IdtEntry
->Bits
.Reserved_1
= 0;
470 // Register Smm Page Fault Handler
472 Status
= SmmRegisterExceptionHandler (&mSmmCpuService
, EXCEPT_IA32_PAGE_FAULT
, SmiPFHandler
);
473 ASSERT_EFI_ERROR (Status
);
477 // Additional SMM IDT initialization for SMM stack guard
479 if (FeaturePcdGet (PcdCpuSmmStackGuard
)) {
480 InitializeIDTSmmStackGuard ();
484 // Return the address of PML4/PML5 (to set CR3)
486 return (UINT32
)(UINTN
)PTEntry
;
490 Set access record in entry.
492 @param[in, out] Entry Pointer to entry
493 @param[in] Acc Access record value
498 IN OUT UINT64
*Entry
,
503 // Access record is saved in BIT9 to BIT11 (reserved field) in Entry
505 *Entry
= BitFieldWrite64 (*Entry
, 9, 11, Acc
);
509 Return access record in entry.
511 @param[in] Entry Pointer to entry
513 @return Access record value.
522 // Access record is saved in BIT9 to BIT11 (reserved field) in Entry
524 return BitFieldRead64 (*Entry
, 9, 11);
528 Return and update the access record in entry.
530 @param[in, out] Entry Pointer to entry
532 @return Access record value.
542 Acc
= GetAccNum (Entry
);
543 if ((*Entry
& IA32_PG_A
) != 0) {
545 // If this entry has been accessed, clear access flag in Entry and update access record
546 // to the initial value 7, adding ACC_MAX_BIT is to make it larger than others
548 *Entry
&= ~(UINT64
)(UINTN
)IA32_PG_A
;
549 SetAccNum (Entry
, 0x7);
550 return (0x7 + ACC_MAX_BIT
);
554 // If the access record is not the smallest value 0, minus 1 and update the access record field
556 SetAccNum (Entry
, Acc
- 1);
563 Reclaim free pages for PageFault handler.
565 Search the whole entries tree to find the leaf entry that has the smallest
566 access record value. Insert the page pointed by this leaf entry into the
567 page pool. And check its upper entries if need to be inserted into the page
591 UINT64 SubEntriesNum
;
594 UINT64
*ReleasePageAddress
;
596 BOOLEAN Enable5LevelPaging
;
598 UINT64 PFAddressPml5Index
;
599 UINT64 PFAddressPml4Index
;
600 UINT64 PFAddressPdptIndex
;
601 UINT64 PFAddressPdtIndex
;
612 ReleasePageAddress
= 0;
613 PFAddress
= AsmReadCr2 ();
614 PFAddressPml5Index
= BitFieldRead64 (PFAddress
, 48, 48 + 8);
615 PFAddressPml4Index
= BitFieldRead64 (PFAddress
, 39, 39 + 8);
616 PFAddressPdptIndex
= BitFieldRead64 (PFAddress
, 30, 30 + 8);
617 PFAddressPdtIndex
= BitFieldRead64 (PFAddress
, 21, 21 + 8);
619 Cr4
.UintN
= AsmReadCr4 ();
620 Enable5LevelPaging
= (BOOLEAN
) (Cr4
.Bits
.LA57
== 1);
621 Pml5
= (UINT64
*)(UINTN
)(AsmReadCr3 () & gPhyMask
);
623 if (!Enable5LevelPaging
) {
625 // Create one fake PML5 entry for 4-Level Paging
626 // so that the page table parsing logic only handles 5-Level page structure.
