2016-06-14 10:29:40 +02:00
|
|
|
;------------------------------------------------------------------------------ ;
|
2018-01-11 10:05:15 +01:00
|
|
|
; Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
2019-04-04 01:07:22 +02:00
|
|
|
; SPDX-License-Identifier: BSD-2-Clause-Patent
|
2016-06-14 10:29:40 +02:00
|
|
|
;
|
|
|
|
|
; Module Name:
|
|
|
|
|
;
|
|
|
|
|
; SmmInit.nasm
|
|
|
|
|
;
|
|
|
|
|
; Abstract:
|
|
|
|
|
;
|
|
|
|
|
; Functions for relocating SMBASE's for all processors
|
|
|
|
|
;
|
|
|
|
|
;-------------------------------------------------------------------------------
|
|
|
|
|
|
2018-12-21 06:45:55 +01:00
|
|
|
%include "StuffRsbNasm.inc"
|
2018-08-16 03:32:10 +02:00
|
|
|
|
2016-06-14 10:29:40 +02:00
|
|
|
extern ASM_PFX(SmmInitHandler)
|
|
|
|
|
extern ASM_PFX(mRebasedFlag)
|
|
|
|
|
extern ASM_PFX(mSmmRelocationOriginalAddress)
|
|
|
|
|
|
2018-02-02 01:48:56 +01:00
|
|
|
global ASM_PFX(gPatchSmmCr3)
|
UefiCpuPkg/PiSmmCpuDxeSmm: patch "gSmmCr4" with PatchInstructionX86()
Unlike "gSmmCr3" in the previous patch, "gSmmCr4" is not only used for
machine code patching, but also as a means to communicate the initial CR4
value from SmmRelocateBases() to InitSmmS3ResumeState(). In other words,
the last four bytes of the "mov eax, Cr4Value" instruction's binary
representation are utilized as normal data too.
In order to get rid of the DB for "mov eax, Cr4Value", we have to split
both roles, patching and data flow. Introduce the "mSmmCr4" global (SMRAM)
variable for the data flow purpose. Rename the "gSmmCr4" variable to
"gPatchSmmCr4" so that its association with PatchInstructionX86() is clear
from the declaration, change its type to X86_ASSEMBLY_PATCH_LABEL, and
patch it with PatchInstructionX86(), to the value now contained in
"mSmmCr4".
This lets us remove the binary (DB) encoding of "mov eax, Cr4Value" in
"SmmInit.nasm".
Cc: Eric Dong <eric.dong@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-02-02 02:10:05 +01:00
|
|
|
global ASM_PFX(gPatchSmmCr4)
|
UefiCpuPkg/PiSmmCpuDxeSmm: patch "gSmmCr0" with PatchInstructionX86()
Like "gSmmCr4" in the previous patch, "gSmmCr0" is not only used for
machine code patching, but also as a means to communicate the initial CR0
value from SmmRelocateBases() to InitSmmS3ResumeState(). In other words,
the last four bytes of the "mov eax, Cr0Value" instruction's binary
representation are utilized as normal data too.
In order to get rid of the DB for "mov eax, Cr0Value", we have to split
both roles, patching and data flow. Introduce the "mSmmCr0" global (SMRAM)
variable for the data flow purpose. Rename the "gSmmCr0" variable to
"gPatchSmmCr0" so that its association with PatchInstructionX86() is clear
from the declaration, change its type to X86_ASSEMBLY_PATCH_LABEL, and
patch it with PatchInstructionX86(), to the value now contained in
"mSmmCr0".
This lets us remove the binary (DB) encoding of "mov eax, Cr0Value" in
"SmmInit.nasm".
Cc: Eric Dong <eric.dong@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-02-02 02:10:05 +01:00
|
|
|
global ASM_PFX(gPatchSmmCr0)
|
2018-02-02 04:46:26 +01:00
|
|
|
global ASM_PFX(gPatchSmmInitStack)
|
2016-06-14 10:29:40 +02:00
|
|
|
global ASM_PFX(gcSmiInitGdtr)
|
|
|
|
|
global ASM_PFX(gcSmmInitSize)
|
|
|
|
|
global ASM_PFX(gcSmmInitTemplate)
|
|
|
|
|
|
|
|
|
|
%define PROTECT_MODE_CS 0x8
|
|
|
|
|
%define PROTECT_MODE_DS 0x20
|
|
|
|
|
|
|
|
|
|
SECTION .text
|
|
|
|
|
|
|
|
|
|
ASM_PFX(gcSmiInitGdtr):
|
|
|
|
|
DW 0
|
|
|
|
|
DQ 0
|
|
|
|
|
|
|
|
|
|
global ASM_PFX(SmmStartup)
|
UefiCpuPkg/PiSmmCpuDxeSmm: remove unneeded DBs from IA32 SmmStartup()
The SmmStartup() executes in SMM, which is very similar to real mode. Add
"BITS 16" before it and "BITS 32" after it (just before the @32bit label).
Remove the manual 0x66 operand-size override prefixes, for selecting
32-bit operands -- the sizes of our operands trigger NASM to insert the
prefixes automatically in almost every spot. The one place where we have
to add it back manually is the LGDT instruction. (The 0x67 address-size
override prefix is also auto-generated.)
This patch causes NASM to generate byte-identical object code (determined
by disassembling both the pre-patch and post-patch versions, and comparing
the listings), except:
> @@ -158,7 +158,7 @@
> 00000142 6689D3 mov ebx,edx
> 00000145 66B800000000 mov eax,0x0
> 0000014B 0F22D8 mov cr3,eax
> -0000014E 67662E0F0155F6 o32 lgdt [cs:ebp-0xa]
> +0000014E 2E66670F0155F6 o32 lgdt [cs:ebp-0xa]
> 00000155 66B800000000 mov eax,0x0
> 0000015B 0F22E0 mov cr4,eax
> 0000015E 66B9800000C0 mov ecx,0xc0000080
The only difference is the prefix list order, it changes from:
- 0x67, 0x66, 0x2E
to
- 0x2E, 0x66, 0x67
(0x2E is "CS segment override").
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-01-30 14:43:28 +01:00
|
|
|
|
|
|
|
|
BITS 16
|
2016-06-14 10:29:40 +02:00
|
|
|
ASM_PFX(SmmStartup):
|
2018-01-15 03:16:26 +01:00
|
|
|
mov eax, 0x80000001 ; read capability
|
|
|
|
|
cpuid
|
|
|
|
|
mov ebx, edx ; rdmsr will change edx. keep it in ebx.
|
2018-01-30 15:34:08 +01:00
|
|
|
and ebx, BIT20 ; extract NX capability bit
|
|
|
|
|
shr ebx, 9 ; shift bit to IA32_EFER.NXE[BIT11] position
|
2018-02-02 01:48:56 +01:00
|
|
|
mov eax, strict dword 0 ; source operand will be patched
|
|
|
|
|
ASM_PFX(gPatchSmmCr3):
|
2016-06-14 10:29:40 +02:00
|
|
|
mov cr3, eax
|
UefiCpuPkg/PiSmmCpuDxeSmm: remove unneeded DBs from IA32 SmmStartup()
The SmmStartup() executes in SMM, which is very similar to real mode. Add
"BITS 16" before it and "BITS 32" after it (just before the @32bit label).
Remove the manual 0x66 operand-size override prefixes, for selecting
32-bit operands -- the sizes of our operands trigger NASM to insert the
prefixes automatically in almost every spot. The one place where we have
to add it back manually is the LGDT instruction. (The 0x67 address-size
override prefix is also auto-generated.)
This patch causes NASM to generate byte-identical object code (determined
by disassembling both the pre-patch and post-patch versions, and comparing
the listings), except:
> @@ -158,7 +158,7 @@
> 00000142 6689D3 mov ebx,edx
> 00000145 66B800000000 mov eax,0x0
> 0000014B 0F22D8 mov cr3,eax
> -0000014E 67662E0F0155F6 o32 lgdt [cs:ebp-0xa]
> +0000014E 2E66670F0155F6 o32 lgdt [cs:ebp-0xa]
> 00000155 66B800000000 mov eax,0x0
> 0000015B 0F22E0 mov cr4,eax
> 0000015E 66B9800000C0 mov ecx,0xc0000080
The only difference is the prefix list order, it changes from:
- 0x67, 0x66, 0x2E
to
- 0x2E, 0x66, 0x67
(0x2E is "CS segment override").
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-01-30 14:43:28 +01:00
|
|
|
o32 lgdt [cs:ebp + (ASM_PFX(gcSmiInitGdtr) - ASM_PFX(SmmStartup))]
|
UefiCpuPkg/PiSmmCpuDxeSmm: patch "gSmmCr4" with PatchInstructionX86()
Unlike "gSmmCr3" in the previous patch, "gSmmCr4" is not only used for
machine code patching, but also as a means to communicate the initial CR4
value from SmmRelocateBases() to InitSmmS3ResumeState(). In other words,
the last four bytes of the "mov eax, Cr4Value" instruction's binary
representation are utilized as normal data too.
In order to get rid of the DB for "mov eax, Cr4Value", we have to split
both roles, patching and data flow. Introduce the "mSmmCr4" global (SMRAM)
variable for the data flow purpose. Rename the "gSmmCr4" variable to
"gPatchSmmCr4" so that its association with PatchInstructionX86() is clear
from the declaration, change its type to X86_ASSEMBLY_PATCH_LABEL, and
patch it with PatchInstructionX86(), to the value now contained in
"mSmmCr4".
This lets us remove the binary (DB) encoding of "mov eax, Cr4Value" in
"SmmInit.nasm".
Cc: Eric Dong <eric.dong@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-02-02 02:10:05 +01:00
|
|
|
mov eax, strict dword 0 ; source operand will be patched
|
|
|
|
|
ASM_PFX(gPatchSmmCr4):
|
2016-06-14 10:29:40 +02:00
|
|
|
mov cr4, eax
|
2018-01-15 03:16:26 +01:00
|
|
|
mov ecx, 0xc0000080 ; IA32_EFER MSR
|
|
|
|
|
rdmsr
|
2018-01-30 15:34:08 +01:00
|
|
|
or eax, ebx ; set NXE bit if NX is available
|
2018-01-15 03:16:26 +01:00
|
|
|
wrmsr
|
UefiCpuPkg/PiSmmCpuDxeSmm: patch "gSmmCr0" with PatchInstructionX86()
Like "gSmmCr4" in the previous patch, "gSmmCr0" is not only used for
machine code patching, but also as a means to communicate the initial CR0
value from SmmRelocateBases() to InitSmmS3ResumeState(). In other words,
the last four bytes of the "mov eax, Cr0Value" instruction's binary
representation are utilized as normal data too.
In order to get rid of the DB for "mov eax, Cr0Value", we have to split
both roles, patching and data flow. Introduce the "mSmmCr0" global (SMRAM)
variable for the data flow purpose. Rename the "gSmmCr0" variable to
"gPatchSmmCr0" so that its association with PatchInstructionX86() is clear
from the declaration, change its type to X86_ASSEMBLY_PATCH_LABEL, and
patch it with PatchInstructionX86(), to the value now contained in
"mSmmCr0".
This lets us remove the binary (DB) encoding of "mov eax, Cr0Value" in
"SmmInit.nasm".
Cc: Eric Dong <eric.dong@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-02-02 02:10:05 +01:00
|
|
|
mov eax, strict dword 0 ; source operand will be patched
|
|
|
|
|
ASM_PFX(gPatchSmmCr0):
|
UefiCpuPkg/PiSmmCpuDxeSmm: remove unneeded DBs from IA32 SmmStartup()
The SmmStartup() executes in SMM, which is very similar to real mode. Add
"BITS 16" before it and "BITS 32" after it (just before the @32bit label).
Remove the manual 0x66 operand-size override prefixes, for selecting
32-bit operands -- the sizes of our operands trigger NASM to insert the
prefixes automatically in almost every spot. The one place where we have
to add it back manually is the LGDT instruction. (The 0x67 address-size
override prefix is also auto-generated.)
This patch causes NASM to generate byte-identical object code (determined
by disassembling both the pre-patch and post-patch versions, and comparing
the listings), except:
> @@ -158,7 +158,7 @@
> 00000142 6689D3 mov ebx,edx
> 00000145 66B800000000 mov eax,0x0
> 0000014B 0F22D8 mov cr3,eax
> -0000014E 67662E0F0155F6 o32 lgdt [cs:ebp-0xa]
> +0000014E 2E66670F0155F6 o32 lgdt [cs:ebp-0xa]
> 00000155 66B800000000 mov eax,0x0
> 0000015B 0F22E0 mov cr4,eax
> 0000015E 66B9800000C0 mov ecx,0xc0000080
The only difference is the prefix list order, it changes from:
- 0x67, 0x66, 0x2E
to
- 0x2E, 0x66, 0x67
(0x2E is "CS segment override").
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-01-30 14:43:28 +01:00
|
|
|
mov di, PROTECT_MODE_DS
|
2016-06-14 10:29:40 +02:00
|
|
|
mov cr0, eax
|
UefiCpuPkg/PiSmmCpuDxeSmm: eliminate "gSmmJmpAddr" and related DBs
The IA32 version of "SmmInit.nasm" does not need "gSmmJmpAddr" at all (its
PiSmmCpuSmmInitFixupAddress() variant doesn't do anything either). We can
simply use the NASM syntax for the following Mixed-Size Jump:
> jmp PROTECT_MODE_CS : dword @32bit
The generated object code for the instruction is unchanged:
> 00000182 66EA5A0000000800 jmp dword 0x8:0x5a
(The NASM manual explains that putting the DWORD prefix after the colon
":" reflects the intent better, since it is the offset that is a DWORD.
Thus, that's what I used. However, both syntaxes are interchangeable,
hence the ndisasm output.)
The X64 version of "SmmInit.nasm" appears to require "gSmmJmpAddr";
however that's accidental, not inherent:
- Bring LONG_MODE_CODE_SEGMENT from
"UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h" to "SmmInit.nasm" as
LONG_MODE_CS, same as PROTECT_MODE_CODE_SEGMENT was brought to the IA32
version as PROTECT_MODE_CS earlier.
- Apply the NASM-native Mixed-Size Jump syntax again, but jump to the
fixed zero offset in LONG_MODE_CS. This will produce no relocation
record at all. Add a label after the instruction.
- Modify PiSmmCpuSmmInitFixupAddress() to patch the jump target backwards
from the label. Because we modify the DWORD offset with a DWORD access,
the segment selector is unharmed in the instruction, and we need not set
it from PiCpuSmmEntry().
According to "objdump --reloc", the X64 version undergoes only the
following relocations, after this patch:
> RELOCATION RECORDS FOR [.text]:
> OFFSET TYPE VALUE
> 0000000000000095 R_X86_64_PC32 SmmInitHandler-0x0000000000000004
> 00000000000000e0 R_X86_64_PC32 mRebasedFlag-0x0000000000000004
> 00000000000000ea R_X86_64_PC32 mSmmRelocationOriginalAddress-0x0000000000000004
Therefore the patch does not regress
<https://bugzilla.tianocore.org/show_bug.cgi?id=849> ("Enable XCODE5 tool
chain for UefiCpuPkg with nasm source code").
Cc: Eric Dong <eric.dong@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
2018-02-02 04:12:51 +01:00
|
|
|
jmp PROTECT_MODE_CS : dword @32bit
|
UefiCpuPkg/PiSmmCpuDxeSmm: remove unneeded DBs from IA32 SmmStartup()
The SmmStartup() executes in SMM, which is very similar to real mode. Add
"BITS 16" before it and "BITS 32" after it (just before the @32bit label).
Remove the manual 0x66 operand-size override prefixes, for selecting
32-bit operands -- the sizes of our operands trigger NASM to insert the
prefixes automatically in almost every spot. The one place where we have
to add it back manually is the LGDT instruction. (The 0x67 address-size
override prefix is also auto-generated.)
This patch causes NASM to generate byte-identical object code (determined
by disassembling both the pre-patch and post-patch versions, and comparing
the listings), except:
> @@ -158,7 +158,7 @@
> 00000142 6689D3 mov ebx,edx
> 00000145 66B800000000 mov eax,0x0
> 0000014B 0F22D8 mov cr3,eax
> -0000014E 67662E0F0155F6 o32 lgdt [cs:ebp-0xa]
> +0000014E 2E66670F0155F6 o32 lgdt [cs:ebp-0xa]
> 00000155 66B800000000 mov eax,0x0
> 0000015B 0F22E0 mov cr4,eax
> 0000015E 66B9800000C0 mov ecx,0xc0000080
The only difference is the prefix list order, it changes from:
- 0x67, 0x66, 0x2E
to
- 0x2E, 0x66, 0x67
(0x2E is "CS segment override").
Cc: Eric Dong <eric.dong@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=866
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Ruiyu Ni <ruiyu.ni@intel.com>
2018-01-30 14:43:28 +01:00
|
|
|
|
|
|
|
|
BITS 32
|
2016-06-14 10:29:40 +02:00
|
|
|
@32bit:
|
|
|
|
|
mov ds, edi
|
|
|
|
|
mov es, edi
|
|
|
|
|
mov fs, edi
|
|
|
|
|
mov gs, edi
|
|
|
|
|
mov ss, edi
|
2018-02-02 04:46:26 +01:00
|
|
|
mov esp, strict dword 0 ; source operand will be patched
|
|
|
|
|
ASM_PFX(gPatchSmmInitStack):
|
2016-06-14 10:29:40 +02:00
|
|
|
call ASM_PFX(SmmInitHandler)
|
2018-08-16 03:32:10 +02:00
|
|
|
StuffRsb32
|
2016-06-14 10:29:40 +02:00
|
|
|
rsm
|
|
|
|
|
|
|
|
|
|
BITS 16
|
|
|
|
|
ASM_PFX(gcSmmInitTemplate):
|
|
|
|
|
mov ebp, ASM_PFX(SmmStartup)
|
|
|
|
|
sub ebp, 0x30000
|
|
|
|
|
jmp ebp
|
|
|
|
|
|
|
|
|
|
ASM_PFX(gcSmmInitSize): DW $ - ASM_PFX(gcSmmInitTemplate)
|
|
|
|
|
|
|
|
|
|
BITS 32
|
|
|
|
|
global ASM_PFX(SmmRelocationSemaphoreComplete)
|
|
|
|
|
ASM_PFX(SmmRelocationSemaphoreComplete):
|
|
|
|
|
push eax
|
|
|
|
|
mov eax, [ASM_PFX(mRebasedFlag)]
|
|
|
|
|
mov byte [eax], 1
|
|
|
|
|
pop eax
|
|
|
|
|
jmp [ASM_PFX(mSmmRelocationOriginalAddress)]
|
2018-01-11 10:05:15 +01:00
|
|
|
|
|
|
|
|
global ASM_PFX(PiSmmCpuSmmInitFixupAddress)
|
|
|
|
|
ASM_PFX(PiSmmCpuSmmInitFixupAddress):
|
|
|
|
|
ret
|
