From: Paulo Alcantara <paulo@paulo.ac>
To: edk2-devel@lists.01.org
Cc: Paulo Alcantara <paulo@paulo.ac>, Eric Dong <eric.dong@intel.com>,
Laszlo Ersek <lersek@redhat.com>
Subject: [RFC v5 4/8] UefiCpuPkg/CpuExceptionHandlerLib: Add helper to validate memory addresses
Date: Sun, 14 Jan 2018 22:23:32 -0200 [thread overview]
Message-ID: <10dcd403b44f50ba71007b2eb7f719c47777d51e.1515974582.git.paulo@paulo.ac> (raw)
In-Reply-To: <cover.1515974582.git.paulo@paulo.ac>
In-Reply-To: <cover.1515974582.git.paulo@paulo.ac>
Introduce IsLinearAddressValid() function that will be used for
validating memory addresses that would get dereferenced during stack
traces in IA32 and X64 CPU exceptions.
Contributed-under: TianoCore Contribution Agreement 1.1
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Requested-by: Brian Johnson <brian.johnson@hpe.com>
Requested-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Paulo Alcantara <paulo@paulo.ac>
---
UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c | 395 ++++++++++++++++++++
UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h | 16 +
2 files changed, 411 insertions(+)
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
index 66892320c8..7ac13640de 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c
@@ -14,6 +14,8 @@
#include "CpuExceptionCommon.h"
+#include <Register/Msr.h>
+
//
// Error code flag indicating whether or not an error code will be
// pushed on the stack if an exception occurs.
@@ -59,6 +61,24 @@ CONST CHAR8 *mExceptionNameStr[] = {
//
GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 *mUnknownPdbFileName = "????";
+//
+// IA32 virtual memory bit definitions
+//
+#define IA32_PG_P BIT0
+#define IA32_PG_PS BIT7
+
+//
+// IA32 control register bit definitions
+//
+#define IA32_CR0_PG BIT31
+#define IA32_CR4_PAE BIT5
+#define IA32_CR0_PE BIT0
+
+//
+// IA32 CPUID 01h EDX bit definitions
+//
+#define IA32_CPUID1_EDX_PAE BIT6
+
/**
Get ASCII format string exception name by exception type.
@@ -194,3 +214,378 @@ GetPdbFileName (
}
}
}
+
+/**
+ Check if a linear address is valid by walking the page tables in 4-level
+ paging mode.
+
+ @param[in] Cr3 CR3 control register.
+ @param[in] MaxPhyAddrBits MAXPHYADDR bits.
+ @param[in] LinearAddress Linear address to be checked.
+**/
+STATIC
+BOOLEAN
+Do4LevelPagingModeCheck (
+ IN UINTN Cr3,
+ IN UINT8 MaxPhyAddrBits,
+ IN UINTN LinearAddress
+ )
+{
+ UINT64 PhysicalAddressMask;
+ UINTN IndexMask;
+ UINTN Index;
+ UINT64 *Pml4Table;
+ UINT64 *TableEntry;
+ UINT64 *PageDirPtrTable;
+ UINT64 *PageDirTable;
+ UINT64 *PageTable;
+
+ //
+ // In 4-level paging mode, linear addresses are 48 bits wide
+ //
+ if ((UINT64)LinearAddress > 0xFFFFFFFFFFFFULL) {
+ return FALSE;
+ }
+
+ //
+ // Calculate physical address mask (bits M-1:12)
+ //
+ PhysicalAddressMask = (LShiftU64 (1, MaxPhyAddrBits) - 1) & ~0xFFF;
+ //
+ // 9 bits for masking page table indexes out of linear addresses
+ //
+ IndexMask = 0x1FF;
+
+ //
+ // Calculate physical address of PML4 table and index of PML4E
+ //
+ Pml4Table = (UINT64 *)(UINTN)((UINT64)Cr3 & PhysicalAddressMask);
+ Index = (UINTN)(RShiftU64 ((UINT64)LinearAddress, 39) & IndexMask);
+
+ //
+ // Select PML4E
+ //
+ TableEntry = &Pml4Table[Index];
+
+ //
+ // Check if a PDPTE is present
+ //
+ if ((*TableEntry & IA32_PG_P) == 0) {
+ return FALSE;
+ }
+
+ //
+ // Calculate physical address of page-directory-pointer table and index of
+ // PDPTE.
+ //
+ PageDirPtrTable = (UINT64 *)(UINTN)(*TableEntry & PhysicalAddressMask);
+ Index = (UINTN)(RShiftU64 ((UINT64)LinearAddress, 30) & IndexMask);
+
+ //
+ // Select PDPTE
+ //
+ TableEntry = &PageDirPtrTable[Index];
+
+ //
+ // Check whether a PDPTE or 1GiB page entry is present
+ //
+ if ((*TableEntry & IA32_PG_P) == 0) {
+ return FALSE;
+ }
+
+ //
+ // Check if PDPTE maps an 1GiB page
+ //
+ if ((*TableEntry & IA32_PG_PS) != 0) {
+ return TRUE;
+ }
+
+ //
+ // Calculate physical address of page directory table and index of PDE
+ //
+ PageDirTable = (UINT64 *)(UINTN)(*TableEntry & PhysicalAddressMask);
+ Index = (UINTN)(RShiftU64 ((UINT64)LinearAddress, 21) & IndexMask);
+
+ //
+ // Select PDE
+ //
+ TableEntry = &PageDirTable[Index];
+
+ //
+ // Check whether a PDE or a 2MiB page entry is present
+ //
+ if ((*TableEntry & IA32_PG_P) == 0) {
+ return FALSE;
+ }
+
+ //
+ // Check if PDE maps a 2MiB page
+ //
+ if ((*TableEntry & IA32_PG_PS) != 0) {
+ return TRUE;
+ }
+
+ //
+ // Calculate physical address of page table and index of PTE
+ //
+ PageTable = (UINT64 *)(UINTN)(*TableEntry & PhysicalAddressMask);
+ Index = (UINTN)(RShiftU64 ((UINT64)LinearAddress, 12) & IndexMask);
+
+ //
+ // Select PTE
+ //
+ TableEntry = &PageTable[Index];
+
+ //
+ // Check if PTE maps a 4KiB page
+ //
+ if ((*TableEntry & IA32_PG_P) == 0) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Check if a linear address is valid by walking the page tables in 32-bit paging
+ mode.
+
+ NOTE: Current UEFI implementations do not support IA32 non-PAE paging mode.
+
+ @param[in] Cr3 CR3 control register.
+ @param[in] Cr4 CR4 control register.
+ @param[in] LinearAddress Linear address to be checked.
+**/
+STATIC
+BOOLEAN
+Do32BitPagingModeCheck (
+ IN UINTN Cr3,
+ IN UINTN Cr4,
+ IN UINTN LinearAddress
+ )
+{
+ InternalPrintMessage ("!!!! Unsupported IA32 non-PAE paging mode !!!!\n");
+ return FALSE;
+}
+
+/**
+ Check if a linear address is valid by walking the page tables in PAE paging
+ mode.
+
+ @param[in] Cr3 CR3 control register.
+ @param[in] MaxPhyAddrBits MAXPHYADDR bits.
+ @param[in] LinearAddress Linear address to be checked.
+**/
+STATIC
+BOOLEAN
+DoPAEPagingModeCheck (
+ IN UINTN Cr3,
+ IN UINT8 MaxPhyAddrBits,
+ IN UINTN LinearAddress
+ )
+{
+ UINT64 *PageDirPtrTable;
+ UINTN Index;
+ UINT64 *PageDirTable;
+ UINT64 PhysicalAddressMask;
+ UINTN IndexMask;
+ UINT64 *TableEntry;
+ UINT64 *PageTable;
+
+ //
+ // In 32-bit PAE paging mode, linear addresses are 32 bits wide
+ //
+ if (LinearAddress > 0xFFFFFFFF) {
+ return FALSE;
+ }
+
+ //
+ // Calculate physical address of page-directory-pointer table and index of
+ // PDPTE register.
+ //
+ PageDirPtrTable = (UINT64 *)(UINTN)(Cr3 & ~0x1F);
+ Index = (UINTN)((UINT32)LinearAddress >> 30);
+
+ //
+ // Select PDPTE register
+ //
+ TableEntry = &PageDirPtrTable[Index];
+
+ //
+ // Check if PDE is present
+ //
+ if ((*TableEntry & IA32_PG_P) == 0) {
+ return FALSE;
+ }
+
+ //
+ // Calculate physical address mask (bits M-1:12)
+ //
+ PhysicalAddressMask = (LShiftU64 (1, MaxPhyAddrBits) - 1) & ~0xFFF;
+ //
+ // 9 bits for masking page table indexes out of linear addresses
+ //
+ IndexMask = 0x1FF;
+
+ //
+ // Calculate physical address of page directory table and index of PDE
+ //
+ PageDirTable = (UINT64 *)(UINTN)(*TableEntry & PhysicalAddressMask);
+ Index = (UINTN)(RShiftU64 ((UINT64)LinearAddress, 21) & IndexMask);
+
+ //
+ // Select PDE
+ //
+ TableEntry = &PageDirTable[Index];
+
+ //
+ // Check whether a PTE or a 2MiB page is present
+ //
+ if ((*TableEntry & IA32_PG_P) == 0) {
+ return FALSE;
+ }
+
+ //
+ // Check if PDE maps a 2MiB page
+ //
+ if ((*TableEntry & IA32_PG_PS) != 0) {
+ return TRUE;
+ }
+
+ //
+ // Calculate physical address of page table and index of PTE
+ //
+ PageTable = (UINT64 *)(UINTN)(*TableEntry & PhysicalAddressMask);
+ Index = (UINTN)(RShiftU64 ((UINT64)LinearAddress, 12) & IndexMask);
+
+ //
+ // Select PTE
+ //
+ TableEntry = &PageTable[Index];
+
+ //
+ // Check if PTE maps a 4KiB page
+ //
+ if ((*TableEntry & IA32_PG_P) == 0) {
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/**
+ Check if a linear address is valid.
+
+ @param[in] Cr0 CR0 control register.
+ @param[in] Cr3 CR3 control register.
+ @param[in] Cr4 CR4 control register.
+ @param[in] LinearAddress Linear address to be checked.
+**/
+BOOLEAN
+IsLinearAddressValid (
+ IN UINTN Cr0,
+ IN UINTN Cr3,
+ IN UINTN Cr4,
+ IN UINTN LinearAddress
+ )
+{
+ UINT32 Eax;
+ UINT32 Edx;
+ UINT8 MaxPhyAddrBits;
+ MSR_IA32_EFER_REGISTER Msr;
+ BOOLEAN AddressValid;
+
+ //
+ // Check for valid input parameters
+ //
+ if (Cr0 == 0 || Cr4 == 0 || LinearAddress == 0) {
+ return FALSE;
+ }
+
+ //
+ // Check if paging is disabled
+ //
+ if ((Cr0 & IA32_CR0_PG) == 0) {
+ //
+ // If CR4.PAE bit is set, then the linear (or physical) address supports
+ // only up to 36 bits.
+ //
+ if ((UINT64)LinearAddress > 0xFFFFFFFFFULL ||
+ ((Cr4 & IA32_CR4_PAE) == 0 && LinearAddress > 0xFFFFFFFF)) {
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ //
+ // Paging can be enabled only if CR0.PE bit is set
+ //
+ if ((Cr0 & IA32_CR0_PE) == 0) {
+ return FALSE;
+ }
+
+ //
+ // CR3 register cannot be zero if paging is enabled
+ //
+ if (Cr3 == 0) {
+ return FALSE;
+ }
+
+ //
+ // Get MAXPHYADDR bits
+ //
+ AsmCpuid (0x80000000, &Eax, NULL, NULL, NULL);
+ if (Eax >= 0x80000008) {
+ AsmCpuid (0x80000008, &Eax, NULL, NULL, NULL);
+ MaxPhyAddrBits = (UINT8)Eax;
+ } else {
+ AsmCpuid (1, NULL, NULL, NULL, &Edx);
+ if ((Edx & IA32_CPUID1_EDX_PAE) != 0) {
+ MaxPhyAddrBits = 36;
+ } else {
+ MaxPhyAddrBits = 32;
+ }
+ }
+
+ //
+ // Check if CR4.PAE bit is not set
+ //
+ if ((Cr4 & IA32_CR4_PAE) == 0) {
+ //
+ // Check if linear address is valid in 32-bit paging mode
+ //
+ AddressValid = Do32BitPagingModeCheck (Cr3, Cr4, LinearAddress);
+ } else {
+ //
+ // In either PAE or 4-level paging mode, physical addresses can hold only
+ // up to 52 bits.
+ //
+ if (MaxPhyAddrBits > 52) {
+ return FALSE;
+ }
+
+ //
+ // Read IA32_EFER MSR register
+ //
+ Msr.Uint64 = AsmReadMsr64 (MSR_IA32_EFER);
+
+ //
+ // Check if IA32_EFER.LME bit is not set (e.g. PAE paging mode)
+ //
+ if (Msr.Bits.LME == 0) {
+ //
+ // Check if linear address is valid in PAE paging mode
+ //
+ AddressValid = DoPAEPagingModeCheck (Cr3, MaxPhyAddrBits, LinearAddress);
+ } else {
+ //
+ // Check if linear address is valid in 4-level paging mode
+ //
+ AddressValid = Do4LevelPagingModeCheck (Cr3, MaxPhyAddrBits,
+ LinearAddress);
+ }
+ }
+
+ return AddressValid;
+}
diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
index ec46c2d9d3..1b51034c25 100644
--- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
+++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h
@@ -330,5 +330,21 @@ GetPdbFileName (
OUT CHAR8 **PdbFileName
);
+/**
+ Check if a linear address is valid.
+
+ @param[in] Cr0 CR0 control register.
+ @param[in] Cr3 CR3 control register.
+ @param[in] Cr4 CR4 control register.
+ @param[in] LinearAddress Linear address to be checked.
+**/
+BOOLEAN
+IsLinearAddressValid (
+ IN UINTN Cr0,
+ IN UINTN Cr3,
+ IN UINTN Cr4,
+ IN UINTN LinearAddress
+ );
+
#endif
--
2.14.3
next prev parent reply other threads:[~2018-01-15 0:18 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-14 12:47 [RFC 0/1] Stack trace support in X64 exception handling Paulo Alcantara
2017-11-14 12:47 ` [RFC 1/1] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2017-11-14 14:01 ` Andrew Fish
2017-11-14 14:26 ` 答复: " Fan Jeff
2017-11-14 14:38 ` Andrew Fish
2017-11-14 15:30 ` Paulo Alcantara
2017-11-14 16:51 ` Brian J. Johnson
2017-12-29 3:48 ` [RFC v4 0/6] Stack trace support in X64 exception handling Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 1/6] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2018-01-03 8:53 ` 答复: " Fan Jeff
2018-01-03 14:51 ` Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 2/6] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 3/6] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 4/6] UefiCpuPkg/CpuExceptionHandlerLib: Add helper to valid memory addresses Paulo Alcantara
2018-01-03 8:42 ` 答复: " Fan Jeff
2018-01-03 14:45 ` Paulo Alcantara
2018-01-03 16:59 ` Brian J. Johnson
2018-01-04 13:03 ` Paulo Alcantara
2018-01-04 1:36 ` Yao, Jiewen
2018-01-04 1:58 ` Yao, Jiewen
2018-01-04 13:29 ` Paulo Alcantara
2018-01-04 14:35 ` Yao, Jiewen
2018-01-04 15:15 ` Paulo Alcantara
2018-01-04 13:18 ` Paulo Alcantara
2017-12-29 4:39 ` [RFC v4 5/6] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid frame/stack pointers Paulo Alcantara
2018-01-03 8:45 ` 答复: " Fan Jeff
2018-01-03 14:48 ` Paulo Alcantara
2018-01-04 1:07 ` Yao, Jiewen
2017-12-29 4:39 ` [RFC v4 6/6] UefiCpuPkg/CpuExceptionHandlerLib: Correctly print IP addresses Paulo Alcantara
2018-01-03 8:46 ` 答复: " Fan Jeff
2018-01-04 0:59 ` [RFC v4 0/6] Stack trace support in X64 exception handling Yao, Jiewen
2018-01-04 13:36 ` Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 0/8] " Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 1/8] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 2/8] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 3/8] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
2018-01-15 0:23 ` Paulo Alcantara [this message]
2018-01-15 0:23 ` [RFC v5 5/8] UefiCpuPkg/CpuExceptionHandlerLib: Ensure valid frame/stack pointers Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 6/8] UefiCpuPkg/CpuExceptionHandlerLib: Correctly print IP addresses Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 7/8] UefiCpuPkg/CpuExceptionHandlerLib: Validate memory address ranges Paulo Alcantara
2018-01-15 0:23 ` [RFC v5 8/8] UefiCpuPkg/CpuExceptionHandlerLib: Add early check in DumpStackContents Paulo Alcantara
2018-01-17 12:57 ` [RFC v5 0/8] Stack trace support in X64 exception handling Yao, Jiewen
2018-01-17 22:48 ` Yao, Jiewen
2018-01-19 0:09 ` Paulo Alcantara
2018-01-19 0:02 ` Paulo Alcantara
2018-01-19 0:15 ` Paulo Alcantara
2018-01-29 13:38 ` Paulo Alcantara
2018-01-31 5:56 ` Yao, Jiewen
2018-01-31 19:05 ` Paulo Alcantara
2017-11-14 13:21 ` [RFC 0/1] " Paulo Alcantara
2017-11-14 14:03 ` 答复: " Fan Jeff
2017-11-14 14:12 ` 答复: " Fan Jeff
2017-11-14 15:37 ` Paulo Alcantara
2017-11-14 16:33 ` Brian J. Johnson
2017-11-14 17:23 ` Andrew Fish
2017-11-14 17:41 ` Brian J. Johnson
2017-11-14 17:56 ` Paulo Alcantara
2017-11-15 13:21 ` 答复: 答复: " Fan Jeff
2017-11-15 14:41 ` Paulo Alcantara
2017-11-15 14:52 ` 答复: " Fan Jeff
2017-11-16 1:18 ` [RFC v2 0/3] " Paulo Alcantara
2017-11-16 1:18 ` [RFC v2 1/3] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2017-11-16 1:57 ` Yao, Jiewen
2017-11-16 22:13 ` Paulo Alcantara
2017-11-17 3:43 ` Yao, Jiewen
2017-11-20 14:51 ` Paulo Alcantara
2017-11-16 15:43 ` Brian J. Johnson
2017-11-16 22:19 ` Paulo Alcantara
2017-11-16 1:18 ` [RFC v2 2/3] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2017-11-16 1:18 ` [RFC v2 3/3] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
2017-11-16 1:46 ` [RFC v2 0/3] Stack trace support in X64 exception handling Paulo Alcantara
2017-11-16 5:01 ` Andrew Fish
2017-11-16 22:02 ` Paulo Alcantara
2017-11-16 21:56 ` [RFC v3 " Paulo Alcantara
2017-11-16 21:56 ` [RFC v3 1/3] UefiCpuPkg/CpuExceptionHandlerLib/X64: Add stack trace support Paulo Alcantara
2017-11-17 7:24 ` 答复: " Fan Jeff
2017-11-20 14:59 ` Paulo Alcantara
2017-11-23 14:27 ` 答复: " Fan Jeff
2017-11-23 18:34 ` Andrew Fish
2017-11-23 19:49 ` Fan Jeff
2017-11-16 21:56 ` [RFC v3 2/3] UefiCpuPkg/CpuExceptionHandlerLib: Export GetPdbFileName() Paulo Alcantara
2017-11-16 21:56 ` [RFC v3 3/3] UefiCpuPkg/CpuExceptionHandlerLib/Ia32: Add stack trace support Paulo Alcantara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10dcd403b44f50ba71007b2eb7f719c47777d51e.1515974582.git.paulo@paulo.ac \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox