From: Jian J Wang <jian.j.wang@intel.com>
To: edk2-devel@lists.01.org
Cc: Eric Dong <eric.dong@intel.com>, Laszlo Ersek <lersek@redhat.com>,
Ruiyu Ni <ruiyu.ni@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
Star Zeng <star.zeng@intel.com>,
"Ware, Ryan R" <ryan.r.ware@intel.com>
Subject: [PATCH 4/4] UefiCpuPkg/CpuMpPei: support stack guard feature
Date: Mon, 3 Sep 2018 11:15:50 +0800 [thread overview]
Message-ID: <20180903031550.4440-5-jian.j.wang@intel.com> (raw)
In-Reply-To: <20180903031550.4440-1-jian.j.wang@intel.com>
This feature is the same as Stack Guard enabled in driver CpuDxe but
applies to PEI phase. Due to the specialty in PEI module dispatching,
this driver is changed to do the actual initialization in notify
callback of event gEfiPeiMemoryDiscoveredPpiGuid. This can let the
stack guard apply to as most PEI drivers as possible.
To let Stack Guard work, some simple page table management code are
introduced to setup Guard page at base of stack for each processor.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: "Ware, Ryan R" <ryan.r.ware@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 269 ++++++++++++++++-
UefiCpuPkg/CpuMpPei/CpuMpPei.h | 14 +
UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 11 +-
UefiCpuPkg/CpuMpPei/CpuPaging.c | 637 +++++++++++++++++++++++++++++++++++++++
4 files changed, 916 insertions(+), 15 deletions(-)
create mode 100644 UefiCpuPkg/CpuMpPei/CpuPaging.c
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
index 7c94d5a6d7..e3762daf39 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
@@ -409,25 +409,225 @@ PeiWhoAmI (
}
/**
- The Entry point of the MP CPU PEIM.
+ Get GDT register value.
- This function will wakeup APs and collect CPU AP count and install the
- Mp Service Ppi.
+ This function is mainly for AP purpose because AP may have different GDT
+ table than BSP.
- @param FileHandle Handle of the file being invoked.
- @param PeiServices Describes the list of possible PEI Services.
+ @param[in,out] Buffer The pointer to private data buffer.
- @retval EFI_SUCCESS MpServicePpi is installed successfully.
+**/
+VOID
+EFIAPI
+GetGdtr (
+ IN OUT VOID *Buffer
+ )
+{
+ AsmReadGdtr ((IA32_DESCRIPTOR *)Buffer);
+}
+
+/**
+ Initializes CPU exceptions handlers for the sake of stack switch requirement.
+
+ This function is a wrapper of InitializeCpuExceptionHandlersEx. It's mainly
+ for the sake of AP's init because of EFI_AP_PROCEDURE API requirement.
+
+ @param[in,out] Buffer The pointer to private data buffer.
**/
-EFI_STATUS
+VOID
EFIAPI
-CpuMpPeimInit (
- IN EFI_PEI_FILE_HANDLE FileHandle,
+InitializeExceptionStackSwitchHandlers (
+ IN OUT VOID *Buffer
+ )
+{
+ CPU_EXCEPTION_INIT_DATA *EssData;
+ IA32_DESCRIPTOR Idtr;
+ EFI_STATUS Status;
+
+ EssData = Buffer;
+ //
+ // We don't plan to replace IDT table with a new one, but we should not assume
+ // the AP's IDT is the same as BSP's IDT either.
+ //
+ AsmReadIdtr (&Idtr);
+ EssData->Ia32.IdtTable = (VOID *)Idtr.Base;
+ EssData->Ia32.IdtTableSize = Idtr.Limit + 1;
+ Status = InitializeCpuExceptionHandlersEx (NULL, EssData);
+ ASSERT_EFI_ERROR (Status);
+}
+
+/**
+ Initializes MP exceptions handlers for the sake of stack switch requirement.
+
+ This function will allocate required resources required to setup stack switch
+ and pass them through CPU_EXCEPTION_INIT_DATA to each logic processor.
+
+**/
+VOID
+InitializeMpExceptionStackSwitchHandlers (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+ UINTN Bsp;
+ UINTN ExceptionNumber;
+ UINTN OldGdtSize;
+ UINTN NewGdtSize;
+ UINTN NewStackSize;
+ IA32_DESCRIPTOR Gdtr;
+ CPU_EXCEPTION_INIT_DATA EssData;
+ UINT8 *GdtBuffer;
+ UINT8 *StackTop;
+ UINTN NumberOfProcessors;
+
+ if (!PcdGetBool (PcdCpuStackGuard)) {
+ return;
+ }
+
+ MpInitLibGetNumberOfProcessors(&NumberOfProcessors, NULL);
+ MpInitLibWhoAmI (&Bsp);
+
+ ExceptionNumber = FixedPcdGetSize (PcdCpuStackSwitchExceptionList);
+ NewStackSize = FixedPcdGet32 (PcdCpuKnownGoodStackSize) * ExceptionNumber;
+
+ Status = PeiServicesAllocatePool (
+ NewStackSize * NumberOfProcessors,
+ (VOID **)&StackTop
+ );
+ ASSERT(StackTop != NULL);
+ if (EFI_ERROR (Status)) {
+ ASSERT_EFI_ERROR (Status);
+ return;
+ }
+ StackTop += NewStackSize * NumberOfProcessors;
+
+ //
+ // The default exception handlers must have been initialized. Let's just skip
+ // it in this method.
+ //
+ EssData.Ia32.Revision = CPU_EXCEPTION_INIT_DATA_REV;
+ EssData.Ia32.InitDefaultHandlers = FALSE;
+
+ EssData.Ia32.StackSwitchExceptions = FixedPcdGetPtr(PcdCpuStackSwitchExceptionList);
+ EssData.Ia32.StackSwitchExceptionNumber = ExceptionNumber;
+ EssData.Ia32.KnownGoodStackSize = FixedPcdGet32(PcdCpuKnownGoodStackSize);
+
+ //
+ // Initialize Gdtr to suppress incorrect compiler/analyzer warnings.
+ //
+ Gdtr.Base = 0;
+ Gdtr.Limit = 0;
+ for (Index = 0; Index < NumberOfProcessors; ++Index) {
+ //
+ // To support stack switch, we need to re-construct GDT but not IDT.
+ //
+ if (Index == Bsp) {
+ GetGdtr(&Gdtr);
+ } else {
+ //
+ // AP might have different size of GDT from BSP.
+ //
+ MpInitLibStartupThisAP (GetGdtr, Index, NULL, 0, (VOID *)&Gdtr, NULL);
+ }
+
+ //
+ // X64 needs only one TSS of current task working for all exceptions
+ // because of its IST feature. IA32 needs one TSS for each exception
+ // in addition to current task. Since AP is not supposed to allocate
+ // memory, we have to do it in BSP. To simplify the code, we allocate
+ // memory for IA32 case to cover both IA32 and X64 exception stack
+ // switch.
+ //
+ // Layout of memory to allocate for each processor:
+ // --------------------------------
+ // | Alignment | (just in case)
+ // --------------------------------
+ // | |
+ // | Original GDT |
+ // | |
+ // --------------------------------
+ // | Current task descriptor |
+ // --------------------------------
+ // | |
+ // | Exception task descriptors | X ExceptionNumber
+ // | |
+ // --------------------------------
+ // | Current task-state segment |
+ // --------------------------------
+ // | |
+ // | Exception task-state segment | X ExceptionNumber
+ // | |
+ // --------------------------------
+ //
+ OldGdtSize = Gdtr.Limit + 1;
+ EssData.Ia32.ExceptionTssDescSize = sizeof (IA32_TSS_DESCRIPTOR) *
+ (ExceptionNumber + 1);
+ EssData.Ia32.ExceptionTssSize = sizeof (IA32_TASK_STATE_SEGMENT) *
+ (ExceptionNumber + 1);
+ NewGdtSize = sizeof (IA32_TSS_DESCRIPTOR) +
+ OldGdtSize +
+ EssData.Ia32.ExceptionTssDescSize +
+ EssData.Ia32.ExceptionTssSize;
+
+ Status = PeiServicesAllocatePool (
+ NewGdtSize,
+ (VOID **)&GdtBuffer
+ );
+ ASSERT (GdtBuffer != NULL);
+ if (EFI_ERROR (Status)) {
+ ASSERT_EFI_ERROR (Status);
+ return;
+ }
+
+ //
+ // Make sure GDT table alignment
+ //
+ EssData.Ia32.GdtTable = ALIGN_POINTER(GdtBuffer, sizeof (IA32_TSS_DESCRIPTOR));
+ NewGdtSize -= ((UINT8 *)EssData.Ia32.GdtTable - GdtBuffer);
+ EssData.Ia32.GdtTableSize = NewGdtSize;
+
+ EssData.Ia32.ExceptionTssDesc = ((UINT8 *)EssData.Ia32.GdtTable + OldGdtSize);
+ EssData.Ia32.ExceptionTss = ((UINT8 *)EssData.Ia32.GdtTable + OldGdtSize +
+ EssData.Ia32.ExceptionTssDescSize);
+
+ EssData.Ia32.KnownGoodStackTop = (UINTN)StackTop;
+ DEBUG ((DEBUG_INFO,
+ "Exception stack top[cpu%lu]: 0x%lX\n",
+ (UINT64)(UINTN)Index,
+ (UINT64)(UINTN)StackTop));
+
+ if (Index == Bsp) {
+ InitializeExceptionStackSwitchHandlers (&EssData);
+ } else {
+ MpInitLibStartupThisAP (
+ InitializeExceptionStackSwitchHandlers,
+ Index,
+ NULL,
+ 0,
+ (VOID *)&EssData,
+ NULL
+ );
+ }
+
+ StackTop -= NewStackSize;
+ }
+}
+
+/**
+ Initializes MP and exceptions handlers.