628 Pml5Entry
= (UINTN
) Pml5
| IA32_PG_P
;
633 // First, find the leaf entry has the smallest access record value
635 for (Pml5Index
= 0; Pml5Index
< (Enable5LevelPaging
? (EFI_PAGE_SIZE
/ sizeof (*Pml4
)) : 1); Pml5Index
++) {
636 if ((Pml5
[Pml5Index
] & IA32_PG_P
) == 0 || (Pml5
[Pml5Index
] & IA32_PG_PMNT
) != 0) {
638 // If the PML5 entry is not present or is masked, skip it
642 Pml4
= (UINT64
*)(UINTN
)(Pml5
[Pml5Index
] & gPhyMask
);
643 for (Pml4Index
= 0; Pml4Index
< EFI_PAGE_SIZE
/ sizeof (*Pml4
); Pml4Index
++) {
644 if ((Pml4
[Pml4Index
] & IA32_PG_P
) == 0 || (Pml4
[Pml4Index
] & IA32_PG_PMNT
) != 0) {
646 // If the PML4 entry is not present or is masked, skip it
650 Pdpt
= (UINT64
*)(UINTN
)(Pml4
[Pml4Index
] & ~mAddressEncMask
& gPhyMask
);
652 for (PdptIndex
= 0; PdptIndex
< EFI_PAGE_SIZE
/ sizeof (*Pdpt
); PdptIndex
++) {
653 if ((Pdpt
[PdptIndex
] & IA32_PG_P
) == 0 || (Pdpt
[PdptIndex
] & IA32_PG_PMNT
) != 0) {
655 // If the PDPT entry is not present or is masked, skip it
657 if ((Pdpt
[PdptIndex
] & IA32_PG_PMNT
) != 0) {
659 // If the PDPT entry is masked, we will ignore checking the PML4 entry
665 if ((Pdpt
[PdptIndex
] & IA32_PG_PS
) == 0) {
667 // It's not 1-GByte pages entry, it should be a PDPT entry,
668 // we will not check PML4 entry more
671 Pdt
= (UINT64
*)(UINTN
)(Pdpt
[PdptIndex
] & ~mAddressEncMask
& gPhyMask
);
673 for (PdtIndex
= 0; PdtIndex
< EFI_PAGE_SIZE
/ sizeof(*Pdt
); PdtIndex
++) {
674 if ((Pdt
[PdtIndex
] & IA32_PG_P
) == 0 || (Pdt
[PdtIndex
] & IA32_PG_PMNT
) != 0) {
676 // If the PD entry is not present or is masked, skip it
678 if ((Pdt
[PdtIndex
] & IA32_PG_PMNT
) != 0) {
680 // If the PD entry is masked, we will not PDPT entry more
686 if ((Pdt
[PdtIndex
] & IA32_PG_PS
) == 0) {
688 // It's not 2 MByte page table entry, it should be PD entry
689 // we will find the entry has the smallest access record value
692 if (PdtIndex
!= PFAddressPdtIndex
|| PdptIndex
!= PFAddressPdptIndex
||
693 Pml4Index
!= PFAddressPml4Index
|| Pml5Index
!= PFAddressPml5Index
) {
694 Acc
= GetAndUpdateAccNum (Pdt
+ PdtIndex
);
697 // If the PD entry has the smallest access record value,
698 // save the Page address to be released
705 ReleasePageAddress
= Pdt
+ PdtIndex
;
712 // If this PDPT entry has no PDT entries pointer to 4 KByte pages,
713 // it should only has the entries point to 2 MByte Pages
715 if (PdptIndex
!= PFAddressPdptIndex
|| Pml4Index
!= PFAddressPml4Index
||
716 Pml5Index
!= PFAddressPml5Index
) {
717 Acc
= GetAndUpdateAccNum (Pdpt
+ PdptIndex
);
720 // If the PDPT entry has the smallest access record value,
721 // save the Page address to be released
728 ReleasePageAddress
= Pdpt
+ PdptIndex
;
736 // If PML4 entry has no the PDPT entry pointer to 2 MByte pages,
737 // it should only has the entries point to 1 GByte Pages
739 if (Pml4Index
!= PFAddressPml4Index
|| Pml5Index
!= PFAddressPml5Index
) {
740 Acc
= GetAndUpdateAccNum (Pml4
+ Pml4Index
);
743 // If the PML4 entry has the smallest access record value,
744 // save the Page address to be released
751 ReleasePageAddress
= Pml4
+ Pml4Index
;
758 // Make sure one PML4/PDPT/PD entry is selected
760 ASSERT (MinAcc
!= (UINT64
)-1);
763 // Secondly, insert the page pointed by this entry into page pool and clear this entry
765 InsertTailList (&mPagePool
, (LIST_ENTRY
*)(UINTN
)(*ReleasePageAddress
& ~mAddressEncMask
& gPhyMask
));
766 *ReleasePageAddress
= 0;
769 // Lastly, check this entry's upper entries if need to be inserted into page pool
773 if (MinPdt
!= (UINTN
)-1) {
775 // If 4 KByte Page Table is released, check the PDPT entry
777 Pml4
= (UINT64
*) (UINTN
) (Pml5
[MinPml5
] & gPhyMask
);
778 Pdpt
= (UINT64
*)(UINTN
)(Pml4
[MinPml4
] & ~mAddressEncMask
& gPhyMask
);
779 SubEntriesNum
= GetSubEntriesNum(Pdpt
+ MinPdpt
);
780 if (SubEntriesNum
== 0 &&
781 (MinPdpt
!= PFAddressPdptIndex
|| MinPml4
!= PFAddressPml4Index
|| MinPml5
!= PFAddressPml5Index
)) {
783 // Release the empty Page Directory table if there was no more 4 KByte Page Table entry
784 // clear the Page directory entry
786 InsertTailList (&mPagePool
, (LIST_ENTRY
*)(UINTN
)(Pdpt
[MinPdpt
] & ~mAddressEncMask
& gPhyMask
));
789 // Go on checking the PML4 table
795 // Update the sub-entries filed in PDPT entry and exit
797 SetSubEntriesNum (Pdpt
+ MinPdpt
, (SubEntriesNum
- 1) & 0x1FF);
800 if (MinPdpt
!= (UINTN
)-1) {
802 // One 2MB Page Table is released or Page Directory table is released, check the PML4 entry
804 SubEntriesNum
= GetSubEntriesNum (Pml4
+ MinPml4
);
805 if (SubEntriesNum
== 0 && (MinPml4
!= PFAddressPml4Index
|| MinPml5
!= PFAddressPml5Index
)) {
807 // Release the empty PML4 table if there was no more 1G KByte Page Table entry
808 // clear the Page directory entry
810 InsertTailList (&mPagePool
, (LIST_ENTRY
*)(UINTN
)(Pml4
[MinPml4
] & ~mAddressEncMask
& gPhyMask
));
816 // Update the sub-entries filed in PML4 entry and exit
818 SetSubEntriesNum (Pml4
+ MinPml4
, (SubEntriesNum
- 1) & 0x1FF);
822 // PLM4 table has been released before, exit it
829 Allocate free Page for PageFault handler use.
831 @return Page address.
841 if (IsListEmpty (&mPagePool
)) {
843 // If page pool is empty, reclaim the used pages and insert one into page pool
849 // Get one free page and remove it from page pool
851 RetVal
= (UINT64
)(UINTN
)mPagePool
.ForwardLink
;
852 RemoveEntryList (mPagePool
.ForwardLink
);
854 // Clean this page and return
856 ZeroMem ((VOID
*)(UINTN
)RetVal
, EFI_PAGE_SIZE
);
861 Page Fault handler for SMM use.
865 SmiDefaultPFHandler (
870 UINT64
*PageTableTop
;
876 SMM_PAGE_SIZE_TYPE PageSize
;
881 BOOLEAN Enable5LevelPaging
;
885 // Set default SMM page attribute
887 PageSize
= SmmPageSize2M
;
892 PageTableTop
= (UINT64
*)(AsmReadCr3 () & gPhyMask
);
893 PFAddress
= AsmReadCr2 ();
895 Cr4
.UintN
= AsmReadCr4 ();
896 Enable5LevelPaging
= (BOOLEAN
) (Cr4
.Bits
.LA57
!= 0);
898 Status
= GetPlatformPageTableAttribute (PFAddress
, &PageSize
, &NumOfPages
, &PageAttribute
);
900 // If platform not support page table attribute, set default SMM page attribute
902 if (Status
!= EFI_SUCCESS
) {
903 PageSize
= SmmPageSize2M
;
907 if (PageSize
>= MaxSmmPageSizeType
) {
908 PageSize
= SmmPageSize2M
;
910 if (NumOfPages
> 512) {
917 // BIT12 to BIT20 is Page Table index
923 // BIT21 to BIT29 is Page Directory index
926 PageAttribute
|= (UINTN
)IA32_PG_PS
;
929 if (!m1GPageTableSupport
) {
930 DEBUG ((DEBUG_ERROR
, "1-GByte pages is not supported!"));
934 // BIT30 to BIT38 is Page Directory Pointer Table index
937 PageAttribute
|= (UINTN
)IA32_PG_PS
;
944 // If execute-disable is enabled, set NX bit
947 PageAttribute
|= IA32_PG_NX
;
950 for (Index
= 0; Index
< NumOfPages
; Index
++) {
951 PageTable
= PageTableTop
;
953 for (StartBit
= Enable5LevelPaging
? 48 : 39; StartBit
> EndBit
; StartBit
-= 9) {
954 PTIndex
= BitFieldRead64 (PFAddress
, StartBit
, StartBit
+ 8);
