diff options
| author | Jeff Fan <jeff.fan@intel.com> | 2016-11-11 13:11:22 +0800 |
|---|---|---|
| committer | Jeff Fan <jeff.fan@intel.com> | 2016-11-15 09:47:32 +0800 |
| commit | 45e3440ac208e5b55fbaed0f1e2ff6b004d51742 (patch) | |
| tree | 1d984d677cacfb9b1a26c182c4cbe3c4362df8d0 /UefiCpuPkg/PiSmmCpuDxeSmm | |
| parent | 4a0f88dd6458528fc24ad320a05105150c9fb3bb (diff) | |
| download | device_linaro_bootloader_edk2-45e3440ac208e5b55fbaed0f1e2ff6b004d51742.tar.gz device_linaro_bootloader_edk2-45e3440ac208e5b55fbaed0f1e2ff6b004d51742.tar.bz2 device_linaro_bootloader_edk2-45e3440ac208e5b55fbaed0f1e2ff6b004d51742.zip | |
UefiCpuPkg/PiSmmCpuDxeSmm: Place AP to 32bit protected mode on S3 path
On S3 path, we may transfer to long mode (if DXE is long mode) to restore CPU
contexts with CR3 = SmmS3Cr3 (in SMM). AP will execute hlt-loop after CPU
contexts restoration. Once one NMI or SMI happens, APs may exit from hlt state
and execute the instruction after HLT instruction. If APs are running on long
mode, page table is required to fetch the instruction. However, CR3 pointer to
page table in SMM. APs will crash.
This fix is to disable long mode on APs and transfer to 32bit protected mode to
execute hlt-loop. Then CR3 and page table will no longer be required.
https://bugzilla.tianocore.org/show_bug.cgi?id=216
Reported-by: Laszlo Ersek <lersek@redhat.com>
Analyzed-by: Paolo Bonzini <pbonzini@redhat.com>
Analyzed-by: Laszlo Ersek <lersek@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jeff Fan <jeff.fan@intel.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'UefiCpuPkg/PiSmmCpuDxeSmm')
| -rw-r--r-- | UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c index bd465c7a0..62338b79b 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c @@ -70,6 +70,37 @@ InitGdt ( }
/**
+ Get Protected mode code segment from current GDT table.
+
+ @return Protected mode code segment value.
+**/
+UINT16
+GetProtectedModeCS (
+ VOID
+ )
+{
+ IA32_DESCRIPTOR GdtrDesc;
+ IA32_SEGMENT_DESCRIPTOR *GdtEntry;
+ UINTN GdtEntryCount;
+ UINT16 Index;
+
+ Index = (UINT16) -1;
+ AsmReadGdtr (&GdtrDesc);
+ GdtEntryCount = (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR);
+ GdtEntry = (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base;
+ for (Index = 0; Index < GdtEntryCount; Index++) {
+ if (GdtEntry->Bits.L == 0) {
+ if (GdtEntry->Bits.Type > 8 && GdtEntry->Bits.L == 0) {
+ break;
+ }
+ }
+ GdtEntry++;
+ }
+ ASSERT (Index != -1);
+ return Index * 8;
+}
+
+/**
Transfer AP to safe hlt-loop after it finished restore CPU features on S3 patch.
@param[in] ApHltLoopCode The 32-bit address of the safe hlt-loop function.
@@ -82,11 +113,12 @@ TransferApToSafeState ( IN UINT32 TopOfStack
)
{
- SwitchStack (
- (SWITCH_STACK_ENTRY_POINT) (UINTN) ApHltLoopCode,
- NULL,
- NULL,
- (VOID *) (UINTN) TopOfStack
+ AsmDisablePaging64 (
+ GetProtectedModeCS (),
+ (UINT32) (UINTN) ApHltLoopCode,
+ 0,
+ 0,
+ TopOfStack
);
//
// It should never reach here
|