+
+ @retval EFI_SUCCESS MP was successfully initialized.
+ @retval others Error occurred in MP initialization.
+
+**/
+EFI_STATUS
+InitializeCpuMpWorker (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
EFI_VECTOR_HANDOFF_INFO *VectorInfo;
EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi;
@@ -444,14 +644,24 @@ CpuMpPeimInit (
if (Status == EFI_SUCCESS) {
VectorInfo = VectorHandoffInfoPpi->Info;
}
- Status = InitializeCpuExceptionHandlers (VectorInfo);
- ASSERT_EFI_ERROR (Status);
//
- // Wakeup APs to do initialization
+ // Initialize default handlers
//
+ Status = InitializeCpuExceptionHandlers (VectorInfo);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
Status = MpInitLibInitialize ();
- ASSERT_EFI_ERROR (Status);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Special initialization for the sake of Stack Guard
+ //
+ InitializeMpExceptionStackSwitchHandlers ();
//
// Update and publish CPU BIST information
@@ -466,3 +676,34 @@ CpuMpPeimInit (
return Status;
}
+
+/**
+ The Entry point of the MP CPU PEIM.
+
+ This function will wakeup APs and collect CPU AP count and install the
+ Mp Service Ppi.
+
+ @param FileHandle Handle of the file being invoked.
+ @param PeiServices Describes the list of possible PEI Services.
+
+ @retval EFI_SUCCESS MpServicePpi is installed successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+CpuMpPeimInit (
+ IN EFI_PEI_FILE_HANDLE FileHandle,
+ IN CONST EFI_PEI_SERVICES **PeiServices
+ )
+{
+ EFI_STATUS Status;
+
+ //
+ // For the sake of special initialization needing to be done right after
+ // memory discovery.
+ //
+ Status = PeiServicesNotifyPpi (&mPostMemNotifyList[0]);
+ ASSERT_EFI_ERROR (Status);
+
+ return Status;
+}
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
index aae56658ec..846f16db3a 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
@@ -402,4 +402,18 @@ SecPlatformInformation2 (
OUT EFI_SEC_PLATFORM_INFORMATION_RECORD2 *PlatformInformationRecord2
);
+/**
+ Initializes MP and exceptions handlers.
+
+ @retval EFI_SUCCESS MP was successfully initialized.
+ @retval others Error occurred in MP initialization.
+
+**/
+EFI_STATUS
+InitializeCpuMpWorker (
+ IN CONST EFI_PEI_SERVICES **PeiServices
+ );
+
+extern EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[];
+
#endif
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
index 3b40d88201..19cbf3345c 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
@@ -31,6 +31,7 @@
CpuMpPei.h
CpuMpPei.c
CpuBist.c
+ CpuPaging.c
[Packages]
MdePkg/MdePkg.dec
@@ -57,9 +58,17 @@
## UNDEFINED # HOB
gEfiSecPlatformInformation2PpiGuid
gEfiVectorHandoffInfoPpiGuid ## SOMETIMES_CONSUMES
+ gEfiPeiMemoryDiscoveredPpiGuid
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize
+ gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize
[Depex]
- gEfiPeiMemoryDiscoveredPpiGuid
+ TRUE
[UserExtensions.TianoCore."ExtraFiles"]
CpuMpPeiExtra.uni
diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c
new file mode 100644
index 0000000000..5d18768e30
--- /dev/null
+++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
@@ -0,0 +1,637 @@
+/** @file
+ Basic paging support for the CPU to enable Stack Guard.
