1 /** @file
2 This module contains EBC support routines that are customized based on
3 the target ia32 processor.
4
5 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
6 SPDX-License-Identifier: BSD-2-Clause-Patent
7
8 **/
9
10 #include "EbcInt.h"
11 #include "EbcExecute.h"
12 #include "EbcDebuggerHook.h"
13
14 //
15 // NOTE: This is the stack size allocated for the interpreter
16 // when it executes an EBC image. The requirements can change
17 // based on whether or not a debugger is present, and other
18 // platform-specific configurations.
19 //
20 #define VM_STACK_SIZE (1024 * 4)
21
22 #define STACK_REMAIN_SIZE (1024 * 4)
23
24 //
25 // This is instruction buffer used to create EBC thunk
26 //
27 #define EBC_ENTRYPOINT_SIGNATURE 0xAFAFAFAF
28 #define EBC_LL_EBC_ENTRYPOINT_SIGNATURE 0xFAFAFAFA
29 UINT8 mInstructionBufferTemplate[] = {
30 //
31 // Add a magic code here to help the VM recognize the thunk..
32 // mov eax, 0xca112ebc => B8 BC 2E 11 CA
33 //
34 0xB8, 0xBC, 0x2E, 0x11, 0xCA,
35 //
36 // Add code bytes to load up a processor register with the EBC entry point.
37 // mov eax, EbcEntryPoint => B8 XX XX XX XX (To be fixed at runtime)
38 // These 4 bytes of the thunk entry is the address of the EBC
39 // entry point.
40 //
41 0xB8,
42 (UINT8)(EBC_ENTRYPOINT_SIGNATURE & 0xFF),
43 (UINT8)((EBC_ENTRYPOINT_SIGNATURE >> 8) & 0xFF),
44 (UINT8)((EBC_ENTRYPOINT_SIGNATURE >> 16) & 0xFF),
45 (UINT8)((EBC_ENTRYPOINT_SIGNATURE >> 24) & 0xFF),
46 //
47 // Stick in a load of ecx with the address of appropriate VM function.
48 // mov ecx, EbcLLEbcInterpret => B9 XX XX XX XX (To be fixed at runtime)
49 //
50 0xB9,
51 (UINT8)(EBC_LL_EBC_ENTRYPOINT_SIGNATURE & 0xFF),
52 (UINT8)((EBC_LL_EBC_ENTRYPOINT_SIGNATURE >> 8) & 0xFF),
53 (UINT8)((EBC_LL_EBC_ENTRYPOINT_SIGNATURE >> 16) & 0xFF),
54 (UINT8)((EBC_LL_EBC_ENTRYPOINT_SIGNATURE >> 24) & 0xFF),
55 //
56 // Stick in jump opcode bytes
57 // jmp ecx => FF E1
58 //
59 0xFF, 0xE1,
60 };
61
62 /**
63 Begin executing an EBC image.
64 This is used for Ebc Thunk call.
65
66 @return The value returned by the EBC application we're going to run.
67
68 **/
69 UINT64
70 EFIAPI
71 EbcLLEbcInterpret (
72 VOID
73 );
74
75 /**
76 Begin executing an EBC image.
77 This is used for Ebc image entrypoint.
78
79 @return The value returned by the EBC application we're going to run.
80
81 **/
82 UINT64
83 EFIAPI
84 EbcLLExecuteEbcImageEntryPoint (
85 VOID
86 );
87
88 /**
89 This function is called to execute an EBC CALLEX instruction.
90 The function check the callee's content to see whether it is common native
91 code or a thunk to another piece of EBC code.
92 If the callee is common native code, use EbcLLCAllEXASM to manipulate,
93 otherwise, set the VM->IP to target EBC code directly to avoid another VM
94 be startup which cost time and stack space.
95
96 @param VmPtr Pointer to a VM context.
97 @param FuncAddr Callee's address
98 @param NewStackPointer New stack pointer after the call
99 @param FramePtr New frame pointer after the call
100 @param Size The size of call instruction
101
102 **/
103 VOID
EbcLLCALLEX(IN VM_CONTEXT * VmPtr,IN UINTN FuncAddr,IN UINTN NewStackPointer,IN VOID * FramePtr,IN UINT8 Size)104 EbcLLCALLEX (
105 IN VM_CONTEXT *VmPtr,
106 IN UINTN FuncAddr,
107 IN UINTN NewStackPointer,
108 IN VOID *FramePtr,
109 IN UINT8 Size
110 )
111 {
112 UINTN IsThunk;
113 UINTN TargetEbcAddr;
114 UINT8 InstructionBuffer[sizeof(mInstructionBufferTemplate)];
115 UINTN Index;
116 UINTN IndexOfEbcEntrypoint;
117
118 IsThunk = 1;
119 TargetEbcAddr = 0;
120 IndexOfEbcEntrypoint = 0;
121
122 //
123 // Processor specific code to check whether the callee is a thunk to EBC.
124 //
125 CopyMem (InstructionBuffer, (VOID *)FuncAddr, sizeof(InstructionBuffer));
126 //
127 // Fill the signature according to mInstructionBufferTemplate
128 //
129 for (Index = 0; Index < sizeof(mInstructionBufferTemplate) - sizeof(UINTN); Index++) {
130 if (*(UINTN *)&mInstructionBufferTemplate[Index] == EBC_ENTRYPOINT_SIGNATURE) {
131 *(UINTN *)&InstructionBuffer[Index] = EBC_ENTRYPOINT_SIGNATURE;
132 IndexOfEbcEntrypoint = Index;
133 }
134 if (*(UINTN *)&mInstructionBufferTemplate[Index] == EBC_LL_EBC_ENTRYPOINT_SIGNATURE) {
135 *(UINTN *)&InstructionBuffer[Index] = EBC_LL_EBC_ENTRYPOINT_SIGNATURE;
136 }
137 }
138 //
139 // Check if we need thunk to native
140 //
141 if (CompareMem (InstructionBuffer, mInstructionBufferTemplate, sizeof(mInstructionBufferTemplate)) != 0) {
142 IsThunk = 0;
143 }
144
145 if (IsThunk == 1){
146 //
147 // The callee is a thunk to EBC, adjust the stack pointer down 16 bytes and
148 // put our return address and frame pointer on the VM stack.
149 // Then set the VM's IP to new EBC code.
150 //
151 VmPtr->Gpr[0] -= 8;
152 VmWriteMemN (VmPtr, (UINTN) VmPtr->Gpr[0], (UINTN) FramePtr);
153 VmPtr->FramePtr = (VOID *) (UINTN) VmPtr->Gpr[0];
154 VmPtr->Gpr[0] -= 8;
155 VmWriteMem64 (VmPtr, (UINTN) VmPtr->Gpr[0], (UINT64) (UINTN) (VmPtr->Ip + Size));
156
157 CopyMem (&TargetEbcAddr, (UINT8 *)FuncAddr + IndexOfEbcEntrypoint, sizeof(UINTN));
158 VmPtr->Ip = (VMIP) (UINTN) TargetEbcAddr;
159 } else {
160 //
161 // The callee is not a thunk to EBC, call native code,
162 // and get return value.
163 //
164 VmPtr->Gpr[7] = EbcLLCALLEXNative (FuncAddr, NewStackPointer, FramePtr);
165
166 //
167 // Advance the IP.
168 //
169 VmPtr->Ip += Size;
170 }
171 }
172
173
174 /**
175 Begin executing an EBC image.
176
177 This is a thunk function. Microsoft x64 compiler only provide fast_call
178 calling convention, so the first four arguments are passed by rcx, rdx,
179 r8, and r9, while other arguments are passed in stack.
180
181 @param EntryPoint The entrypoint of EBC code.
182 @param Arg1 The 1st argument.
183 @param Arg2 The 2nd argument.
184 @param Arg3 The 3rd argument.
185 @param Arg4 The 4th argument.
186 @param Arg5 The 5th argument.
187 @param Arg6 The 6th argument.
188 @param Arg7 The 7th argument.
189 @param Arg8 The 8th argument.
190 @param Arg9 The 9th argument.
191 @param Arg10 The 10th argument.
192 @param Arg11 The 11th argument.
193 @param Arg12 The 12th argument.
194 @param Arg13 The 13th argument.
195 @param Arg14 The 14th argument.
196 @param Arg15 The 15th argument.
197 @param Arg16 The 16th argument.
198
199 @return The value returned by the EBC application we're going to run.
200
201 **/
202 UINT64
203 EFIAPI
EbcInterpret(IN UINTN EntryPoint,IN UINTN Arg1,IN UINTN Arg2,IN UINTN Arg3,IN UINTN Arg4,IN UINTN Arg5,IN UINTN Arg6,IN UINTN Arg7,IN UINTN Arg8,IN UINTN Arg9,IN UINTN Arg10,IN UINTN Arg11,IN UINTN Arg12,IN UINTN Arg13,IN UINTN Arg14,IN UINTN Arg15,IN UINTN Arg16)204 EbcInterpret (
205 IN UINTN EntryPoint,
206 IN UINTN Arg1,
207 IN UINTN Arg2,
208 IN UINTN Arg3,
209 IN UINTN Arg4,
210 IN UINTN Arg5,
211 IN UINTN Arg6,
212 IN UINTN Arg7,
213 IN UINTN Arg8,
214 IN UINTN Arg9,
215 IN UINTN Arg10,
216 IN UINTN Arg11,
217 IN UINTN Arg12,
218 IN UINTN Arg13,
219 IN UINTN Arg14,
220 IN UINTN Arg15,
221 IN UINTN Arg16
222 )
223 {
224 //
225 // Create a new VM context on the stack
226 //
227 VM_CONTEXT VmContext;
228 UINTN Addr;
229 EFI_STATUS Status;
230 UINTN StackIndex;
231
232 //
233 // Get the EBC entry point
234 //
235 Addr = EntryPoint;
236
237 //
238 // Now clear out our context
239 //
240 ZeroMem ((VOID *) &VmContext, sizeof (VM_CONTEXT));
241
242 //
243 // Set the VM instruction pointer to the correct location in memory.
244 //
245 VmContext.Ip = (VMIP) Addr;
246 //
247 // Initialize the stack pointer for the EBC. Get the current system stack
248 // pointer and adjust it down by the max needed for the interpreter.
249 //
250
251 //
252 // Align the stack on a natural boundary
253 //
254
255 //
256 // Allocate stack pool
257 //
258 Status = GetEBCStack((EFI_HANDLE)-1, &VmContext.StackPool, &StackIndex);
259 if (EFI_ERROR(Status)) {
260 return Status;
261 }
262 VmContext.StackTop = (UINT8*)VmContext.StackPool + (STACK_REMAIN_SIZE);
263 VmContext.Gpr[0] = (UINT64)(UINTN) ((UINT8*)VmContext.StackPool + STACK_POOL_SIZE);
264 VmContext.HighStackBottom = (UINTN)VmContext.Gpr[0];
265 VmContext.Gpr[0] &= ~((VM_REGISTER)(sizeof (UINTN) - 1));
266 VmContext.Gpr[0] -= sizeof (UINTN);
267
268 //
269 // Put a magic value in the stack gap, then adjust down again
270 //
271 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) VM_STACK_KEY_VALUE;
272 VmContext.StackMagicPtr = (UINTN *) (UINTN) VmContext.Gpr[0];
273 VmContext.LowStackTop = (UINTN) VmContext.Gpr[0];
274
275 //
276 // For IA32, this is where we say our return address is
277 //
278 VmContext.Gpr[0] -= sizeof (UINTN);
279 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg16;
280 VmContext.Gpr[0] -= sizeof (UINTN);
281 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg15;
282 VmContext.Gpr[0] -= sizeof (UINTN);
283 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg14;
284 VmContext.Gpr[0] -= sizeof (UINTN);
285 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg13;
286 VmContext.Gpr[0] -= sizeof (UINTN);
287 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg12;
288 VmContext.Gpr[0] -= sizeof (UINTN);
289 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg11;
290 VmContext.Gpr[0] -= sizeof (UINTN);
291 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg10;
292 VmContext.Gpr[0] -= sizeof (UINTN);
293 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg9;
294 VmContext.Gpr[0] -= sizeof (UINTN);
295 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg8;
296 VmContext.Gpr[0] -= sizeof (UINTN);
297 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg7;
298 VmContext.Gpr[0] -= sizeof (UINTN);
299 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg6;
300 VmContext.Gpr[0] -= sizeof (UINTN);
301 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg5;
302 VmContext.Gpr[0] -= sizeof (UINTN);
303 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg4;
304 VmContext.Gpr[0] -= sizeof (UINTN);
305 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg3;
306 VmContext.Gpr[0] -= sizeof (UINTN);
307 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg2;
308 VmContext.Gpr[0] -= sizeof (UINTN);
309 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) Arg1;
310 VmContext.Gpr[0] -= 16;
311 VmContext.StackRetAddr = (UINT64) VmContext.Gpr[0];
312
313 //
314 // We need to keep track of where the EBC stack starts. This way, if the EBC
315 // accesses any stack variables above its initial stack setting, then we know
316 // it's accessing variables passed into it, which means the data is on the
317 // VM's stack.
318 // When we're called, on the stack (high to low) we have the parameters, the
319 // return address, then the saved ebp. Save the pointer to the return address.
320 // EBC code knows that's there, so should look above it for function parameters.
321 // The offset is the size of locals (VMContext + Addr + saved ebp).
322 // Note that the interpreter assumes there is a 16 bytes of return address on
323 // the stack too, so adjust accordingly.
324 // VmContext.HighStackBottom = (UINTN)(Addr + sizeof (VmContext) + sizeof (Addr));
325 //
326
327 //
328 // Begin executing the EBC code
329 //
330 EbcDebuggerHookEbcInterpret (&VmContext);
331 EbcExecute (&VmContext);
332
333 //
334 // Return the value in Gpr[7] unless there was an error
335 //
336 ReturnEBCStack(StackIndex);
337 return (UINT64) VmContext.Gpr[7];
338 }
339
340
341 /**
342 Begin executing an EBC image.
343
344 @param EntryPoint The entrypoint of EBC code.
345 @param ImageHandle image handle for the EBC application we're executing
346 @param SystemTable standard system table passed into an driver's entry
347 point
348
349 @return The value returned by the EBC application we're going to run.
350
351 **/
352 UINT64
353 EFIAPI
ExecuteEbcImageEntryPoint(IN UINTN EntryPoint,IN EFI_HANDLE ImageHandle,IN EFI_SYSTEM_TABLE * SystemTable)354 ExecuteEbcImageEntryPoint (
355 IN UINTN EntryPoint,
356 IN EFI_HANDLE ImageHandle,
357 IN EFI_SYSTEM_TABLE *SystemTable
358 )
359 {
360 //
361 // Create a new VM context on the stack
362 //
363 VM_CONTEXT VmContext;
364 UINTN Addr;
365 EFI_STATUS Status;
366 UINTN StackIndex;
367
368 //
369 // Get the EBC entry point
370 //
371 Addr = EntryPoint;
372
373 //
374 // Now clear out our context
375 //
376 ZeroMem ((VOID *) &VmContext, sizeof (VM_CONTEXT));
377
378 //
379 // Save the image handle so we can track the thunks created for this image
380 //
381 VmContext.ImageHandle = ImageHandle;
382 VmContext.SystemTable = SystemTable;
383
384 //
385 // Set the VM instruction pointer to the correct location in memory.
386 //
387 VmContext.Ip = (VMIP) Addr;
388
389 //
390 // Initialize the stack pointer for the EBC. Get the current system stack
391 // pointer and adjust it down by the max needed for the interpreter.
392 //
393
394 //
395 // Allocate stack pool
396 //
397 Status = GetEBCStack(ImageHandle, &VmContext.StackPool, &StackIndex);
398 if (EFI_ERROR(Status)) {
399 return Status;
400 }
401 VmContext.StackTop = (UINT8*)VmContext.StackPool + (STACK_REMAIN_SIZE);
402 VmContext.Gpr[0] = (UINT64)(UINTN) ((UINT8*)VmContext.StackPool + STACK_POOL_SIZE);
403 VmContext.HighStackBottom = (UINTN)VmContext.Gpr[0];
404 VmContext.Gpr[0] -= sizeof (UINTN);
405
406 //
407 // Put a magic value in the stack gap, then adjust down again
408 //
409 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) VM_STACK_KEY_VALUE;
410 VmContext.StackMagicPtr = (UINTN *) (UINTN) VmContext.Gpr[0];
411
412 //
413 // Align the stack on a natural boundary
414 // VmContext.Gpr[0] &= ~(sizeof(UINTN) - 1);
415 //
416 VmContext.LowStackTop = (UINTN) VmContext.Gpr[0];
417 VmContext.Gpr[0] -= sizeof (UINTN);
418 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) SystemTable;
419 VmContext.Gpr[0] -= sizeof (UINTN);
420 *(UINTN *) (UINTN) (VmContext.Gpr[0]) = (UINTN) ImageHandle;
421
422 VmContext.Gpr[0] -= 16;
423 VmContext.StackRetAddr = (UINT64) VmContext.Gpr[0];
424 //
425 // VM pushes 16-bytes for return address. Simulate that here.
426 //
427
428 //
429 // Begin executing the EBC code
430 //
431 EbcDebuggerHookExecuteEbcImageEntryPoint (&VmContext);
432 EbcExecute (&VmContext);
433
434 //
435 // Return the value in Gpr[7] unless there was an error
436 //
437 ReturnEBCStack(StackIndex);
438 return (UINT64) VmContext.Gpr[7];
439 }
440
441
442 /**
443 Create thunks for an EBC image entry point, or an EBC protocol service.
444
445 @param ImageHandle Image handle for the EBC image. If not null, then
446 we're creating a thunk for an image entry point.
447 @param EbcEntryPoint Address of the EBC code that the thunk is to call
448 @param Thunk Returned thunk we create here
449 @param Flags Flags indicating options for creating the thunk
450
451 @retval EFI_SUCCESS The thunk was created successfully.
452 @retval EFI_INVALID_PARAMETER The parameter of EbcEntryPoint is not 16-bit
453 aligned.
454 @retval EFI_OUT_OF_RESOURCES There is not enough memory to created the EBC
455 Thunk.
456 @retval EFI_BUFFER_TOO_SMALL EBC_THUNK_SIZE is not larger enough.
457
458 **/
459 EFI_STATUS
EbcCreateThunks(IN EFI_HANDLE ImageHandle,IN VOID * EbcEntryPoint,OUT VOID ** Thunk,IN UINT32 Flags)460 EbcCreateThunks (
461 IN EFI_HANDLE ImageHandle,
462 IN VOID *EbcEntryPoint,
463 OUT VOID **Thunk,
464 IN UINT32 Flags
465 )
466 {
467 UINT8 *Ptr;
468 UINT8 *ThunkBase;
469 UINT32 Index;
470 INT32 ThunkSize;
471
472 //
473 // Check alignment of pointer to EBC code
474 //
475 if ((UINT32) (UINTN) EbcEntryPoint & 0x01) {
476 return EFI_INVALID_PARAMETER;
477 }
478
479 ThunkSize = sizeof(mInstructionBufferTemplate);
480
481 Ptr = EbcAllocatePoolForThunk (sizeof(mInstructionBufferTemplate));
482
483 if (Ptr == NULL) {
484 return EFI_OUT_OF_RESOURCES;
485 }
486 //
487 // Print(L"Allocate TH: 0x%X\n", (UINT32)Ptr);
488 //
489 // Save the start address so we can add a pointer to it to a list later.
490 //
491 ThunkBase = Ptr;
492
493 //
494 // Give them the address of our buffer we're going to fix up
495 //
496 *Thunk = (VOID *) Ptr;
497
498 //
499 // Copy whole thunk instruction buffer template
500 //
501 CopyMem (Ptr, mInstructionBufferTemplate, sizeof(mInstructionBufferTemplate));
502
503 //
504 // Patch EbcEntryPoint and EbcLLEbcInterpret
505 //
506 for (Index = 0; Index < sizeof(mInstructionBufferTemplate) - sizeof(UINTN); Index++) {
507 if (*(UINTN *)&Ptr[Index] == EBC_ENTRYPOINT_SIGNATURE) {
508 *(UINTN *)&Ptr[Index] = (UINTN)EbcEntryPoint;
509 }
510 if (*(UINTN *)&Ptr[Index] == EBC_LL_EBC_ENTRYPOINT_SIGNATURE) {
511 if ((Flags & FLAG_THUNK_ENTRY_POINT) != 0) {
512 *(UINTN *)&Ptr[Index] = (UINTN)EbcLLExecuteEbcImageEntryPoint;
513 } else {
514 *(UINTN *)&Ptr[Index] = (UINTN)EbcLLEbcInterpret;
515 }
516 }
517 }
518
519 //
520 // Add the thunk to the list for this image. Do this last since the add
521 // function flushes the cache for us.
522 //
523 EbcAddImageThunk (ImageHandle, (VOID *) ThunkBase, ThunkSize);
524
525 return EFI_SUCCESS;
526 }
527