Changeset 85718 in vbox for trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm

Timestamp:

Aug 12, 2020 4:09:12 PM (5 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

139865

Message:

Devices/EFI: Merge edk-stable202005 and make it build, bugref:4643

Location:

trunk/src/VBox/Devices/EFI/FirmwareNew

Files:

• . (modified) (1 prop)
• UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c (modified) (2 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c (modified) (1 diff)
• UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c (modified) (22 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c (modified) (3 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h (modified) (11 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf (modified) (2 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c (modified) (2 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c (modified) (1 diff)
• UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c (modified) (3 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c (modified) (14 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/X64/Semaphore.c (modified) (1 diff)
• UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm (modified) (3 diffs)
• UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmInit.nasm (modified) (1 diff)

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/CpuS3.c

@@ -617 +617 @@
   PrepareApStartupVector (mAcpiCpuData.StartupVector);
 
-  mNumberToFinish = mAcpiCpuData.NumberOfCpus - 1;
+  if (FeaturePcdGet (PcdCpuHotPlugSupport)) {
+    ASSERT (mNumberOfCpus <= mAcpiCpuData.NumberOfCpus);
+  } else {
+    ASSERT (mNumberOfCpus == mAcpiCpuData.NumberOfCpus);
+  }
+  mNumberToFinish = (UINT32)(mNumberOfCpus - 1);
   mExchangeInfo->ApFunction  = (VOID *) (UINTN) InitializeAp;
 
@@ -647 +652 @@
   )
 {
-  mNumberToFinish = mAcpiCpuData.NumberOfCpus - 1;
+  if (FeaturePcdGet (PcdCpuHotPlugSupport)) {
+    ASSERT (mNumberOfCpus <= mAcpiCpuData.NumberOfCpus);
+  } else {
+    ASSERT (mNumberOfCpus == mAcpiCpuData.NumberOfCpus);
+  }
+  mNumberToFinish = (UINT32)(mNumberOfCpus - 1);
 
   //

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c

@@ -337 +337 @@
   return ;
 }
+
+/**
+  Return whether access to non-SMRAM is restricted.
+
+  @retval TRUE  Access to non-SMRAM is restricted.
+  @retval FALSE Access to non-SMRAM is not restricted.
+**/
+BOOLEAN
+IsRestrictedMemoryAccess (
+  VOID
+  )
+{
+  return TRUE;
+}

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c

@@ -2 +2 @@
 SMM MP service implementation
 
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
@@ -138 +138 @@
   UINTN                             Index;
 
-  for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+  for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
     if (IsPresentAp (Index)) {
       ReleaseSemaphore (mSmmMpSyncData->CpuData[Index].Run);
@@ -171 +171 @@
   CpuData = mSmmMpSyncData->CpuData;
   ProcessorInfo = gSmmCpuPrivate->ProcessorInfo;
-  for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+  for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
     if (!(*(CpuData[Index].Present)) && ProcessorInfo[Index].ProcessorId != INVALID_APIC_ID) {
       if (((Exceptions & ARRIVAL_EXCEPTION_DELAYED) != 0) && SmmCpuFeaturesGetSmmRegister (Index, SmmRegSmmDelayed) != 0) {
@@ -306 +306 @@
     // Send SMI IPIs to bring outside processors in
     //
-    for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+    for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
       if (!(*(mSmmMpSyncData->CpuData[Index].Present)) && gSmmCpuPrivate->ProcessorInfo[Index].ProcessorId != INVALID_APIC_ID) {
         SendSmiIpi ((UINT32)gSmmCpuPrivate->ProcessorInfo[Index].ProcessorId);
@@ -362 +362 @@
   UINTN                             Index;
 
-  for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+  for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
     //
     // Ignore BSP and APs which not call in SMM.
@@ -404 +404 @@
 
 /**
-  Check whether execute in single AP or all APs.
-
-  Compare two Tokens used by different APs to know whether in StartAllAps call.
-
-  Whether is an valid AP base on AP's Present flag.
-
-  @retval  TRUE      IN StartAllAps call.
-  @retval  FALSE     Not in StartAllAps call.
-
-**/
-BOOLEAN
-InStartAllApsCall (
-  VOID
-  )
-{
-  UINTN      ApIndex;
-  UINTN      ApIndex2;
-
-  for (ApIndex = mMaxNumberOfCpus; ApIndex-- > 0;) {
-    if (IsPresentAp (ApIndex) && (mSmmMpSyncData->CpuData[ApIndex].Token != NULL)) {
-      for (ApIndex2 = ApIndex; ApIndex2-- > 0;) {
-        if (IsPresentAp (ApIndex2) && (mSmmMpSyncData->CpuData[ApIndex2].Token != NULL)) {
-          return mSmmMpSyncData->CpuData[ApIndex2].Token == mSmmMpSyncData->CpuData[ApIndex].Token;
-        }
-      }
-    }
-  }
-
-  return FALSE;
-}
-
-/**
   Clean up the status flags used during executing the procedure.
 
@@ -446 +414 @@
   )
 {
-  UINTN                             Index;
-  BOOLEAN                           Released;
-
-  if (InStartAllApsCall ()) {
-    //
-    // In Start All APs mode, make sure all APs have finished task.
-    //
-    if (WaitForAllAPsNotBusy (FALSE)) {
-      //
-      // Clean the flags update in the function call.
-      //
-      Released = FALSE;
-      for (Index = mMaxNumberOfCpus; Index-- > 0;) {
-        //
-        // Only In SMM APs need to be clean up.
-        //
-        if (mSmmMpSyncData->CpuData[Index].Present && mSmmMpSyncData->CpuData[Index].Token != NULL) {
-          if (!Released) {
-            ReleaseSpinLock (mSmmMpSyncData->CpuData[Index].Token);
-            Released = TRUE;
-          }
-          mSmmMpSyncData->CpuData[Index].Token = NULL;
-        }
-      }
-    }
-  } else {
-    //
-    // In single AP mode.
-    //
-    if (mSmmMpSyncData->CpuData[CpuIndex].Token != NULL) {
-      ReleaseSpinLock (mSmmMpSyncData->CpuData[CpuIndex].Token);
-      mSmmMpSyncData->CpuData[CpuIndex].Token = NULL;
-    }
-  }
+  PROCEDURE_TOKEN                         *Token;
+
+  Token = mSmmMpSyncData->CpuData[CpuIndex].Token;
+
+  if (InterlockedDecrement (&Token->RunningApCount) == 0) {
+    ReleaseSpinLock (Token->SpinLock);
+  }
+
+  mSmmMpSyncData->CpuData[CpuIndex].Token = NULL;
 }
 
@@ -487 +430 @@
 **/
 VOID
-FreeTokens (
+ResetTokens (
   VOID
   )
 {
-  LIST_ENTRY            *Link;
-  PROCEDURE_TOKEN       *ProcToken;
-
-  while (!IsListEmpty (&gSmmCpuPrivate->TokenList)) {
-    Link = GetFirstNode (&gSmmCpuPrivate->TokenList);
-    ProcToken = PROCEDURE_TOKEN_FROM_LINK (Link);
-
-    RemoveEntryList (&ProcToken->Link);
-
-    FreePool ((VOID *)ProcToken->ProcedureToken);
-    FreePool (ProcToken);
-  }
+  //
+  // Reset the FirstFreeToken to the beginning of token list upon exiting SMI.
+  //
+  gSmmCpuPrivate->FirstFreeToken = GetFirstNode (&gSmmCpuPrivate->TokenList);
 }
 
@@ -658 +593 @@
     while (TRUE) {
       PresentCount = 0;
-      for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+      for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
         if (*(mSmmMpSyncData->CpuData[Index].Present)) {
           PresentCount ++;
@@ -726 +661 @@
 
   //
-  // Clean the tokens buffer.
-  //
-  FreeTokens ();
+  // Reset the tokens buffer.
+  //
+  ResetTokens ();
 
   //
@@ -896 +831 @@
     }
 
+    if (mSmmMpSyncData->CpuData[CpuIndex].Token != NULL) {
+      ReleaseToken (CpuIndex);
+    }
+
     //
     // Release BUSY
     //
     ReleaseSpinLock (mSmmMpSyncData->CpuData[CpuIndex].Busy);
-
-    ReleaseToken (CpuIndex);
   }
 
@@ -1092 +1029 @@
 
   Link = GetFirstNode (&gSmmCpuPrivate->TokenList);
-  while (!IsNull (&gSmmCpuPrivate->TokenList, Link)) {
+  //
+  // Only search used tokens.
+  //
+  while (Link != gSmmCpuPrivate->FirstFreeToken) {
     ProcToken = PROCEDURE_TOKEN_FROM_LINK (Link);
 
-    if (ProcToken->ProcedureToken == Token) {
+    if (ProcToken->SpinLock == Token) {
       return TRUE;
     }
@@ -1106 +1046 @@
 
 /**
-  create token and save it to the maintain list.
-
-  @retval    return the spin lock used as token.
-
-**/
-SPIN_LOCK *
-CreateToken (
+  Allocate buffer for the SPIN_LOCK and PROCEDURE_TOKEN.
+
+  @return First token of the token buffer.
+**/
+LIST_ENTRY *
+AllocateTokenBuffer (
   VOID
   )
 {
-  PROCEDURE_TOKEN    *ProcToken;
-  SPIN_LOCK           *CpuToken;
   UINTN               SpinLockSize;
+  UINT32              TokenCountPerChunk;
+  UINTN               Index;
+  SPIN_LOCK           *SpinLock;
+  UINT8               *SpinLockBuffer;
+  PROCEDURE_TOKEN     *ProcTokens;
 
   SpinLockSize = GetSpinLockProperties ();
-  CpuToken = AllocatePool (SpinLockSize);
-  ASSERT (CpuToken != NULL);
-  InitializeSpinLock (CpuToken);
-  AcquireSpinLock (CpuToken);
-
-  ProcToken = AllocatePool (sizeof (PROCEDURE_TOKEN));
-  ASSERT (ProcToken != NULL);
-  ProcToken->Signature = PROCEDURE_TOKEN_SIGNATURE;
-  ProcToken->ProcedureToken = CpuToken;
-
-  InsertTailList (&gSmmCpuPrivate->TokenList, &ProcToken->Link);
-
-  return CpuToken;
+
+  TokenCountPerChunk = FixedPcdGet32 (PcdCpuSmmMpTokenCountPerChunk);
+  ASSERT (TokenCountPerChunk != 0);
+  if (TokenCountPerChunk == 0) {
+    DEBUG ((DEBUG_ERROR, "PcdCpuSmmMpTokenCountPerChunk should not be Zero!\n"));
+    CpuDeadLoop ();
+  }
+  DEBUG ((DEBUG_INFO, "CpuSmm: SpinLock Size = 0x%x, PcdCpuSmmMpTokenCountPerChunk = 0x%x\n", SpinLockSize, TokenCountPerChunk));
+
+  //
+  // Separate the Spin_lock and Proc_token because the alignment requires by Spin_Lock.
+  //
+  SpinLockBuffer = AllocatePool (SpinLockSize * TokenCountPerChunk);
+  ASSERT (SpinLockBuffer != NULL);
+
+  ProcTokens = AllocatePool (sizeof (PROCEDURE_TOKEN) * TokenCountPerChunk);
+  ASSERT (ProcTokens != NULL);
+
+  for (Index = 0; Index < TokenCountPerChunk; Index++) {
+    SpinLock = (SPIN_LOCK *)(SpinLockBuffer + SpinLockSize * Index);
+    InitializeSpinLock (SpinLock);
+
+    ProcTokens[Index].Signature      = PROCEDURE_TOKEN_SIGNATURE;
+    ProcTokens[Index].SpinLock       = SpinLock;
+    ProcTokens[Index].RunningApCount = 0;
+
+    InsertTailList (&gSmmCpuPrivate->TokenList, &ProcTokens[Index].Link);
+  }
+
+  return &ProcTokens[0].Link;
+}
+
+/**
+  Get the free token.
+
+  If no free token, allocate new tokens then return the free one.
+
+  @param RunningApsCount    The Running Aps count for this token.
+
+  @retval    return the first free PROCEDURE_TOKEN.
+
+**/
+PROCEDURE_TOKEN *
+GetFreeToken (
+  IN UINT32       RunningApsCount
+  )
+{
+  PROCEDURE_TOKEN  *NewToken;
+
+  //
+  // If FirstFreeToken meets the end of token list, enlarge the token list.
+  // Set FirstFreeToken to the first free token.
+  //
+  if (gSmmCpuPrivate->FirstFreeToken == &gSmmCpuPrivate->TokenList) {
+    gSmmCpuPrivate->FirstFreeToken = AllocateTokenBuffer ();
+  }
+  NewToken = PROCEDURE_TOKEN_FROM_LINK (gSmmCpuPrivate->FirstFreeToken);
+  gSmmCpuPrivate->FirstFreeToken = GetNextNode (&gSmmCpuPrivate->TokenList, gSmmCpuPrivate->FirstFreeToken);
+
+  NewToken->RunningApCount = RunningApsCount;
+  AcquireSpinLock (NewToken->SpinLock);
+
+  return NewToken;
 }
 
@@ -1206 +1198 @@
   )
 {
+  PROCEDURE_TOKEN    *ProcToken;
+
   if (CpuIndex >= gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus) {
     DEBUG((DEBUG_ERROR, "CpuIndex(%d) >= gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus(%d)\n", CpuIndex, gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus));
@@ -1236 +1230 @@
   }
 
-  if (Token == NULL) {
-    AcquireSpinLock (mSmmMpSyncData->CpuData[CpuIndex].Busy);
-  } else {
-    if (!AcquireSpinLockOrFail (mSmmMpSyncData->CpuData[CpuIndex].Busy)) {
-      DEBUG((DEBUG_ERROR, "Can't acquire mSmmMpSyncData->CpuData[%d].Busy\n", CpuIndex));
-      return EFI_NOT_READY;
-    }
-
-    *Token = (MM_COMPLETION) CreateToken ();
-  }
+  AcquireSpinLock (mSmmMpSyncData->CpuData[CpuIndex].Busy);
 
   mSmmMpSyncData->CpuData[CpuIndex].Procedure = Procedure;
   mSmmMpSyncData->CpuData[CpuIndex].Parameter = ProcArguments;
   if (Token != NULL) {
-    mSmmMpSyncData->CpuData[CpuIndex].Token   = (SPIN_LOCK *)(*Token);
+    ProcToken= GetFreeToken (1);
+    mSmmMpSyncData->CpuData[CpuIndex].Token = ProcToken;
+    *Token = (MM_COMPLETION)ProcToken->SpinLock;
   }
   mSmmMpSyncData->CpuData[CpuIndex].Status    = CpuStatus;
@@ -1308 +1295 @@
   UINTN               Index;
   UINTN               CpuCount;
+  PROCEDURE_TOKEN     *ProcToken;
 
   if ((TimeoutInMicroseconds != 0) && ((mSmmMp.Attributes & EFI_MM_MP_TIMEOUT_SUPPORTED) == 0)) {
@@ -1317 +1305 @@
 
   CpuCount = 0;
-  for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+  for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
     if (IsPresentAp (Index)) {
       CpuCount ++;
@@ -1336 +1324 @@
 
   if (Token != NULL) {
-    *Token = (MM_COMPLETION) CreateToken ();
+    ProcToken = GetFreeToken ((UINT32)mMaxNumberOfCpus);
+    *Token = (MM_COMPLETION)ProcToken->SpinLock;
+  } else {
+    ProcToken = NULL;
   }
 
@@ -1346 +1337 @@
   // block mode.
   //
-  for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+  for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
     if (IsPresentAp (Index)) {
       AcquireSpinLock (mSmmMpSyncData->CpuData[Index].Busy);
@@ -1352 +1343 @@
   }
 
-  for (Index = mMaxNumberOfCpus; Index-- > 0;) {
+  for (Index = 0; Index < mMaxNumberOfCpus; Index++) {
     if (IsPresentAp (Index)) {
       mSmmMpSyncData->CpuData[Index].Procedure = (EFI_AP_PROCEDURE2) Procedure;
       mSmmMpSyncData->CpuData[Index].Parameter = ProcedureArguments;
-      if (Token != NULL) {
-        mSmmMpSyncData->CpuData[Index].Token   = (SPIN_LOCK *)(*Token);
+      if (ProcToken != NULL) {
+        mSmmMpSyncData->CpuData[Index].Token   = ProcToken;
       }
       if (CPUStatus != NULL) {
@@ -1372 +1363 @@
       if (CPUStatus != NULL) {
         CPUStatus[Index] = EFI_NOT_STARTED;
+      }
+
+      //
+      // Decrease the count to mark this processor(AP or BSP) as finished.
+      //
+      if (ProcToken != NULL) {
+        WaitForSemaphore (&ProcToken->RunningApCount);
       }
     }
@@ -1742 +1740 @@
 
   InitializeListHead (&gSmmCpuPrivate->TokenList);
+
+  gSmmCpuPrivate->FirstFreeToken = AllocateTokenBuffer ();
 }
 

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c

@@ -216 +216 @@
   @retval EFI_SUCCESS   The register was read from Save State
   @retval EFI_NOT_FOUND The register is not defined for the Save State of Processor
-  @retval EFI_INVALID_PARAMTER   This or Buffer is NULL.
+  @retval EFI_INVALID_PARAMETER   This or Buffer is NULL.
 
 **/
@@ -288 +288 @@
   @retval EFI_SUCCESS   The register was written from Save State
   @retval EFI_NOT_FOUND The register is not defined for the Save State of Processor
-  @retval EFI_INVALID_PARAMTER   ProcessorIndex or Width is not correct
+  @retval EFI_INVALID_PARAMETER   ProcessorIndex or Width is not correct
 
 **/
@@ -1432 +1432 @@
     SetMemMapAttributes ();
 
-    //
-    // For outside SMRAM, we only map SMM communication buffer or MMIO.
-    //
-    SetUefiMemMapAttributes ();
-
-    //
-    // Set page table itself to be read-only
-    //
-    SetPageTableAttributes ();
+    if (IsRestrictedMemoryAccess ()) {
+      //
+      // For outside SMRAM, we only map SMM communication buffer or MMIO.
+      //
+      SetUefiMemMapAttributes ();
+
+      //
+      // Set page table itself to be read-only
+      //
+      SetPageTableAttributes ();
+    }
 
     //

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h

@@ -2 +2 @@
 Agent Module to load other modules to deploy SMM Entry Vector for X86 CPU.
 
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
@@ -213 +213 @@
   LIST_ENTRY              Link;
 
-  SPIN_LOCK               *ProcedureToken;
+  SPIN_LOCK               *SpinLock;
+  volatile UINT32         RunningApCount;
 } PROCEDURE_TOKEN;
 
 #define PROCEDURE_TOKEN_FROM_LINK(a)  CR (a, PROCEDURE_TOKEN, Link, PROCEDURE_TOKEN_SIGNATURE)
+
+#define TOKEN_BUFFER_SIGNATURE  SIGNATURE_32 ('T', 'K', 'B', 'S')
+
+typedef struct {
+  UINTN                   Signature;
+  LIST_ENTRY              Link;
+
+  UINT8                   *Buffer;
+} TOKEN_BUFFER;
+
+#define TOKEN_BUFFER_FROM_LINK(a)  CR (a, TOKEN_BUFFER, Link, TOKEN_BUFFER_SIGNATURE)
 
 //
@@ -243 +255 @@
   PROCEDURE_WRAPPER               *ApWrapperFunc;
   LIST_ENTRY                      TokenList;
-
+  LIST_ENTRY                      *FirstFreeToken;
 } SMM_CPU_PRIVATE_DATA;
 
@@ -273 +285 @@
   @retval EFI_SUCCESS   The register was read from Save State
   @retval EFI_NOT_FOUND The register is not defined for the Save State of Processor
-  @retval EFI_INVALID_PARAMTER   This or Buffer is NULL.
+  @retval EFI_INVALID_PARAMETER   This or Buffer is NULL.
 
 **/
@@ -297 +309 @@
   @retval EFI_SUCCESS   The register was written from Save State
   @retval EFI_NOT_FOUND The register is not defined for the Save State of Processor
-  @retval EFI_INVALID_PARAMTER   ProcessorIndex or Width is not correct
+  @retval EFI_INVALID_PARAMETER   ProcessorIndex or Width is not correct
 
 **/
@@ -325 +337 @@
 @retval EFI_SUCCESS           The register was read from Save State.
 @retval EFI_NOT_FOUND         The register is not defined for the Save State of Processor.
-@retval EFI_INVALID_PARAMTER  This or Buffer is NULL.
+@retval EFI_INVALID_PARAMETER  This or Buffer is NULL.
 
 **/
@@ -352 +364 @@
 @retval EFI_SUCCESS           The register was written to Save State.
 @retval EFI_NOT_FOUND         The register is not defined for the Save State of Processor.
-@retval EFI_INVALID_PARAMTER  ProcessorIndex or Width is not correct.
+@retval EFI_INVALID_PARAMETER  ProcessorIndex or Width is not correct.
 
 **/
@@ -393 +405 @@
   volatile UINT32                   *Run;
   volatile BOOLEAN                  *Present;
-  SPIN_LOCK                         *Token;
+  PROCEDURE_TOKEN                   *Token;
   EFI_STATUS                        *Status;
 } SMM_CPU_DATA_BLOCK;
@@ -1252 +1264 @@
 /**
   This function fixes up the address of the global variable or function
-  referred in SmmInit assembly files to be the absoute address.
+  referred in SmmInit assembly files to be the absolute address.
 **/
 VOID
@@ -1261 +1273 @@
 /**
   This function fixes up the address of the global variable or function
-  referred in SmiEntry assembly files to be the absoute address.
+  referred in SmiEntry assembly files to be the absolute address.
 **/
 VOID
@@ -1451 +1463 @@
   );
 
+/**
+  Return whether access to non-SMRAM is restricted.
+
+  @retval TRUE  Access to non-SMRAM is restricted.
+  @retval FALSE Access to non-SMRAM is not restricted.
+**/
+BOOLEAN
+IsRestrictedMemoryAccess (
+  VOID
+  );
+
 #endif

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf

@@ -134 +134 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmCodeAccessCheckEnable         ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode                      ## CONSUMES
-  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmStaticPageTable               ## CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmShadowStackSize               ## SOMETIMES_CONSUMES
   gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable                   ## CONSUMES
@@ -142 +141 @@
   gEfiMdePkgTokenSpaceGuid.PcdControlFlowEnforcementPropertyMask        ## CONSUMES
 
+[FixedPcd]
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmMpTokenCountPerChunk               ## CONSUMES
+
+[Pcd.X64]
+  gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmRestrictedMemoryAccess        ## CONSUMES
+
 [Depex]
   gEfiMpServiceProtocolGuid

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c

@@ -466 +466 @@
 
   //
-  // Below logic is to check 2M/4K page to make sure we donot waist memory.
+  // Below logic is to check 2M/4K page to make sure we do not waste memory.
   //
   while (Length != 0) {
@@ -1066 +1066 @@
 
 /**
-  Merge continous memory map entries whose type is
+  Merge continuous memory map entries whose type is
   EfiLoaderCode/Data, EfiBootServicesCode/Data, EfiConventionalMemory,
   EfiUnusableMemory, EfiACPIReclaimMemory, because the memory described by

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c

@@ -658 +658 @@
             ASSERT (Pt != NULL);
 
-            *Pd = (UINTN) Pt | IA32_PG_RW | IA32_PG_P;
-
             // Split it
-            for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++, Pt++) {
-              *Pt = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
+            for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++) {
+              Pt[PtIndex] = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
             } // end for PT
             *Pd = (UINT64)(UINTN)Pt | mAddressEncMask | PAGE_ATTRIBUTE_BITS;

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/SmramSaveState.c

@@ -261 +261 @@
   @retval EFI_SUCCESS           The register was read from Save State.
   @retval EFI_NOT_FOUND         The register is not defined for the Save State of Processor.
-  @retval EFI_INVALID_PARAMTER  This or Buffer is NULL.
+  @retval EFI_INVALID_PARAMETER  This or Buffer is NULL.
 
 **/
@@ -344 +344 @@
   @retval EFI_SUCCESS           The register was read from Save State.
   @retval EFI_NOT_FOUND         The register is not defined for the Save State of Processor.
-  @retval EFI_INVALID_PARAMTER  This or Buffer is NULL.
+  @retval EFI_INVALID_PARAMETER  This or Buffer is NULL.
 
 **/
@@ -456 +456 @@
   @retval EFI_SUCCESS           The register was written to Save State.
   @retval EFI_NOT_FOUND         The register is not defined for the Save State of Processor.
-  @retval EFI_INVALID_PARAMTER  ProcessorIndex or Width is not correct.
+  @retval EFI_INVALID_PARAMETER  ProcessorIndex or Width is not correct.
 
 **/

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c

@@ -16 +16 @@
 LIST_ENTRY                          mPagePool = INITIALIZE_LIST_HEAD_VARIABLE (mPagePool);
 BOOLEAN                             m1GPageTableSupport = FALSE;
-BOOLEAN                             mCpuSmmStaticPageTable;
-BOOLEAN                             m5LevelPagingSupport;
-X86_ASSEMBLY_PATCH_LABEL            gPatch5LevelPagingSupport;
+BOOLEAN                             mCpuSmmRestrictedMemoryAccess;
+BOOLEAN                             m5LevelPagingNeeded;
+X86_ASSEMBLY_PATCH_LABEL            gPatch5LevelPagingNeeded;
 
 /**
@@ -64 +64 @@
 
 /**
-  Check if 5-level paging is supported by processor or not.
-
-  @retval TRUE   5-level paging is supported.
-  @retval FALSE  5-level paging is not supported.
-
+  The routine returns TRUE when CPU supports it (CPUID[7,0].ECX.BIT[16] is set) and
+  the max physical address bits is bigger than 48. Because 4-level paging can support
+  to address physical address up to 2^48 - 1, there is no need to enable 5-level paging
+  with max physical address bits <= 48.
+
+  @retval TRUE  5-level paging enabling is needed.
+  @retval FALSE 5-level paging enabling is not needed.
 **/
 BOOLEAN
-Is5LevelPagingSupport (
+Is5LevelPagingNeeded (
   VOID
   )
 {
-  CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX EcxFlags;
-
+  CPUID_VIR_PHY_ADDRESS_SIZE_EAX              VirPhyAddressSize;
+  CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX ExtFeatureEcx;
+  UINT32                                      MaxExtendedFunctionId;
+
+  AsmCpuid (CPUID_EXTENDED_FUNCTION, &MaxExtendedFunctionId, NULL, NULL, NULL);
+  if (MaxExtendedFunctionId >= CPUID_VIR_PHY_ADDRESS_SIZE) {
+    AsmCpuid (CPUID_VIR_PHY_ADDRESS_SIZE, &VirPhyAddressSize.Uint32, NULL, NULL, NULL);
+  } else {
+    VirPhyAddressSize.Bits.PhysicalAddressBits = 36;
+  }
   AsmCpuidEx (
     CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS,
     CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO,
-    NULL,
-    NULL,
-    &EcxFlags.Uint32,
-    NULL
+    NULL, NULL, &ExtFeatureEcx.Uint32, NULL
     );
-  return (BOOLEAN) (EcxFlags.Bits.FiveLevelPage != 0);
+  DEBUG ((
+    DEBUG_INFO, "PhysicalAddressBits = %d, 5LPageTable = %d.\n",
+    VirPhyAddressSize.Bits.PhysicalAddressBits, ExtFeatureEcx.Bits.FiveLevelPage
+    ));
+
+  if (VirPhyAddressSize.Bits.PhysicalAddressBits > 4 * 9 + 12) {
+    ASSERT (ExtFeatureEcx.Bits.FiveLevelPage == 1);
+    return TRUE;
+  } else {
+    return FALSE;
+  }
 }
 
@@ -191 +208 @@
   //
   ASSERT (mPhysicalAddressBits <= 52);
-  if (!m5LevelPagingSupport && mPhysicalAddressBits > 48) {
+  if (!m5LevelPagingNeeded && mPhysicalAddressBits > 48) {
     mPhysicalAddressBits = 48;
   }
@@ -218 +235 @@
   PageMapLevel4Entry = PageMap;
   PageMapLevel5Entry = NULL;
-  if (m5LevelPagingSupport) {
+  if (m5LevelPagingNeeded) {
     //
     // By architecture only one PageMapLevel5 exists - so lets allocate storage for it.
@@ -234 +251 @@
     // When 5-Level Paging is disabled, below allocation happens only once.
     //
-    if (m5LevelPagingSupport) {
+    if (m5LevelPagingNeeded) {
       PageMapLevel4Entry = (UINT64 *) ((*PageMapLevel5Entry) & ~mAddressEncMask & gPhyMask);
       if (PageMapLevel4Entry == NULL) {
@@ -335 +352 @@
   InitializeSpinLock (mPFLock);
 
-  mCpuSmmStaticPageTable = PcdGetBool (PcdCpuSmmStaticPageTable);
-  m1GPageTableSupport    = Is1GPageSupport ();
-  m5LevelPagingSupport   = Is5LevelPagingSupport ();
-  mPhysicalAddressBits   = CalculateMaximumSupportAddress ();
-  PatchInstructionX86 (gPatch5LevelPagingSupport, m5LevelPagingSupport, 1);
-  DEBUG ((DEBUG_INFO, "5LevelPaging Support     - %d\n", m5LevelPagingSupport));
-  DEBUG ((DEBUG_INFO, "1GPageTable Support      - %d\n", m1GPageTableSupport));
-  DEBUG ((DEBUG_INFO, "PcdCpuSmmStaticPageTable - %d\n", mCpuSmmStaticPageTable));
-  DEBUG ((DEBUG_INFO, "PhysicalAddressBits      - %d\n", mPhysicalAddressBits));
+  mCpuSmmRestrictedMemoryAccess = PcdGetBool (PcdCpuSmmRestrictedMemoryAccess);
+  m1GPageTableSupport           = Is1GPageSupport ();
+  m5LevelPagingNeeded           = Is5LevelPagingNeeded ();
+  mPhysicalAddressBits          = CalculateMaximumSupportAddress ();
+  PatchInstructionX86 (gPatch5LevelPagingNeeded, m5LevelPagingNeeded, 1);
+  DEBUG ((DEBUG_INFO, "5LevelPaging Needed             - %d\n", m5LevelPagingNeeded));
+  DEBUG ((DEBUG_INFO, "1GPageTable Support             - %d\n", m1GPageTableSupport));
+  DEBUG ((DEBUG_INFO, "PcdCpuSmmRestrictedMemoryAccess - %d\n", mCpuSmmRestrictedMemoryAccess));
+  DEBUG ((DEBUG_INFO, "PhysicalAddressBits             - %d\n", mPhysicalAddressBits));
   //
   // Generate PAE page table for the first 4GB memory space
@@ -371 +388 @@
   PTEntry = Pml4Entry;
 
-  if (m5LevelPagingSupport) {
+  if (m5LevelPagingNeeded) {
     //
     // Fill PML5 entry
@@ -386 +403 @@
   }
 
-  if (mCpuSmmStaticPageTable) {
+  if (mCpuSmmRestrictedMemoryAccess) {
+    //
+    // When access to non-SMRAM memory is restricted, create page table
+    // that covers all memory space.
+    //
     SetStaticPageTable ((UINTN)PTEntry);
   } else {
@@ -973 +994 @@
   PFAddress = AsmReadCr2 ();
 
-  if (mCpuSmmStaticPageTable && (PFAddress >= LShiftU64 (1, (mPhysicalAddressBits - 1)))) {
+  if (mCpuSmmRestrictedMemoryAccess && (PFAddress >= LShiftU64 (1, (mPhysicalAddressBits - 1)))) {
     DumpCpuContext (InterruptType, SystemContext);
     DEBUG ((DEBUG_ERROR, "Do not support address 0x%lx by processor!\n", PFAddress));
@@ -1050 +1071 @@
     }
 
-    if (mCpuSmmStaticPageTable && IsSmmCommBufferForbiddenAddress (PFAddress)) {
+    if (mCpuSmmRestrictedMemoryAccess && IsSmmCommBufferForbiddenAddress (PFAddress)) {
       DumpCpuContext (InterruptType, SystemContext);
       DEBUG ((DEBUG_ERROR, "Access SMM communication forbidden address (0x%lx)!\n", PFAddress));
@@ -1101 +1122 @@
 
   //
-  // Don't do this if
-  //  - no static page table; or
+  // Don't mark page table memory as read-only if
+  //  - no restriction on access to non-SMRAM memory; or
   //  - SMM heap guard feature enabled; or
   //      BIT2: SMM page guard enabled
@@ -1108 +1129 @@
   //  - SMM profile feature enabled
   //
-  if (!mCpuSmmStaticPageTable ||
+  if (!mCpuSmmRestrictedMemoryAccess ||
       ((PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0) ||
       FeaturePcdGet (PcdCpuSmmProfileEnable)) {
     //
-    // Static paging and heap guard could not be enabled at the same time.
-    //
-    ASSERT (!(mCpuSmmStaticPageTable &&
+    // Restriction on access to non-SMRAM memory and heap guard could not be enabled at the same time.
+    //
+    ASSERT (!(mCpuSmmRestrictedMemoryAccess &&
               (PcdGet8 (PcdHeapGuardPropertyMask) & (BIT3 | BIT2)) != 0));
 
     //
-    // Static paging and SMM profile could not be enabled at the same time.
-    //
-    ASSERT (!(mCpuSmmStaticPageTable && FeaturePcdGet (PcdCpuSmmProfileEnable)));
+    // Restriction on access to non-SMRAM memory and SMM profile could not be enabled at the same time.
+    //
+    ASSERT (!(mCpuSmmRestrictedMemoryAccess && FeaturePcdGet (PcdCpuSmmProfileEnable)));
     return ;
   }
@@ -1224 +1245 @@
   )
 {
-  if (!mCpuSmmStaticPageTable) {
+  if (!mCpuSmmRestrictedMemoryAccess) {
+    //
+    // On-demand paging is enabled when access to non-SMRAM is not restricted.
+    //
     *Cr2 = AsmReadCr2 ();
   }
@@ -1239 +1263 @@
   )
 {
-  if (!mCpuSmmStaticPageTable) {
+  if (!mCpuSmmRestrictedMemoryAccess) {
+    //
+    // On-demand paging is enabled when access to non-SMRAM is not restricted.
+    //
     AsmWriteCr2 (Cr2);
   }
 }
+
+/**
+  Return whether access to non-SMRAM is restricted.
+
+  @retval TRUE  Access to non-SMRAM is restricted.
+  @retval FALSE Access to non-SMRAM is not restricted.
+**/
+BOOLEAN
+IsRestrictedMemoryAccess (
+  VOID
+  )
+{
+  return mCpuSmmRestrictedMemoryAccess;
+}

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/X64/Semaphore.c

@@ -59 +59 @@
 
   //
-  // Use temp value to fix ICC complier warning
+  // Use temp value to fix ICC compiler warning
   //
   TempValue = (UINTN)&mSmmRelocationOriginalAddress;

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm

@@ -17 +17 @@
 
 ;
-; Variables referrenced by C code
+; Variables referenced by C code
 ;
 
@@ -70 +70 @@
 global ASM_PFX(gPatchSmiStack)
 global ASM_PFX(gPatchSmiCr3)
-global ASM_PFX(gPatch5LevelPagingSupport)
+global ASM_PFX(gPatch5LevelPagingNeeded)
 global ASM_PFX(gcSmiHandlerTemplate)
 global ASM_PFX(gcSmiHandlerSize)
@@ -128 +128 @@
 
     mov     cl, strict byte 0            ; source operand will be patched
-ASM_PFX(gPatch5LevelPagingSupport):
+ASM_PFX(gPatch5LevelPagingNeeded):
     cmp     cl, 0
     je      SkipEnable5LevelPaging

trunk/src/VBox/Devices/EFI/FirmwareNew/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmInit.nasm

@@ -73 +73 @@
     and     sp, 0xfff0                  ; make sure RSP is 16-byte aligned
     ;
-    ; Accoring to X64 calling convention, XMM0~5 are volatile, we need to save
+    ; According to X64 calling convention, XMM0~5 are volatile, we need to save
     ; them before calling C-function.
     ;