955 if ((PageTable
[PTIndex
] & IA32_PG_P
) == 0) {
957 // If the entry is not present, allocate one page from page pool for it
959 PageTable
[PTIndex
] = AllocPage () | mAddressEncMask
| PAGE_ATTRIBUTE_BITS
;
962 // Save the upper entry address
964 UpperEntry
= PageTable
+ PTIndex
;
967 // BIT9 to BIT11 of entry is used to save access record,
968 // initialize value is 7
970 PageTable
[PTIndex
] |= (UINT64
)IA32_PG_A
;
971 SetAccNum (PageTable
+ PTIndex
, 7);
972 PageTable
= (UINT64
*)(UINTN
)(PageTable
[PTIndex
] & ~mAddressEncMask
& gPhyMask
);
975 PTIndex
= BitFieldRead64 (PFAddress
, StartBit
, StartBit
+ 8);
976 if ((PageTable
[PTIndex
] & IA32_PG_P
) != 0) {
978 // Check if the entry has already existed, this issue may occur when the different
979 // size page entries created under the same entry
981 DEBUG ((DEBUG_ERROR
, "PageTable = %lx, PTIndex = %x, PageTable[PTIndex] = %lx\n", PageTable
, PTIndex
, PageTable
[PTIndex
]));
982 DEBUG ((DEBUG_ERROR
, "New page table overlapped with old page table!\n"));
986 // Fill the new entry
988 PageTable
[PTIndex
] = ((PFAddress
| mAddressEncMask
) & gPhyMask
& ~((1ull << EndBit
) - 1)) |
989 PageAttribute
| IA32_PG_A
| PAGE_ATTRIBUTE_BITS
;
990 if (UpperEntry
!= NULL
) {
991 SetSubEntriesNum (UpperEntry
, (GetSubEntriesNum (UpperEntry
) + 1) & 0x1FF);
994 // Get the next page address if we need to create more page tables
996 PFAddress
+= (1ull << EndBit
);
1001 ThePage Fault handler wrapper for SMM use.
1003 @param InterruptType Defines the type of interrupt or exception that
1004 occurred on the processor.This parameter is processor architecture specific.
1005 @param SystemContext A pointer to the processor context when
1006 the interrupt occurred on the processor.
1011 IN EFI_EXCEPTION_TYPE InterruptType
,
1012 IN EFI_SYSTEM_CONTEXT SystemContext
1016 UINTN GuardPageAddress
;
1019 ASSERT (InterruptType
== EXCEPT_IA32_PAGE_FAULT
);
1021 AcquireSpinLock (mPFLock
);
1023 PFAddress
= AsmReadCr2 ();
1025 if (mCpuSmmRestrictedMemoryAccess
&& (PFAddress
>= LShiftU64 (1, (mPhysicalAddressBits
- 1)))) {
1026 DumpCpuContext (InterruptType
, SystemContext
);
1027 DEBUG ((DEBUG_ERROR
, "Do not support address 0x%lx by processor!\n", PFAddress
));
1033 // If a page fault occurs in SMRAM range, it might be in a SMM stack guard page,
1034 // or SMM page protection violation.
1036 if ((PFAddress
>= mCpuHotPlugData
.SmrrBase
) &&
1037 (PFAddress
< (mCpuHotPlugData
.SmrrBase
+ mCpuHotPlugData
.SmrrSize
))) {
1038 DumpCpuContext (InterruptType
, SystemContext
);
1039 CpuIndex
= GetCpuIndex ();
1040 GuardPageAddress
= (mSmmStackArrayBase
+ EFI_PAGE_SIZE
+ CpuIndex
* mSmmStackSize
);
1041 if ((FeaturePcdGet (PcdCpuSmmStackGuard
)) &&
1042 (PFAddress
>= GuardPageAddress
) &&
1043 (PFAddress
< (GuardPageAddress
+ EFI_PAGE_SIZE
))) {
1044 DEBUG ((DEBUG_ERROR
, "SMM stack overflow!\n"));
1046 if ((SystemContext
.SystemContextX64
->ExceptionData
& IA32_PF_EC_ID
) != 0) {
1047 DEBUG ((DEBUG_ERROR
, "SMM exception at execution (0x%lx)\n", PFAddress
));
1049 DumpModuleInfoByIp (*(UINTN
*)(UINTN
)SystemContext
.SystemContextX64
->Rsp
);
1052 DEBUG ((DEBUG_ERROR
, "SMM exception at access (0x%lx)\n", PFAddress
));
1054 DumpModuleInfoByIp ((UINTN
)SystemContext
.SystemContextX64
->Rip
);
1058 if (HEAP_GUARD_NONSTOP_MODE
) {
1059 GuardPagePFHandler (SystemContext
.SystemContextX64
->ExceptionData
);
1068 // If a page fault occurs in non-SMRAM range.
1070 if ((PFAddress
< mCpuHotPlugData
.SmrrBase
) ||
1071 (PFAddress
>= mCpuHotPlugData
.SmrrBase
+ mCpuHotPlugData
.SmrrSize
)) {
1072 if ((SystemContext
.SystemContextX64
->ExceptionData
& IA32_PF_EC_ID
) != 0) {
1073 DumpCpuContext (InterruptType
, SystemContext
);
1074 DEBUG ((DEBUG_ERROR
, "Code executed on IP(0x%lx) out of SMM range after SMM is locked!\n", PFAddress
));
1076 DumpModuleInfoByIp (*(UINTN
*)(UINTN
)SystemContext
.SystemContextX64
->Rsp
);
1083 // If NULL pointer was just accessed
1085 if ((PcdGet8 (PcdNullPointerDetectionPropertyMask
) & BIT1
) != 0 &&
1086 (PFAddress
< EFI_PAGE_SIZE
)) {
1087 DumpCpuContext (InterruptType
, SystemContext
);
1088 DEBUG ((DEBUG_ERROR
, "!!! NULL pointer access !!!\n"));
1090 DumpModuleInfoByIp ((UINTN
)SystemContext
.SystemContextX64
->Rip
);
1093 if (NULL_DETECTION_NONSTOP_MODE
) {
1094 GuardPagePFHandler (SystemContext
.SystemContextX64
->ExceptionData
);
1102 if (mCpuSmmRestrictedMemoryAccess
&& IsSmmCommBufferForbiddenAddress (PFAddress
)) {
1103 DumpCpuContext (InterruptType
, SystemContext
);
1104 DEBUG ((DEBUG_ERROR
, "Access SMM communication forbidden address (0x%lx)!\n", PFAddress
));
1106 DumpModuleInfoByIp ((UINTN
)SystemContext
.SystemContextX64
->Rip
);
1113 if (FeaturePcdGet (PcdCpuSmmProfileEnable
)) {
1114 SmmProfilePFHandler (
1115 SystemContext
.SystemContextX64
->Rip
,
1116 SystemContext
.SystemContextX64
->ExceptionData
1119 SmiDefaultPFHandler ();
1123 ReleaseSpinLock (mPFLock
);
1127 This function sets memory attribute for page table.
1130 SetPageTableAttributes (
1138 UINT64
*L1PageTable
;
1139 UINT64
*L2PageTable
;
1140 UINT64
*L3PageTable
;
1141 UINT64
*L4PageTable
;
1142 UINT64
*L5PageTable
;
1143 UINTN PageTableBase
;
1145 BOOLEAN PageTableSplitted
;
1147 BOOLEAN Enable5LevelPaging
;
1150 // Don't mark page table memory as read-only if
1151 // - no restriction on access to non-SMRAM memory; or
1152 // - SMM heap guard feature enabled; or
1153 // BIT2: SMM page guard enabled
1154 // BIT3: SMM pool guard enabled
1155 // - SMM profile feature enabled
1157 if (!mCpuSmmRestrictedMemoryAccess
||
1158 ((PcdGet8 (PcdHeapGuardPropertyMask
) & (BIT3
| BIT2
)) != 0) ||
1159 FeaturePcdGet (PcdCpuSmmProfileEnable
)) {
1161 // Restriction on access to non-SMRAM memory and heap guard could not be enabled at the same time.
1163 ASSERT (!(mCpuSmmRestrictedMemoryAccess
&&
1164 (PcdGet8 (PcdHeapGuardPropertyMask
) & (BIT3
| BIT2
)) != 0));
1167 // Restriction on access to non-SMRAM memory and SMM profile could not be enabled at the same time.
1169 ASSERT (!(mCpuSmmRestrictedMemoryAccess
&& FeaturePcdGet (PcdCpuSmmProfileEnable
)));
1173 DEBUG ((DEBUG_INFO
, "SetPageTableAttributes\n"));
1176 // Disable write protection, because we need mark page table to be write protected.
1177 // We need *write* page table memory, to mark itself to be *read only*.
1179 CetEnabled
= ((AsmReadCr4() & CR4_CET_ENABLE
) != 0) ? TRUE
: FALSE
;
1182 // CET must be disabled if WP is disabled.
1186 AsmWriteCr0 (AsmReadCr0() & ~CR0_WP
);
1189 DEBUG ((DEBUG_INFO
, "Start...\n"));
1190 PageTableSplitted
= FALSE
;
1193 GetPageTable (&PageTableBase
, &Enable5LevelPaging
);
1195 if (Enable5LevelPaging
) {
1196 L5PageTable
= (UINT64
*)PageTableBase
;
1197 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS
)PageTableBase
, SIZE_4KB
, EFI_MEMORY_RO
, &IsSplitted
);
1198 PageTableSplitted
= (PageTableSplitted
|| IsSplitted
);
1201 for (Index5
= 0; Index5
< (Enable5LevelPaging
? SIZE_4KB
/sizeof(UINT64
) : 1); Index5
++) {
1202 if (Enable5LevelPaging
) {
1203 L4PageTable
= (UINT64
*)(UINTN
)(L5PageTable
[Index5
] & ~mAddressEncMask
& PAGING_4K_ADDRESS_MASK_64
);
1204 if (L4PageTable
== NULL
) {
1208 L4PageTable
= (UINT64
*)PageTableBase
;
1210 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS
)(UINTN
)L4PageTable
, SIZE_4KB
, EFI_MEMORY_RO
, &IsSplitted
);
1211 PageTableSplitted
= (PageTableSplitted
|| IsSplitted
);
1213 for (Index4
= 0; Index4
< SIZE_4KB
/sizeof(UINT64
); Index4
++) {
1214 L3PageTable
= (UINT64
*)(UINTN
)(L4PageTable
[Index4
] & ~mAddressEncMask
& PAGING_4K_ADDRESS_MASK_64
);
1215 if (L3PageTable
== NULL
) {
1219 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS
)(UINTN
)L3PageTable
, SIZE_4KB
, EFI_MEMORY_RO
, &IsSplitted
);
1220 PageTableSplitted
= (PageTableSplitted
|| IsSplitted
);
1222 for (Index3
= 0; Index3
< SIZE_4KB
/sizeof(UINT64
); Index3
++) {
1223 if ((L3PageTable
[Index3
] & IA32_PG_PS
) != 0) {
1227 L2PageTable
= (UINT64
*)(UINTN
)(L3PageTable
[Index3
] & ~mAddressEncMask
& PAGING_4K_ADDRESS_MASK_64
);
1228 if (L2PageTable
== NULL
) {
1232 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS
)(UINTN
)L2PageTable
, SIZE_4KB
, EFI_MEMORY_RO
, &IsSplitted
);
1233 PageTableSplitted
= (PageTableSplitted
|| IsSplitted
);
1235 for (Index2
= 0; Index2
< SIZE_4KB
/sizeof(UINT64
); Index2
++) {
1236 if ((L2PageTable
[Index2
] & IA32_PG_PS
) != 0) {
1240 L1PageTable
= (UINT64
*)(UINTN
)(L2PageTable
[Index2
] & ~mAddressEncMask
& PAGING_4K_ADDRESS_MASK_64
);
1241 if (L1PageTable
== NULL
) {
1244 SmmSetMemoryAttributesEx ((EFI_PHYSICAL_ADDRESS
)(UINTN
)L1PageTable
, SIZE_4KB
, EFI_MEMORY_RO
, &IsSplitted
);
1245 PageTableSplitted
= (PageTableSplitted
|| IsSplitted
);
1250 } while (PageTableSplitted
);
1253 // Enable write protection, after page table updated.
1255 AsmWriteCr0 (AsmReadCr0() | CR0_WP
);
1267 This function reads CR2 register when on-demand paging is enabled.
1269 @param[out] *Cr2 Pointer to variable to hold CR2 register value.
1276 if (!mCpuSmmRestrictedMemoryAccess
) {
1278 // On-demand paging is enabled when access to non-SMRAM is not restricted.
1280 *Cr2
= AsmReadCr2 ();
1285 This function restores CR2 register when on-demand paging is enabled.
1287 @param[in] Cr2 Value to write into CR2 register.
1294 if (!mCpuSmmRestrictedMemoryAccess
) {
1296 // On-demand paging is enabled when access to non-SMRAM is not restricted.
1303 Return whether access to non-SMRAM is restricted.
1305 @retval TRUE Access to non-SMRAM is restricted.
1306 @retval FALSE Access to non-SMRAM is not restricted.
1309 IsRestrictedMemoryAccess (
1313 return mCpuSmmRestrictedMemoryAccess
;