+
+Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Register/Cpuid.h>
+#include <Register/Msr.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/CpuLib.h>
+#include <Library/BaseLib.h>
+
+#include "CpuMpPei.h"
+
+#define IA32_PG_P BIT0
+#define IA32_PG_RW BIT1
+#define IA32_PG_U BIT2
+#define IA32_PG_A BIT5
+#define IA32_PG_D BIT6
+#define IA32_PG_PS BIT7
+#define IA32_PG_NX BIT63
+
+#define PAGE_ATTRIBUTE_BITS (IA32_PG_RW | IA32_PG_P)
+#define PAGE_PROGATE_BITS (IA32_PG_D | IA32_PG_A | IA32_PG_NX | IA32_PG_U |\
+ PAGE_ATTRIBUTE_BITS)
+
+#define PAGING_PAE_INDEX_MASK 0x1FF
+#define PAGING_4K_ADDRESS_MASK_64 0x000FFFFFFFFFF000ull
+#define PAGING_2M_ADDRESS_MASK_64 0x000FFFFFFFE00000ull
+#define PAGING_1G_ADDRESS_MASK_64 0x000FFFFFC0000000ull
+#define PAGING_512G_ADDRESS_MASK_64 0x000FFF8000000000ull
+
+typedef enum {
+ PageNone = 0,
+ PageMin = 1,
+ Page4K = PageMin,
+ Page2M = 2,
+ Page1G = 3,
+ Page512G = 4,
+ PageMax = Page512G
+} PAGE_ATTRIBUTE;
+
+typedef struct {
+ PAGE_ATTRIBUTE Attribute;
+ UINT64 Length;
+ UINT64 AddressMask;
+ UINTN AddressBitOffset;
+ UINTN AddressBitLength;
+} PAGE_ATTRIBUTE_TABLE;
+
+PAGE_ATTRIBUTE_TABLE mPageAttributeTable[] = {
+ {PageNone, 0, 0, 0, 0},
+ {Page4K, SIZE_4KB, PAGING_4K_ADDRESS_MASK_64, 12, 9},
+ {Page2M, SIZE_2MB, PAGING_2M_ADDRESS_MASK_64, 21, 9},
+ {Page1G, SIZE_1GB, PAGING_1G_ADDRESS_MASK_64, 30, 9},
+ {Page512G, SIZE_512GB, PAGING_512G_ADDRESS_MASK_64, 39, 9},
+};
+
+EFI_STATUS
+EFIAPI
+MemoryDiscoveredPpiNotifyCallback (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
+ IN VOID *Ppi
+ );
+
+EFI_PEI_NOTIFY_DESCRIPTOR mPostMemNotifyList[] = {
+ {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEfiPeiMemoryDiscoveredPpiGuid,
+ MemoryDiscoveredPpiNotifyCallback
+ }
+};
+
+/**
+ The function will check if IA32 PAE is supported.
+
+ @retval TRUE IA32 PAE is supported.
+ @retval FALSE IA32 PAE is not supported.
+
+**/
+BOOLEAN
+IsIa32PaeSupported (
+ VOID
+ )
+{
+ UINT32 RegEax;
+ CPUID_VERSION_INFO_EDX RegEdx;
+
+ AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);
+ if (RegEax >= CPUID_VERSION_INFO) {
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &RegEdx.Uint32);
+ if (RegEdx.Bits.PAE != 0) {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+ This API provides a way to allocate memory for page table.
+
+ @param Pages The number of 4 KB pages to allocate.
+
+ @return A pointer to the allocated buffer or NULL if allocation fails.
+
+**/
+VOID *
+AllocatePageTableMemory (
+ IN UINTN Pages
+ )
+{
+ VOID *Address;
+
+ Address = AllocatePages(Pages);
+ if (Address != NULL) {
+ ZeroMem(Address, EFI_PAGES_TO_SIZE (Pages));
+ }
+
+ return Address;
+}
+
+/**
+ Get the address width supported by current processor.
+
+ @retval 32 If processor is in 32-bit mode.
+ @retval 36-48 If processor is in 64-bit mode.
+
+**/
+UINTN
+GetPhysicalAddressWidth (
+ VOID
+ )
+{
+ UINT32 RegEax;
+
+ if (sizeof(UINTN) == 4) {
+ return 32;
+ }
+
+ AsmCpuid(CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
+ if (RegEax >= CPUID_VIR_PHY_ADDRESS_SIZE) {
+ AsmCpuid (CPUID_VIR_PHY_ADDRESS_SIZE, &RegEax, NULL, NULL, NULL);
+ RegEax &= 0xFF;
+ if (RegEax > 48) {
+ return 48;
+ }
+
+ return (UINTN)RegEax;
+ }
+
+ return 36;
+}
+
+/**
+ Get the type of top level page table.
+
+ @retval Page512G PML4 paging.
+ @retval Page1G PAE paing.
+
+**/
+PAGE_ATTRIBUTE
+GetPageTableTopLevelType (
+ VOID
+ )
+{
+ MSR_IA32_EFER_REGISTER MsrEfer;
+
+ MsrEfer.Uint64 = AsmReadMsr64 (MSR_CORE_IA32_EFER);
+
+ return (MsrEfer.Bits.LMA == 1) ? Page512G : Page1G;
+}
+
+/**
+ Return page table entry matching the address.
+
+ @param[in] Address The address to be checked.
+ @param[out] PageAttributes The page attribute of the page entry.
+
+ @return The page entry.
+**/
+VOID *
+GetPageTableEntry (
+ IN PHYSICAL_ADDRESS Address,
+ OUT PAGE_ATTRIBUTE *PageAttribute
+ )
+{
+ INTN Level;
+ UINTN Index;
+ UINT64 *PageTable;
+ UINT64 AddressEncMask;
+
+ AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
+ PageTable = (UINT64 *)(UINTN)(AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64);
+ for (Level = (INTN)GetPageTableTopLevelType (); Level > 0; --Level) {
+ Index = (UINTN)RShiftU64 (Address, mPageAttributeTable[Level].AddressBitOffset);
+ Index &= PAGING_PAE_INDEX_MASK;
+
+ //
+ // No mapping?
+ //
+ if (PageTable[Index] == 0) {
+ *PageAttribute = PageNone;
+ return NULL;
+ }
+
+ //
+ // Page memory?
+ //
+ if ((PageTable[Index] & IA32_PG_PS) != 0 || Level == PageMin) {
+ *PageAttribute = (PAGE_ATTRIBUTE)Level;
+ return &PageTable[Index];
+ }
+
+ //
+ // Page directory or table
+ //
+ PageTable = (UINT64 *)(UINTN)(PageTable[Index] &
+ ~AddressEncMask &
+ PAGING_4K_ADDRESS_MASK_64);
+ }
+
+ *PageAttribute = PageNone;
+ return NULL;
+}
+
+/**
+ This function splits one page entry to smaller page entries.
+
+ @param[in] PageEntry The page entry to be splitted.
+ @param[in] PageAttribute The page attribute of the page entry.
+ @param[in] SplitAttribute How to split the page entry.
+ @param[in] Recursively Do the split recursively or not.
+
+ @retval RETURN_SUCCESS The page entry is splitted.
+ @retval RETURN_INVALID_PARAMETER If target page attribute is invalid
+ @retval RETURN_OUT_OF_RESOURCES No resource to split page entry.
+**/
+RETURN_STATUS
+SplitPage (
+ IN UINT64 *PageEntry,
+ IN PAGE_ATTRIBUTE PageAttribute,
+ IN PAGE_ATTRIBUTE SplitAttribute,
+ IN BOOLEAN Recursively
+ )
+{
+ UINT64 BaseAddress;
+ UINT64 *NewPageEntry;
+ UINTN Index;
+ UINT64 AddressEncMask;
+ PAGE_ATTRIBUTE SplitTo;
+
+ if (SplitAttribute == PageNone || SplitAttribute >= PageAttribute) {
+ ASSERT (SplitAttribute != PageNone);
+ ASSERT (SplitAttribute < PageAttribute);
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ NewPageEntry = AllocatePageTableMemory (1);
+ if (NewPageEntry == NULL) {
+ ASSERT (NewPageEntry != NULL);
+ return RETURN_OUT_OF_RESOURCES;
+ }
+
+ //
+ // One level down each step to achieve more compact page table.
+ //
+ SplitTo = PageAttribute - 1;
+ AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) &
+ mPageAttributeTable[SplitTo].AddressMask;
+ BaseAddress = *PageEntry &
+ ~PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) &
+ mPageAttributeTable[PageAttribute].AddressMask;
+ for (Index = 0; Index < SIZE_4KB / sizeof(UINT64); Index++) {
+ NewPageEntry[Index] = BaseAddress | AddressEncMask |
+ ((*PageEntry) & PAGE_PROGATE_BITS);
+
+ if (SplitTo != PageMin) {
+ NewPageEntry[Index] |= IA32_PG_PS;
+ }
+
+ if (Recursively && SplitTo > SplitAttribute) {
+ SplitPage (&NewPageEntry[Index], SplitTo, SplitAttribute, Recursively);
+ }
+
+ BaseAddress += mPageAttributeTable[SplitTo].Length;
+ }
+
+ (*PageEntry) = (UINT64)(UINTN)NewPageEntry | AddressEncMask | PAGE_ATTRIBUTE_BITS;
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ This function modifies the page attributes for the memory region specified
+ by BaseAddress and Length from their current attributes to the attributes
+ specified by Attributes.
+
+ Caller should make sure BaseAddress and Length is at page boundary.
+
+ @param[in] BaseAddress Start address of a memory region.
+ @param[in] Length Size in bytes of the memory region.
+ @param[in] Attributes Bit mask of attributes to modify.
+
+ @retval RETURN_SUCCESS The attributes were modified for the memory
+ region.
+ @retval RETURN_INVALID_PARAMETER Length is zero; or,
+ Attributes specified an illegal combination
+ of attributes that cannot be set together; or
+ Addressis not 4KB aligned.
+ @retval RETURN_OUT_OF_RESOURCES There are not enough system resources to modify
+ the attributes.
+ @retval RETURN_UNSUPPORTED Cannot modify the attributes of given memory.
+
+**/
+RETURN_STATUS
+EFIAPI
+ConvertMemoryPageAttributes (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length,
+ IN UINT64 Attributes
+ )
+{
+ UINT64 *PageEntry;
+ PAGE_ATTRIBUTE PageAttribute;
+ RETURN_STATUS Status;
+ EFI_PHYSICAL_ADDRESS MaximumAddress;
+
+ if (Length == 0 ||
+ (BaseAddress & (SIZE_4KB - 1)) != 0 ||
+ (Length & (SIZE_4KB - 1)) != 0) {
+
+ ASSERT (Length > 0);
+ ASSERT ((BaseAddress & (SIZE_4KB - 1)) == 0);
+ ASSERT ((Length & (SIZE_4KB - 1)) == 0);
+
+ return RETURN_INVALID_PARAMETER;
+ }
+
+ MaximumAddress = (EFI_PHYSICAL_ADDRESS)MAX_UINT32;
+ if (BaseAddress > MaximumAddress ||
+ Length > MaximumAddress ||
+ (BaseAddress > MaximumAddress - (Length - 1))) {
+ return RETURN_UNSUPPORTED;
+ }
+
+ //
+ // Below logic is to check 2M/4K page to make sure we do not waste memory.
+ //
+ while (Length != 0) {
+ PageEntry = GetPageTableEntry (BaseAddress, &PageAttribute);
+ if (PageEntry == NULL) {
+ return RETURN_UNSUPPORTED;
+ }
+
+ if (PageAttribute != Page4K) {
+ Status = SplitPage (PageEntry, PageAttribute, Page4K, FALSE);
+ if (RETURN_ERROR (Status)) {
+ return Status;
+ }
+ //
+ // Do it again until the page is 4K.
+ //
+ continue;
+ }
+
+ //
+ // Just take care of 'present' bit for Stack Guard.
+ //
+ if ((Attributes & IA32_PG_P) != 0) {
+ *PageEntry |= (UINT64)IA32_PG_P;
+ } else {
+ *PageEntry &= ~((UINT64)IA32_PG_P);
+ }
+
+ //
+ // Convert success, move to next
+ //
+ BaseAddress += SIZE_4KB;
+ Length -= SIZE_4KB;
+ }
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Get maximum size of page memory supported by current processor.
+
+ @retval Page1G If processor supports 1G page and PML4.
+ @retval Page2M For all other situations.
+
+**/
+PAGE_ATTRIBUTE
+GetMaxMemoryPage (
+ IN PAGE_ATTRIBUTE TopLevelType
+ )
+{
+ UINT32 RegEax;
+ UINT32 RegEdx;
+
+ if (TopLevelType == Page512G) {
+ AsmCpuid (CPUID_EXTENDED_FUNCTION, &RegEax, NULL, NULL, NULL);
+ if (RegEax >= CPUID_EXTENDED_CPU_SIG) {
+ AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx);
+ if ((RegEdx & BIT26) != 0) {
+ return Page1G;
+ }
+ }
+ }
+
+ return Page2M;
+}
+
+/**
+ Create PML4 or PAE page table.
+
+ @return The address of page table.
+
+**/
+UINTN
+CreatePageTable (
+ VOID
+ )
+{
+ RETURN_STATUS Status;
+ UINTN PhysicalAddressBits;
+ UINTN NumberOfEntries;
+ PAGE_ATTRIBUTE TopLevelPageAttr;
+ UINTN PageTable;
+ PAGE_ATTRIBUTE MaxMemoryPage;
+ UINTN Index;
+ UINT64 AddressEncMask;
+ UINT64 *PageEntry;
+ EFI_PHYSICAL_ADDRESS PhysicalAddress;
+
+ TopLevelPageAttr = (PAGE_ATTRIBUTE)GetPageTableTopLevelType ();
+ PhysicalAddressBits = GetPhysicalAddressWidth ();
+ NumberOfEntries = (UINTN)1 << (PhysicalAddressBits -
+ mPageAttributeTable[TopLevelPageAttr].AddressBitOffset);
+
+ PageTable = (UINTN) AllocatePageTableMemory (1);
+ if (PageTable == 0) {
+ return 0;
+ }
+
+ AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
+ AddressEncMask &= mPageAttributeTable[TopLevelPageAttr].AddressMask;
+ MaxMemoryPage = GetMaxMemoryPage (TopLevelPageAttr);
+ PageEntry = (UINT64 *)PageTable;
+
+ PhysicalAddress = 0;
+ for (Index = 0; Index < NumberOfEntries; ++Index) {
+ *PageEntry = PhysicalAddress | AddressEncMask | PAGE_ATTRIBUTE_BITS;
+
+ //
+ // Split the top page table down to the maximum page size supported
+ //
+ if (MaxMemoryPage < TopLevelPageAttr) {
+ Status = SplitPage(PageEntry, TopLevelPageAttr, MaxMemoryPage, TRUE);
+ ASSERT_EFI_ERROR (Status);
+ }
+
+ if (TopLevelPageAttr == Page1G) {
+ //
+ // PDPTE[2:1] (PAE Paging) must be 0. SplitPage() might change them to 1.
+ //
+ *PageEntry &= ~(UINT64)(IA32_PG_RW | IA32_PG_U);
+ }
+
+ PageEntry += 1;
+ PhysicalAddress += mPageAttributeTable[TopLevelPageAttr].Length;
+ }
+
+
+ return PageTable;
+}
+
+/**
+ Setup page tables and make them work.
+
+**/
+VOID
+EnablePaging (
+ VOID
+ )
+{
+ UINTN PageTable;
+
+ PageTable = CreatePageTable ();
+ ASSERT (PageTable != 0);
+ if (PageTable != 0) {
+ AsmWriteCr3(PageTable);
+ AsmWriteCr4 (AsmReadCr4 () | BIT5); // CR4.PAE
+ AsmWriteCr0 (AsmReadCr0 () | BIT31); // CR0.PG
+ }
+}
+
+/**
+ Get the base address of current AP's stack.
+
+ This function is called in AP's context and assumes that whole calling stacks
+ (till this function) consumed by AP's wakeup procedure will not exceed 4KB.
+
+ PcdCpuApStackSize must be configured with value taking the Guard page into
+ account.
+
+ @param[in,out] Buffer The pointer to private data buffer.
+
+**/
+VOID
+EFIAPI
+GetStackBase (
+ IN OUT VOID *Buffer
+ )
+{
+ EFI_PHYSICAL_ADDRESS StackBase;
+
+ StackBase = (EFI_PHYSICAL_ADDRESS)(UINTN)&StackBase;
+ StackBase += BASE_4KB;
+ StackBase &= ~((EFI_PHYSICAL_ADDRESS)BASE_4KB - 1);
+ StackBase -= PcdGet32(PcdCpuApStackSize);
+
+ *(EFI_PHYSICAL_ADDRESS *)Buffer = StackBase;
+}
+
+/**
+ Setup stack Guard page at the stack base of each processor. BSP and APs have
+ different way to get stack base address.
+
+**/
+VOID
+SetupStackGuardPage (
+ VOID
+ )
+{
+ EFI_PEI_HOB_POINTERS Hob;
+ EFI_PHYSICAL_ADDRESS StackBase;
+ UINTN NumberOfProcessors;
+ UINTN Bsp;
+ UINTN Index;
+
+ //
+ // One extra page at the bottom of the stack is needed for Guard page.
+ //
+ if (PcdGet32(PcdCpuApStackSize) <= EFI_PAGE_SIZE) {
+ DEBUG ((DEBUG_ERROR, "PcdCpuApStackSize is not big enough for Stack Guard!\n"));
+ ASSERT (FALSE);
+ }
+
+ MpInitLibGetNumberOfProcessors(&NumberOfProcessors, NULL);
+ MpInitLibWhoAmI (&Bsp);
+ for (Index = 0; Index < NumberOfProcessors; ++Index) {
+ if (Index == Bsp) {
+ Hob.Raw = GetHobList ();
+ while ((Hob.Raw = GetNextHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, Hob.Raw)) != NULL) {
+ if (CompareGuid (&gEfiHobMemoryAllocStackGuid,
+ &(Hob.MemoryAllocationStack->AllocDescriptor.Name))) {
+ StackBase = Hob.MemoryAllocationStack->AllocDescriptor.MemoryBaseAddress;
+ break;
+ }
+ Hob.Raw = GET_NEXT_HOB (Hob);
+ }
+ } else {
+ //
+ // Ask AP to return is stack base address.
+ //
+ MpInitLibStartupThisAP(GetStackBase, Index, NULL, 0, (VOID *)&StackBase, NULL);
+ }
+ //
+ // Set Guard page at stack base address.
+ //
+ ConvertMemoryPageAttributes(StackBase, EFI_PAGE_SIZE, 0);
+ DEBUG ((DEBUG_INFO, "Stack Guard set at %lx [cpu%lu]!\n",
+ (UINT64)StackBase, (UINT64)Index));
+ }
+
+ //
+ // Publish the changes of page table.
+ //
+ CpuFlushTlb ();
+}
+
+/**
+ Enabl/setup stack guard for each processor if PcdCpuStackGuard is set to TRUE.
+
+ Doing this in the memory-discovered callback is to make sure the Stack Guard
+ feature to cover as most PEI code as possible.
+
+ @param[in] PeiServices General purpose services available to every PEIM.
+ @param[in] NotifyDescriptor The notification structure this PEIM registered on install.
+ @param[in] Ppi The memory discovered PPI. Not used.
+
+ @retval EFI_SUCCESS The function completed successfully.
+ @retval others There's error in MP initialization.
+**/
+EFI_STATUS
+EFIAPI
+MemoryDiscoveredPpiNotifyCallback (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
+ IN VOID *Ppi
+ )
+{
+ EFI_STATUS Status;
+ BOOLEAN InitStackGuard;
+
+ //
+ // Paging must be setup first. Otherwise the exception TSS setup during MP
+ // initialization later will not contain paging information and then fail
+ // the task switch (for the sake of stack switch).
+ //
+ InitStackGuard = FALSE;
+ if (IsIa32PaeSupported () && PcdGetBool (PcdCpuStackGuard)) {
+ EnablePaging ();
+ InitStackGuard = TRUE;
+ }
+
+ Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices);
+ ASSERT_EFI_ERROR (Status);
+
+ if (InitStackGuard) {
+ SetupStackGuardPage ();
+ }
+
+ return Status;
+}
+
--
2.16.2.windows.1
next prev parent reply other threads:[~2018-09-03 3:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-03 3:15 [PATCH 0/4] Add PEI Stack Guard feature Jian J Wang
2018-09-03 3:15 ` [PATCH 1/4] MdeModulePkg/DxeIpl: disable paging before creating new page table Jian J Wang
2018-09-03 3:15 ` [PATCH 2/4] UefiCpuPkg/CpuExceptionHandlerLib: support stack switch for PEI exceptions Jian J Wang
2018-09-06 1:38 ` Dong, Eric
2018-09-03 3:15 ` [PATCH 3/4] UefiCpuPkg/MpInitLib: fix register restore issue in AP wakeup Jian J Wang
2018-09-05 5:29 ` Dong, Eric
2018-09-03 3:15 ` Jian J Wang [this message]
2018-09-06 1:45 ` [PATCH 4/4] UefiCpuPkg/CpuMpPei: support stack guard feature Dong, Eric
2018-09-06 2:42 ` Wang, Jian J
2018-09-03 4:14 ` [PATCH 0/4] Add PEI Stack Guard feature Yao, Jiewen
2018-09-03 4:56 ` Wang, Jian J
2018-09-03 14:52 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180903031550.4440-5-jian.j.wang@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox