* [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table
@ 2023-04-21 8:36 duntan
2023-04-21 8:36 ` [Patch V3 01/11] OvmfPkg: Add CpuPageTableLib required by PiSmmCpuDxe duntan
` (10 more replies)
0 siblings, 11 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel
In V3 patch set:
1.Add a new patch 'Remove code that apply AddressEncMask to non-leaf entry'.
This patch is to avoid apply AddressEncMask to non-leaf entry when split smm page table.
2.Add two new patches to clear CR0.WP before modify smm page table when ReadyToLock.
This is because FvbServicesSmm driver may set a part of smm page table memory as RO before ReadyToLock.
With these three patches, this patch set successfully boots an SEV guest with SMM enabled.
Dun Tan (11):
OvmfPkg: Add CpuPageTableLib required by PiSmmCpuDxe
UefiPayloadPkg: Add CpuPageTableLib required by PiSmmCpuDxe
OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
UefiCpuPkg: Use CpuPageTableLib to convert SMM paging attribute.
UefiCpuPkg/PiSmmCpuDxeSmm: Avoid setting non-present range to RO/NX
UefiCpuPkg: Extern mSmmShadowStackSize in PiSmmCpuDxeSmm.h
UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP
UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR0.WP before modify page table
UefiCpuPkg: Refinement to current smm page table generation code
UefiCpuPkg: Refinement to code about updating smm page table
UefiCpuPkg/PiSmmCpuDxeSmm: Remove unnecessary function
OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 +++---
OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 5 +++--
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 3 +--
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c | 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 132 ------------------------------------------------------------------------------------------------------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 8 ++++++--
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 1 +
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 755 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 351 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 229 ++++++++++++++++++++++++++++++-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 3 +--
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c | 19 ++-----------------
UefiPayloadPkg/UefiPayloadPkg.dsc | 2 +-
18 files changed, 618 insertions(+), 1028 deletions(-)
--
2.39.1.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Patch V3 01/11] OvmfPkg: Add CpuPageTableLib required by PiSmmCpuDxe
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 02/11] UefiPayloadPkg: " duntan
` (9 subsequent siblings)
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Jiewen Yao, Jordan Justen, Gerd Hoffmann, Ray Ni
Add CpuPageTableLib instance required by PiSmmCpuDxe in
corresponding DSC files of OvmfPkg.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ray Ni <ray.ni@intel.com>
---
OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
4 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index cc2dd925bc..8a2fb8049f 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -190,6 +190,7 @@
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
@@ -399,7 +400,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 86177bb948..77f10e2c86 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -1,7 +1,7 @@
## @file
# EFI/Framework Open Virtual Machine Firmware (OVMF) platform
#
-# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) Microsoft Corporation.
#
@@ -193,6 +193,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 065b544506..156d6c1434 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -197,6 +197,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
@@ -409,7 +410,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3d405cd4ad..35bb011212 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -210,6 +210,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
@@ -430,7 +431,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 02/11] UefiPayloadPkg: Add CpuPageTableLib required by PiSmmCpuDxe
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
2023-04-21 8:36 ` [Patch V3 01/11] OvmfPkg: Add CpuPageTableLib required by PiSmmCpuDxe duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry duntan
` (8 subsequent siblings)
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Guo Dong, Ray Ni, Sean Rhodes, James Lu, Gua Guo
Add CpuPageTableLib required by PiSmmCpuDxeSmm in
UefiPayloadPkg.dsc.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 9847f189ff..f3b94432a9 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -206,6 +206,7 @@
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
HobLib|UefiPayloadPkg/Library/DxeHobLib/DxeHobLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
#
# UEFI & PI
@@ -338,7 +339,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
!if $(PERFORMANCE_MEASUREMENT_ENABLE)
PerformanceLib|MdeModulePkg/Library/DxePerformanceLib/DxePerformanceLib.inf
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
2023-04-21 8:36 ` [Patch V3 01/11] OvmfPkg: Add CpuPageTableLib required by PiSmmCpuDxe duntan
2023-04-21 8:36 ` [Patch V3 02/11] UefiPayloadPkg: " duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 14:26 ` Lendacky, Thomas
2023-04-21 8:36 ` [Patch V3 04/11] UefiCpuPkg: Use CpuPageTableLib to convert SMM paging attribute duntan
` (7 subsequent siblings)
10 siblings, 1 reply; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Jiewen Yao, Jordan Justen, Gerd Hoffmann,
Tom Lendacky, Ray Ni
Remove code that apply AddressEncMask to non-leaf entry when split
smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
bit in page table for a specific range. In AMD SEV feature, this
AddressEncMask bit in page table is used to indicate if the memory
is guest private memory or shared memory. But all memory used by
page table are treated as encrypted regardless of encryption bit.
So remove the EncMask bit for smm non-leaf page table entry
doesn't impact AMD SEV feature.
If page split happens in the AddressEncMask bit clear process,
there will be some new non-leaf entries with AddressEncMask
applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
module will use CpuPageTableLib to modify smm page table. So
remove code to apply AddressEncMask for new non-leaf entries
since CpuPageTableLib doesn't consume the EncMask PCD.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ray Ni <ray.ni@intel.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index a1f6e61c1e..f2b821f6d9 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -233,7 +233,7 @@ Split2MPageTo4K (
// Fill in 2M page entry.
//
*PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
- IA32_PG_P | IA32_PG_RW | AddressEncMask);
+ IA32_PG_P | IA32_PG_RW);
}
/**
@@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
PhysicalAddress += LevelSize[Level - 1];
}
- PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
+ PageTable[Index] = (UINT64)(UINTN)NewPageTable |
IA32_PG_P | IA32_PG_RW;
PageTable = NewPageTable;
}
@@ -440,7 +440,7 @@ Split1GPageTo2M (
// Fill in 1G page entry.
//
*PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
- IA32_PG_P | IA32_PG_RW | AddressEncMask);
+ IA32_PG_P | IA32_PG_RW);
PhysicalAddress2M = PhysicalAddress;
for (IndexOfPageDirectoryEntries = 0;
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 04/11] UefiCpuPkg: Use CpuPageTableLib to convert SMM paging attribute.
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (2 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 05/11] UefiCpuPkg/PiSmmCpuDxeSmm: Avoid setting non-present range to RO/NX duntan
` (6 subsequent siblings)
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
Simplify the ConvertMemoryPageAttributes API to convert paging
attribute by CpuPageTableLib. In the new API, it calls
PageTableMap() to update the page attributes of a memory range.
With the PageTableMap() API in CpuPageTableLib, we can remove
the complicated page table manipulating code.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 3 ++-
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 28 +++++++++++++---------------
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf | 1 +
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 403 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 9 +++++++--
5 files changed, 114 insertions(+), 330 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index 34bf6e1a25..9c8107080a 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -1,7 +1,7 @@
/** @file
Page table manipulation functions for IA-32 processors
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -31,6 +31,7 @@ SmmInitPageTable (
InitializeSpinLock (mPFLock);
mPhysicalAddressBits = 32;
+ mPagingMode = PagingPae;
if (FeaturePcdGet (PcdCpuSmmProfileEnable) ||
HEAP_GUARD_NONSTOP_MODE ||
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index a5c2bdd971..ba341cadc6 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -50,6 +50,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/SmmCpuFeaturesLib.h>
#include <Library/PeCoffGetEntryPointLib.h>
#include <Library/RegisterCpuFeaturesLib.h>
+#include <Library/CpuPageTableLib.h>
#include <AcpiCpuData.h>
#include <CpuHotPlugData.h>
@@ -260,6 +261,7 @@ extern UINTN mNumberOfCpus;
extern EFI_SMM_CPU_PROTOCOL mSmmCpu;
extern EFI_MM_MP_PROTOCOL mSmmMp;
extern BOOLEAN m5LevelPagingNeeded;
+extern PAGING_MODE mPagingMode;
///
/// The mode of the CPU at the time an SMI occurs
@@ -1008,11 +1010,10 @@ SetPageTableAttributes (
Length from their current attributes to the attributes specified by Attributes.
@param[in] PageTableBase The page table base.
- @param[in] EnablePML5Paging If PML5 paging is enabled.
+ @param[in] PagingMode The paging mode.
@param[in] BaseAddress The physical address that is the start address of a memory region.
@param[in] Length The size in bytes of the memory region.
@param[in] Attributes The bit mask of attributes to set for the memory region.
- @param[out] IsSplitted TRUE means page table splitted. FALSE means page table not splitted.
@retval EFI_SUCCESS The attributes were set for the memory region.
@retval EFI_ACCESS_DENIED The attributes for the memory resource range specified by
@@ -1030,12 +1031,11 @@ SetPageTableAttributes (
**/
EFI_STATUS
SmmSetMemoryAttributesEx (
- IN UINTN PageTableBase,
- IN BOOLEAN EnablePML5Paging,
- IN EFI_PHYSICAL_ADDRESS BaseAddress,
- IN UINT64 Length,
- IN UINT64 Attributes,
- OUT BOOLEAN *IsSplitted OPTIONAL
+ IN UINTN PageTableBase,
+ IN PAGING_MODE PagingMode,
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length,
+ IN UINT64 Attributes
);
/**
@@ -1043,34 +1043,32 @@ SmmSetMemoryAttributesEx (
Length from their current attributes to the attributes specified by Attributes.
@param[in] PageTableBase The page table base.
- @param[in] EnablePML5Paging If PML5 paging is enabled.
+ @param[in] PagingMode The paging mode.
@param[in] BaseAddress The physical address that is the start address of a memory region.
@param[in] Length The size in bytes of the memory region.
@param[in] Attributes The bit mask of attributes to clear for the memory region.
- @param[out] IsSplitted TRUE means page table splitted. FALSE means page table not splitted.
@retval EFI_SUCCESS The attributes were cleared for the memory region.
@retval EFI_ACCESS_DENIED The attributes for the memory resource range specified by
BaseAddress and Length cannot be modified.
@retval EFI_INVALID_PARAMETER Length is zero.
Attributes specified an illegal combination of attributes that
- cannot be set together.
+ cannot be cleared together.
@retval EFI_OUT_OF_RESOURCES There are not enough system resources to modify the attributes of
the memory resource range.
@retval EFI_UNSUPPORTED The processor does not support one or more bytes of the memory
resource range specified by BaseAddress and Length.
- The bit mask of attributes is not support for the memory resource
+ The bit mask of attributes is not supported for the memory resource
range specified by BaseAddress and Length.
**/
EFI_STATUS
SmmClearMemoryAttributesEx (
IN UINTN PageTableBase,
- IN BOOLEAN EnablePML5Paging,
+ IN PAGING_MODE PagingMode,
IN EFI_PHYSICAL_ADDRESS BaseAddress,
IN UINT64 Length,
- IN UINT64 Attributes,
- OUT BOOLEAN *IsSplitted OPTIONAL
+ IN UINT64 Attributes
);
/**
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
index 158e05e264..38d4e950a4 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@@ -97,6 +97,7 @@
ReportStatusCodeLib
SmmCpuFeaturesLib
PeCoffGetEntryPointLib
+ CpuPageTableLib
[Protocols]
gEfiSmmAccess2ProtocolGuid ## CONSUMES
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 834a756061..deb5895d83 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -1,6 +1,6 @@
/** @file
-Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -26,14 +26,9 @@ UINTN mGcdMemNumberOfDesc = 0;
EFI_MEMORY_ATTRIBUTES_TABLE *mUefiMemoryAttributesTable = NULL;
-PAGE_ATTRIBUTE_TABLE mPageAttributeTable[] = {
- { Page4K, SIZE_4KB, PAGING_4K_ADDRESS_MASK_64 },
- { Page2M, SIZE_2MB, PAGING_2M_ADDRESS_MASK_64 },
- { Page1G, SIZE_1GB, PAGING_1G_ADDRESS_MASK_64 },
-};
-
-BOOLEAN mIsShadowStack = FALSE;
-BOOLEAN m5LevelPagingNeeded = FALSE;
+BOOLEAN mIsShadowStack = FALSE;
+BOOLEAN m5LevelPagingNeeded = FALSE;
+PAGING_MODE mPagingMode = PagingModeMax;
//
// Global variable to keep track current available memory used as page table.
@@ -185,52 +180,6 @@ AllocatePageTableMemory (
return Buffer;
}
-/**
- Return length according to page attributes.
-
- @param[in] PageAttributes The page attribute of the page entry.
-
- @return The length of page entry.
-**/
-UINTN
-PageAttributeToLength (
- IN PAGE_ATTRIBUTE PageAttribute
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < sizeof (mPageAttributeTable)/sizeof (mPageAttributeTable[0]); Index++) {
- if (PageAttribute == mPageAttributeTable[Index].Attribute) {
- return (UINTN)mPageAttributeTable[Index].Length;
- }
- }
-
- return 0;
-}
-
-/**
- Return address mask according to page attributes.
-
- @param[in] PageAttributes The page attribute of the page entry.
-
- @return The address mask of page entry.
-**/
-UINTN
-PageAttributeToMask (
- IN PAGE_ATTRIBUTE PageAttribute
- )
-{
- UINTN Index;
-
- for (Index = 0; Index < sizeof (mPageAttributeTable)/sizeof (mPageAttributeTable[0]); Index++) {
- if (PageAttribute == mPageAttributeTable[Index].Attribute) {
- return (UINTN)mPageAttributeTable[Index].AddressMask;
- }
- }
-
- return 0;
-}
-
/**
Return page table entry to match the address.
@@ -353,181 +302,6 @@ GetAttributesFromPageEntry (
return Attributes;
}
-/**
- Modify memory attributes of page entry.
-
- @param[in] PageEntry The page entry.
- @param[in] Attributes The bit mask of attributes to modify for the memory region.
- @param[in] IsSet TRUE means to set attributes. FALSE means to clear attributes.
- @param[out] IsModified TRUE means page table modified. FALSE means page table not modified.
-**/
-VOID
-ConvertPageEntryAttribute (
- IN UINT64 *PageEntry,
- IN UINT64 Attributes,
- IN BOOLEAN IsSet,
- OUT BOOLEAN *IsModified
- )
-{
- UINT64 CurrentPageEntry;
- UINT64 NewPageEntry;
-
- CurrentPageEntry = *PageEntry;
- NewPageEntry = CurrentPageEntry;
- if ((Attributes & EFI_MEMORY_RP) != 0) {
- if (IsSet) {
- NewPageEntry &= ~(UINT64)IA32_PG_P;
- } else {
- NewPageEntry |= IA32_PG_P;
- }
- }
-
- if ((Attributes & EFI_MEMORY_RO) != 0) {
- if (IsSet) {
- NewPageEntry &= ~(UINT64)IA32_PG_RW;
- if (mIsShadowStack) {
- // Environment setup
- // ReadOnly page need set Dirty bit for shadow stack
- NewPageEntry |= IA32_PG_D;
- // Clear user bit for supervisor shadow stack
- NewPageEntry &= ~(UINT64)IA32_PG_U;
- } else {
- // Runtime update
- // Clear dirty bit for non shadow stack, to protect RO page.
- NewPageEntry &= ~(UINT64)IA32_PG_D;
- }
- } else {
- NewPageEntry |= IA32_PG_RW;
- }
- }
-
- if ((Attributes & EFI_MEMORY_XP) != 0) {
- if (mXdSupported) {
- if (IsSet) {
- NewPageEntry |= IA32_PG_NX;
- } else {
- NewPageEntry &= ~IA32_PG_NX;
- }
- }
- }
-
- *PageEntry = NewPageEntry;
- if (CurrentPageEntry != NewPageEntry) {
- *IsModified = TRUE;
- DEBUG ((DEBUG_VERBOSE, "ConvertPageEntryAttribute 0x%lx", CurrentPageEntry));
- DEBUG ((DEBUG_VERBOSE, "->0x%lx\n", NewPageEntry));
- } else {
- *IsModified = FALSE;
- }
-}
-
-/**
- This function returns if there is need to split page entry.
-
- @param[in] BaseAddress The base address to be checked.
- @param[in] Length The length to be checked.
- @param[in] PageEntry The page entry to be checked.
- @param[in] PageAttribute The page attribute of the page entry.
-
- @retval SplitAttributes on if there is need to split page entry.
-**/
-PAGE_ATTRIBUTE
-NeedSplitPage (
- IN PHYSICAL_ADDRESS BaseAddress,
- IN UINT64 Length,
- IN UINT64 *PageEntry,
- IN PAGE_ATTRIBUTE PageAttribute
- )
-{
- UINT64 PageEntryLength;
-
- PageEntryLength = PageAttributeToLength (PageAttribute);
-
- if (((BaseAddress & (PageEntryLength - 1)) == 0) && (Length >= PageEntryLength)) {
- return PageNone;
- }
-
- if (((BaseAddress & PAGING_2M_MASK) != 0) || (Length < SIZE_2MB)) {
- return Page4K;
- }
-
- return Page2M;
-}
-
-/**
- This function splits one page entry to small page entries.
-
- @param[in] PageEntry The page entry to be splitted.
- @param[in] PageAttribute The page attribute of the page entry.
- @param[in] SplitAttribute How to split the page entry.
-
- @retval RETURN_SUCCESS The page entry is splitted.
- @retval RETURN_UNSUPPORTED The page entry does not support to be splitted.
- @retval RETURN_OUT_OF_RESOURCES No resource to split page entry.
-**/
-RETURN_STATUS
-SplitPage (
- IN UINT64 *PageEntry,
- IN PAGE_ATTRIBUTE PageAttribute,
- IN PAGE_ATTRIBUTE SplitAttribute
- )
-{
- UINT64 BaseAddress;
- UINT64 *NewPageEntry;
- UINTN Index;
-
- ASSERT (PageAttribute == Page2M || PageAttribute == Page1G);
-
- if (PageAttribute == Page2M) {
- //
- // Split 2M to 4K
- //
- ASSERT (SplitAttribute == Page4K);
- if (SplitAttribute == Page4K) {
- NewPageEntry = AllocatePageTableMemory (1);
- DEBUG ((DEBUG_VERBOSE, "Split - 0x%x\n", NewPageEntry));
- if (NewPageEntry == NULL) {
- return RETURN_OUT_OF_RESOURCES;
- }
-
- BaseAddress = *PageEntry & PAGING_2M_ADDRESS_MASK_64;
- for (Index = 0; Index < SIZE_4KB / sizeof (UINT64); Index++) {
- NewPageEntry[Index] = (BaseAddress + SIZE_4KB * Index) | mAddressEncMask | ((*PageEntry) & PAGE_PROGATE_BITS);
- }
-
- (*PageEntry) = (UINT64)(UINTN)NewPageEntry | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- return RETURN_SUCCESS;
- } else {
- return RETURN_UNSUPPORTED;
- }
- } else if (PageAttribute == Page1G) {
- //
- // Split 1G to 2M
- // No need support 1G->4K directly, we should use 1G->2M, then 2M->4K to get more compact page table.
- //
- ASSERT (SplitAttribute == Page2M || SplitAttribute == Page4K);
- if (((SplitAttribute == Page2M) || (SplitAttribute == Page4K))) {
- NewPageEntry = AllocatePageTableMemory (1);
- DEBUG ((DEBUG_VERBOSE, "Split - 0x%x\n", NewPageEntry));
- if (NewPageEntry == NULL) {
- return RETURN_OUT_OF_RESOURCES;
- }
-
- BaseAddress = *PageEntry & PAGING_1G_ADDRESS_MASK_64;
- for (Index = 0; Index < SIZE_4KB / sizeof (UINT64); Index++) {
- NewPageEntry[Index] = (BaseAddress + SIZE_2MB * Index) | mAddressEncMask | IA32_PG_PS | ((*PageEntry) & PAGE_PROGATE_BITS);
- }
-
- (*PageEntry) = (UINT64)(UINTN)NewPageEntry | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- return RETURN_SUCCESS;
- } else {
- return RETURN_UNSUPPORTED;
- }
- } else {
- return RETURN_UNSUPPORTED;
- }
-}
-
/**
This function modifies the page attributes for the memory region specified by BaseAddress and
Length from their current attributes to the attributes specified by Attributes.
@@ -535,12 +309,11 @@ SplitPage (
Caller should make sure BaseAddress and Length is at page boundary.
@param[in] PageTableBase The page table base.
- @param[in] EnablePML5Paging If PML5 paging is enabled.
+ @param[in] PagingMode The paging mode.
@param[in] BaseAddress The physical address that is the start address of a memory region.
@param[in] Length The size in bytes of the memory region.
@param[in] Attributes The bit mask of attributes to modify for the memory region.
@param[in] IsSet TRUE means to set attributes. FALSE means to clear attributes.
- @param[out] IsSplitted TRUE means page table splitted. FALSE means page table not splitted.
@param[out] IsModified TRUE means page table modified. FALSE means page table not modified.
@retval RETURN_SUCCESS The attributes were modified for the memory region.
@@ -559,21 +332,19 @@ SplitPage (
RETURN_STATUS
ConvertMemoryPageAttributes (
IN UINTN PageTableBase,
- IN BOOLEAN EnablePML5Paging,
+ IN PAGING_MODE PagingMode,
IN PHYSICAL_ADDRESS BaseAddress,
IN UINT64 Length,
IN UINT64 Attributes,
IN BOOLEAN IsSet,
- OUT BOOLEAN *IsSplitted OPTIONAL,
OUT BOOLEAN *IsModified OPTIONAL
)
{
- UINT64 *PageEntry;
- PAGE_ATTRIBUTE PageAttribute;
- UINTN PageEntryLength;
- PAGE_ATTRIBUTE SplitAttribute;
RETURN_STATUS Status;
- BOOLEAN IsEntryModified;
+ IA32_MAP_ATTRIBUTE PagingAttribute;
+ IA32_MAP_ATTRIBUTE PagingAttrMask;
+ UINTN PageTableBufferSize;
+ VOID *PageTableBuffer;
EFI_PHYSICAL_ADDRESS MaximumSupportMemAddress;
ASSERT (Attributes != 0);
@@ -581,6 +352,7 @@ ConvertMemoryPageAttributes (
ASSERT ((BaseAddress & (SIZE_4KB - 1)) == 0);
ASSERT ((Length & (SIZE_4KB - 1)) == 0);
+ ASSERT (PageTableBase != 0);
if (Length == 0) {
return RETURN_INVALID_PARAMETER;
@@ -599,61 +371,80 @@ ConvertMemoryPageAttributes (
return RETURN_UNSUPPORTED;
}
- // DEBUG ((DEBUG_ERROR, "ConvertMemoryPageAttributes(%x) - %016lx, %016lx, %02lx\n", IsSet, BaseAddress, Length, Attributes));
-
- if (IsSplitted != NULL) {
- *IsSplitted = FALSE;
- }
+ PagingAttribute.Uint64 = 0;
+ PagingAttribute.Uint64 = mAddressEncMask | BaseAddress;
+ PagingAttrMask.Uint64 = 0;
- if (IsModified != NULL) {
- *IsModified = FALSE;
+ if ((Attributes & EFI_MEMORY_RO) != 0) {
+ PagingAttrMask.Bits.ReadWrite = 1;
+ if (IsSet) {
+ PagingAttribute.Bits.ReadWrite = 0;
+ PagingAttrMask.Bits.Dirty = 1;
+ if (mIsShadowStack) {
+ // Environment setup
+ // ReadOnly page need set Dirty bit for shadow stack
+ PagingAttribute.Bits.Dirty = 1;
+ // Clear user bit for supervisor shadow stack
+ PagingAttribute.Bits.UserSupervisor = 0;
+ PagingAttrMask.Bits.UserSupervisor = 1;
+ } else {
+ // Runtime update
+ // Clear dirty bit for non shadow stack, to protect RO page.
+ PagingAttribute.Bits.Dirty = 0;
+ }
+ } else {
+ PagingAttribute.Bits.ReadWrite = 1;
+ }
}
- //
- // Below logic is to check 2M/4K page to make sure we do not waste memory.
- //
- while (Length != 0) {
- PageEntry = GetPageTableEntry (PageTableBase, EnablePML5Paging, BaseAddress, &PageAttribute);
- if (PageEntry == NULL) {
- return RETURN_UNSUPPORTED;
+ if ((Attributes & EFI_MEMORY_XP) != 0) {
+ if (mXdSupported) {
+ PagingAttribute.Bits.Nx = IsSet ? 1 : 0;
+ PagingAttrMask.Bits.Nx = 1;
}
+ }
- PageEntryLength = PageAttributeToLength (PageAttribute);
- SplitAttribute = NeedSplitPage (BaseAddress, Length, PageEntry, PageAttribute);
- if (SplitAttribute == PageNone) {
- ConvertPageEntryAttribute (PageEntry, Attributes, IsSet, &IsEntryModified);
- if (IsEntryModified) {
- if (IsModified != NULL) {
- *IsModified = TRUE;
- }
- }
-
+ if ((Attributes & EFI_MEMORY_RP) != 0) {
+ if (IsSet) {
+ PagingAttribute.Bits.Present = 0;
//
- // Convert success, move to next
+ // When map a range to non-present, all attributes except Present should not be provided.
//
- BaseAddress += PageEntryLength;
- Length -= PageEntryLength;
+ PagingAttrMask.Uint64 = 0;
+ PagingAttrMask.Bits.Present = 1;
} else {
- Status = SplitPage (PageEntry, PageAttribute, SplitAttribute);
- if (RETURN_ERROR (Status)) {
- return RETURN_UNSUPPORTED;
- }
-
- if (IsSplitted != NULL) {
- *IsSplitted = TRUE;
- }
-
- if (IsModified != NULL) {
- *IsModified = TRUE;
- }
-
//
- // Just split current page
- // Convert success in next around
+ // When map range to present range, provide all attributes.
//
+ PagingAttribute.Bits.Present = 1;
+ PagingAttrMask.Uint64 = MAX_UINT64;
}
}
+ if (PagingAttrMask.Uint64 == 0) {
+ return RETURN_SUCCESS;
+ }
+
+ PageTableBufferSize = 0;
+ Status = PageTableMap (&PageTableBase, PagingMode, NULL, &PageTableBufferSize, BaseAddress, Length, &PagingAttribute, &PagingAttrMask, IsModified);
+
+ if (Status == RETURN_INVALID_PARAMETER) {
+ //
+ // The only reason that PageTableMap returns RETURN_INVALID_PARAMETER here is to modify other attributes
+ // of non-present range but remains the non-present range still as non-present.
+ //
+ DEBUG ((DEBUG_ERROR, "SMM ConvertMemoryPageAttributes: Non-present range in [0x%lx, 0x%lx] needs to be removed\n", BaseAddress, BaseAddress + Length));
+ }
+
+ if (Status == RETURN_BUFFER_TOO_SMALL) {
+ PageTableBuffer = AllocatePageTableMemory (EFI_SIZE_TO_PAGES (PageTableBufferSize));
+ ASSERT (PageTableBuffer != NULL);
+ Status = PageTableMap (&PageTableBase, PagingMode, PageTableBuffer, &PageTableBufferSize, BaseAddress, Length, &PagingAttribute, &PagingAttrMask, IsModified);
+ }
+
+ ASSERT_RETURN_ERROR (Status);
+ ASSERT (PageTableBufferSize == 0);
+
return RETURN_SUCCESS;
}
@@ -697,11 +488,10 @@ FlushTlbForAll (
Length from their current attributes to the attributes specified by Attributes.
@param[in] PageTableBase The page table base.
- @param[in] EnablePML5Paging If PML5 paging is enabled.
+ @param[in] PagingMode The paging mode.
@param[in] BaseAddress The physical address that is the start address of a memory region.
@param[in] Length The size in bytes of the memory region.
@param[in] Attributes The bit mask of attributes to set for the memory region.
- @param[out] IsSplitted TRUE means page table splitted. FALSE means page table not splitted.
@retval EFI_SUCCESS The attributes were set for the memory region.
@retval EFI_ACCESS_DENIED The attributes for the memory resource range specified by
@@ -720,17 +510,16 @@ FlushTlbForAll (
EFI_STATUS
SmmSetMemoryAttributesEx (
IN UINTN PageTableBase,
- IN BOOLEAN EnablePML5Paging,
+ IN PAGING_MODE PagingMode,
IN EFI_PHYSICAL_ADDRESS BaseAddress,
IN UINT64 Length,
- IN UINT64 Attributes,
- OUT BOOLEAN *IsSplitted OPTIONAL
+ IN UINT64 Attributes
)
{
EFI_STATUS Status;
BOOLEAN IsModified;
- Status = ConvertMemoryPageAttributes (PageTableBase, EnablePML5Paging, BaseAddress, Length, Attributes, TRUE, IsSplitted, &IsModified);
+ Status = ConvertMemoryPageAttributes (PageTableBase, PagingMode, BaseAddress, Length, Attributes, TRUE, &IsModified);
if (!EFI_ERROR (Status)) {
if (IsModified) {
//
@@ -748,11 +537,10 @@ SmmSetMemoryAttributesEx (
Length from their current attributes to the attributes specified by Attributes.
@param[in] PageTableBase The page table base.
- @param[in] EnablePML5Paging If PML5 paging is enabled.
+ @param[in] PagingMode The paging mode.
@param[in] BaseAddress The physical address that is the start address of a memory region.
@param[in] Length The size in bytes of the memory region.
@param[in] Attributes The bit mask of attributes to clear for the memory region.
- @param[out] IsSplitted TRUE means page table splitted. FALSE means page table not splitted.
@retval EFI_SUCCESS The attributes were cleared for the memory region.
@retval EFI_ACCESS_DENIED The attributes for the memory resource range specified by
@@ -771,17 +559,16 @@ SmmSetMemoryAttributesEx (
EFI_STATUS
SmmClearMemoryAttributesEx (
IN UINTN PageTableBase,
- IN BOOLEAN EnablePML5Paging,
+ IN PAGING_MODE PagingMode,
IN EFI_PHYSICAL_ADDRESS BaseAddress,
IN UINT64 Length,
- IN UINT64 Attributes,
- OUT BOOLEAN *IsSplitted OPTIONAL
+ IN UINT64 Attributes
)
{
EFI_STATUS Status;
BOOLEAN IsModified;
- Status = ConvertMemoryPageAttributes (PageTableBase, EnablePML5Paging, BaseAddress, Length, Attributes, FALSE, IsSplitted, &IsModified);
+ Status = ConvertMemoryPageAttributes (PageTableBase, PagingMode, BaseAddress, Length, Attributes, FALSE, &IsModified);
if (!EFI_ERROR (Status)) {
if (IsModified) {
//
@@ -823,14 +610,10 @@ SmmSetMemoryAttributes (
IN UINT64 Attributes
)
{
- IA32_CR4 Cr4;
- UINTN PageTableBase;
- BOOLEAN Enable5LevelPaging;
-
- PageTableBase = AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64;
- Cr4.UintN = AsmReadCr4 ();
- Enable5LevelPaging = (BOOLEAN)(Cr4.Bits.LA57 == 1);
- return SmmSetMemoryAttributesEx (PageTableBase, Enable5LevelPaging, BaseAddress, Length, Attributes, NULL);
+ UINTN PageTableBase;
+
+ PageTableBase = AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64;
+ return SmmSetMemoryAttributesEx (PageTableBase, mPagingMode, BaseAddress, Length, Attributes);
}
/**
@@ -862,14 +645,10 @@ SmmClearMemoryAttributes (
IN UINT64 Attributes
)
{
- IA32_CR4 Cr4;
- UINTN PageTableBase;
- BOOLEAN Enable5LevelPaging;
-
- PageTableBase = AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64;
- Cr4.UintN = AsmReadCr4 ();
- Enable5LevelPaging = (BOOLEAN)(Cr4.Bits.LA57 == 1);
- return SmmClearMemoryAttributesEx (PageTableBase, Enable5LevelPaging, BaseAddress, Length, Attributes, NULL);
+ UINTN PageTableBase;
+
+ PageTableBase = AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64;
+ return SmmClearMemoryAttributesEx (PageTableBase, mPagingMode, BaseAddress, Length, Attributes);
}
/**
@@ -891,7 +670,7 @@ SetShadowStack (
EFI_STATUS Status;
mIsShadowStack = TRUE;
- Status = SmmSetMemoryAttributesEx (Cr3, m5LevelPagingNeeded, BaseAddress, Length, EFI_MEMORY_RO, NULL);
+ Status = SmmSetMemoryAttributesEx (Cr3, mPagingMode, BaseAddress, Length, EFI_MEMORY_RO);
mIsShadowStack = FALSE;
return Status;
@@ -915,7 +694,7 @@ SetNotPresentPage (
{
EFI_STATUS Status;
- Status = SmmSetMemoryAttributesEx (Cr3, m5LevelPagingNeeded, BaseAddress, Length, EFI_MEMORY_RP, NULL);
+ Status = SmmSetMemoryAttributesEx (Cr3, mPagingMode, BaseAddress, Length, EFI_MEMORY_RP);
return Status;
}
@@ -1799,7 +1578,7 @@ EnablePageTableProtection (
//
// Set entire pool including header, used-memory and left free-memory as ReadOnly in SMM page table.
//
- ConvertMemoryPageAttributes (PageTableBase, m5LevelPagingNeeded, Address, PoolSize, EFI_MEMORY_RO, TRUE, NULL, NULL);
+ ConvertMemoryPageAttributes (PageTableBase, mPagingMode, Address, PoolSize, EFI_MEMORY_RO, TRUE, NULL);
Pool = Pool->NextPool;
} while (Pool != HeadPool);
}
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index 3deb1ffd67..a25a96f68c 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -1,7 +1,7 @@
/** @file
Page Fault (#PF) handler for X64 processors
-Copyright (c) 2009 - 2022, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2023, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -353,7 +353,12 @@ SmmInitPageTable (
m1GPageTableSupport = Is1GPageSupport ();
m5LevelPagingNeeded = Is5LevelPagingNeeded ();
mPhysicalAddressBits = CalculateMaximumSupportAddress ();
- PatchInstructionX86 (gPatch5LevelPagingNeeded, m5LevelPagingNeeded, 1);
+ if (m5LevelPagingNeeded) {
+ mPagingMode = m1GPageTableSupport ? Paging5Level1GB : Paging5Level;
+ PatchInstructionX86 (gPatch5LevelPagingNeeded, TRUE, 1);
+ } else {
+ mPagingMode = m1GPageTableSupport ? Paging4Level1GB : Paging4Level;
+ }
DEBUG ((DEBUG_INFO, "5LevelPaging Needed - %d\n", m5LevelPagingNeeded));
DEBUG ((DEBUG_INFO, "1GPageTable Support - %d\n", m1GPageTableSupport));
DEBUG ((DEBUG_INFO, "PcdCpuSmmRestrictedMemoryAccess - %d\n", mCpuSmmRestrictedMemoryAccess));
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 05/11] UefiCpuPkg/PiSmmCpuDxeSmm: Avoid setting non-present range to RO/NX
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (3 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 04/11] UefiCpuPkg: Use CpuPageTableLib to convert SMM paging attribute duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 06/11] UefiCpuPkg: Extern mSmmShadowStackSize in PiSmmCpuDxeSmm.h duntan
` (5 subsequent siblings)
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
In PiSmmCpuDxeSmm code, SetMemMapAttributes() marks memory ranges
in SmmMemoryAttributesTable to RO/NX. There may exist non-present
range in these memory ranges. Set other attributes for a non-present
range is not permitted in CpuPageTableMapLib. So add code to handle
this case. Only map the present ranges in SmmMemoryAttributesTable
to RO or NX.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 141 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------
1 file changed, 119 insertions(+), 22 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index deb5895d83..89040d386e 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -858,6 +858,89 @@ PatchGdtIdtMap (
);
}
+/**
+ This function remove the non-present range in [MemMapStart, MemMapLimit] and
+ set [MemMapStart, NonPresentRangeStart] as MemoryAttribute in page table.
+
+ @param MemMapStart Pointer to the start address of range.
+ @param MemMapLimit Limit address of range.
+ @param NonPresentRangeStart Start address of non-present range.
+ @param NonPresentRangeLimit Limit address of non-present range.
+ @param MemoryAttribute The bit mask of attributes to modify for the memory region.
+
+**/
+VOID
+RemoveNonPresentRange (
+ UINT64 *MemMapStart,
+ UINT64 MemMapLimit,
+ UINT64 NonPresentRangeStart,
+ UINT64 NonPresentRangeLimit,
+ UINT64 MemoryAttribute
+ )
+{
+ if (*MemMapStart < NonPresentRangeStart) {
+ SmmSetMemoryAttributes (
+ *MemMapStart,
+ NonPresentRangeStart - *MemMapStart,
+ MemoryAttribute
+ );
+ }
+
+ *MemMapStart = NonPresentRangeLimit;
+}
+
+/**
+ This function set [MemMapStart, MemMapLimit] to the input MemoryAttribute.
+
+ @param MemMapStart Start address of range.
+ @param MemMapLimit Limit address of range.
+ @param Map Pointer to the array of Cr3 IA32_MAP_ENTRY.
+ @param Count Count of IA32_MAP_ENTRY in Map.
+ @param MemoryAttribute The bit mask of attributes to modify for the memory region.
+
+**/
+VOID
+SetMemMapWithNonPresentRange (
+ UINT64 MemMapStart,
+ UINT64 MemMapLimit,
+ IA32_MAP_ENTRY *Map,
+ UINTN Count,
+ UINT64 MemoryAttribute
+ )
+{
+ UINTN Index;
+ UINT64 NonPresentRangeStart;
+
+ NonPresentRangeStart = 0;
+
+ for (Index = 0; Index < Count; Index++) {
+ if ((Map[Index].LinearAddress > NonPresentRangeStart) &&
+ (MemMapStart < Map[Index].LinearAddress) && (MemMapLimit > NonPresentRangeStart))
+ {
+ //
+ // [NonPresentRangeStart, Map[Index].LinearAddress] is non-present.
+ //
+ RemoveNonPresentRange (&MemMapStart, MemMapLimit, NonPresentRangeStart, Map[Index].LinearAddress, MemoryAttribute);
+ }
+
+ NonPresentRangeStart = Map[Index].LinearAddress + Map[Index].Length;
+ if (NonPresentRangeStart >= MemMapLimit) {
+ break;
+ }
+ }
+
+ //
+ // There is no non-present in current [MemMapStart, MemMapLimit] anymore.
+ //
+ if (MemMapStart < MemMapLimit) {
+ SmmSetMemoryAttributes (
+ MemMapStart,
+ MemMapLimit - MemMapStart,
+ MemoryAttribute
+ );
+ }
+}
+
/**
This function sets memory attribute according to MemoryAttributesTable.
**/
@@ -872,6 +955,21 @@ SetMemMapAttributes (
UINTN DescriptorSize;
UINTN Index;
EDKII_PI_SMM_MEMORY_ATTRIBUTES_TABLE *MemoryAttributesTable;
+ UINTN PageTable;
+ EFI_STATUS Status;
+ IA32_MAP_ENTRY *Map;
+ UINTN Count;
+ UINT64 MemoryAttribute;
+
+ Count = 0;
+ Map = NULL;
+ PageTable = AsmReadCr3 ();
+ Status = PageTableParse (PageTable, mPagingMode, NULL, &Count);
+ ASSERT (Status == RETURN_BUFFER_TOO_SMALL);
+ Map = AllocatePool (Count * sizeof (IA32_MAP_ENTRY));
+ ASSERT (Map != NULL);
+ Status = PageTableParse (PageTable, mPagingMode, Map, &Count);
+ ASSERT_RETURN_ERROR (Status);
SmmGetSystemConfigurationTable (&gEdkiiPiSmmMemoryAttributesTableGuid, (VOID **)&MemoryAttributesTable);
if (MemoryAttributesTable == NULL) {
@@ -901,33 +999,32 @@ SetMemMapAttributes (
MemoryMap = MemoryMapStart;
for (Index = 0; Index < MemoryMapEntryCount; Index++) {
DEBUG ((DEBUG_VERBOSE, "SetAttribute: Memory Entry - 0x%lx, 0x%x\n", MemoryMap->PhysicalStart, MemoryMap->NumberOfPages));
- switch (MemoryMap->Type) {
- case EfiRuntimeServicesCode:
- SmmSetMemoryAttributes (
- MemoryMap->PhysicalStart,
- EFI_PAGES_TO_SIZE ((UINTN)MemoryMap->NumberOfPages),
- EFI_MEMORY_RO
- );
- break;
- case EfiRuntimeServicesData:
- SmmSetMemoryAttributes (
- MemoryMap->PhysicalStart,
- EFI_PAGES_TO_SIZE ((UINTN)MemoryMap->NumberOfPages),
- EFI_MEMORY_XP
- );
- break;
- default:
- SmmSetMemoryAttributes (
- MemoryMap->PhysicalStart,
- EFI_PAGES_TO_SIZE ((UINTN)MemoryMap->NumberOfPages),
- EFI_MEMORY_XP
- );
- break;
+ if (MemoryMap->Type == EfiRuntimeServicesCode) {
+ MemoryAttribute = EFI_MEMORY_RO;
+ } else {
+ //
+ // Set other type memory as NX.
+ //
+ MemoryAttribute = EFI_MEMORY_XP;
}
+ //
+ // There may exist non-present range overlaps with the MemoryMap range.
+ // Do not change other attributes of non-present range while still remaining it as non-present
+ //
+ SetMemMapWithNonPresentRange (
+ MemoryMap->PhysicalStart,
+ MemoryMap->PhysicalStart + EFI_PAGES_TO_SIZE ((UINTN)MemoryMap->NumberOfPages),
+ Map,
+ Count,
+ MemoryAttribute
+ );
+
MemoryMap = NEXT_MEMORY_DESCRIPTOR (MemoryMap, DescriptorSize);
}
+ FreePool (Map);
+
PatchSmmSaveStateMap ();
PatchGdtIdtMap ();
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 06/11] UefiCpuPkg: Extern mSmmShadowStackSize in PiSmmCpuDxeSmm.h
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (4 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 05/11] UefiCpuPkg/PiSmmCpuDxeSmm: Avoid setting non-present range to RO/NX duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 07/11] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP duntan
` (4 subsequent siblings)
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
Extern mSmmShadowStackSize in PiSmmCpuDxeSmm.h and remove
extern for mSmmShadowStackSize in c files to simplify code.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c | 3 +--
UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 2 --
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 1 +
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 2 --
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 3 +--
5 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
index 6c48a53f67..636dc8d92f 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmFuncsArch.c
@@ -1,7 +1,7 @@
/** @file
SMM CPU misc functions for Ia32 arch specific.
-Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -14,7 +14,6 @@ EFI_PHYSICAL_ADDRESS mGdtBuffer;
UINTN mGdtBufferSize;
extern BOOLEAN mCetSupported;
-extern UINTN mSmmShadowStackSize;
X86_ASSEMBLY_PATCH_LABEL mPatchCetPl0Ssp;
X86_ASSEMBLY_PATCH_LABEL mPatchCetInterruptSsp;
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index baf827cf9d..1878252eac 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -29,8 +29,6 @@ MM_COMPLETION mSmmStartupThisApToken;
//
UINT32 *mPackageFirstThreadIndex = NULL;
-extern UINTN mSmmShadowStackSize;
-
/**
Performs an atomic compare exchange operation to get semaphore.
The compare exchange operation must be performed using
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index ba341cadc6..a155e09200 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -262,6 +262,7 @@ extern EFI_SMM_CPU_PROTOCOL mSmmCpu;
extern EFI_MM_MP_PROTOCOL mSmmMp;
extern BOOLEAN m5LevelPagingNeeded;
extern PAGING_MODE mPagingMode;
+extern UINTN mSmmShadowStackSize;
///
/// The mode of the CPU at the time an SMI occurs
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index a25a96f68c..25ced50955 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -13,8 +13,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define PAGE_TABLE_PAGES 8
#define ACC_MAX_BIT BIT3
-extern UINTN mSmmShadowStackSize;
-
LIST_ENTRY mPagePool = INITIALIZE_LIST_HEAD_VARIABLE (mPagePool);
BOOLEAN m1GPageTableSupport = FALSE;
BOOLEAN mCpuSmmRestrictedMemoryAccess;
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
index 00a284c369..c4f21e2155 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c
@@ -1,7 +1,7 @@
/** @file
SMM CPU misc functions for x64 arch specific.
-Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -12,7 +12,6 @@ EFI_PHYSICAL_ADDRESS mGdtBuffer;
UINTN mGdtBufferSize;
extern BOOLEAN mCetSupported;
-extern UINTN mSmmShadowStackSize;
X86_ASSEMBLY_PATCH_LABEL mPatchCetPl0Ssp;
X86_ASSEMBLY_PATCH_LABEL mPatchCetInterruptSsp;
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 07/11] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (5 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 06/11] UefiCpuPkg: Extern mSmmShadowStackSize in PiSmmCpuDxeSmm.h duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 08/11] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR0.WP before modify page table duntan
` (3 subsequent siblings)
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
Add two functions to disable/enable CR0.WP. These two unctions
will also be used in later commits. This commit doesn't change any
functionality.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 24 ++++++++++++++++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------------
2 files changed, 90 insertions(+), 49 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index a155e09200..a7da9673a5 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -1566,4 +1566,28 @@ SmmWaitForApArrival (
VOID
);
+/**
+ Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1.
+
+ @param[out] WpEnabled If Cr0.WP is enabled.
+ @param[out] CetEnabled If CET is enabled.
+**/
+VOID
+DisableReadOnlyPageWriteProtect (
+ OUT BOOLEAN *WpEnabled,
+ OUT BOOLEAN *CetEnabled
+ );
+
+/**
+ Enable Write Protect on pages marked as read-only.
+
+ @param[out] WpEnabled If Cr0.WP should be enabled.
+ @param[out] CetEnabled If CET should be enabled.
+**/
+VOID
+EnableReadOnlyPageWriteProtect (
+ BOOLEAN WpEnabled,
+ BOOLEAN CetEnabled
+ );
+
#endif
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 89040d386e..eb3547247d 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -40,6 +40,64 @@ PAGE_TABLE_POOL *mPageTablePool = NULL;
//
BOOLEAN mIsReadOnlyPageTable = FALSE;
+/**
+ Disable Write Protect on pages marked as read-only if Cr0.Bits.WP is 1.
+
+ @param[out] WpEnabled If Cr0.WP is enabled.
+ @param[out] CetEnabled If CET is enabled.
+**/
+VOID
+DisableReadOnlyPageWriteProtect (
+ OUT BOOLEAN *WpEnabled,
+ OUT BOOLEAN *CetEnabled
+ )
+{
+ IA32_CR0 Cr0;
+
+ *CetEnabled = ((AsmReadCr4 () & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;
+ Cr0.UintN = AsmReadCr0 ();
+ *WpEnabled = (Cr0.Bits.WP != 0) ? TRUE : FALSE;
+ if (*WpEnabled) {
+ if (*CetEnabled) {
+ //
+ // CET must be disabled if WP is disabled. Disable CET before clearing CR0.WP.
+ //
+ DisableCet ();
+ }
+
+ Cr0.Bits.WP = 0;
+ AsmWriteCr0 (Cr0.UintN);
+ }
+}
+
+/**
+ Enable Write Protect on pages marked as read-only.
+
+ @param[out] WpEnabled If Cr0.WP should be enabled.
+ @param[out] CetEnabled If CET should be enabled.
+**/
+VOID
+EnableReadOnlyPageWriteProtect (
+ BOOLEAN WpEnabled,
+ BOOLEAN CetEnabled
+ )
+{
+ IA32_CR0 Cr0;
+
+ if (WpEnabled) {
+ Cr0.UintN = AsmReadCr0 ();
+ Cr0.Bits.WP = 1;
+ AsmWriteCr0 (Cr0.UintN);
+
+ if (CetEnabled) {
+ //
+ // re-enable CET.
+ //
+ EnableCet ();
+ }
+ }
+}
+
/**
Initialize a buffer pool for page table use only.
@@ -62,10 +120,9 @@ InitializePageTablePool (
IN UINTN PoolPages
)
{
- VOID *Buffer;
- BOOLEAN CetEnabled;
- BOOLEAN WpEnabled;
- IA32_CR0 Cr0;
+ VOID *Buffer;
+ BOOLEAN WpEnabled;
+ BOOLEAN CetEnabled;
//
// Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one page for
@@ -102,34 +159,9 @@ InitializePageTablePool (
// If page table memory has been marked as RO, mark the new pool pages as read-only.
//
if (mIsReadOnlyPageTable) {
- CetEnabled = ((AsmReadCr4 () & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;
- Cr0.UintN = AsmReadCr0 ();
- WpEnabled = (Cr0.Bits.WP != 0) ? TRUE : FALSE;
- if (WpEnabled) {
- if (CetEnabled) {
- //
- // CET must be disabled if WP is disabled. Disable CET before clearing CR0.WP.
- //
- DisableCet ();
- }
-
- Cr0.Bits.WP = 0;
- AsmWriteCr0 (Cr0.UintN);
- }
-
+ DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
SmmSetMemoryAttributes ((EFI_PHYSICAL_ADDRESS)(UINTN)Buffer, EFI_PAGES_TO_SIZE (PoolPages), EFI_MEMORY_RO);
- if (WpEnabled) {
- Cr0.UintN = AsmReadCr0 ();
- Cr0.Bits.WP = 1;
- AsmWriteCr0 (Cr0.UintN);
-
- if (CetEnabled) {
- //
- // re-enable CET.
- //
- EnableCet ();
- }
- }
+ EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
}
return TRUE;
@@ -1732,6 +1764,7 @@ SetPageTableAttributes (
VOID
)
{
+ BOOLEAN WpEnabled;
BOOLEAN CetEnabled;
if (!IfReadOnlyPageTableNeeded ()) {
@@ -1744,15 +1777,7 @@ SetPageTableAttributes (
// Disable write protection, because we need mark page table to be write protected.
// We need *write* page table memory, to mark itself to be *read only*.
//
- CetEnabled = ((AsmReadCr4 () & CR4_CET_ENABLE) != 0) ? TRUE : FALSE;
- if (CetEnabled) {
- //
- // CET must be disabled if WP is disabled.
- //
- DisableCet ();
- }
-
- AsmWriteCr0 (AsmReadCr0 () & ~CR0_WP);
+ DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
// Set memory used by page table as Read Only.
DEBUG ((DEBUG_INFO, "Start...\n"));
@@ -1761,20 +1786,12 @@ SetPageTableAttributes (
//
// Enable write protection, after page table attribute updated.
//
- AsmWriteCr0 (AsmReadCr0 () | CR0_WP);
+ EnableReadOnlyPageWriteProtect (TRUE, CetEnabled);
mIsReadOnlyPageTable = TRUE;
//
// Flush TLB after mark all page table pool as read only.
//
FlushTlbForAll ();
-
- if (CetEnabled) {
- //
- // re-enable CET.
- //
- EnableCet ();
- }
-
return;
}
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 08/11] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR0.WP before modify page table
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (6 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 07/11] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 09/11] UefiCpuPkg: Refinement to current smm page table generation code duntan
` (2 subsequent siblings)
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
Clear CR0.WP before modify smm page table. Currently, there is
an assumption that smm pagetable is always RW before ReadyToLock.
However, when AMD SEV is enabled, FvbServicesSmm driver calls
MemEncryptSevClearMmioPageEncMask to clear AddressEncMask bit
in smm page table for this range:
[PcdOvmfFdBaseAddress,PcdOvmfFdBaseAddress+PcdOvmfFirmwareFdSize]
If page slpit happens in this process, new memory for smm page
table is allocated. Then the newly allocated page table memory
is marked as RO in smm page table in this FvbServicesSmm driver,
which may lead to PF if smm code doesn't clear CR0.WP before
modify smm page table when ReadyToLock.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 11 +++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 5 +++++
2 files changed, 16 insertions(+)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index eb3547247d..110a8f3d81 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -992,6 +992,8 @@ SetMemMapAttributes (
IA32_MAP_ENTRY *Map;
UINTN Count;
UINT64 MemoryAttribute;
+ BOOLEAN WpEnabled;
+ BOOLEAN CetEnabled;
Count = 0;
Map = NULL;
@@ -1028,6 +1030,8 @@ SetMemMapAttributes (
MemoryMap = NEXT_MEMORY_DESCRIPTOR (MemoryMap, DescriptorSize);
}
+ DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
+
MemoryMap = MemoryMapStart;
for (Index = 0; Index < MemoryMapEntryCount; Index++) {
DEBUG ((DEBUG_VERBOSE, "SetAttribute: Memory Entry - 0x%lx, 0x%x\n", MemoryMap->PhysicalStart, MemoryMap->NumberOfPages));
@@ -1055,6 +1059,7 @@ SetMemMapAttributes (
MemoryMap = NEXT_MEMORY_DESCRIPTOR (MemoryMap, DescriptorSize);
}
+ EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
FreePool (Map);
PatchSmmSaveStateMap ();
@@ -1361,9 +1366,13 @@ SetUefiMemMapAttributes (
UINTN MemoryMapEntryCount;
UINTN Index;
EFI_MEMORY_DESCRIPTOR *Entry;
+ BOOLEAN WpEnabled;
+ BOOLEAN CetEnabled;
DEBUG ((DEBUG_INFO, "SetUefiMemMapAttributes\n"));
+ DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
+
if (mUefiMemoryMap != NULL) {
MemoryMapEntryCount = mUefiMemoryMapSize/mUefiDescriptorSize;
MemoryMap = mUefiMemoryMap;
@@ -1442,6 +1451,8 @@ SetUefiMemMapAttributes (
}
}
+ EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+
//
// Do not free mUefiMemoryAttributesTable, it will be checked in IsSmmCommBufferForbiddenAddress().
//
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 1b0b6673e1..5625ba0cac 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -574,6 +574,8 @@ InitPaging (
BOOLEAN Nx;
IA32_CR4 Cr4;
BOOLEAN Enable5LevelPaging;
+ BOOLEAN WpEnabled;
+ BOOLEAN CetEnabled;
Cr4.UintN = AsmReadCr4 ();
Enable5LevelPaging = (BOOLEAN)(Cr4.Bits.LA57 == 1);
@@ -620,6 +622,7 @@ InitPaging (
NumberOfPdptEntries = 4;
}
+ DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
//
// Go through page table and change 2MB-page into 4KB-page.
//
@@ -800,6 +803,8 @@ InitPaging (
} // end for PML4
} // end for PML5
+ EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
+
//
// Flush TLB
//
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 09/11] UefiCpuPkg: Refinement to current smm page table generation code
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (7 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 08/11] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR0.WP before modify page table duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 10/11] UefiCpuPkg: Refinement to code about updating smm page table duntan
2023-04-21 8:36 ` [Patch V3 11/11] UefiCpuPkg/PiSmmCpuDxeSmm: Remove unnecessary function duntan
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
This commit is code refinement to current smm pagetable generation
code. Add a new GenSmmPageTable() API to create page table for smm
based on the PageTableMap() API in CpuPageTableLib. Caller only
needs to specify the paging mode and the PhysicalAddressBits to map.
This function can be used to create both IA32 pae paging and X64
5level, 4level paging.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c | 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c | 2 +-
UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 130 ----------------------------------------------------------------------------------------------------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 15 +++++++++------
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c | 218 +++++++++++++++++++++++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c | 19 ++-----------------
7 files changed, 101 insertions(+), 350 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
index 9c8107080a..b11264ce4a 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/PageTbl.c
@@ -63,7 +63,7 @@ SmmInitPageTable (
InitializeIDTSmmStackGuard ();
}
- return Gen4GPageTable (TRUE);
+ return GenSmmPageTable (PagingPae, mPhysicalAddressBits);
}
/**
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
index bba4a6f058..650090e534 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/Ia32/SmmProfileArch.c
@@ -18,7 +18,7 @@ InitSmmS3Cr3 (
VOID
)
{
- mSmmS3ResumeState->SmmS3Cr3 = Gen4GPageTable (TRUE);
+ mSmmS3ResumeState->SmmS3Cr3 = GenSmmPageTable (PagingPae, mPhysicalAddressBits);
return;
}
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 1878252eac..f8b81fc96e 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -999,136 +999,6 @@ APHandler (
ReleaseSemaphore (mSmmMpSyncData->CpuData[BspIndex].Run);
}
-/**
- Create 4G PageTable in SMRAM.
-
- @param[in] Is32BitPageTable Whether the page table is 32-bit PAE
- @return PageTable Address
-
-**/
-UINT32
-Gen4GPageTable (
- IN BOOLEAN Is32BitPageTable
- )
-{
- VOID *PageTable;
- UINTN Index;
- UINT64 *Pte;
- UINTN PagesNeeded;
- UINTN Low2MBoundary;
- UINTN High2MBoundary;
- UINTN Pages;
- UINTN GuardPage;
- UINT64 *Pdpte;
- UINTN PageIndex;
- UINTN PageAddress;
-
- Low2MBoundary = 0;
- High2MBoundary = 0;
- PagesNeeded = 0;
- if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
- //
- // Add one more page for known good stack, then find the lower 2MB aligned address.
- //
- Low2MBoundary = (mSmmStackArrayBase + EFI_PAGE_SIZE) & ~(SIZE_2MB-1);
- //
- // Add two more pages for known good stack and stack guard page,
- // then find the lower 2MB aligned address.
- //
- High2MBoundary = (mSmmStackArrayEnd - mSmmStackSize - mSmmShadowStackSize + EFI_PAGE_SIZE * 2) & ~(SIZE_2MB-1);
- PagesNeeded = ((High2MBoundary - Low2MBoundary) / SIZE_2MB) + 1;
- }
-
- //
- // Allocate the page table
- //
- PageTable = AllocatePageTableMemory (5 + PagesNeeded);
- ASSERT (PageTable != NULL);
-
- PageTable = (VOID *)((UINTN)PageTable);
- Pte = (UINT64 *)PageTable;
-
- //
- // Zero out all page table entries first
- //
- ZeroMem (Pte, EFI_PAGES_TO_SIZE (1));
-
- //
- // Set Page Directory Pointers
- //
- for (Index = 0; Index < 4; Index++) {
- Pte[Index] = ((UINTN)PageTable + EFI_PAGE_SIZE * (Index + 1)) | mAddressEncMask |
- (Is32BitPageTable ? IA32_PAE_PDPTE_ATTRIBUTE_BITS : PAGE_ATTRIBUTE_BITS);
- }
-
- Pte += EFI_PAGE_SIZE / sizeof (*Pte);
-
- //
- // Fill in Page Directory Entries
- //
- for (Index = 0; Index < EFI_PAGE_SIZE * 4 / sizeof (*Pte); Index++) {
- Pte[Index] = (Index << 21) | mAddressEncMask | IA32_PG_PS | PAGE_ATTRIBUTE_BITS;
- }
-
- Pdpte = (UINT64 *)PageTable;
- if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
- Pages = (UINTN)PageTable + EFI_PAGES_TO_SIZE (5);
- GuardPage = mSmmStackArrayBase + EFI_PAGE_SIZE;
- for (PageIndex = Low2MBoundary; PageIndex <= High2MBoundary; PageIndex += SIZE_2MB) {
- Pte = (UINT64 *)(UINTN)(Pdpte[BitFieldRead32 ((UINT32)PageIndex, 30, 31)] & ~mAddressEncMask & ~(EFI_PAGE_SIZE - 1));
- Pte[BitFieldRead32 ((UINT32)PageIndex, 21, 29)] = (UINT64)Pages | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- //
- // Fill in Page Table Entries
- //
- Pte = (UINT64 *)Pages;
- PageAddress = PageIndex;
- for (Index = 0; Index < EFI_PAGE_SIZE / sizeof (*Pte); Index++) {
- if (PageAddress == GuardPage) {
- //
- // Mark the guard page as non-present
- //
- Pte[Index] = PageAddress | mAddressEncMask;
- GuardPage += (mSmmStackSize + mSmmShadowStackSize);
- if (GuardPage > mSmmStackArrayEnd) {
- GuardPage = 0;
- }
- } else {
- Pte[Index] = PageAddress | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- }
-
- PageAddress += EFI_PAGE_SIZE;
- }
-
- Pages += EFI_PAGE_SIZE;
- }
- }
-
- if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) {
- Pte = (UINT64 *)(UINTN)(Pdpte[0] & ~mAddressEncMask & ~(EFI_PAGE_SIZE - 1));
- if ((Pte[0] & IA32_PG_PS) == 0) {
- // 4K-page entries are already mapped. Just hide the first one anyway.
- Pte = (UINT64 *)(UINTN)(Pte[0] & ~mAddressEncMask & ~(EFI_PAGE_SIZE - 1));
- Pte[0] &= ~(UINT64)IA32_PG_P; // Hide page 0
- } else {
- // Create 4K-page entries
- Pages = (UINTN)AllocatePageTableMemory (1);
- ASSERT (Pages != 0);
-
- Pte[0] = (UINT64)(Pages | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
-
- Pte = (UINT64 *)Pages;
- PageAddress = 0;
- Pte[0] = PageAddress | mAddressEncMask; // Hide page 0 but present left
- for (Index = 1; Index < EFI_PAGE_SIZE / sizeof (*Pte); Index++) {
- PageAddress += EFI_PAGE_SIZE;
- Pte[Index] = PageAddress | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- }
- }
- }
-
- return (UINT32)(UINTN)PageTable;
-}
-
/**
Checks whether the input token is the current used token.
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index a7da9673a5..258955119c 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -542,15 +542,18 @@ extern UINT8 mPhysicalAddressBits;
extern UINT64 mAddressEncMask;
/**
- Create 4G PageTable in SMRAM.
+ Create page table based on input PagingMode and PhysicalAddressBits in smm.
- @param[in] Is32BitPageTable Whether the page table is 32-bit PAE
- @return PageTable Address
+ @param[in] PagingMode The paging mode.
+ @param[in] PhysicalAddressBits The bits of physical address to map.
+
+ @retval PageTable Address
**/
-UINT32
-Gen4GPageTable (
- IN BOOLEAN Is32BitPageTable
+UINTN
+GenSmmPageTable (
+ IN PAGING_MODE PagingMode,
+ IN UINT8 PhysicalAddressBits
);
/**
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 110a8f3d81..9a0619ce51 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -1592,6 +1592,71 @@ EdkiiSmmClearMemoryAttributes (
return SmmClearMemoryAttributes (BaseAddress, Length, Attributes);
}
+/**
+ Create page table based on input PagingMode and PhysicalAddressBits in smm.
+
+ @param[in] PagingMode The paging mode.
+ @param[in] PhysicalAddressBits The bits of physical address to map.
+
+ @retval PageTable Address
+
+**/
+UINTN
+GenSmmPageTable (
+ IN PAGING_MODE PagingMode,
+ IN UINT8 PhysicalAddressBits
+ )
+{
+ UINTN PageTableBufferSize;
+ UINTN PageTable;
+ VOID *PageTableBuffer;
+ IA32_MAP_ATTRIBUTE MapAttribute;
+ IA32_MAP_ATTRIBUTE MapMask;
+ RETURN_STATUS Status;
+ UINTN GuardPage;
+ UINTN Index;
+ UINT64 Length;
+
+ Length = LShiftU64 (1, PhysicalAddressBits);
+ PageTable = 0;
+ PageTableBufferSize = 0;
+ MapMask.Uint64 = MAX_UINT64;
+ MapAttribute.Uint64 = mAddressEncMask;
+ MapAttribute.Bits.Present = 1;
+ MapAttribute.Bits.ReadWrite = 1;
+ MapAttribute.Bits.UserSupervisor = 1;
+ MapAttribute.Bits.Accessed = 1;
+ MapAttribute.Bits.Dirty = 1;
+
+ Status = PageTableMap (&PageTable, PagingMode, NULL, &PageTableBufferSize, 0, Length, &MapAttribute, &MapMask, NULL);
+ ASSERT (Status == RETURN_BUFFER_TOO_SMALL);
+ DEBUG ((DEBUG_INFO, "GenSMMPageTable: 0x%x bytes needed for initial SMM page table\n", PageTableBufferSize));
+ PageTableBuffer = AllocatePageTableMemory (EFI_SIZE_TO_PAGES (PageTableBufferSize));
+ ASSERT (PageTableBuffer != NULL);
+ Status = PageTableMap (&PageTable, PagingMode, PageTableBuffer, &PageTableBufferSize, 0, Length, &MapAttribute, &MapMask, NULL);
+ ASSERT (Status == RETURN_SUCCESS);
+ ASSERT (PageTableBufferSize == 0);
+
+ if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
+ //
+ // Mark the guard page at the bottom of smm stack as non-present
+ //
+ for (Index = 0; Index < gSmmCpuPrivate->SmmCoreEntryContext.NumberOfCpus; Index++) {
+ GuardPage = mSmmStackArrayBase + EFI_PAGE_SIZE + Index * (mSmmStackSize + mSmmShadowStackSize);
+ Status = ConvertMemoryPageAttributes (PageTable, PagingMode, GuardPage, SIZE_4KB, EFI_MEMORY_RP, TRUE, NULL);
+ }
+ }
+
+ if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) {
+ //
+ // Mark [0, 4k] as non-present
+ //
+ Status = ConvertMemoryPageAttributes (PageTable, PagingMode, 0, SIZE_4KB, EFI_MEMORY_RP, TRUE, NULL);
+ }
+
+ return (UINTN)PageTable;
+}
+
/**
This function retrieves the attributes of the memory region specified by
BaseAddress and Length. If different attributes are got from different part
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
index 25ced50955..cdbf52ae77 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/PageTbl.c
@@ -167,160 +167,6 @@ CalculateMaximumSupportAddress (
return PhysicalAddressBits;
}
-/**
- Set static page table.
-
- @param[in] PageTable Address of page table.
- @param[in] PhysicalAddressBits The maximum physical address bits supported.
-**/
-VOID
-SetStaticPageTable (
- IN UINTN PageTable,
- IN UINT8 PhysicalAddressBits
- )
-{
- UINT64 PageAddress;
- UINTN NumberOfPml5EntriesNeeded;
- UINTN NumberOfPml4EntriesNeeded;
- UINTN NumberOfPdpEntriesNeeded;
- UINTN IndexOfPml5Entries;
- UINTN IndexOfPml4Entries;
- UINTN IndexOfPdpEntries;
- UINTN IndexOfPageDirectoryEntries;
- UINT64 *PageMapLevel5Entry;
- UINT64 *PageMapLevel4Entry;
- UINT64 *PageMap;
- UINT64 *PageDirectoryPointerEntry;
- UINT64 *PageDirectory1GEntry;
- UINT64 *PageDirectoryEntry;
-
- //
- // IA-32e paging translates 48-bit linear addresses to 52-bit physical addresses
- // when 5-Level Paging is disabled.
- //
- ASSERT (PhysicalAddressBits <= 52);
- if (!m5LevelPagingNeeded && (PhysicalAddressBits > 48)) {
- PhysicalAddressBits = 48;
- }
-
- NumberOfPml5EntriesNeeded = 1;
- if (PhysicalAddressBits > 48) {
- NumberOfPml5EntriesNeeded = (UINTN)LShiftU64 (1, PhysicalAddressBits - 48);
- PhysicalAddressBits = 48;
- }
-
- NumberOfPml4EntriesNeeded = 1;
- if (PhysicalAddressBits > 39) {
- NumberOfPml4EntriesNeeded = (UINTN)LShiftU64 (1, PhysicalAddressBits - 39);
- PhysicalAddressBits = 39;
- }
-
- NumberOfPdpEntriesNeeded = 1;
- ASSERT (PhysicalAddressBits > 30);
- NumberOfPdpEntriesNeeded = (UINTN)LShiftU64 (1, PhysicalAddressBits - 30);
-
- //
- // By architecture only one PageMapLevel4 exists - so lets allocate storage for it.
- //
- PageMap = (VOID *)PageTable;
-
- PageMapLevel4Entry = PageMap;
- PageMapLevel5Entry = NULL;
- if (m5LevelPagingNeeded) {
- //
- // By architecture only one PageMapLevel5 exists - so lets allocate storage for it.
- //
- PageMapLevel5Entry = PageMap;
- }
-
- PageAddress = 0;
-
- for ( IndexOfPml5Entries = 0
- ; IndexOfPml5Entries < NumberOfPml5EntriesNeeded
- ; IndexOfPml5Entries++, PageMapLevel5Entry++)
- {
- //
- // Each PML5 entry points to a page of PML4 entires.
- // So lets allocate space for them and fill them in in the IndexOfPml4Entries loop.
- // When 5-Level Paging is disabled, below allocation happens only once.
- //
- if (m5LevelPagingNeeded) {
- PageMapLevel4Entry = (UINT64 *)((*PageMapLevel5Entry) & ~mAddressEncMask & gPhyMask);
- if (PageMapLevel4Entry == NULL) {
- PageMapLevel4Entry = AllocatePageTableMemory (1);
- ASSERT (PageMapLevel4Entry != NULL);
- ZeroMem (PageMapLevel4Entry, EFI_PAGES_TO_SIZE (1));
-
- *PageMapLevel5Entry = (UINT64)(UINTN)PageMapLevel4Entry | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- }
- }
-
- for (IndexOfPml4Entries = 0; IndexOfPml4Entries < (NumberOfPml5EntriesNeeded == 1 ? NumberOfPml4EntriesNeeded : 512); IndexOfPml4Entries++, PageMapLevel4Entry++) {
- //
- // Each PML4 entry points to a page of Page Directory Pointer entries.
- //
- PageDirectoryPointerEntry = (UINT64 *)((*PageMapLevel4Entry) & ~mAddressEncMask & gPhyMask);
- if (PageDirectoryPointerEntry == NULL) {
- PageDirectoryPointerEntry = AllocatePageTableMemory (1);
- ASSERT (PageDirectoryPointerEntry != NULL);
- ZeroMem (PageDirectoryPointerEntry, EFI_PAGES_TO_SIZE (1));
-
- *PageMapLevel4Entry = (UINT64)(UINTN)PageDirectoryPointerEntry | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- }
-
- if (m1GPageTableSupport) {
- PageDirectory1GEntry = PageDirectoryPointerEntry;
- for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += SIZE_1GB) {
- if ((IndexOfPml4Entries == 0) && (IndexOfPageDirectoryEntries < 4)) {
- //
- // Skip the < 4G entries
- //
- continue;
- }
-
- //
- // Fill in the Page Directory entries
- //
- *PageDirectory1GEntry = PageAddress | mAddressEncMask | IA32_PG_PS | PAGE_ATTRIBUTE_BITS;
- }
- } else {
- PageAddress = BASE_4GB;
- for (IndexOfPdpEntries = 0; IndexOfPdpEntries < (NumberOfPml4EntriesNeeded == 1 ? NumberOfPdpEntriesNeeded : 512); IndexOfPdpEntries++, PageDirectoryPointerEntry++) {
- if ((IndexOfPml4Entries == 0) && (IndexOfPdpEntries < 4)) {
- //
- // Skip the < 4G entries
- //
- continue;
- }
-
- //
- // Each Directory Pointer entries points to a page of Page Directory entires.
- // So allocate space for them and fill them in in the IndexOfPageDirectoryEntries loop.
- //
- PageDirectoryEntry = (UINT64 *)((*PageDirectoryPointerEntry) & ~mAddressEncMask & gPhyMask);
- if (PageDirectoryEntry == NULL) {
- PageDirectoryEntry = AllocatePageTableMemory (1);
- ASSERT (PageDirectoryEntry != NULL);
- ZeroMem (PageDirectoryEntry, EFI_PAGES_TO_SIZE (1));
-
- //
- // Fill in a Page Directory Pointer Entries
- //
- *PageDirectoryPointerEntry = (UINT64)(UINTN)PageDirectoryEntry | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- }
-
- for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += SIZE_2MB) {
- //
- // Fill in the Page Directory entries
- //
- *PageDirectoryEntry = PageAddress | mAddressEncMask | IA32_PG_PS | PAGE_ATTRIBUTE_BITS;
- }
- }
- }
- }
- }
-}
-
/**
Create PageTable for SMM use.
@@ -332,15 +178,16 @@ SmmInitPageTable (
VOID
)
{
- EFI_PHYSICAL_ADDRESS Pages;
- UINT64 *PTEntry;
+ UINTN PageTable;
LIST_ENTRY *FreePage;
UINTN Index;
UINTN PageFaultHandlerHookAddress;
IA32_IDT_GATE_DESCRIPTOR *IdtEntry;
EFI_STATUS Status;
+ UINT64 *Pml3Entry;
UINT64 *Pml4Entry;
UINT64 *Pml5Entry;
+ UINT8 PhysicalAddressBits;
//
// Initialize spin lock
@@ -357,59 +204,40 @@ SmmInitPageTable (
} else {
mPagingMode = m1GPageTableSupport ? Paging4Level1GB : Paging4Level;
}
+
DEBUG ((DEBUG_INFO, "5LevelPaging Needed - %d\n", m5LevelPagingNeeded));
DEBUG ((DEBUG_INFO, "1GPageTable Support - %d\n", m1GPageTableSupport));
DEBUG ((DEBUG_INFO, "PcdCpuSmmRestrictedMemoryAccess - %d\n", mCpuSmmRestrictedMemoryAccess));
DEBUG ((DEBUG_INFO, "PhysicalAddressBits - %d\n", mPhysicalAddressBits));
- //
- // Generate PAE page table for the first 4GB memory space
- //
- Pages = Gen4GPageTable (FALSE);
//
- // Set IA32_PG_PMNT bit to mask this entry
+ // Generate initial SMM page table
//
- PTEntry = (UINT64 *)(UINTN)Pages;
- for (Index = 0; Index < 4; Index++) {
- PTEntry[Index] |= IA32_PG_PMNT;
- }
+ PhysicalAddressBits = mCpuSmmRestrictedMemoryAccess ? mPhysicalAddressBits : 32;
+ PageTable = GenSmmPageTable (mPagingMode, PhysicalAddressBits);
- //
- // Fill Page-Table-Level4 (PML4) entry
- //
- Pml4Entry = (UINT64 *)AllocatePageTableMemory (1);
- ASSERT (Pml4Entry != NULL);
- *Pml4Entry = Pages | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- ZeroMem (Pml4Entry + 1, EFI_PAGE_SIZE - sizeof (*Pml4Entry));
+ if (m5LevelPagingNeeded) {
+ Pml5Entry = (UINT64 *)PageTable;
+ SetSubEntriesNum (Pml5Entry, 1);
+ Pml4Entry = (UINT64 *)((*Pml5Entry) & ~mAddressEncMask & gPhyMask);
+ } else {
+ Pml4Entry = (UINT64 *)PageTable;
+ }
//
- // Set sub-entries number
+ // Set IA32_PG_PMNT bit to mask first 4 Pml3Entry entry
//
- SetSubEntriesNum (Pml4Entry, 3);
- PTEntry = Pml4Entry;
-
- if (m5LevelPagingNeeded) {
- //
- // Fill PML5 entry
- //
- Pml5Entry = (UINT64 *)AllocatePageTableMemory (1);
- ASSERT (Pml5Entry != NULL);
- *Pml5Entry = (UINTN)Pml4Entry | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- ZeroMem (Pml5Entry + 1, EFI_PAGE_SIZE - sizeof (*Pml5Entry));
- //
- // Set sub-entries number
- //
- SetSubEntriesNum (Pml5Entry, 1);
- PTEntry = Pml5Entry;
+ Pml3Entry = (UINT64 *)((*Pml4Entry) & ~mAddressEncMask & gPhyMask);
+ for (Index = 0; Index < 4; Index++) {
+ Pml3Entry[Index] |= IA32_PG_PMNT;
}
- if (mCpuSmmRestrictedMemoryAccess) {
+ if (!mCpuSmmRestrictedMemoryAccess) {
//
- // When access to non-SMRAM memory is restricted, create page table
- // that covers all memory space.
+ // Set Pml4Entry sub-entries number
//
- SetStaticPageTable ((UINTN)PTEntry, mPhysicalAddressBits);
- } else {
+ SetSubEntriesNum (Pml4Entry, 3);
+
//
// Add pages to page pool
//
@@ -466,7 +294,7 @@ SmmInitPageTable (
//
// Return the address of PML4/PML5 (to set CR3)
//
- return (UINT32)(UINTN)PTEntry;
+ return (UINT32)PageTable;
}
/**
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c
index cb7a691745..0805b2e780 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmProfileArch.c
@@ -35,26 +35,11 @@ InitSmmS3Cr3 (
VOID
)
{
- EFI_PHYSICAL_ADDRESS Pages;
- UINT64 *PTEntry;
-
- //
- // Generate PAE page table for the first 4GB memory space
- //
- Pages = Gen4GPageTable (FALSE);
-
- //
- // Fill Page-Table-Level4 (PML4) entry
- //
- PTEntry = (UINT64 *)AllocatePageTableMemory (1);
- ASSERT (PTEntry != NULL);
- *PTEntry = Pages | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- ZeroMem (PTEntry + 1, EFI_PAGE_SIZE - sizeof (*PTEntry));
-
//
+ // Generate level4 page table for the first 4GB memory space
// Return the address of PML4 (to set CR3)
//
- mSmmS3ResumeState->SmmS3Cr3 = (UINT32)(UINTN)PTEntry;
+ mSmmS3ResumeState->SmmS3Cr3 = (UINT32)GenSmmPageTable (Paging4Level, 32);
return;
}
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 10/11] UefiCpuPkg: Refinement to code about updating smm page table
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (8 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 09/11] UefiCpuPkg: Refinement to current smm page table generation code duntan
@ 2023-04-21 8:36 ` duntan
2023-04-21 8:36 ` [Patch V3 11/11] UefiCpuPkg/PiSmmCpuDxeSmm: Remove unnecessary function duntan
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
This commit is code refinement to current smm runtime pagetable
update code. In InitPaging() function, sort mProtectionMemRange
or mSmmCpuSmramRanges at first. If PcdCpuSmmProfileEnable is TRUE,
use ConvertMemoryPageAttributes() API to map the range in
mProtectionMemRange to the attrbute recorded in the attribute field
of mProtectionMemRange, map the range outside mProtectionMemRange
as non-present. If PcdCpuSmmProfileEnable is FALSE, set the ranges
not in mSmmCpuSmramRanges as NX.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 37 +++++++++++++++++++++++++++++++++++++
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 352 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2 files changed, 164 insertions(+), 225 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index 258955119c..37366d6803 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -713,6 +713,43 @@ SmmBlockingStartupThisAp (
IN OUT VOID *ProcArguments OPTIONAL
);
+/**
+ This function modifies the page attributes for the memory region specified by BaseAddress and
+ Length from their current attributes to the attributes specified by Attributes.
+
+ Caller should make sure BaseAddress and Length is at page boundary.
+
+ @param[in] PageTableBase The page table base.
+ @param[in] BaseAddress The physical address that is the start address of a memory region.
+ @param[in] Length The size in bytes of the memory region.
+ @param[in] Attributes The bit mask of attributes to modify for the memory region.
+ @param[in] IsSet TRUE means to set attributes. FALSE means to clear attributes.
+ @param[out] IsModified TRUE means page table modified. FALSE means page table not modified.
+
+ @retval RETURN_SUCCESS The attributes were modified for the memory region.
+ @retval RETURN_ACCESS_DENIED The attributes for the memory resource range specified by
+ BaseAddress and Length cannot be modified.
+ @retval RETURN_INVALID_PARAMETER Length is zero.
+ Attributes specified an illegal combination of attributes that
+ cannot be set together.
+ @retval RETURN_OUT_OF_RESOURCES There are not enough system resources to modify the attributes of
+ the memory resource range.
+ @retval RETURN_UNSUPPORTED The processor does not support one or more bytes of the memory
+ resource range specified by BaseAddress and Length.
+ The bit mask of attributes is not support for the memory resource
+ range specified by BaseAddress and Length.
+**/
+RETURN_STATUS
+ConvertMemoryPageAttributes (
+ IN UINTN PageTableBase,
+ IN PAGING_MODE PagingMode,
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length,
+ IN UINT64 Attributes,
+ IN BOOLEAN IsSet,
+ OUT BOOLEAN *IsModified OPTIONAL
+ );
+
/**
This function sets the attributes for the memory region specified by BaseAddress and
Length from their current attributes to the attributes specified by Attributes.
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 5625ba0cac..0fc0985837 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -546,262 +546,164 @@ InitProtectedMemRange (
}
/**
- Update page table according to protected memory ranges and the 4KB-page mapped memory ranges.
+ Function to compare 2 MEMORY_PROTECTION_RANGE based on range base.
+
+ @param[in] Buffer1 pointer to Device Path poiner to compare
+ @param[in] Buffer2 pointer to second DevicePath pointer to compare
+ @retval 0 Buffer1 equal to Buffer2
+ @retval <0 Buffer1 is less than Buffer2
+ @retval >0 Buffer1 is greater than Buffer2
**/
-VOID
-InitPaging (
- VOID
+INTN
+EFIAPI
+ProtectionRangeCompare (
+ IN CONST VOID *Buffer1,
+ IN CONST VOID *Buffer2
)
{
- UINT64 Pml5Entry;
- UINT64 Pml4Entry;
- UINT64 *Pml5;
- UINT64 *Pml4;
- UINT64 *Pdpt;
- UINT64 *Pd;
- UINT64 *Pt;
- UINTN Address;
- UINTN Pml5Index;
- UINTN Pml4Index;
- UINTN PdptIndex;
- UINTN PdIndex;
- UINTN PtIndex;
- UINTN NumberOfPdptEntries;
- UINTN NumberOfPml4Entries;
- UINTN NumberOfPml5Entries;
- UINTN SizeOfMemorySpace;
- BOOLEAN Nx;
- IA32_CR4 Cr4;
- BOOLEAN Enable5LevelPaging;
- BOOLEAN WpEnabled;
- BOOLEAN CetEnabled;
+ if (((MEMORY_PROTECTION_RANGE *)Buffer1)->Range.Base > ((MEMORY_PROTECTION_RANGE *)Buffer2)->Range.Base) {
+ return 1;
+ } else if (((MEMORY_PROTECTION_RANGE *)Buffer1)->Range.Base < ((MEMORY_PROTECTION_RANGE *)Buffer2)->Range.Base) {
+ return -1;
+ }
- Cr4.UintN = AsmReadCr4 ();
- Enable5LevelPaging = (BOOLEAN)(Cr4.Bits.LA57 == 1);
+ return 0;
+}
- if (sizeof (UINTN) == sizeof (UINT64)) {
- if (!Enable5LevelPaging) {
- Pml5Entry = (UINTN)mSmmProfileCr3 | IA32_PG_P;
- Pml5 = &Pml5Entry;
- } else {
- Pml5 = (UINT64 *)(UINTN)mSmmProfileCr3;
- }
+/**
+ Function to compare 2 EFI_SMRAM_DESCRIPTOR based on CpuStart.
- SizeOfMemorySpace = HighBitSet64 (gPhyMask) + 1;
- ASSERT (SizeOfMemorySpace <= 52);
+ @param[in] Buffer1 pointer to Device Path poiner to compare
+ @param[in] Buffer2 pointer to second DevicePath pointer to compare
- //
- // Calculate the table entries of PML5E, PML4E and PDPTE.
- //
- NumberOfPml5Entries = 1;
- if (SizeOfMemorySpace > 48) {
- if (Enable5LevelPaging) {
- NumberOfPml5Entries = (UINTN)LShiftU64 (1, SizeOfMemorySpace - 48);
- }
+ @retval 0 Buffer1 equal to Buffer2
+ @retval <0 Buffer1 is less than Buffer2
+ @retval >0 Buffer1 is greater than Buffer2
+**/
+INTN
+EFIAPI
+CpuSmramRangeCompare (
+ IN CONST VOID *Buffer1,
+ IN CONST VOID *Buffer2
+ )
+{
+ if (((EFI_SMRAM_DESCRIPTOR *)Buffer1)->CpuStart > ((EFI_SMRAM_DESCRIPTOR *)Buffer2)->CpuStart) {
+ return 1;
+ } else if (((EFI_SMRAM_DESCRIPTOR *)Buffer1)->CpuStart < ((EFI_SMRAM_DESCRIPTOR *)Buffer2)->CpuStart) {
+ return -1;
+ }
- SizeOfMemorySpace = 48;
- }
+ return 0;
+}
- NumberOfPml4Entries = 1;
- if (SizeOfMemorySpace > 39) {
- NumberOfPml4Entries = (UINTN)LShiftU64 (1, SizeOfMemorySpace - 39);
- SizeOfMemorySpace = 39;
- }
+/**
+ Update page table according to protected memory ranges and the 4KB-page mapped memory ranges.
- NumberOfPdptEntries = 1;
- ASSERT (SizeOfMemorySpace > 30);
- NumberOfPdptEntries = (UINTN)LShiftU64 (1, SizeOfMemorySpace - 30);
+**/
+VOID
+InitPaging (
+ VOID
+ )
+{
+ RETURN_STATUS Status;
+ UINTN Index;
+ UINTN PageTable;
+ UINT64 Base;
+ UINT64 Length;
+ UINT64 Limit;
+ UINT64 PreviousAddress;
+ UINT64 MemoryAttrMask;
+ VOID *Buffer;
+ BOOLEAN WpEnabled;
+ BOOLEAN CetEnabled;
+
+ PageTable = AsmReadCr3 ();
+ if (sizeof (UINTN) == sizeof (UINT32)) {
+ Limit = BASE_4GB;
} else {
- Pml4Entry = (UINTN)mSmmProfileCr3 | IA32_PG_P;
- Pml4 = &Pml4Entry;
- Pml5Entry = (UINTN)Pml4 | IA32_PG_P;
- Pml5 = &Pml5Entry;
- NumberOfPml5Entries = 1;
- NumberOfPml4Entries = 1;
- NumberOfPdptEntries = 4;
+ Limit = (IsRestrictedMemoryAccess ()) ? LShiftU64 (1, mPhysicalAddressBits) : BASE_4GB;
}
DisableReadOnlyPageWriteProtect (&WpEnabled, &CetEnabled);
//
- // Go through page table and change 2MB-page into 4KB-page.
+ // [0, 4k] may be non-present.
//
- for (Pml5Index = 0; Pml5Index < NumberOfPml5Entries; Pml5Index++) {
- if ((Pml5[Pml5Index] & IA32_PG_P) == 0) {
- //
- // If PML5 entry does not exist, skip it
- //
- continue;
- }
+ PreviousAddress = ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & BIT1) != 0) ? BASE_4KB : 0;
- Pml4 = (UINT64 *)(UINTN)(Pml5[Pml5Index] & PHYSICAL_ADDRESS_MASK);
- for (Pml4Index = 0; Pml4Index < NumberOfPml4Entries; Pml4Index++) {
- if ((Pml4[Pml4Index] & IA32_PG_P) == 0) {
- //
- // If PML4 entry does not exist, skip it
- //
- continue;
+ DEBUG ((DEBUG_INFO, "Patch page table start ...\n"));
+ if (FeaturePcdGet (PcdCpuSmmProfileEnable)) {
+ //
+ // Sort the mProtectionMemRange
+ //
+ Buffer = AllocateZeroPool (sizeof (MEMORY_PROTECTION_RANGE));
+ ASSERT (Buffer != NULL);
+ QuickSort (mProtectionMemRange, mProtectionMemRangeCount, sizeof (MEMORY_PROTECTION_RANGE), (BASE_SORT_COMPARE)ProtectionRangeCompare, Buffer);
+ for (Index = 0; Index < mProtectionMemRangeCount; Index++) {
+ MemoryAttrMask = 0;
+ if ((mProtectionMemRange[Index].Nx == 1) && mXdSupported) {
+ MemoryAttrMask |= EFI_MEMORY_XP;
}
- Pdpt = (UINT64 *)(UINTN)(Pml4[Pml4Index] & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
- for (PdptIndex = 0; PdptIndex < NumberOfPdptEntries; PdptIndex++, Pdpt++) {
- if ((*Pdpt & IA32_PG_P) == 0) {
- //
- // If PDPT entry does not exist, skip it
- //
- continue;
- }
-
- if ((*Pdpt & IA32_PG_PS) != 0) {
- //
- // This is 1G entry, skip it
- //
- continue;
- }
-
- Pd = (UINT64 *)(UINTN)(*Pdpt & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
- if (Pd == 0) {
- continue;
- }
-
- for (PdIndex = 0; PdIndex < SIZE_4KB / sizeof (*Pd); PdIndex++, Pd++) {
- if ((*Pd & IA32_PG_P) == 0) {
- //
- // If PD entry does not exist, skip it
- //
- continue;
- }
-
- Address = (UINTN)LShiftU64 (
- LShiftU64 (
- LShiftU64 ((Pml5Index << 9) + Pml4Index, 9) + PdptIndex,
- 9
- ) + PdIndex,
- 21
- );
-
- //
- // If it is 2M page, check IsAddressSplit()
- //
- if (((*Pd & IA32_PG_PS) != 0) && IsAddressSplit (Address)) {
- //
- // Based on current page table, create 4KB page table for split area.
- //
- ASSERT (Address == (*Pd & PHYSICAL_ADDRESS_MASK));
-
- Pt = AllocatePageTableMemory (1);
- ASSERT (Pt != NULL);
+ if (mProtectionMemRange[Index].Present == 0) {
+ MemoryAttrMask = EFI_MEMORY_RP;
+ }
- // Split it
- for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof (*Pt); PtIndex++) {
- Pt[PtIndex] = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS);
- } // end for PT
+ Base = mProtectionMemRange[Index].Range.Base;
+ Length = mProtectionMemRange[Index].Range.Top - Base;
+ if (MemoryAttrMask != 0) {
+ Status = ConvertMemoryPageAttributes (PageTable, mPagingMode, Base, Length, MemoryAttrMask, TRUE, NULL);
+ ASSERT_RETURN_ERROR (Status);
+ }
- *Pd = (UINT64)(UINTN)Pt | mAddressEncMask | PAGE_ATTRIBUTE_BITS;
- } // end if IsAddressSplit
- } // end for PD
- } // end for PDPT
- } // end for PML4
- } // end for PML5
+ if (Base > PreviousAddress) {
+ //
+ // Mark the ranges not in mProtectionMemRange as non-present.
+ //
+ MemoryAttrMask = EFI_MEMORY_RP;
+ Status = ConvertMemoryPageAttributes (PageTable, mPagingMode, PreviousAddress, Base - PreviousAddress, MemoryAttrMask, TRUE, NULL);
+ ASSERT_RETURN_ERROR (Status);
+ }
- //
- // Go through page table and set several page table entries to absent or execute-disable.
- //
- DEBUG ((DEBUG_INFO, "Patch page table start ...\n"));
- for (Pml5Index = 0; Pml5Index < NumberOfPml5Entries; Pml5Index++) {
- if ((Pml5[Pml5Index] & IA32_PG_P) == 0) {
- //
- // If PML5 entry does not exist, skip it
- //
- continue;
+ PreviousAddress = Base + Length;
}
- Pml4 = (UINT64 *)(UINTN)(Pml5[Pml5Index] & PHYSICAL_ADDRESS_MASK);
- for (Pml4Index = 0; Pml4Index < NumberOfPml4Entries; Pml4Index++) {
- if ((Pml4[Pml4Index] & IA32_PG_P) == 0) {
+ //
+ // This assignment is for setting the last remaining range
+ //
+ MemoryAttrMask = EFI_MEMORY_RP;
+ } else {
+ //
+ // Sort the mSmmCpuSmramRanges
+ //
+ Buffer = AllocateZeroPool (sizeof (EFI_SMRAM_DESCRIPTOR));
+ ASSERT (Buffer != NULL);
+ QuickSort (mSmmCpuSmramRanges, mSmmCpuSmramRangeCount, sizeof (EFI_SMRAM_DESCRIPTOR), (BASE_SORT_COMPARE)CpuSmramRangeCompare, Buffer);
+ MemoryAttrMask = EFI_MEMORY_XP;
+ for (Index = 0; Index < mSmmCpuSmramRangeCount; Index++) {
+ Base = mSmmCpuSmramRanges[Index].CpuStart;
+ if ((Base > PreviousAddress) && mXdSupported) {
//
- // If PML4 entry does not exist, skip it
+ // Mark the ranges not in mSmmCpuSmramRanges as NX.
//
- continue;
+ Status = ConvertMemoryPageAttributes (PageTable, mPagingMode, PreviousAddress, Base - PreviousAddress, MemoryAttrMask, TRUE, NULL);
+ ASSERT_RETURN_ERROR (Status);
}
- Pdpt = (UINT64 *)(UINTN)(Pml4[Pml4Index] & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
- for (PdptIndex = 0; PdptIndex < NumberOfPdptEntries; PdptIndex++, Pdpt++) {
- if ((*Pdpt & IA32_PG_P) == 0) {
- //
- // If PDPT entry does not exist, skip it
- //
- continue;
- }
-
- if ((*Pdpt & IA32_PG_PS) != 0) {
- //
- // This is 1G entry, set NX bit and skip it
- //
- if (mXdSupported) {
- *Pdpt = *Pdpt | IA32_PG_NX;
- }
-
- continue;
- }
+ PreviousAddress = mSmmCpuSmramRanges[Index].CpuStart + mSmmCpuSmramRanges[Index].PhysicalSize;
+ }
+ }
- Pd = (UINT64 *)(UINTN)(*Pdpt & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
- if (Pd == 0) {
- continue;
- }
+ FreePool (Buffer);
- for (PdIndex = 0; PdIndex < SIZE_4KB / sizeof (*Pd); PdIndex++, Pd++) {
- if ((*Pd & IA32_PG_P) == 0) {
- //
- // If PD entry does not exist, skip it
- //
- continue;
- }
-
- Address = (UINTN)LShiftU64 (
- LShiftU64 (
- LShiftU64 ((Pml5Index << 9) + Pml4Index, 9) + PdptIndex,
- 9
- ) + PdIndex,
- 21
- );
-
- if ((*Pd & IA32_PG_PS) != 0) {
- // 2MB page
-
- if (!IsAddressValid (Address, &Nx)) {
- //
- // Patch to remove Present flag and RW flag
- //
- *Pd = *Pd & (INTN)(INT32)(~PAGE_ATTRIBUTE_BITS);
- }
-
- if (Nx && mXdSupported) {
- *Pd = *Pd | IA32_PG_NX;
- }
- } else {
- // 4KB page
- Pt = (UINT64 *)(UINTN)(*Pd & ~mAddressEncMask & PHYSICAL_ADDRESS_MASK);
- if (Pt == 0) {
- continue;
- }
-
- for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof (*Pt); PtIndex++, Pt++) {
- if (!IsAddressValid (Address, &Nx)) {
- *Pt = *Pt & (INTN)(INT32)(~PAGE_ATTRIBUTE_BITS);
- }
-
- if (Nx && mXdSupported) {
- *Pt = *Pt | IA32_PG_NX;
- }
-
- Address += SIZE_4KB;
- } // end for PT
- } // end if PS
- } // end for PD
- } // end for PDPT
- } // end for PML4
- } // end for PML5
+ if (PreviousAddress < Limit) {
+ //
+ // Set the last remaining range to EFI_MEMORY_RP/EFI_MEMORY_XP.
+ // This path applies to both SmmProfile enable/disable case.
+ //
+ Status = ConvertMemoryPageAttributes (PageTable, mPagingMode, PreviousAddress, Limit - PreviousAddress, MemoryAttrMask, TRUE, NULL);
+ ASSERT_RETURN_ERROR (Status);
+ }
EnableReadOnlyPageWriteProtect (WpEnabled, CetEnabled);
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [Patch V3 11/11] UefiCpuPkg/PiSmmCpuDxeSmm: Remove unnecessary function
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
` (9 preceding siblings ...)
2023-04-21 8:36 ` [Patch V3 10/11] UefiCpuPkg: Refinement to code about updating smm page table duntan
@ 2023-04-21 8:36 ` duntan
10 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-21 8:36 UTC (permalink / raw)
To: devel; +Cc: Eric Dong, Ray Ni, Rahul Kumar, Gerd Hoffmann
Remove unnecessary function SetNotPresentPage(). We can directly
use ConvertMemoryPageAttributes to set a range to non-present.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 8 ++++++--
UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h | 16 ----------------
UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c | 22 ----------------------
3 files changed, 6 insertions(+), 40 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
index c0e368ea94..5316ba7b5a 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@@ -1074,10 +1074,14 @@ PiCpuSmmEntry (
mSmmShadowStackSize
);
if (FeaturePcdGet (PcdCpuSmmStackGuard)) {
- SetNotPresentPage (
+ ConvertMemoryPageAttributes (
Cr3,
+ mPagingMode,
(EFI_PHYSICAL_ADDRESS)(UINTN)Stacks + mSmmStackSize + EFI_PAGES_TO_SIZE (1) + (mSmmStackSize + mSmmShadowStackSize) * Index,
- EFI_PAGES_TO_SIZE (1)
+ EFI_PAGES_TO_SIZE (1),
+ EFI_MEMORY_RP,
+ TRUE,
+ NULL
);
}
}
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
index 37366d6803..5f1f1698fa 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@@ -1235,22 +1235,6 @@ SetShadowStack (
IN UINT64 Length
);
-/**
- Set not present memory.
-
- @param[in] Cr3 The page table base address.
- @param[in] BaseAddress The physical address that is the start address of a memory region.
- @param[in] Length The size in bytes of the memory region.
-
- @retval EFI_SUCCESS The not present memory is set.
-**/
-EFI_STATUS
-SetNotPresentPage (
- IN UINTN Cr3,
- IN EFI_PHYSICAL_ADDRESS BaseAddress,
- IN UINT64 Length
- );
-
/**
Initialize the shadow stack related data structure.
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
index 9a0619ce51..7cebc16a1d 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmCpuMemoryManagement.c
@@ -708,28 +708,6 @@ SetShadowStack (
return Status;
}
-/**
- Set not present memory.
-
- @param[in] Cr3 The page table base address.
- @param[in] BaseAddress The physical address that is the start address of a memory region.
- @param[in] Length The size in bytes of the memory region.
-
- @retval EFI_SUCCESS The not present memory is set.
-**/
-EFI_STATUS
-SetNotPresentPage (
- IN UINTN Cr3,
- IN EFI_PHYSICAL_ADDRESS BaseAddress,
- IN UINT64 Length
- )
-{
- EFI_STATUS Status;
-
- Status = SmmSetMemoryAttributesEx (Cr3, mPagingMode, BaseAddress, Length, EFI_MEMORY_RP);
- return Status;
-}
-
/**
Retrieves a pointer to the system configuration table from the SMM System Table
based on a specified GUID.
--
2.39.1.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
2023-04-21 8:36 ` [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry duntan
@ 2023-04-21 14:26 ` Lendacky, Thomas
2023-04-21 14:53 ` Lendacky, Thomas
2023-04-24 9:54 ` Gerd Hoffmann
0 siblings, 2 replies; 18+ messages in thread
From: Lendacky, Thomas @ 2023-04-21 14:26 UTC (permalink / raw)
To: Dun Tan, devel
Cc: Ard Biesheuvel, Jiewen Yao, Jordan Justen, Gerd Hoffmann, Ray Ni
On 4/21/23 03:36, Dun Tan wrote:
> Remove code that apply AddressEncMask to non-leaf entry when split
> smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> bit in page table for a specific range. In AMD SEV feature, this
> AddressEncMask bit in page table is used to indicate if the memory
> is guest private memory or shared memory. But all memory used by
> page table are treated as encrypted regardless of encryption bit.
> So remove the EncMask bit for smm non-leaf page table entry
> doesn't impact AMD SEV feature.
> If page split happens in the AddressEncMask bit clear process,
> there will be some new non-leaf entries with AddressEncMask
> applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> module will use CpuPageTableLib to modify smm page table. So
> remove code to apply AddressEncMask for new non-leaf entries
> since CpuPageTableLib doesn't consume the EncMask PCD.
I'm really not a fan of removing the encryption mask, because technically
it is correct to have it present in non-leaf entries. I really think the
pagetable library should be able to work correctly with or without the
encryption mask.
What would it take to make the pagetable library aware of the mask?
Thanks,
Tom
>
> Signed-off-by: Dun Tan <dun.tan@intel.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> index a1f6e61c1e..f2b821f6d9 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> @@ -233,7 +233,7 @@ Split2MPageTo4K (
> // Fill in 2M page entry.
> //
> *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
> - IA32_PG_P | IA32_PG_RW | AddressEncMask);
> + IA32_PG_P | IA32_PG_RW);
> }
>
> /**
> @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
> PhysicalAddress += LevelSize[Level - 1];
> }
>
> - PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
> + PageTable[Index] = (UINT64)(UINTN)NewPageTable |
> IA32_PG_P | IA32_PG_RW;
> PageTable = NewPageTable;
> }
> @@ -440,7 +440,7 @@ Split1GPageTo2M (
> // Fill in 1G page entry.
> //
> *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
> - IA32_PG_P | IA32_PG_RW | AddressEncMask);
> + IA32_PG_P | IA32_PG_RW);
>
> PhysicalAddress2M = PhysicalAddress;
> for (IndexOfPageDirectoryEntries = 0;
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
2023-04-21 14:26 ` Lendacky, Thomas
@ 2023-04-21 14:53 ` Lendacky, Thomas
2023-04-24 3:38 ` [edk2-devel] " duntan
2023-04-24 9:54 ` Gerd Hoffmann
1 sibling, 1 reply; 18+ messages in thread
From: Lendacky, Thomas @ 2023-04-21 14:53 UTC (permalink / raw)
To: Dun Tan, devel
Cc: Ard Biesheuvel, Jiewen Yao, Jordan Justen, Gerd Hoffmann, Ray Ni
On 4/21/23 09:26, Tom Lendacky wrote:
> On 4/21/23 03:36, Dun Tan wrote:
>> Remove code that apply AddressEncMask to non-leaf entry when split
>> smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
>> calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
>> bit in page table for a specific range. In AMD SEV feature, this
>> AddressEncMask bit in page table is used to indicate if the memory
>> is guest private memory or shared memory. But all memory used by
>> page table are treated as encrypted regardless of encryption bit.
>> So remove the EncMask bit for smm non-leaf page table entry
>> doesn't impact AMD SEV feature.
>> If page split happens in the AddressEncMask bit clear process,
>> there will be some new non-leaf entries with AddressEncMask
>> applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
>> module will use CpuPageTableLib to modify smm page table. So
>> remove code to apply AddressEncMask for new non-leaf entries
>> since CpuPageTableLib doesn't consume the EncMask PCD.
>
> I'm really not a fan of removing the encryption mask, because technically
> it is correct to have it present in non-leaf entries. I really think the
> pagetable library should be able to work correctly with or without the
> encryption mask.
Or if we do go this route, there needs to be a really big, informative
comment above the areas where the AddressEncMask is now being removed to
explain why the code isn't setting the encryption mask (SEV pagetable walk
behavior and the fact that the pagetable library is unaware of the
encryption bit and encounters errors when trying to walk the entries, etc.).
Thanks,
Tom
>
> What would it take to make the pagetable library aware of the mask?
>
> Thanks,
> Tom
>
>>
>> Signed-off-by: Dun Tan <dun.tan@intel.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> ---
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git
>> a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> index a1f6e61c1e..f2b821f6d9 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> @@ -233,7 +233,7 @@ Split2MPageTo4K (
>> // Fill in 2M page entry.
>> //
>> *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
>> - IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> + IA32_PG_P | IA32_PG_RW);
>> }
>> /**
>> @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
>> PhysicalAddress += LevelSize[Level - 1];
>> }
>> - PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
>> + PageTable[Index] = (UINT64)(UINTN)NewPageTable |
>> IA32_PG_P | IA32_PG_RW;
>> PageTable = NewPageTable;
>> }
>> @@ -440,7 +440,7 @@ Split1GPageTo2M (
>> // Fill in 1G page entry.
>> //
>> *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
>> - IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> + IA32_PG_P | IA32_PG_RW);
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0;
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
2023-04-21 14:53 ` Lendacky, Thomas
@ 2023-04-24 3:38 ` duntan
0 siblings, 0 replies; 18+ messages in thread
From: duntan @ 2023-04-24 3:38 UTC (permalink / raw)
To: devel@edk2.groups.io, thomas.lendacky@amd.com
Cc: Ard Biesheuvel, Yao, Jiewen, Justen, Jordan L, Gerd Hoffmann,
Ni, Ray
Hi Tom,
Thanks for the comments. I'll add more detailed commits in code to explain why the encryption mask is removed in this patch in next version patch.
Thanks,
Dun
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Lendacky, Thomas via groups.io
Sent: Friday, April 21, 2023 10:54 PM
To: Tan, Dun <dun.tan@intel.com>; devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Yao, Jiewen <jiewen.yao@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Ni, Ray <ray.ni@intel.com>
Subject: Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
On 4/21/23 09:26, Tom Lendacky wrote:
> On 4/21/23 03:36, Dun Tan wrote:
>> Remove code that apply AddressEncMask to non-leaf entry when split
>> smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
>> calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask bit
>> in page table for a specific range. In AMD SEV feature, this
>> AddressEncMask bit in page table is used to indicate if the memory is
>> guest private memory or shared memory. But all memory used by page
>> table are treated as encrypted regardless of encryption bit.
>> So remove the EncMask bit for smm non-leaf page table entry doesn't
>> impact AMD SEV feature.
>> If page split happens in the AddressEncMask bit clear process, there
>> will be some new non-leaf entries with AddressEncMask applied in smm
>> page table. When ReadyToLock, code in PiSmmCpuDxe module will use
>> CpuPageTableLib to modify smm page table. So remove code to apply
>> AddressEncMask for new non-leaf entries since CpuPageTableLib doesn't
>> consume the EncMask PCD.
>
> I'm really not a fan of removing the encryption mask, because
> technically it is correct to have it present in non-leaf entries. I
> really think the pagetable library should be able to work correctly
> with or without the encryption mask.
Or if we do go this route, there needs to be a really big, informative comment above the areas where the AddressEncMask is now being removed to explain why the code isn't setting the encryption mask (SEV pagetable walk behavior and the fact that the pagetable library is unaware of the encryption bit and encounters errors when trying to walk the entries, etc.).
Thanks,
Tom
>
> What would it take to make the pagetable library aware of the mask?
>
> Thanks,
> Tom
>
>>
>> Signed-off-by: Dun Tan <dun.tan@intel.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> ---
>> OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6
>> +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git
>> a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> index a1f6e61c1e..f2b821f6d9 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> @@ -233,7 +233,7 @@ Split2MPageTo4K (
>> // Fill in 2M page entry.
>> //
>> *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
>> - IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> + IA32_PG_P | IA32_PG_RW);
>> }
>> /**
>> @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
>> PhysicalAddress += LevelSize[Level - 1];
>> }
>> - PageTable[Index] = (UINT64)(UINTN)NewPageTable |
>> AddressEncMask |
>> + PageTable[Index] = (UINT64)(UINTN)NewPageTable |
>> IA32_PG_P | IA32_PG_RW;
>> PageTable = NewPageTable;
>> }
>> @@ -440,7 +440,7 @@ Split1GPageTo2M (
>> // Fill in 1G page entry.
>> //
>> *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
>> - IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> + IA32_PG_P | IA32_PG_RW);
>> PhysicalAddress2M = PhysicalAddress;
>> for (IndexOfPageDirectoryEntries = 0;
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
2023-04-21 14:26 ` Lendacky, Thomas
2023-04-21 14:53 ` Lendacky, Thomas
@ 2023-04-24 9:54 ` Gerd Hoffmann
2023-04-25 2:51 ` Ni, Ray
1 sibling, 1 reply; 18+ messages in thread
From: Gerd Hoffmann @ 2023-04-24 9:54 UTC (permalink / raw)
To: Tom Lendacky
Cc: Dun Tan, devel, Ard Biesheuvel, Jiewen Yao, Jordan Justen, Ray Ni
On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> On 4/21/23 03:36, Dun Tan wrote:
> > Remove code that apply AddressEncMask to non-leaf entry when split
> > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > bit in page table for a specific range. In AMD SEV feature, this
> > AddressEncMask bit in page table is used to indicate if the memory
> > is guest private memory or shared memory. But all memory used by
> > page table are treated as encrypted regardless of encryption bit.
> > So remove the EncMask bit for smm non-leaf page table entry
> > doesn't impact AMD SEV feature.
> > If page split happens in the AddressEncMask bit clear process,
> > there will be some new non-leaf entries with AddressEncMask
> > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > module will use CpuPageTableLib to modify smm page table. So
> > remove code to apply AddressEncMask for new non-leaf entries
> > since CpuPageTableLib doesn't consume the EncMask PCD.
>
> I'm really not a fan of removing the encryption mask, because technically it
> is correct to have it present in non-leaf entries. I really think the
> pagetable library should be able to work correctly with or without the
> encryption mask.
Agree. We have a bunch of custom page page code in TDX and SEV support
libraries. See here:
- Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
- Library/BaseMemEncryptTdxLib/MemoryEncryption.c
- Library/PeilessStartupLib/X64/VirtualMemory.c
I'd like to see those switched over to use the pagetable library, and
that probably requires support for the tdx/sev specific page table bits.
take care,
Gerd
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
2023-04-24 9:54 ` Gerd Hoffmann
@ 2023-04-25 2:51 ` Ni, Ray
2023-04-26 7:58 ` Min Xu
0 siblings, 1 reply; 18+ messages in thread
From: Ni, Ray @ 2023-04-25 2:51 UTC (permalink / raw)
To: Gerd Hoffmann, Tom Lendacky, Xu, Min M
Cc: Tan, Dun, devel@edk2.groups.io, Ard Biesheuvel, Yao, Jiewen,
Justen, Jordan L
> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Monday, April 24, 2023 5:55 PM
> To: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Tan, Dun <dun.tan@intel.com>; devel@edk2.groups.io; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Yao, Jiewen <jiewen.yao@intel.com>; Justen,
> Jordan L <jordan.l.justen@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply
> AddressEncMask to non-leaf entry
>
> On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> > On 4/21/23 03:36, Dun Tan wrote:
> > > Remove code that apply AddressEncMask to non-leaf entry when split
> > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > > bit in page table for a specific range. In AMD SEV feature, this
> > > AddressEncMask bit in page table is used to indicate if the memory
> > > is guest private memory or shared memory. But all memory used by
> > > page table are treated as encrypted regardless of encryption bit.
> > > So remove the EncMask bit for smm non-leaf page table entry
> > > doesn't impact AMD SEV feature.
> > > If page split happens in the AddressEncMask bit clear process,
> > > there will be some new non-leaf entries with AddressEncMask
> > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > > module will use CpuPageTableLib to modify smm page table. So
> > > remove code to apply AddressEncMask for new non-leaf entries
> > > since CpuPageTableLib doesn't consume the EncMask PCD.
> >
> > I'm really not a fan of removing the encryption mask, because technically it
> > is correct to have it present in non-leaf entries. I really think the
> > pagetable library should be able to work correctly with or without the
> > encryption mask.
>
> Agree. We have a bunch of custom page page code in TDX and SEV support
> libraries. See here:
>
> - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> - Library/BaseMemEncryptTdxLib/MemoryEncryption.c
> - Library/PeilessStartupLib/X64/VirtualMemory.c
>
> I'd like to see those switched over to use the pagetable library, and
> that probably requires support for the tdx/sev specific page table bits.
Gerd,
Changing all TDX/SEV code to use PageTableLib would be the best.
And we have evaluated TDX/SEV spec/code-logic and concluded that
either the C_bit (SEV) or Share_bit (TDX) is not required to set in the page
table non-leaf entry.
+@Xu, Min M for confirmation from TDX part.
I don't want PageTableLib to be aware of the EncMask bit because if the guest
page table is compliant to spec to not have EncMask bit set in non-leaf entry,
PageTableLib can well support the SEV/TDX scenario.
>
> take care,
> Gerd
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
2023-04-25 2:51 ` Ni, Ray
@ 2023-04-26 7:58 ` Min Xu
0 siblings, 0 replies; 18+ messages in thread
From: Min Xu @ 2023-04-26 7:58 UTC (permalink / raw)
To: Ni, Ray, Gerd Hoffmann, Tom Lendacky
Cc: Tan, Dun, devel@edk2.groups.io, Ard Biesheuvel, Yao, Jiewen,
Justen, Jordan L
On April 25, 2023 10:51 AM, Ni Ray wrote:
> >
> > On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> > > On 4/21/23 03:36, Dun Tan wrote:
> > > > Remove code that apply AddressEncMask to non-leaf entry when split
> > > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > > > bit in page table for a specific range. In AMD SEV feature, this
> > > > AddressEncMask bit in page table is used to indicate if the memory
> > > > is guest private memory or shared memory. But all memory used by
> > > > page table are treated as encrypted regardless of encryption bit.
> > > > So remove the EncMask bit for smm non-leaf page table entry
> > > > doesn't impact AMD SEV feature.
> > > > If page split happens in the AddressEncMask bit clear process,
> > > > there will be some new non-leaf entries with AddressEncMask
> > > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > > > module will use CpuPageTableLib to modify smm page table. So
> > > > remove code to apply AddressEncMask for new non-leaf entries since
> > > > CpuPageTableLib doesn't consume the EncMask PCD.
> > >
> > > I'm really not a fan of removing the encryption mask, because
> > > technically it is correct to have it present in non-leaf entries. I
> > > really think the pagetable library should be able to work correctly
> > > with or without the encryption mask.
> >
> > Agree. We have a bunch of custom page page code in TDX and SEV
> > support libraries. See here:
> >
> > - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> > - Library/BaseMemEncryptTdxLib/MemoryEncryption.c
> > - Library/PeilessStartupLib/X64/VirtualMemory.c
> >
> > I'd like to see those switched over to use the pagetable library, and
> > that probably requires support for the tdx/sev specific page table bits.
>
> Gerd,
> Changing all TDX/SEV code to use PageTableLib would be the best.
> And we have evaluated TDX/SEV spec/code-logic and concluded that either
> the C_bit (SEV) or Share_bit (TDX) is not required to set in the page table non-
> leaf entry.
>
> +@Xu, Min M for confirmation from TDX part.
Td guest creates the page table with Share_bit cleared. Only the leaf entries are set the share_bit if needed.
Thanks
Min
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2023-04-26 7:58 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-21 8:36 [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table duntan
2023-04-21 8:36 ` [Patch V3 01/11] OvmfPkg: Add CpuPageTableLib required by PiSmmCpuDxe duntan
2023-04-21 8:36 ` [Patch V3 02/11] UefiPayloadPkg: " duntan
2023-04-21 8:36 ` [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry duntan
2023-04-21 14:26 ` Lendacky, Thomas
2023-04-21 14:53 ` Lendacky, Thomas
2023-04-24 3:38 ` [edk2-devel] " duntan
2023-04-24 9:54 ` Gerd Hoffmann
2023-04-25 2:51 ` Ni, Ray
2023-04-26 7:58 ` Min Xu
2023-04-21 8:36 ` [Patch V3 04/11] UefiCpuPkg: Use CpuPageTableLib to convert SMM paging attribute duntan
2023-04-21 8:36 ` [Patch V3 05/11] UefiCpuPkg/PiSmmCpuDxeSmm: Avoid setting non-present range to RO/NX duntan
2023-04-21 8:36 ` [Patch V3 06/11] UefiCpuPkg: Extern mSmmShadowStackSize in PiSmmCpuDxeSmm.h duntan
2023-04-21 8:36 ` [Patch V3 07/11] UefiCpuPkg/PiSmmCpuDxeSmm: Add 2 function to disable/enable CR0.WP duntan
2023-04-21 8:36 ` [Patch V3 08/11] UefiCpuPkg/PiSmmCpuDxeSmm: Clear CR0.WP before modify page table duntan
2023-04-21 8:36 ` [Patch V3 09/11] UefiCpuPkg: Refinement to current smm page table generation code duntan
2023-04-21 8:36 ` [Patch V3 10/11] UefiCpuPkg: Refinement to code about updating smm page table duntan
2023-04-21 8:36 ` [Patch V3 11/11] UefiCpuPkg/PiSmmCpuDxeSmm: Remove unnecessary function duntan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox