From 24bb8036c90feb8c2f45f59cce15eec7792a6393 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph Date: Sun, 1 Dec 2019 07:04:04 +0100 Subject: cpu/x86/smm/smm_stub: Add x86_64 support Enable long mode in SMM handler. x86_32 isn't affected by this change. * Enter long mode * Add 64bit entry to GDT * Use x86_64 SysV ABI calling conventions for C code entry * Change smm_module_params' cpu to size_t as 'push' is native integer * Drop to protected mode after c handler NOTE: This commit does NOT introduce a new security model. It uses the same page tables as the remaining firmware does. This can be a security risk if someone is able to manipulate the page tables stored in ROM at runtime. USE FOR TESTING ONLY! Tested on Lenovo T410 with additional x86_64 patches. Change-Id: I26300492e4be62ddd5d80525022c758a019d63a1 Signed-off-by: Patrick Rudolph Reviewed-on: https://review.coreboot.org/c/coreboot/+/37392 Tested-by: build bot (Jenkins) Reviewed-by: Arthur Heymans Reviewed-by: Eugene Myers --- src/cpu/x86/smm/smm_stub.S | 52 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 4 deletions(-) (limited to 'src/cpu/x86/smm/smm_stub.S') diff --git a/src/cpu/x86/smm/smm_stub.S b/src/cpu/x86/smm/smm_stub.S index 425724d559..11ea9a71a8 100644 --- a/src/cpu/x86/smm/smm_stub.S +++ b/src/cpu/x86/smm/smm_stub.S @@ -10,6 +10,7 @@ */ #include +#include .code32 .section ".module_parameters", "aw", @progbits @@ -148,8 +149,8 @@ smm_trampoline32: pushl $0x0 mov %esp, %ebp - /* Allocate locals (fxsave) */ - subl $0x4, %esp + /* Allocate locals (fxsave, efer_backup) */ + subl $0xc, %esp /* calculate fxsave location */ mov fxsave_area, %edi @@ -177,22 +178,65 @@ smm_trampoline32: /* Align stack to 16 bytes. Another 32 bytes are pushed below. */ andl $0xfffffff0, %esp +#ifdef __x86_64__ + mov %ecx, %edi + /* Backup IA32_EFER. Preserves ebx. */ + movl $(IA32_EFER), %ecx + rdmsr + movl %eax, -0x8(%ebp) + movl %edx, -0xc(%ebp) + + /* entry64.inc preserves ebx, esi, edi */ +#include + mov %edi, %ecx + +#endif + /* Call into the c-based SMM relocation function with the platform * parameters. Equivalent to: * struct arg = { c_handler_params, cpu_num, smm_runtime, canary }; * c_handler(&arg) */ +#ifdef __x86_64__ + push %rbx /* uintptr_t *canary */ + push $(smm_runtime) + push %rcx /* size_t cpu */ + push c_handler_arg /* void *arg */ + + mov %rsp, %rdi /* *arg */ + + movl c_handler, %eax + call *%rax + + /* + * The only reason to go back to protected mode is that RSM doesn't restore + * MSR registers and MSR IA32_EFER was modified by entering long mode. + * Drop to protected mode to safely operate on the IA32_EFER MSR. + */ + + /* Disable long mode. */ + #include + + /* Restore IA32_EFER as RSM doesn't restore MSRs. */ + movl $(IA32_EFER), %ecx + rdmsr + movl -0x8(%ebp), %eax + movl -0xc(%ebp), %edx + + wrmsr + +#else push $0x0 /* Padding */ push $0x0 /* Padding */ push $0x0 /* Padding */ push %ebx /* uintptr_t *canary */ push $(smm_runtime) - push %ecx /* int cpu */ + push %ecx /* size_t cpu */ push c_handler_arg /* void *arg */ push %esp /* smm_module_params *arg (allocated on stack). */ mov c_handler, %eax call *%eax - +#endif /* Retrieve fxsave location. */ mov -4(%ebp), %edi test %edi, %edi -- cgit v1.2.3