* [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
@ 2023-04-24 10:05 duntan
2023-04-24 10:05 ` [Patch V3 1/8] MdePkg: Move CpuPageTableLib defination to MdePkg duntan
` (8 more replies)
0 siblings, 9 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel
In V3 patch set:
1. Add a new patch 'MdePkg: Move CpuPageTableLib defination to MdePkg' to Move CpuPageTableLib defination from UefiCpuPkg to MdePkg.
So that MdeModulePkg doesn't need to depend on UefiCpuPkg.
2. Modify the patch 'MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib' to set GHCB page to be mapped as unencrypted for each CPU for AMD SEV feature.
Dun Tan (8):
MdePkg: Move CpuPageTableLib defination to MdePkg
EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC
IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC
MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC
OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file
MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib
MdeModulePkg/DxeIpl: Remove duplicated code to enable NX
MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO
EmulatorPkg/EmulatorPkg.dsc | 3 ++-
IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++-
MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++-
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 112 ++++------------------------------------------------------------------------------------------------------------
MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++--
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 720 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 182 ++++++++++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MdeModulePkg/MdeModulePkg.dsc | 3 ++-
{UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h | 0
MdePkg/MdePkg.dec | 5 ++++-
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++-
OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/OvmfXen.dsc | 2 +-
UefiCpuPkg/UefiCpuPkg.dec | 3 ---
20 files changed, 211 insertions(+), 851 deletions(-)
rename {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h (100%)
--
2.31.1.windows.1
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Patch V3 1/8] MdePkg: Move CpuPageTableLib defination to MdePkg
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 10:05 ` [Patch V3 2/8] EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC duntan
` (7 subsequent siblings)
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Michael D Kinney, Liming Gao, Zhiguang Liu, Ray Ni
Move CpuPageTableLib defination from UefiCpuPkg to MdePkg. The
lib instance still remains in UefiCpuPkg. Move CpuPageTableLib
defination to a common location can avoid the case that
MdeModulePkg need to depend on UefiCpuPkg since DxeIpl module
in MdeModulePkg needs to consume CpuPageTableLib.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
---
{UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h | 0
MdePkg/MdePkg.dec | 5 ++++-
UefiCpuPkg/UefiCpuPkg.dec | 3 ---
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/UefiCpuPkg/Include/Library/CpuPageTableLib.h b/MdePkg/Include/Library/CpuPageTableLib.h
similarity index 100%
rename from UefiCpuPkg/Include/Library/CpuPageTableLib.h
rename to MdePkg/Include/Library/CpuPageTableLib.h
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 7488ccda7a..dfbca2d746 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -4,7 +4,7 @@
# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs) of
# EFI1.10/UEFI2.7/PI1.7 and some Industry Standards.
#
-# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
# (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR>
@@ -321,6 +321,9 @@
## @libraryclass Provides function to support TDX processing.
TdxLib|Include/Library/TdxLib.h
+ ## @libraryclass Provides function for manipulating x86 paging structures.
+ CpuPageTableLib|Include/Library/CpuPageTableLib.h
+
[LibraryClasses.RISCV64]
## @libraryclass Provides function to make ecalls to SBI
BaseRiscVSbiLib|Include/Library/BaseRiscVSbiLib.h
diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec
index a5528277ff..5ad41e9ae3 100644
--- a/UefiCpuPkg/UefiCpuPkg.dec
+++ b/UefiCpuPkg/UefiCpuPkg.dec
@@ -57,9 +57,6 @@
## @libraryclass Provides function for loading microcode.
MicrocodeLib|Include/Library/MicrocodeLib.h
- ## @libraryclass Provides function for manipulating x86 paging structures.
- CpuPageTableLib|Include/Library/CpuPageTableLib.h
-
[Guids]
gUefiCpuPkgTokenSpaceGuid = { 0xac05bf33, 0x995a, 0x4ed4, { 0xaa, 0xb8, 0xef, 0x7a, 0xe8, 0xf, 0x5c, 0xb0 }}
gMsegSmramGuid = { 0x5802bce4, 0xeeee, 0x4e33, { 0xa1, 0x30, 0xeb, 0xad, 0x27, 0xf0, 0xe4, 0x39 }}
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Patch V3 2/8] EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
2023-04-24 10:05 ` [Patch V3 1/8] MdePkg: Move CpuPageTableLib defination to MdePkg duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 10:05 ` [Patch V3 3/8] IntelFsp2Pkg: " duntan
` (6 subsequent siblings)
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Andrew Fish, Ray Ni
Add CpuPageTableLib instance required by DxeIpl in EmulatorPkg.dsc.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Andrew Fish <afish@apple.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
EmulatorPkg/EmulatorPkg.dsc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index b44435d7e6..d1fb9d9256 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -4,7 +4,7 @@
# The Emulation Platform can be used to debug individual modules, prior to creating
# a real platform. This also provides an example for how an DSC is created.
#
-# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2010 - 2011, Apple Inc. All rights reserved.<BR>
# Copyright (c) Microsoft Corporation.
#
@@ -66,6 +66,7 @@
PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
#
# UEFI & PI
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Patch V3 3/8] IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
2023-04-24 10:05 ` [Patch V3 1/8] MdePkg: Move CpuPageTableLib defination to MdePkg duntan
2023-04-24 10:05 ` [Patch V3 2/8] EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 10:05 ` [Patch V3 4/8] MdeModulePkg: " duntan
` (5 subsequent siblings)
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Chasel Chiu, Nate DeSimone, Star Zeng, Ray Ni
Add CpuPageTableLib instance required by DxeIpl in QemuFspPkg.dsc
of IntelFsp2Pkg.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
---
IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc b/IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc
index 3155812118..52052692dd 100644
--- a/IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc
+++ b/IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc
@@ -1,7 +1,7 @@
## @file
# FSP DSC build file for QEMU platform
#
-# Copyright (c) 2017 - 2021, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017 - 2023, Intel Corporation. All rights reserved.<BR>
#
# This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License
@@ -114,6 +114,7 @@
DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
SerialPortLib|MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull.inf
!endif
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
################################################################################
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Patch V3 4/8] MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
` (2 preceding siblings ...)
2023-04-24 10:05 ` [Patch V3 3/8] IntelFsp2Pkg: " duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 10:05 ` [Patch V3 5/8] OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file duntan
` (4 subsequent siblings)
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Jian J Wang, Liming Gao, Ray Ni
Add CpuPageTableLib instance required by DxeIpl in
MdeModulePkg.dsc.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
---
MdeModulePkg/MdeModulePkg.dsc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 1014598f31..d95acabe83 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -2,7 +2,7 @@
# EFI/PI Reference Module Package for All Architectures
#
# (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-# Copyright (c) 2007 - 2021, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.<BR>
# Copyright (c) Microsoft Corporation.
# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.<BR>
#
@@ -106,6 +106,7 @@
MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
[LibraryClasses.EBC.PEIM]
IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Patch V3 5/8] OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
` (3 preceding siblings ...)
2023-04-24 10:05 ` [Patch V3 4/8] MdeModulePkg: " duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 10:05 ` [Patch V3 6/8] MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib duntan
` (3 subsequent siblings)
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Ard Biesheuvel, Jiewen Yao, Jordan Justen, Gerd Hoffmann, Ray Ni
Add CpuPageTableLib instance required by DxeIpl in corresponding
DSC files of OvmfPkg.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ray Ni <ray.ni@intel.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++-
OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/OvmfXen.dsc | 2 +-
8 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 943c4eed98..f8956f7147 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -169,6 +169,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SOURCE_DEBUG_ENABLE) == TRUE
PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDebug/PeCoffExtraActionLibDebug.inf
@@ -348,7 +349,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index d0d2712c56..67f8a77c3a 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -1,6 +1,6 @@
#
# Copyright (c) 2020, Rebecca Cran <rebecca@bsdio.com>
-# Copyright (c) 2006 - 2021, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) 2014, Pluribus Networks, Inc.
#
@@ -171,6 +171,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index cc2dd925bc..8a2fb8049f 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -190,6 +190,7 @@
MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
@@ -399,7 +400,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index e9aab51559..7ffb72e06e 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -193,6 +193,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SOURCE_DEBUG_ENABLE) == TRUE
PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDebug/PeCoffExtraActionLibDebug.inf
@@ -398,7 +399,6 @@
PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf
PciPcdProducerLib|OvmfPkg/Fdt/FdtPciPcdProducerLib/FdtPciPcdProducerLib.inf
PciExpressLib|OvmfPkg/Library/BaseCachingPciExpressLib/BaseCachingPciExpressLib.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 86177bb948..77f10e2c86 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -1,7 +1,7 @@
## @file
# EFI/Framework Open Virtual Machine Firmware (OVMF) platform
#
-# Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
# Copyright (c) Microsoft Corporation.
#
@@ -193,6 +193,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 065b544506..156d6c1434 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -197,6 +197,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLibNull.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
!endif
@@ -409,7 +410,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3d405cd4ad..35bb011212 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -210,6 +210,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SMM_REQUIRE) == FALSE
LockBoxLib|OvmfPkg/Library/LockBoxLib/LockBoxBaseLib.inf
@@ -430,7 +431,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 8bfc16c2d3..1174a166ae 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -173,6 +173,7 @@
MemEncryptTdxLib|OvmfPkg/Library/BaseMemEncryptTdxLib/BaseMemEncryptTdxLib.inf
PeiHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/PeiHardwareInfoLib.inf
DxeHardwareInfoLib|OvmfPkg/Library/HardwareInfoLib/DxeHardwareInfoLib.inf
+ CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
!if $(SOURCE_DEBUG_ENABLE) == TRUE
PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDebug/PeCoffExtraActionLibDebug.inf
@@ -334,7 +335,6 @@
DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf
!endif
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
- CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
NestedInterruptTplLib|OvmfPkg/Library/NestedInterruptTplLib/NestedInterruptTplLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Patch V3 6/8] MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
` (4 preceding siblings ...)
2023-04-24 10:05 ` [Patch V3 5/8] OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 10:05 ` [Patch V3 7/8] MdeModulePkg/DxeIpl: Remove duplicated code to enable NX duntan
` (2 subsequent siblings)
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Dandan Bi, Liming Gao, Ray Ni, Jian J Wang, Tom Lendacky
Modify CreateIdentityMappingPageTables() to create page table
based on CpuPageTableLib in DxeIpl module. This function can
be used to create both IA32 PAE paging and long mode 4-level,
5-level paging structure. With the PageTableMap() API in the
CpuPageTableLib, we can remove the complicated page table
manipulating code. This commit doesn't change any functionality.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
---
MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++-
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 109 ++++---------------------------------------------------------------------------------------------------------
MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++--
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 567 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 167 ++++++++++-------------------------------------------------------------------------------------------------------------------------------------------------------------
6 files changed, 177 insertions(+), 679 deletions(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h
index 2f015befce..03e6f8cff7 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.h
@@ -2,7 +2,7 @@
Master header file for DxeIpl PEIM. All source files in this module should
include this file for common definitions.
-Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -42,6 +42,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/DebugAgentLib.h>
#include <Library/PeiServicesTablePointerLib.h>
#include <Library/PerformanceLib.h>
+#include <Library/CpuPageTableLib.h>
#define STACK_SIZE 0x20000
#define BSP_STORE_SIZE 0x4000
diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
index 052ea0ec1a..f636f042cb 100644
--- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
+++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
@@ -5,7 +5,7 @@
# PPI to discover and dispatch the DXE Foundation and components that are
# needed to run the DXE Foundation.
#
-# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.<BR>
# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR>
@@ -80,6 +80,9 @@
PeiServicesTablePointerLib
PerformanceLib
+[LibraryClasses.IA32, LibraryClasses.X64]
+ CpuPageTableLib
+
[LibraryClasses.ARM, LibraryClasses.AARCH64]
ArmMmuLib
diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
index 4bc7b749b0..69d073fb58 100644
--- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
@@ -1,7 +1,7 @@
/** @file
Ia32-specific functionality for DxeLoad.
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -70,107 +70,6 @@ GLOBAL_REMOVE_IF_UNREFERENCED IA32_DESCRIPTOR gLidtDescriptor = {
0
};
-/**
- Allocates and fills in the Page Directory and Page Table Entries to
- establish a 4G page table.
-
- @param[in] StackBase Stack base address.
- @param[in] StackSize Stack size.
-
- @return The address of page table.
-
-**/
-UINTN
-Create4GPageTablesIa32Pae (
- IN EFI_PHYSICAL_ADDRESS StackBase,
- IN UINTN StackSize
- )
-{
- UINT8 PhysicalAddressBits;
- EFI_PHYSICAL_ADDRESS PhysicalAddress;
- UINTN IndexOfPdpEntries;
- UINTN IndexOfPageDirectoryEntries;
- UINT32 NumberOfPdpEntriesNeeded;
- PAGE_MAP_AND_DIRECTORY_POINTER *PageMap;
- PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;
- PAGE_TABLE_ENTRY *PageDirectoryEntry;
- UINTN TotalPagesNum;
- UINTN PageAddress;
- UINT64 AddressEncMask;
-
- //
- // Make sure AddressEncMask is contained to smallest supported address field
- //
- AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
-
- PhysicalAddressBits = 32;
-
- //
- // Calculate the table entries needed.
- //
- NumberOfPdpEntriesNeeded = (UINT32)LShiftU64 (1, (PhysicalAddressBits - 30));
-
- TotalPagesNum = NumberOfPdpEntriesNeeded + 1;
- PageAddress = (UINTN)AllocatePageTableMemory (TotalPagesNum);
- ASSERT (PageAddress != 0);
-
- PageMap = (VOID *)PageAddress;
- PageAddress += SIZE_4KB;
-
- PageDirectoryPointerEntry = PageMap;
- PhysicalAddress = 0;
-
- for (IndexOfPdpEntries = 0; IndexOfPdpEntries < NumberOfPdpEntriesNeeded; IndexOfPdpEntries++, PageDirectoryPointerEntry++) {
- //
- // Each Directory Pointer entries points to a page of Page Directory entires.
- // So allocate space for them and fill them in in the IndexOfPageDirectoryEntries loop.
- //
- PageDirectoryEntry = (VOID *)PageAddress;
- PageAddress += SIZE_4KB;
-
- //
- // Fill in a Page Directory Pointer Entries
- //
- PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry | AddressEncMask;
- PageDirectoryPointerEntry->Bits.Present = 1;
-
- for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress += SIZE_2MB) {
- if ( (IsNullDetectionEnabled () && (PhysicalAddress == 0))
- || ( (PhysicalAddress < StackBase + StackSize)
- && ((PhysicalAddress + SIZE_2MB) > StackBase)))
- {
- //
- // Need to split this 2M page that covers stack range.
- //
- Split2MPageTo4K (PhysicalAddress, (UINT64 *)PageDirectoryEntry, StackBase, StackSize, 0, 0);
- } else {
- //
- // Fill in the Page Directory entries
- //
- PageDirectoryEntry->Uint64 = (UINT64)PhysicalAddress | AddressEncMask;
- PageDirectoryEntry->Bits.ReadWrite = 1;
- PageDirectoryEntry->Bits.Present = 1;
- PageDirectoryEntry->Bits.MustBe1 = 1;
- }
- }
- }
-
- for ( ; IndexOfPdpEntries < 512; IndexOfPdpEntries++, PageDirectoryPointerEntry++) {
- ZeroMem (
- PageDirectoryPointerEntry,
- sizeof (PAGE_MAP_AND_DIRECTORY_POINTER)
- );
- }
-
- //
- // Protect the page table by marking the memory used for page table to be
- // read-only.
- //
- EnablePageTableProtection ((UINTN)PageMap, FALSE);
-
- return (UINTN)PageMap;
-}
-
/**
The function will check if IA32 PAE is supported.
@@ -299,9 +198,9 @@ HandOffToDxeCore (
//
AsmWriteGdtr (&gGdt);
//
- // Create page table and save PageMapLevel4 to CR3
+ // Create page table and save PageMapLevel4 or PageMapLevel5 to CR3
//
- PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE, 0, 0);
+ PageTables = CreateIdentityMappingPageTables (TRUE, BaseOfStack, STACK_SIZE, 0, 0);
//
// End of PEI phase signal
@@ -422,7 +321,7 @@ HandOffToDxeCore (
PageTables = 0;
BuildPageTablesIa32Pae = ToBuildPageTable ();
if (BuildPageTablesIa32Pae) {
- PageTables = Create4GPageTablesIa32Pae (BaseOfStack, STACK_SIZE);
+ PageTables = CreateIdentityMappingPageTables (FALSE, BaseOfStack, STACK_SIZE, 0, 0);
if (IsEnableNonExecNeeded ()) {
EnableExecuteDisableBit ();
}
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
index fa2050cf02..2642092ee5 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c
@@ -1,7 +1,7 @@
/** @file
x64-specifc functionality for DxeLoad.
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -91,9 +91,10 @@ HandOffToDxeCore (
PageTables = 0;
if (FeaturePcdGet (PcdDxeIplBuildPageTables)) {
//
- // Create page table and save PageMapLevel4 to CR3
+ // Create page table and save PageMapLevel4 or PageMapLevel5 to CR3
//
PageTables = CreateIdentityMappingPageTables (
+ TRUE,
(EFI_PHYSICAL_ADDRESS)(UINTN)BaseOfStack,
STACK_SIZE,
(EFI_PHYSICAL_ADDRESS)(UINTN)GhcbBase,
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 18b121d768..80482c7853 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -15,7 +15,7 @@
2) IA-32 Intel(R) Architecture Software Developer's Manual Volume 2:Instruction Set Reference, Intel
3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
-Copyright (c) 2006 - 2022, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -186,55 +186,6 @@ EnableExecuteDisableBit (
}
}
-/**
- The function will check if page table entry should be splitted to smaller
- granularity.
-
- @param Address Physical memory address.
- @param Size Size of the given physical memory.
- @param StackBase Base address of stack.
- @param StackSize Size of stack.
- @param GhcbBase Base address of GHCB pages.
- @param GhcbSize Size of GHCB area.
-
- @retval TRUE Page table should be split.
- @retval FALSE Page table should not be split.
-**/
-BOOLEAN
-ToSplitPageTable (
- IN EFI_PHYSICAL_ADDRESS Address,
- IN UINTN Size,
- IN EFI_PHYSICAL_ADDRESS StackBase,
- IN UINTN StackSize,
- IN EFI_PHYSICAL_ADDRESS GhcbBase,
- IN UINTN GhcbSize
- )
-{
- if (IsNullDetectionEnabled () && (Address == 0)) {
- return TRUE;
- }
-
- if (PcdGetBool (PcdCpuStackGuard)) {
- if ((StackBase >= Address) && (StackBase < (Address + Size))) {
- return TRUE;
- }
- }
-
- if (PcdGetBool (PcdSetNxForStack)) {
- if ((Address < StackBase + StackSize) && ((Address + Size) > StackBase)) {
- return TRUE;
- }
- }
-
- if (GhcbBase != 0) {
- if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase)) {
- return TRUE;
- }
- }
-
- return FALSE;
-}
-
/**
Initialize a buffer pool for page table use only.
@@ -341,143 +292,42 @@ AllocatePageTableMemory (
}
/**
- Split 2M page to 4K.
-
- @param[in] PhysicalAddress Start physical address the 2M page covered.
- @param[in, out] PageEntry2M Pointer to 2M page entry.
- @param[in] StackBase Stack base address.
- @param[in] StackSize Stack size.
- @param[in] GhcbBase GHCB page area base address.
- @param[in] GhcbSize GHCB page area size.
-
+ This function creates a new page table or modifies the page MapAttribute for the memory region
+ specified by BaseAddress and Length from their current attributes to the attributes specified
+ by MapAttribute and Mask.
+
+ @param[in] PageTable Pointer to Page table address.
+ @param[in] PagingMode The paging mode.
+ @param[in] BaseAddress The start of the linear address range.
+ @param[in] Length The length of the linear address range.
+ @param[in] MapAttribute The attribute of the linear address range.
+ @param[in] MapMask The mask used for attribute.
**/
VOID
-Split2MPageTo4K (
- IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
- IN OUT UINT64 *PageEntry2M,
- IN EFI_PHYSICAL_ADDRESS StackBase,
- IN UINTN StackSize,
- IN EFI_PHYSICAL_ADDRESS GhcbBase,
- IN UINTN GhcbSize
+CreateOrUpdatePageTable (
+ IN UINTN *PageTable,
+ IN PAGING_MODE PagingMode,
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINT64 Length,
+ IN IA32_MAP_ATTRIBUTE *MapAttribute,
+ IN IA32_MAP_ATTRIBUTE *MapMask
)
{
- EFI_PHYSICAL_ADDRESS PhysicalAddress4K;
- UINTN IndexOfPageTableEntries;
- PAGE_TABLE_4K_ENTRY *PageTableEntry;
- UINT64 AddressEncMask;
-
- //
- // Make sure AddressEncMask is contained to smallest supported address field
- //
- AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
-
- PageTableEntry = AllocatePageTableMemory (1);
- ASSERT (PageTableEntry != NULL);
-
- //
- // Fill in 2M page entry.
- //
- *PageEntry2M = (UINT64)(UINTN)PageTableEntry | AddressEncMask | IA32_PG_P | IA32_PG_RW;
-
- PhysicalAddress4K = PhysicalAddress;
- for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
- //
- // Fill in the Page Table entries
- //
- PageTableEntry->Uint64 = (UINT64)PhysicalAddress4K;
-
- //
- // The GHCB range consists of two pages per CPU, the GHCB and a
- // per-CPU variable page. The GHCB page needs to be mapped as an
- // unencrypted page while the per-CPU variable page needs to be
- // mapped encrypted. These pages alternate in assignment.
- //
- if ( (GhcbBase == 0)
- || (PhysicalAddress4K < GhcbBase)
- || (PhysicalAddress4K >= GhcbBase + GhcbSize)
- || (((PhysicalAddress4K - GhcbBase) & SIZE_4KB) != 0))
- {
- PageTableEntry->Uint64 |= AddressEncMask;
- }
-
- PageTableEntry->Bits.ReadWrite = 1;
-
- if ((IsNullDetectionEnabled () && (PhysicalAddress4K == 0)) ||
- (PcdGetBool (PcdCpuStackGuard) && (PhysicalAddress4K == StackBase)))
- {
- PageTableEntry->Bits.Present = 0;
- } else {
- PageTableEntry->Bits.Present = 1;
- }
-
- if ( PcdGetBool (PcdSetNxForStack)
- && (PhysicalAddress4K >= StackBase)
- && (PhysicalAddress4K < StackBase + StackSize))
- {
- //
- // Set Nx bit for stack.
- //
- PageTableEntry->Bits.Nx = 1;
- }
+ RETURN_STATUS Status;
+ UINTN PageTableBufferSize;
+ VOID *PageTableBuffer;
+
+ PageTableBufferSize = 0;
+ Status = PageTableMap (PageTable, PagingMode, NULL, &PageTableBufferSize, BaseAddress, Length, MapAttribute, MapMask, NULL);
+ if (Status == RETURN_BUFFER_TOO_SMALL) {
+ PageTableBuffer = AllocatePageTableMemory (EFI_SIZE_TO_PAGES (PageTableBufferSize));
+ DEBUG ((DEBUG_INFO, "DxeIpl: 0x%x bytes needed for page table\n", PageTableBufferSize));
+ ASSERT (PageTableBuffer != NULL);
+ Status = PageTableMap (PageTable, PagingMode, PageTableBuffer, &PageTableBufferSize, BaseAddress, Length, MapAttribute, MapMask, NULL);
}
-}
-
-/**
- Split 1G page to 2M.
-
- @param[in] PhysicalAddress Start physical address the 1G page covered.
- @param[in, out] PageEntry1G Pointer to 1G page entry.
- @param[in] StackBase Stack base address.
- @param[in] StackSize Stack size.
- @param[in] GhcbBase GHCB page area base address.
- @param[in] GhcbSize GHCB page area size.
-
-**/
-VOID
-Split1GPageTo2M (
- IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
- IN OUT UINT64 *PageEntry1G,
- IN EFI_PHYSICAL_ADDRESS StackBase,
- IN UINTN StackSize,
- IN EFI_PHYSICAL_ADDRESS GhcbBase,
- IN UINTN GhcbSize
- )
-{
- EFI_PHYSICAL_ADDRESS PhysicalAddress2M;
- UINTN IndexOfPageDirectoryEntries;
- PAGE_TABLE_ENTRY *PageDirectoryEntry;
- UINT64 AddressEncMask;
- //
- // Make sure AddressEncMask is contained to smallest supported address field
- //
- AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
-
- PageDirectoryEntry = AllocatePageTableMemory (1);
- ASSERT (PageDirectoryEntry != NULL);
-
- //
- // Fill in 1G page entry.
- //
- *PageEntry1G = (UINT64)(UINTN)PageDirectoryEntry | AddressEncMask | IA32_PG_P | IA32_PG_RW;
-
- PhysicalAddress2M = PhysicalAddress;
- for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) {
- if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) {
- //
- // Need to split this 2M page that covers NULL or stack range.
- //
- Split2MPageTo4K (PhysicalAddress2M, (UINT64 *)PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize);
- } else {
- //
- // Fill in the Page Directory entries
- //
- PageDirectoryEntry->Uint64 = (UINT64)PhysicalAddress2M | AddressEncMask;
- PageDirectoryEntry->Bits.ReadWrite = 1;
- PageDirectoryEntry->Bits.Present = 1;
- PageDirectoryEntry->Bits.MustBe1 = 1;
- }
- }
+ ASSERT_RETURN_ERROR (Status);
+ ASSERT (PageTableBufferSize == 0);
}
/**
@@ -657,19 +507,20 @@ EnablePageTableProtection (
}
/**
- Allocates and fills in the Page Directory and Page Table Entries to
+ Create IA32 PAE paging or 4-level/5-level paging for long mode to
establish a 1:1 Virtual to Physical mapping.
- @param[in] StackBase Stack base address.
- @param[in] StackSize Stack size.
- @param[in] GhcbBase GHCB base address.
- @param[in] GhcbSize GHCB size.
-
- @return The address of 4 level page map.
+ @param[in] Is64BitPageTable Whether to create 64-bit page table.
+ @param[in] StackBase Stack base address.
+ @param[in] StackSize Stack size.
+ @param[in] GhcbBase GHCB base address.
+ @param[in] GhcbSize GHCB size.
+ @return PageTable Address
**/
UINTN
CreateIdentityMappingPageTables (
+ IN BOOLEAN Is64BitPageTable,
IN EFI_PHYSICAL_ADDRESS StackBase,
IN UINTN StackSize,
IN EFI_PHYSICAL_ADDRESS GhcbBase,
@@ -680,274 +531,164 @@ CreateIdentityMappingPageTables (
CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_ECX EcxFlags;
UINT32 RegEdx;
UINT8 PhysicalAddressBits;
- EFI_PHYSICAL_ADDRESS PageAddress;
- UINTN IndexOfPml5Entries;
- UINTN IndexOfPml4Entries;
- UINTN IndexOfPdpEntries;
- UINTN IndexOfPageDirectoryEntries;
- UINT32 NumberOfPml5EntriesNeeded;
- UINT32 NumberOfPml4EntriesNeeded;
- UINT32 NumberOfPdpEntriesNeeded;
- PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel5Entry;
- PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry;
- PAGE_MAP_AND_DIRECTORY_POINTER *PageMap;
- PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;
- PAGE_TABLE_ENTRY *PageDirectoryEntry;
- UINTN TotalPagesNum;
- UINTN BigPageAddress;
VOID *Hob;
BOOLEAN Page5LevelSupport;
BOOLEAN Page1GSupport;
- PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry;
UINT64 AddressEncMask;
IA32_CR4 Cr4;
-
- //
- // Set PageMapLevel5Entry to suppress incorrect compiler/analyzer warnings
- //
- PageMapLevel5Entry = NULL;
+ PAGING_MODE PagingMode;
+ UINTN PageTable;
+ IA32_MAP_ATTRIBUTE MapAttribute;
+ IA32_MAP_ATTRIBUTE MapMask;
+ EFI_PHYSICAL_ADDRESS GhcbBase4K;
+ EFI_PHYSICAL_ADDRESS GhcbBaseEnd;
//
// Make sure AddressEncMask is contained to smallest supported address field
//
- AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
-
- Page1GSupport = FALSE;
- if (PcdGetBool (PcdUse1GPageTable)) {
- AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
- if (RegEax >= 0x80000001) {
- AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);
- if ((RegEdx & BIT26) != 0) {
- Page1GSupport = TRUE;
+ AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64;
+ Page5LevelSupport = FALSE;
+ Page1GSupport = FALSE;
+
+ if (!Is64BitPageTable) {
+ PagingMode = PagingPae;
+ PhysicalAddressBits = 32;
+ } else {
+ if (PcdGetBool (PcdUse1GPageTable)) {
+ AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
+ if (RegEax >= 0x80000001) {
+ AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);
+ if ((RegEdx & BIT26) != 0) {
+ Page1GSupport = TRUE;
+ }
}
}
- }
- //
- // Get physical address bits supported.
- //
- Hob = GetFirstHob (EFI_HOB_TYPE_CPU);
- if (Hob != NULL) {
- PhysicalAddressBits = ((EFI_HOB_CPU *)Hob)->SizeOfMemorySpace;
- } else {
- AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
- if (RegEax >= 0x80000008) {
- AsmCpuid (0x80000008, &RegEax, NULL, NULL, NULL);
- PhysicalAddressBits = (UINT8)RegEax;
+ //
+ // Get physical address bits supported.
+ //
+ Hob = GetFirstHob (EFI_HOB_TYPE_CPU);
+ if (Hob != NULL) {
+ PhysicalAddressBits = ((EFI_HOB_CPU *)Hob)->SizeOfMemorySpace;
} else {
- PhysicalAddressBits = 36;
+ AsmCpuid (0x80000000, &RegEax, NULL, NULL, NULL);
+ if (RegEax >= 0x80000008) {
+ AsmCpuid (0x80000008, &RegEax, NULL, NULL, NULL);
+ PhysicalAddressBits = (UINT8)RegEax;
+ } else {
+ PhysicalAddressBits = 36;
+ }
}
- }
- Page5LevelSupport = FALSE;
- if (PcdGetBool (PcdUse5LevelPageTable)) {
- AsmCpuidEx (
- CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS,
- CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO,
- NULL,
- NULL,
- &EcxFlags.Uint32,
- NULL
- );
- if (EcxFlags.Bits.FiveLevelPage != 0) {
- Page5LevelSupport = TRUE;
+ if (PcdGetBool (PcdUse5LevelPageTable)) {
+ AsmCpuidEx (
+ CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS,
+ CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO,
+ NULL,
+ NULL,
+ &EcxFlags.Uint32,
+ NULL
+ );
+ if (EcxFlags.Bits.FiveLevelPage != 0) {
+ Page5LevelSupport = TRUE;
+ }
}
- }
-
- DEBUG ((DEBUG_INFO, "AddressBits=%u 5LevelPaging=%u 1GPage=%u\n", PhysicalAddressBits, Page5LevelSupport, Page1GSupport));
-
- //
- // IA-32e paging translates 48-bit linear addresses to 52-bit physical addresses
- // when 5-Level Paging is disabled,
- // due to either unsupported by HW, or disabled by PCD.
- //
- ASSERT (PhysicalAddressBits <= 52);
- if (!Page5LevelSupport && (PhysicalAddressBits > 48)) {
- PhysicalAddressBits = 48;
- }
- //
- // Calculate the table entries needed.
- //
- NumberOfPml5EntriesNeeded = 1;
- if (PhysicalAddressBits > 48) {
- NumberOfPml5EntriesNeeded = (UINT32)LShiftU64 (1, PhysicalAddressBits - 48);
- PhysicalAddressBits = 48;
- }
+ if (Page5LevelSupport) {
+ if (Page1GSupport) {
+ PagingMode = Paging5Level1GB;
+ } else {
+ PagingMode = Paging5Level;
+ }
+ } else {
+ if (Page1GSupport) {
+ PagingMode = Paging4Level1GB;
+ } else {
+ PagingMode = Paging4Level;
+ }
+ }
- NumberOfPml4EntriesNeeded = 1;
- if (PhysicalAddressBits > 39) {
- NumberOfPml4EntriesNeeded = (UINT32)LShiftU64 (1, PhysicalAddressBits - 39);
- PhysicalAddressBits = 39;
+ DEBUG ((DEBUG_INFO, "AddressBits=%u 5LevelPaging=%u 1GPage=%u\n", PhysicalAddressBits, Page5LevelSupport, Page1GSupport));
+ //
+ // IA-32e paging translates 48-bit linear addresses to 52-bit physical addresses
+ // when 5-Level Paging is disabled, due to either unsupported by HW, or disabled by PCD.
+ //
+ ASSERT (PhysicalAddressBits <= 52);
+ if (!Page5LevelSupport && (PhysicalAddressBits > 48)) {
+ PhysicalAddressBits = 48;
+ }
}
- NumberOfPdpEntriesNeeded = 1;
- ASSERT (PhysicalAddressBits > 30);
- NumberOfPdpEntriesNeeded = (UINT32)LShiftU64 (1, PhysicalAddressBits - 30);
+ PageTable = 0;
+ MapAttribute.Uint64 = AddressEncMask;
+ MapAttribute.Bits.Present = 1;
+ MapAttribute.Bits.ReadWrite = 1;
+ MapMask.Uint64 = MAX_UINT64;
+ CreateOrUpdatePageTable (&PageTable, PagingMode, 0, LShiftU64 (1, PhysicalAddressBits), &MapAttribute, &MapMask);
- //
- // Pre-allocate big pages to avoid later allocations.
- //
- if (!Page1GSupport) {
- TotalPagesNum = ((NumberOfPdpEntriesNeeded + 1) * NumberOfPml4EntriesNeeded + 1) * NumberOfPml5EntriesNeeded + 1;
- } else {
- TotalPagesNum = (NumberOfPml4EntriesNeeded + 1) * NumberOfPml5EntriesNeeded + 1;
- }
-
- //
- // Substract the one page occupied by PML5 entries if 5-Level Paging is disabled.
- //
- if (!Page5LevelSupport) {
- TotalPagesNum--;
+ if ((GhcbBase > 0) && (GhcbSize > 0) && (AddressEncMask != 0)) {
+ //
+ // The GHCB range consists of two pages per CPU, the GHCB and a
+ // per-CPU variable page. The GHCB page needs to be mapped as an
+ // unencrypted page while the per-CPU variable page needs to be
+ // mapped encrypted. These pages alternate in assignment.
+ //
+ ASSERT (Is64BitPageTable == TRUE);
+ GhcbBase4K = ALIGN_VALUE (GhcbBase, SIZE_4KB);
+ GhcbBaseEnd = ALIGN_VALUE (GhcbBase + GhcbSize, SIZE_4KB);
+ MapMask.Uint64 = 0;
+ MapMask.Bits.PageTableBaseAddressLow = 1;
+ //
+ // Loop through the GHCB range, remapping the GHCB page unencrypted
+ // and skipping over the per-CPU variable page.
+ //
+ while (GhcbBase4K < GhcbBaseEnd) {
+ MapAttribute.Uint64 = GhcbBase4K;
+ CreateOrUpdatePageTable (&PageTable, PagingMode, GhcbBase4K, SIZE_4KB, &MapAttribute, &MapMask);
+ GhcbBase4K += (SIZE_4KB * 2);
+ }
}
- DEBUG ((
- DEBUG_INFO,
- "Pml5=%u Pml4=%u Pdp=%u TotalPage=%Lu\n",
- NumberOfPml5EntriesNeeded,
- NumberOfPml4EntriesNeeded,
- NumberOfPdpEntriesNeeded,
- (UINT64)TotalPagesNum
- ));
-
- BigPageAddress = (UINTN)AllocatePageTableMemory (TotalPagesNum);
- ASSERT (BigPageAddress != 0);
-
- //
- // By architecture only one PageMapLevel4 exists - so lets allocate storage for it.
- //
- PageMap = (VOID *)BigPageAddress;
- if (Page5LevelSupport) {
+ if (PcdGetBool (PcdSetNxForStack)) {
//
- // By architecture only one PageMapLevel5 exists - so lets allocate storage for it.
+ // Set the stack as Nx in page table.
//
- PageMapLevel5Entry = PageMap;
- BigPageAddress += SIZE_4KB;
+ MapAttribute.Uint64 = 0;
+ MapAttribute.Bits.Nx = 1;
+ MapMask.Uint64 = 0;
+ MapMask.Bits.Nx = 1;
+ CreateOrUpdatePageTable (&PageTable, PagingMode, StackBase, StackSize, &MapAttribute, &MapMask);
}
- PageAddress = 0;
-
- for ( IndexOfPml5Entries = 0
- ; IndexOfPml5Entries < NumberOfPml5EntriesNeeded
- ; IndexOfPml5Entries++)
- {
+ MapAttribute.Uint64 = 0;
+ MapAttribute.Bits.Present = 0;
+ MapMask.Uint64 = 0;
+ MapMask.Bits.Present = 1;
+ if (IsNullDetectionEnabled ()) {
//
- // Each PML5 entry points to a page of PML4 entires.
- // So lets allocate space for them and fill them in in the IndexOfPml4Entries loop.
- // When 5-Level Paging is disabled, below allocation happens only once.
+ // Set [0, 4KB] as non-present in page table.
//
- PageMapLevel4Entry = (VOID *)BigPageAddress;
- BigPageAddress += SIZE_4KB;
-
- if (Page5LevelSupport) {
- //
- // Make a PML5 Entry
- //
- PageMapLevel5Entry->Uint64 = (UINT64)(UINTN)PageMapLevel4Entry | AddressEncMask;
- PageMapLevel5Entry->Bits.ReadWrite = 1;
- PageMapLevel5Entry->Bits.Present = 1;
- PageMapLevel5Entry++;
- }
-
- for ( IndexOfPml4Entries = 0
- ; IndexOfPml4Entries < (NumberOfPml5EntriesNeeded == 1 ? NumberOfPml4EntriesNeeded : 512)
- ; IndexOfPml4Entries++, PageMapLevel4Entry++)
- {
- //
- // Each PML4 entry points to a page of Page Directory Pointer entires.
- // So lets allocate space for them and fill them in in the IndexOfPdpEntries loop.
- //
- PageDirectoryPointerEntry = (VOID *)BigPageAddress;
- BigPageAddress += SIZE_4KB;
-
- //
- // Make a PML4 Entry
- //
- PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)PageDirectoryPointerEntry | AddressEncMask;
- PageMapLevel4Entry->Bits.ReadWrite = 1;
- PageMapLevel4Entry->Bits.Present = 1;
-
- if (Page1GSupport) {
- PageDirectory1GEntry = (VOID *)PageDirectoryPointerEntry;
-
- for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += SIZE_1GB) {
- if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize, GhcbBase, GhcbSize)) {
- Split1GPageTo2M (PageAddress, (UINT64 *)PageDirectory1GEntry, StackBase, StackSize, GhcbBase, GhcbSize);
- } else {
- //
- // Fill in the Page Directory entries
- //
- PageDirectory1GEntry->Uint64 = (UINT64)PageAddress | AddressEncMask;
- PageDirectory1GEntry->Bits.ReadWrite = 1;
- PageDirectory1GEntry->Bits.Present = 1;
- PageDirectory1GEntry->Bits.MustBe1 = 1;
- }
- }
- } else {
- for ( IndexOfPdpEntries = 0
- ; IndexOfPdpEntries < (NumberOfPml4EntriesNeeded == 1 ? NumberOfPdpEntriesNeeded : 512)
- ; IndexOfPdpEntries++, PageDirectoryPointerEntry++)
- {
- //
- // Each Directory Pointer entries points to a page of Page Directory entires.
- // So allocate space for them and fill them in in the IndexOfPageDirectoryEntries loop.
- //
- PageDirectoryEntry = (VOID *)BigPageAddress;
- BigPageAddress += SIZE_4KB;
-
- //
- // Fill in a Page Directory Pointer Entries
- //
- PageDirectoryPointerEntry->Uint64 = (UINT64)(UINTN)PageDirectoryEntry | AddressEncMask;
- PageDirectoryPointerEntry->Bits.ReadWrite = 1;
- PageDirectoryPointerEntry->Bits.Present = 1;
-
- for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += SIZE_2MB) {
- if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) {
- //
- // Need to split this 2M page that covers NULL or stack range.
- //
- Split2MPageTo4K (PageAddress, (UINT64 *)PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize);
- } else {
- //
- // Fill in the Page Directory entries
- //
- PageDirectoryEntry->Uint64 = (UINT64)PageAddress | AddressEncMask;
- PageDirectoryEntry->Bits.ReadWrite = 1;
- PageDirectoryEntry->Bits.Present = 1;
- PageDirectoryEntry->Bits.MustBe1 = 1;
- }
- }
- }
-
- //
- // Fill with null entry for unused PDPTE
- //
- ZeroMem (PageDirectoryPointerEntry, (512 - IndexOfPdpEntries) * sizeof (PAGE_MAP_AND_DIRECTORY_POINTER));
- }
- }
+ CreateOrUpdatePageTable (&PageTable, PagingMode, 0, SIZE_4KB, &MapAttribute, &MapMask);
+ }
+ if (PcdGetBool (PcdCpuStackGuard)) {
//
- // For the PML4 entries we are not using fill in a null entry.
+ // Set the the last 4KB of stack as non-present in page table.
//
- ZeroMem (PageMapLevel4Entry, (512 - IndexOfPml4Entries) * sizeof (PAGE_MAP_AND_DIRECTORY_POINTER));
+ CreateOrUpdatePageTable (&PageTable, PagingMode, StackBase, SIZE_4KB, &MapAttribute, &MapMask);
}
if (Page5LevelSupport) {
Cr4.UintN = AsmReadCr4 ();
Cr4.Bits.LA57 = 1;
AsmWriteCr4 (Cr4.UintN);
- //
- // For the PML5 entries we are not using fill in a null entry.
- //
- ZeroMem (PageMapLevel5Entry, (512 - IndexOfPml5Entries) * sizeof (PAGE_MAP_AND_DIRECTORY_POINTER));
}
//
// Protect the page table by marking the memory used for page table to be
// read-only.
//
- EnablePageTableProtection ((UINTN)PageMap, TRUE);
+ EnablePageTableProtection ((UINTN)PageTable, TRUE);
//
// Set IA32_EFER.NXE if necessary.
@@ -956,5 +697,5 @@ CreateIdentityMappingPageTables (
EnableExecuteDisableBit ();
}
- return (UINTN)PageMap;
+ return PageTable;
}
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
index 616ebe42b0..a6cf31811d 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
@@ -7,7 +7,7 @@
3) IA-32 Intel(R) Architecture Software Developer's Manual Volume 3:System Programmer's Guide, Intel
4) AMD64 Architecture Programmer's Manual Volume 2: System Programming
-Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2006 - 2023, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -46,99 +46,6 @@ typedef struct {
UINT32 Reserved;
} X64_IDT_GATE_DESCRIPTOR;
-//
-// Page-Map Level-4 Offset (PML4) and
-// Page-Directory-Pointer Offset (PDPE) entries 4K & 2MB
-//
-
-typedef union {
- struct {
- UINT64 Present : 1; // 0 = Not present in memory, 1 = Present in memory
- UINT64 ReadWrite : 1; // 0 = Read-Only, 1= Read/Write
- UINT64 UserSupervisor : 1; // 0 = Supervisor, 1=User
- UINT64 WriteThrough : 1; // 0 = Write-Back caching, 1=Write-Through caching
- UINT64 CacheDisabled : 1; // 0 = Cached, 1=Non-Cached
- UINT64 Accessed : 1; // 0 = Not accessed, 1 = Accessed (set by CPU)
- UINT64 Reserved : 1; // Reserved
- UINT64 MustBeZero : 2; // Must Be Zero
- UINT64 Available : 3; // Available for use by system software
- UINT64 PageTableBaseAddress : 40; // Page Table Base Address
- UINT64 AvabilableHigh : 11; // Available for use by system software
- UINT64 Nx : 1; // No Execute bit
- } Bits;
- UINT64 Uint64;
-} PAGE_MAP_AND_DIRECTORY_POINTER;
-
-//
-// Page Table Entry 4KB
-//
-typedef union {
- struct {
- UINT64 Present : 1; // 0 = Not present in memory, 1 = Present in memory
- UINT64 ReadWrite : 1; // 0 = Read-Only, 1= Read/Write
- UINT64 UserSupervisor : 1; // 0 = Supervisor, 1=User
- UINT64 WriteThrough : 1; // 0 = Write-Back caching, 1=Write-Through caching
- UINT64 CacheDisabled : 1; // 0 = Cached, 1=Non-Cached
- UINT64 Accessed : 1; // 0 = Not accessed, 1 = Accessed (set by CPU)
- UINT64 Dirty : 1; // 0 = Not Dirty, 1 = written by processor on access to page
- UINT64 PAT : 1; //
- UINT64 Global : 1; // 0 = Not global page, 1 = global page TLB not cleared on CR3 write
- UINT64 Available : 3; // Available for use by system software
- UINT64 PageTableBaseAddress : 40; // Page Table Base Address
- UINT64 AvabilableHigh : 11; // Available for use by system software
- UINT64 Nx : 1; // 0 = Execute Code, 1 = No Code Execution
- } Bits;
- UINT64 Uint64;
-} PAGE_TABLE_4K_ENTRY;
-
-//
-// Page Table Entry 2MB
-//
-typedef union {
- struct {
- UINT64 Present : 1; // 0 = Not present in memory, 1 = Present in memory
- UINT64 ReadWrite : 1; // 0 = Read-Only, 1= Read/Write
- UINT64 UserSupervisor : 1; // 0 = Supervisor, 1=User
- UINT64 WriteThrough : 1; // 0 = Write-Back caching, 1=Write-Through caching
- UINT64 CacheDisabled : 1; // 0 = Cached, 1=Non-Cached
- UINT64 Accessed : 1; // 0 = Not accessed, 1 = Accessed (set by CPU)
- UINT64 Dirty : 1; // 0 = Not Dirty, 1 = written by processor on access to page
- UINT64 MustBe1 : 1; // Must be 1
- UINT64 Global : 1; // 0 = Not global page, 1 = global page TLB not cleared on CR3 write
- UINT64 Available : 3; // Available for use by system software
- UINT64 PAT : 1; //
- UINT64 MustBeZero : 8; // Must be zero;
- UINT64 PageTableBaseAddress : 31; // Page Table Base Address
- UINT64 AvabilableHigh : 11; // Available for use by system software
- UINT64 Nx : 1; // 0 = Execute Code, 1 = No Code Execution
- } Bits;
- UINT64 Uint64;
-} PAGE_TABLE_ENTRY;
-
-//
-// Page Table Entry 1GB
-//
-typedef union {
- struct {
- UINT64 Present : 1; // 0 = Not present in memory, 1 = Present in memory
- UINT64 ReadWrite : 1; // 0 = Read-Only, 1= Read/Write
- UINT64 UserSupervisor : 1; // 0 = Supervisor, 1=User
- UINT64 WriteThrough : 1; // 0 = Write-Back caching, 1=Write-Through caching
- UINT64 CacheDisabled : 1; // 0 = Cached, 1=Non-Cached
- UINT64 Accessed : 1; // 0 = Not accessed, 1 = Accessed (set by CPU)
- UINT64 Dirty : 1; // 0 = Not Dirty, 1 = written by processor on access to page
- UINT64 MustBe1 : 1; // Must be 1
- UINT64 Global : 1; // 0 = Not global page, 1 = global page TLB not cleared on CR3 write
- UINT64 Available : 3; // Available for use by system software
- UINT64 PAT : 1; //
- UINT64 MustBeZero : 17; // Must be zero;
- UINT64 PageTableBaseAddress : 22; // Page Table Base Address
- UINT64 AvabilableHigh : 11; // Available for use by system software
- UINT64 Nx : 1; // 0 = Execute Code, 1 = No Code Execution
- } Bits;
- UINT64 Uint64;
-} PAGE_TABLE_1G_ENTRY;
-
#pragma pack()
#define CR0_WP BIT16
@@ -194,44 +101,25 @@ EnableExecuteDisableBit (
);
/**
- Split 2M page to 4K.
-
- @param[in] PhysicalAddress Start physical address the 2M page covered.
- @param[in, out] PageEntry2M Pointer to 2M page entry.
- @param[in] StackBase Stack base address.
- @param[in] StackSize Stack size.
- @param[in] GhcbBase GHCB page area base address.
- @param[in] GhcbSize GHCB page area size.
-
-**/
-VOID
-Split2MPageTo4K (
- IN EFI_PHYSICAL_ADDRESS PhysicalAddress,
- IN OUT UINT64 *PageEntry2M,
- IN EFI_PHYSICAL_ADDRESS StackBase,
- IN UINTN StackSize,
- IN EFI_PHYSICAL_ADDRESS GhcbBase,
- IN UINTN GhcbSize
- );
-
-/**
- Allocates and fills in the Page Directory and Page Table Entries to
+ Create IA32 PAE paging or 4-level/5-level paging for long mode to
establish a 1:1 Virtual to Physical mapping.
- @param[in] StackBase Stack base address.
- @param[in] StackSize Stack size.
- @param[in] GhcbBase GHCB page area base address.
- @param[in] GhcbSize GHCB page area size.
+ @param[in] Is64BitPageTable Whether to create 64-bit page table.
+ @param[in] StackBase Stack base address.
+ @param[in] StackSize Stack size.
+ @param[in] GhcbBase GHCB page area base address.
+ @param[in] GhcbSize GHCB page area size.
- @return The address of 4 level page map.
+ @return The address of page table.
**/
UINTN
CreateIdentityMappingPageTables (
+ IN BOOLEAN Is64BitPageTable,
IN EFI_PHYSICAL_ADDRESS StackBase,
IN UINTN StackSize,
IN EFI_PHYSICAL_ADDRESS GhcbBase,
- IN UINTN GhcbkSize
+ IN UINTN GhcbSize
);
/**
@@ -289,39 +177,4 @@ IsNullDetectionEnabled (
VOID
);
-/**
- Prevent the memory pages used for page table from been overwritten.
-
- @param[in] PageTableBase Base address of page table (CR3).
- @param[in] Level4Paging Level 4 paging flag.
-
-**/
-VOID
-EnablePageTableProtection (
- IN UINTN PageTableBase,
- IN BOOLEAN Level4Paging
- );
-
-/**
- This API provides a way to allocate memory for page table.
-
- This API can be called more than once to allocate memory for page tables.
-
- Allocates the number of 4KB pages and returns a pointer to the allocated
- buffer. The buffer returned is aligned on a 4KB boundary.
-
- If Pages is 0, then NULL is returned.
- If there is not enough memory remaining to satisfy the request, then NULL is
- returned.
-
- @param Pages The number of 4 KB pages to allocate.
-
- @return A pointer to the allocated buffer or NULL if allocation fails.
-
-**/
-VOID *
-AllocatePageTableMemory (
- IN UINTN Pages
- );
-
#endif
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Patch V3 7/8] MdeModulePkg/DxeIpl: Remove duplicated code to enable NX
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
` (5 preceding siblings ...)
2023-04-24 10:05 ` [Patch V3 6/8] MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 10:05 ` [Patch V3 8/8] MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO duntan
2023-04-24 17:23 ` [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl Ard Biesheuvel
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Dandan Bi, Liming Gao, Ray Ni, Jian J Wang
In IA32 code, remove the duplicated code to enable NX.
In the previous patch, IA32 code also uses the new
CreateIdentityMappingPageTables() to create PAE page table.
This function calls EnableExecuteDisableBit if needed.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
index 69d073fb58..dd7cbb6ce6 100644
--- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
@@ -322,9 +322,6 @@ HandOffToDxeCore (
BuildPageTablesIa32Pae = ToBuildPageTable ();
if (BuildPageTablesIa32Pae) {
PageTables = CreateIdentityMappingPageTables (FALSE, BaseOfStack, STACK_SIZE, 0, 0);
- if (IsEnableNonExecNeeded ()) {
- EnableExecuteDisableBit ();
- }
}
//
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Patch V3 8/8] MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
` (6 preceding siblings ...)
2023-04-24 10:05 ` [Patch V3 7/8] MdeModulePkg/DxeIpl: Remove duplicated code to enable NX duntan
@ 2023-04-24 10:05 ` duntan
2023-04-24 17:23 ` [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl Ard Biesheuvel
8 siblings, 0 replies; 15+ messages in thread
From: duntan @ 2023-04-24 10:05 UTC (permalink / raw)
To: devel; +Cc: Dandan Bi, Liming Gao, Ray Ni, Jian J Wang
Code refinement to the code to set page table as RO in DxeIpl module.
Set all page table pools as ReadOnly by calling PageTableMap() in
CpuPageTableLib multiple times instead of searching each page table
pool address in page table layer by layer. Also, this commit solve
the issue that original SetPageTablePoolReadOnly() code in DxeIpl
doesn't handle the Level5Paging case.
Bugzila: https://bugzilla.tianocore.org/show_bug.cgi?id=4176
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
---
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 155 +++++++++++++++--------------------------------------------------------------------------------------------------------------------------------------------
MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 15 ---------------
2 files changed, 15 insertions(+), 155 deletions(-)
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 80482c7853..e6b6d602c1 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -330,154 +330,37 @@ CreateOrUpdatePageTable (
ASSERT (PageTableBufferSize == 0);
}
-/**
- Set one page of page table pool memory to be read-only.
-
- @param[in] PageTableBase Base address of page table (CR3).
- @param[in] Address Start address of a page to be set as read-only.
- @param[in] Level4Paging Level 4 paging flag.
-
-**/
-VOID
-SetPageTablePoolReadOnly (
- IN UINTN PageTableBase,
- IN EFI_PHYSICAL_ADDRESS Address,
- IN BOOLEAN Level4Paging
- )
-{
- UINTN Index;
- UINTN EntryIndex;
- UINT64 AddressEncMask;
- EFI_PHYSICAL_ADDRESS PhysicalAddress;
- UINT64 *PageTable;
- UINT64 *NewPageTable;
- UINT64 PageAttr;
- UINT64 LevelSize[5];
- UINT64 LevelMask[5];
- UINTN LevelShift[5];
- UINTN Level;
- UINT64 PoolUnitSize;
-
- ASSERT (PageTableBase != 0);
-
- //
- // Since the page table is always from page table pool, which is always
- // located at the boundary of PcdPageTablePoolAlignment, we just need to
- // set the whole pool unit to be read-only.
- //
- Address = Address & PAGE_TABLE_POOL_ALIGN_MASK;
-
- LevelShift[1] = PAGING_L1_ADDRESS_SHIFT;
- LevelShift[2] = PAGING_L2_ADDRESS_SHIFT;
- LevelShift[3] = PAGING_L3_ADDRESS_SHIFT;
- LevelShift[4] = PAGING_L4_ADDRESS_SHIFT;
-
- LevelMask[1] = PAGING_4K_ADDRESS_MASK_64;
- LevelMask[2] = PAGING_2M_ADDRESS_MASK_64;
- LevelMask[3] = PAGING_1G_ADDRESS_MASK_64;
- LevelMask[4] = PAGING_1G_ADDRESS_MASK_64;
-
- LevelSize[1] = SIZE_4KB;
- LevelSize[2] = SIZE_2MB;
- LevelSize[3] = SIZE_1GB;
- LevelSize[4] = SIZE_512GB;
-
- AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) &
- PAGING_1G_ADDRESS_MASK_64;
- PageTable = (UINT64 *)(UINTN)PageTableBase;
- PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE;
-
- for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) {
- Index = ((UINTN)RShiftU64 (Address, LevelShift[Level]));
- Index &= PAGING_PAE_INDEX_MASK;
-
- PageAttr = PageTable[Index];
- if ((PageAttr & IA32_PG_PS) == 0) {
- //
- // Go to next level of table.
- //
- PageTable = (UINT64 *)(UINTN)(PageAttr & ~AddressEncMask &
- PAGING_4K_ADDRESS_MASK_64);
- continue;
- }
-
- if (PoolUnitSize >= LevelSize[Level]) {
- //
- // Clear R/W bit if current page granularity is not larger than pool unit
- // size.
- //
- if ((PageAttr & IA32_PG_RW) != 0) {
- while (PoolUnitSize > 0) {
- //
- // PAGE_TABLE_POOL_UNIT_SIZE and PAGE_TABLE_POOL_ALIGNMENT are fit in
- // one page (2MB). Then we don't need to update attributes for pages
- // crossing page directory. ASSERT below is for that purpose.
- //
- ASSERT (Index < EFI_PAGE_SIZE/sizeof (UINT64));
-
- PageTable[Index] &= ~(UINT64)IA32_PG_RW;
- PoolUnitSize -= LevelSize[Level];
-
- ++Index;
- }
- }
-
- break;
- } else {
- //
- // The smaller granularity of page must be needed.
- //
- ASSERT (Level > 1);
-
- NewPageTable = AllocatePageTableMemory (1);
- ASSERT (NewPageTable != NULL);
-
- PhysicalAddress = PageAttr & LevelMask[Level];
- for (EntryIndex = 0;
- EntryIndex < EFI_PAGE_SIZE/sizeof (UINT64);
- ++EntryIndex)
- {
- NewPageTable[EntryIndex] = PhysicalAddress | AddressEncMask |
- IA32_PG_P | IA32_PG_RW;
- if (Level > 2) {
- NewPageTable[EntryIndex] |= IA32_PG_PS;
- }
-
- PhysicalAddress += LevelSize[Level - 1];
- }
-
- PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
- IA32_PG_P | IA32_PG_RW;
- PageTable = NewPageTable;
- }
- }
-}
-
/**
Prevent the memory pages used for page table from been overwritten.
- @param[in] PageTableBase Base address of page table (CR3).
- @param[in] Level4Paging Level 4 paging flag.
+ @param[in] PageTableBase Base address of page table (CR3).
+ @param[in] PagingMode The paging mode.
**/
VOID
EnablePageTableProtection (
- IN UINTN PageTableBase,
- IN BOOLEAN Level4Paging
+ IN UINTN PageTableBase,
+ IN PAGING_MODE PagingMode
)
{
PAGE_TABLE_POOL *HeadPool;
PAGE_TABLE_POOL *Pool;
UINT64 PoolSize;
EFI_PHYSICAL_ADDRESS Address;
+ IA32_MAP_ATTRIBUTE MapAttribute;
+ IA32_MAP_ATTRIBUTE MapMask;
if (mPageTablePool == NULL) {
return;
}
+ MapAttribute.Uint64 = 0;
+ MapAttribute.Bits.ReadWrite = 0;
+ MapMask.Uint64 = 0;
+ MapMask.Bits.ReadWrite = 1;
+
//
- // No need to clear CR0.WP since PageTableBase has't been written to CR3 yet.
- // SetPageTablePoolReadOnly might update mPageTablePool. It's safer to
+ // CreateOrUpdatePageTable might update mPageTablePool. It's safer to
// remember original one in advance.
//
HeadPool = mPageTablePool;
@@ -485,18 +368,10 @@ EnablePageTableProtection (
do {
Address = (EFI_PHYSICAL_ADDRESS)(UINTN)Pool;
PoolSize = Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages);
-
//
- // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE, which
- // is one of page size of the processor (2MB by default). Let's apply the
- // protection to them one by one.
+ // Set entire pool including header, used-memory and left free-memory as ReadOnly.
//
- while (PoolSize > 0) {
- SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging);
- Address += PAGE_TABLE_POOL_UNIT_SIZE;
- PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE;
- }
-
+ CreateOrUpdatePageTable (&PageTableBase, PagingMode, Address, PoolSize, &MapAttribute, &MapMask);
Pool = Pool->NextPool;
} while (Pool != HeadPool);
@@ -688,7 +563,7 @@ CreateIdentityMappingPageTables (
// Protect the page table by marking the memory used for page table to be
// read-only.
//
- EnablePageTableProtection ((UINTN)PageTable, TRUE);
+ EnablePageTableProtection (PageTable, PagingMode);
//
// Set IA32_EFER.NXE if necessary.
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
index a6cf31811d..034c4249d4 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
@@ -50,23 +50,8 @@ typedef struct {
#define CR0_WP BIT16
-#define IA32_PG_P BIT0
-#define IA32_PG_RW BIT1
-#define IA32_PG_PS BIT7
-
-#define PAGING_PAE_INDEX_MASK 0x1FF
-
-#define PAGING_4K_ADDRESS_MASK_64 0x000FFFFFFFFFF000ull
-#define PAGING_2M_ADDRESS_MASK_64 0x000FFFFFFFE00000ull
#define PAGING_1G_ADDRESS_MASK_64 0x000FFFFFC0000000ull
-#define PAGING_L1_ADDRESS_SHIFT 12
-#define PAGING_L2_ADDRESS_SHIFT 21
-#define PAGING_L3_ADDRESS_SHIFT 30
-#define PAGING_L4_ADDRESS_SHIFT 39
-
-#define PAGING_PML4E_NUMBER 4
-
#define PAGE_TABLE_POOL_ALIGNMENT BASE_2MB
#define PAGE_TABLE_POOL_UNIT_SIZE SIZE_2MB
#define PAGE_TABLE_POOL_UNIT_PAGES EFI_SIZE_TO_PAGES (PAGE_TABLE_POOL_UNIT_SIZE)
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
` (7 preceding siblings ...)
2023-04-24 10:05 ` [Patch V3 8/8] MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO duntan
@ 2023-04-24 17:23 ` Ard Biesheuvel
2023-04-24 17:51 ` Michael D Kinney
8 siblings, 1 reply; 15+ messages in thread
From: Ard Biesheuvel @ 2023-04-24 17:23 UTC (permalink / raw)
To: devel, dun.tan
On Mon, 24 Apr 2023 at 12:06, duntan <dun.tan@intel.com> wrote:
>
> In V3 patch set:
> 1. Add a new patch 'MdePkg: Move CpuPageTableLib defination to MdePkg' to Move CpuPageTableLib defination from UefiCpuPkg to MdePkg.
> So that MdeModulePkg doesn't need to depend on UefiCpuPkg.
As I replied to the other patch, I think adding CpuPageTableLib to
MdePkg in its current form (even only the interface) is not the right
approach here. The function protoypes and enums exposed by this
library are highly specific to a particular implementation.
There is a clear use case here, which is the DXE IPL code, and as has
been suggested in the other thread, it would be more appropriate to
define an abstraction regarding this use case, and define it as a
library class (with a NULL implementation) in MdeModulePkg. That way,
UefiCpuPkg can provide the x86 implementation based on
CpuPageTableLilb, and other architectures can do likewise.
Please refer to the patch below, which illustrates why there are other
requirements in this area:
https://edk2.groups.io/g/devel/message/101122
--
Ard.
> 2. Modify the patch 'MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib' to set GHCB page to be mapped as unencrypted for each CPU for AMD SEV feature.
>
> Dun Tan (8):
> MdePkg: Move CpuPageTableLib defination to MdePkg
> EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC
> IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC
> MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC
> OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file
> MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib
> MdeModulePkg/DxeIpl: Remove duplicated code to enable NX
> MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO
>
> EmulatorPkg/EmulatorPkg.dsc | 3 ++-
> IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++-
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++-
> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 112 ++++------------------------------------------------------------------------------------------------------------
> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++--
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 720 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 182 ++++++++++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> MdeModulePkg/MdeModulePkg.dsc | 3 ++-
> {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h | 0
> MdePkg/MdePkg.dec | 5 ++++-
> OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
> OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++-
> OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
> OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
> OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
> OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
> OvmfPkg/OvmfPkgX64.dsc | 2 +-
> OvmfPkg/OvmfXen.dsc | 2 +-
> UefiCpuPkg/UefiCpuPkg.dec | 3 ---
> 20 files changed, 211 insertions(+), 851 deletions(-)
> rename {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h (100%)
>
> --
> 2.31.1.windows.1
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
2023-04-24 17:23 ` [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl Ard Biesheuvel
@ 2023-04-24 17:51 ` Michael D Kinney
2023-04-24 18:07 ` Ard Biesheuvel
0 siblings, 1 reply; 15+ messages in thread
From: Michael D Kinney @ 2023-04-24 17:51 UTC (permalink / raw)
To: devel@edk2.groups.io, ardb@kernel.org, Tan, Dun; +Cc: Kinney, Michael D
Hi Ard,
Thanks for the feedback. Let's work on this approach.
Are there similar needs for CPU related services in the DXE Core before
the CPU AP is loaded?
If we are going to define a new lib class to abstract DXE IPL requirements,
it would be good to cover DXE Core requirements too.
Mike
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard Biesheuvel
> Sent: Monday, April 24, 2023 10:24 AM
> To: devel@edk2.groups.io; Tan, Dun <dun.tan@intel.com>
> Subject: Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
>
> On Mon, 24 Apr 2023 at 12:06, duntan <dun.tan@intel.com> wrote:
> >
> > In V3 patch set:
> > 1. Add a new patch 'MdePkg: Move CpuPageTableLib defination to MdePkg' to Move CpuPageTableLib defination from UefiCpuPkg to
> MdePkg.
> > So that MdeModulePkg doesn't need to depend on UefiCpuPkg.
>
> As I replied to the other patch, I think adding CpuPageTableLib to
> MdePkg in its current form (even only the interface) is not the right
> approach here. The function protoypes and enums exposed by this
> library are highly specific to a particular implementation.
>
> There is a clear use case here, which is the DXE IPL code, and as has
> been suggested in the other thread, it would be more appropriate to
> define an abstraction regarding this use case, and define it as a
> library class (with a NULL implementation) in MdeModulePkg. That way,
> UefiCpuPkg can provide the x86 implementation based on
> CpuPageTableLilb, and other architectures can do likewise.
>
> Please refer to the patch below, which illustrates why there are other
> requirements in this area:
>
> https://edk2.groups.io/g/devel/message/101122
>
> --
> Ard.
>
>
>
>
> > 2. Modify the patch 'MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib' to set GHCB page to be mapped as unencrypted
> for each CPU for AMD SEV feature.
> >
> > Dun Tan (8):
> > MdePkg: Move CpuPageTableLib defination to MdePkg
> > EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC
> > IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC
> > MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC
> > OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file
> > MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib
> > MdeModulePkg/DxeIpl: Remove duplicated code to enable NX
> > MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO
> >
> > EmulatorPkg/EmulatorPkg.dsc | 3 ++-
> > IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++-
> > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++-
> > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 112 ++++----------------------------------------------------------
> --------------------------------------------------
> > MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++--
> > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 720
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++----------------------------------------------------------------------------------------
> --------------------------------------------------------------------------------------------------------------------------------
> --------------------------------------------------------------------------------------------------------------------------------
> --------------------------------------------------------------------------------------------------------------------------------
> --------------------------------------------------------------------------------
> > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 182 ++++++++++----------------------------------------------------
> ------------------------------------------------------------------------------------------------------------------------
> > MdeModulePkg/MdeModulePkg.dsc | 3 ++-
> > {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h | 0
> > MdePkg/MdePkg.dec | 5 ++++-
> > OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
> > OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++-
> > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
> > OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
> > OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
> > OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
> > OvmfPkg/OvmfPkgX64.dsc | 2 +-
> > OvmfPkg/OvmfXen.dsc | 2 +-
> > UefiCpuPkg/UefiCpuPkg.dec | 3 ---
> > 20 files changed, 211 insertions(+), 851 deletions(-)
> > rename {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h (100%)
> >
> > --
> > 2.31.1.windows.1
> >
> >
> >
> >
> >
> >
>
>
>
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
2023-04-24 17:51 ` Michael D Kinney
@ 2023-04-24 18:07 ` Ard Biesheuvel
2023-04-25 2:45 ` Ni, Ray
0 siblings, 1 reply; 15+ messages in thread
From: Ard Biesheuvel @ 2023-04-24 18:07 UTC (permalink / raw)
To: Kinney, Michael D; +Cc: devel@edk2.groups.io, Tan, Dun
On Mon, 24 Apr 2023 at 19:51, Kinney, Michael D
<michael.d.kinney@intel.com> wrote:
>
> Hi Ard,
>
> Thanks for the feedback. Let's work on this approach.
>
> Are there similar needs for CPU related services in the DXE Core before
> the CPU AP is loaded?
>
> If we are going to define a new lib class to abstract DXE IPL requirements,
> it would be good to cover DXE Core requirements too.
>
Yeah, excellent point.
The problem I have had to work around in my strict permissions series
(which includes the linked patch) is that there is a window from the
moment DXE core is dispatched until the moment the CPU arch protocol
DXE driver is dispatched where we don't have an architectural means to
manipulate memory permissions.
So what we'd need here is a library version of the following method
typedef
EFI_STATUS
(EFIAPI *EFI_CPU_SET_MEMORY_ATTRIBUTES)(
IN EFI_CPU_ARCH_PROTOCOL *This,
IN EFI_PHYSICAL_ADDRESS BaseAddress,
IN UINT64 Length,
IN UINT64 Attributes
);
*However*, I am aware that the X86 DXE IPL code deviates from this, as
it needs to build long mode compatible page tables before switching
from IA32 to X64, right?
So whether that use case can be served with this prototype is
doubtful, but I guess it /would/ make sense to define a single library
abstraction that can accommodate all of these use cases.
Happy to discuss this in more detail,
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard Biesheuvel
> > Sent: Monday, April 24, 2023 10:24 AM
> > To: devel@edk2.groups.io; Tan, Dun <dun.tan@intel.com>
> > Subject: Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
> >
> > On Mon, 24 Apr 2023 at 12:06, duntan <dun.tan@intel.com> wrote:
> > >
> > > In V3 patch set:
> > > 1. Add a new patch 'MdePkg: Move CpuPageTableLib defination to MdePkg' to Move CpuPageTableLib defination from UefiCpuPkg to
> > MdePkg.
> > > So that MdeModulePkg doesn't need to depend on UefiCpuPkg.
> >
> > As I replied to the other patch, I think adding CpuPageTableLib to
> > MdePkg in its current form (even only the interface) is not the right
> > approach here. The function protoypes and enums exposed by this
> > library are highly specific to a particular implementation.
> >
> > There is a clear use case here, which is the DXE IPL code, and as has
> > been suggested in the other thread, it would be more appropriate to
> > define an abstraction regarding this use case, and define it as a
> > library class (with a NULL implementation) in MdeModulePkg. That way,
> > UefiCpuPkg can provide the x86 implementation based on
> > CpuPageTableLilb, and other architectures can do likewise.
> >
> > Please refer to the patch below, which illustrates why there are other
> > requirements in this area:
> >
> > https://edk2.groups.io/g/devel/message/101122
> >
> > --
> > Ard.
> >
> >
> >
> >
> > > 2. Modify the patch 'MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib' to set GHCB page to be mapped as unencrypted
> > for each CPU for AMD SEV feature.
> > >
> > > Dun Tan (8):
> > > MdePkg: Move CpuPageTableLib defination to MdePkg
> > > EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC
> > > IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC
> > > MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC
> > > OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file
> > > MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib
> > > MdeModulePkg/DxeIpl: Remove duplicated code to enable NX
> > > MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO
> > >
> > > EmulatorPkg/EmulatorPkg.dsc | 3 ++-
> > > IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++-
> > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++-
> > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> > > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 112 ++++----------------------------------------------------------
> > --------------------------------------------------
> > > MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++--
> > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 720
> > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > ++++++++++++++++++++++++++++++++++++++++----------------------------------------------------------------------------------------
> > --------------------------------------------------------------------------------------------------------------------------------
> > --------------------------------------------------------------------------------------------------------------------------------
> > --------------------------------------------------------------------------------------------------------------------------------
> > --------------------------------------------------------------------------------
> > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 182 ++++++++++----------------------------------------------------
> > ------------------------------------------------------------------------------------------------------------------------
> > > MdeModulePkg/MdeModulePkg.dsc | 3 ++-
> > > {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h | 0
> > > MdePkg/MdePkg.dec | 5 ++++-
> > > OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
> > > OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++-
> > > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
> > > OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
> > > OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
> > > OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
> > > OvmfPkg/OvmfPkgX64.dsc | 2 +-
> > > OvmfPkg/OvmfXen.dsc | 2 +-
> > > UefiCpuPkg/UefiCpuPkg.dec | 3 ---
> > > 20 files changed, 211 insertions(+), 851 deletions(-)
> > > rename {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h (100%)
> > >
> > > --
> > > 2.31.1.windows.1
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
2023-04-24 18:07 ` Ard Biesheuvel
@ 2023-04-25 2:45 ` Ni, Ray
2023-04-25 17:11 ` Ard Biesheuvel
0 siblings, 1 reply; 15+ messages in thread
From: Ni, Ray @ 2023-04-25 2:45 UTC (permalink / raw)
To: devel@edk2.groups.io, ardb@kernel.org, Kinney, Michael D
Cc: Tan, Dun, Ni, Ray
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard
> Biesheuvel
> Sent: Tuesday, April 25, 2023 2:07 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>
> Cc: devel@edk2.groups.io; Tan, Dun <dun.tan@intel.com>
> Subject: Re: [edk2-devel] [Patch V3 0/8] Create page table by
> CpuPageTableLib in DxeIpl
>
> On Mon, 24 Apr 2023 at 19:51, Kinney, Michael D
> <michael.d.kinney@intel.com> wrote:
> >
> > Hi Ard,
> >
> > Thanks for the feedback. Let's work on this approach.
> >
> > Are there similar needs for CPU related services in the DXE Core before
> > the CPU AP is loaded?
> >
> > If we are going to define a new lib class to abstract DXE IPL requirements,
> > it would be good to cover DXE Core requirements too.
> >
>
> Yeah, excellent point.
>
> The problem I have had to work around in my strict permissions series
> (which includes the linked patch) is that there is a window from the
> moment DXE core is dispatched until the moment the CPU arch protocol
> DXE driver is dispatched where we don't have an architectural means to
> manipulate memory permissions.
>
> So what we'd need here is a library version of the following method
>
> typedef
> EFI_STATUS
> (EFIAPI *EFI_CPU_SET_MEMORY_ATTRIBUTES)(
> IN EFI_CPU_ARCH_PROTOCOL *This,
> IN EFI_PHYSICAL_ADDRESS BaseAddress,
> IN UINT64 Length,
> IN UINT64 Attributes
> );
What's your idea here?
Besides HandOffToDxeCore(), you require a 2nd lib API as above for
early DXE phase before CPU AP is available?
Why do we want to combine two APIs into one lib class?
If combined, what lib class name do you think is proper to describe the lib purpose?
It seems to me lacking of CPU AP in early DXE phase is acknowledged by PI spec.
Having the 2nd API for DXE early phase is like a workaround to fix PI spec gap, do you think so?
>
> *However*, I am aware that the X86 DXE IPL code deviates from this, as
> it needs to build long mode compatible page tables before switching
> from IA32 to X64, right?
DXEIPL creates long mode page table with following characteristics:
* 1:1 mapping to cover the entire memory space
* Set the bottom 4K of BSP stack as not-present - prevent stack overflow
* Set the entire BSP stack as NX - prevent buffer overflow attack
* Set the [0-4k] region as not-present - null protection
But it doesn't set DxeCore code region as RO, or data region as NX.
I describe the X86 DXEIPL page table behavior as above. Because I hope
you could explain a bit more on your thoughts. I don't quite understand
your above wordings.
> So whether that use case can be served with this prototype is
> doubtful, but I guess it /would/ make sense to define a single library
> abstraction that can accommodate all of these use cases.
>
> Happy to discuss this in more detail,
>
>
>
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard
> Biesheuvel
> > > Sent: Monday, April 24, 2023 10:24 AM
> > > To: devel@edk2.groups.io; Tan, Dun <dun.tan@intel.com>
> > > Subject: Re: [edk2-devel] [Patch V3 0/8] Create page table by
> CpuPageTableLib in DxeIpl
> > >
> > > On Mon, 24 Apr 2023 at 12:06, duntan <dun.tan@intel.com> wrote:
> > > >
> > > > In V3 patch set:
> > > > 1. Add a new patch 'MdePkg: Move CpuPageTableLib defination to
> MdePkg' to Move CpuPageTableLib defination from UefiCpuPkg to
> > > MdePkg.
> > > > So that MdeModulePkg doesn't need to depend on UefiCpuPkg.
> > >
> > > As I replied to the other patch, I think adding CpuPageTableLib to
> > > MdePkg in its current form (even only the interface) is not the right
> > > approach here. The function protoypes and enums exposed by this
> > > library are highly specific to a particular implementation.
> > >
> > > There is a clear use case here, which is the DXE IPL code, and as has
> > > been suggested in the other thread, it would be more appropriate to
> > > define an abstraction regarding this use case, and define it as a
> > > library class (with a NULL implementation) in MdeModulePkg. That way,
> > > UefiCpuPkg can provide the x86 implementation based on
> > > CpuPageTableLilb, and other architectures can do likewise.
> > >
> > > Please refer to the patch below, which illustrates why there are other
> > > requirements in this area:
> > >
> > > https://edk2.groups.io/g/devel/message/101122
> > >
> > > --
> > > Ard.
> > >
> > >
> > >
> > >
> > > > 2. Modify the patch 'MdeModulePkg/DxeIpl: Create page table by
> CpuPageTableLib' to set GHCB page to be mapped as unencrypted
> > > for each CPU for AMD SEV feature.
> > > >
> > > > Dun Tan (8):
> > > > MdePkg: Move CpuPageTableLib defination to MdePkg
> > > > EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC
> > > > IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC
> > > > MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC
> > > > OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file
> > > > MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib
> > > > MdeModulePkg/DxeIpl: Remove duplicated code to enable NX
> > > > MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as
> RO
> > > >
> > > > EmulatorPkg/EmulatorPkg.dsc | 3 ++-
> > > > IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++-
> > > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++-
> > > > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 5 ++++-
> > > > MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 112
> ++++----------------------------------------------------------
> > > --------------------------------------------------
> > > > MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++--
> > > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 720
> > >
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++
> > > ++++++++++++++++++++++++++++++++++++++++-------------------------
> ---------------------------------------------------------------
> > > -----------------------------------------------------------------------------------------
> ---------------------------------------
> > > -----------------------------------------------------------------------------------------
> ---------------------------------------
> > > -----------------------------------------------------------------------------------------
> ---------------------------------------
> > > --------------------------------------------------------------------------------
> > > > MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 182
> ++++++++++----------------------------------------------------
> > > -----------------------------------------------------------------------------------------
> -------------------------------
> > > > MdeModulePkg/MdeModulePkg.dsc | 3 ++-
> > > > {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h | 0
> > > > MdePkg/MdePkg.dec | 5 ++++-
> > > > OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
> > > > OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++-
> > > > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
> > > > OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
> > > > OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
> > > > OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
> > > > OvmfPkg/OvmfPkgX64.dsc | 2 +-
> > > > OvmfPkg/OvmfXen.dsc | 2 +-
> > > > UefiCpuPkg/UefiCpuPkg.dec | 3 ---
> > > > 20 files changed, 211 insertions(+), 851 deletions(-)
> > > > rename {UefiCpuPkg => MdePkg}/Include/Library/CpuPageTableLib.h
> (100%)
> > > >
> > > > --
> > > > 2.31.1.windows.1
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> >
>
>
>
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
2023-04-25 2:45 ` Ni, Ray
@ 2023-04-25 17:11 ` Ard Biesheuvel
2023-04-26 6:08 ` Ni, Ray
0 siblings, 1 reply; 15+ messages in thread
From: Ard Biesheuvel @ 2023-04-25 17:11 UTC (permalink / raw)
To: devel, ray.ni; +Cc: Kinney, Michael D, Tan, Dun
On Tue, 25 Apr 2023 at 03:45, Ni, Ray <ray.ni@intel.com> wrote:
>
>
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard
> > Biesheuvel
> > Sent: Tuesday, April 25, 2023 2:07 AM
> > To: Kinney, Michael D <michael.d.kinney@intel.com>
> > Cc: devel@edk2.groups.io; Tan, Dun <dun.tan@intel.com>
> > Subject: Re: [edk2-devel] [Patch V3 0/8] Create page table by
> > CpuPageTableLib in DxeIpl
> >
> > On Mon, 24 Apr 2023 at 19:51, Kinney, Michael D
> > <michael.d.kinney@intel.com> wrote:
> > >
> > > Hi Ard,
> > >
> > > Thanks for the feedback. Let's work on this approach.
> > >
> > > Are there similar needs for CPU related services in the DXE Core before
> > > the CPU AP is loaded?
> > >
> > > If we are going to define a new lib class to abstract DXE IPL requirements,
> > > it would be good to cover DXE Core requirements too.
> > >
> >
> > Yeah, excellent point.
> >
> > The problem I have had to work around in my strict permissions series
> > (which includes the linked patch) is that there is a window from the
> > moment DXE core is dispatched until the moment the CPU arch protocol
> > DXE driver is dispatched where we don't have an architectural means to
> > manipulate memory permissions.
> >
> > So what we'd need here is a library version of the following method
> >
> > typedef
> > EFI_STATUS
> > (EFIAPI *EFI_CPU_SET_MEMORY_ATTRIBUTES)(
> > IN EFI_CPU_ARCH_PROTOCOL *This,
> > IN EFI_PHYSICAL_ADDRESS BaseAddress,
> > IN UINT64 Length,
> > IN UINT64 Attributes
> > );
>
> What's your idea here?
> Besides HandOffToDxeCore(), you require a 2nd lib API as above for
> early DXE phase before CPU AP is available?
>
> Why do we want to combine two APIs into one lib class?
> If combined, what lib class name do you think is proper to describe the lib purpose?
>
> It seems to me lacking of CPU AP in early DXE phase is acknowledged by PI spec.
> Having the 2nd API for DXE early phase is like a workaround to fix PI spec gap, do you think so?
>
Perhaps. Maybe the problem here is that there setting memory
permissions is not part of the PEI CPU arch protocol. It would make
sense for shadowed PEIMs as well as the DXE core to be mapped with
strict permissions at dispatch time (if the section alignment permits
it). For XIP PEIMs, nothing would change, and if PEI executes in place
from DRAM, the whole FV can be mapped read-only.
Or perhaps this should be a separate PPI altogether, and we could
define it as one that is callable from DXE core if the CPU arch
protocol has not been dispatched yet.
I don't really care whether or not we add this to the PI spec tbh
> >
> > *However*, I am aware that the X86 DXE IPL code deviates from this, as
> > it needs to build long mode compatible page tables before switching
> > from IA32 to X64, right?
>
> DXEIPL creates long mode page table with following characteristics:
> * 1:1 mapping to cover the entire memory space
> * Set the bottom 4K of BSP stack as not-present - prevent stack overflow
> * Set the entire BSP stack as NX - prevent buffer overflow attack
> * Set the [0-4k] region as not-present - null protection
>
> But it doesn't set DxeCore code region as RO, or data region as NX.
>
> I describe the X86 DXEIPL page table behavior as above. Because I hope
> you could explain a bit more on your thoughts. I don't quite understand
> your above wordings.
>
I guess the long mode switch is sufficiently special that it will be
very hard to define a sane API that covers all of this. OTOH, it seems
like a missed opportunity to rely on DXE IPL to create all these
restricted mappings, and invent something completely new just to remap
the DXE core text and data sections RO / XP. And note that, for arm64,
this should occur before the code is actually called, since the
restricted mode we would like to enable for EDK2 does not permit
memory that is both writable and executable at all.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl
2023-04-25 17:11 ` Ard Biesheuvel
@ 2023-04-26 6:08 ` Ni, Ray
0 siblings, 0 replies; 15+ messages in thread
From: Ni, Ray @ 2023-04-26 6:08 UTC (permalink / raw)
To: devel@edk2.groups.io, ardb@kernel.org
Cc: Kinney, Michael D, Tan, Dun, Liu, Zhiguang
I can think of 3 options:
1. Create MdeModulePkg/HandOffToDxeCoreLib lib class. UefiCpuPkg implements the two instances supporting 32/64bit PEI.
2. Create MdeModulePkg/Ppi/EdkiiMemoryAttribute.h. UefiCpuPkg/CpuMpPei implements the X86 version of MemoryAttribute PPI.
(As what Ard did in ArmCpuDxe driver.)
The MemoryAttribute PPI only supports to modify the memory attribute in the active page table. It cannot modify the "future" page table
which is the case DxeIpl/Ia32 creates long-mode page table.
So, this option cannot help on DxeIpl/Ia32. I will have to keep DxeIpl/Ia32 code unchanged and only cleanup the DxeIpl/X64 by calling the new PPI.
3. A slight different version of option #2: create MdeModulePkg/MemoryAttributeLib lib class instead of PPI. I would prefer #2.
Option #1 helps to create single DxeIpl PEIM but doesn't help to abstract memory attributes changing in whole PEI phase.
With Option #2, multiple DxeIpl PEIMs still exist for different archs.
I am fine with either option #1 or #2 because either can avoid MdeModulePkg depending on UefiCpuPkg.
Thoughts?
> > >
> > > The problem I have had to work around in my strict permissions series
> > > (which includes the linked patch) is that there is a window from the
> > > moment DXE core is dispatched until the moment the CPU arch protocol
> > > DXE driver is dispatched where we don't have an architectural means to
> > > manipulate memory permissions.
> > >
> > > So what we'd need here is a library version of the following method
> > >
> > > typedef
> > > EFI_STATUS
> > > (EFIAPI *EFI_CPU_SET_MEMORY_ATTRIBUTES)(
> > > IN EFI_CPU_ARCH_PROTOCOL *This,
> > > IN EFI_PHYSICAL_ADDRESS BaseAddress,
> > > IN UINT64 Length,
> > > IN UINT64 Attributes
> > > );
> >
> > What's your idea here?
> > Besides HandOffToDxeCore(), you require a 2nd lib API as above for
> > early DXE phase before CPU AP is available?
> >
> > Why do we want to combine two APIs into one lib class?
> > If combined, what lib class name do you think is proper to describe the lib
> purpose?
> >
> > It seems to me lacking of CPU AP in early DXE phase is acknowledged by PI
> spec.
> > Having the 2nd API for DXE early phase is like a workaround to fix PI spec
> gap, do you think so?
> >
>
> Perhaps. Maybe the problem here is that there setting memory
> permissions is not part of the PEI CPU arch protocol. It would make
> sense for shadowed PEIMs as well as the DXE core to be mapped with
> strict permissions at dispatch time (if the section alignment permits
> it). For XIP PEIMs, nothing would change, and if PEI executes in place
> from DRAM, the whole FV can be mapped read-only.
>
> Or perhaps this should be a separate PPI altogether, and we could
> define it as one that is callable from DXE core if the CPU arch
> protocol has not been dispatched yet.
>
> I don't really care whether or not we add this to the PI spec tbh
>
> > >
> > > *However*, I am aware that the X86 DXE IPL code deviates from this, as
> > > it needs to build long mode compatible page tables before switching
> > > from IA32 to X64, right?
> >
> > DXEIPL creates long mode page table with following characteristics:
> > * 1:1 mapping to cover the entire memory space
> > * Set the bottom 4K of BSP stack as not-present - prevent stack overflow
> > * Set the entire BSP stack as NX - prevent buffer overflow attack
> > * Set the [0-4k] region as not-present - null protection
> >
> > But it doesn't set DxeCore code region as RO, or data region as NX.
> >
> > I describe the X86 DXEIPL page table behavior as above. Because I hope
> > you could explain a bit more on your thoughts. I don't quite understand
> > your above wordings.
> >
>
> I guess the long mode switch is sufficiently special that it will be
> very hard to define a sane API that covers all of this. OTOH, it seems
> like a missed opportunity to rely on DXE IPL to create all these
> restricted mappings, and invent something completely new just to remap
> the DXE core text and data sections RO / XP. And note that, for arm64,
> this should occur before the code is actually called, since the
> restricted mode we would like to enable for EDK2 does not permit
> memory that is both writable and executable at all.
>
>
>
>
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2023-04-26 6:08 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-24 10:05 [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
2023-04-24 10:05 ` [Patch V3 1/8] MdePkg: Move CpuPageTableLib defination to MdePkg duntan
2023-04-24 10:05 ` [Patch V3 2/8] EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC duntan
2023-04-24 10:05 ` [Patch V3 3/8] IntelFsp2Pkg: " duntan
2023-04-24 10:05 ` [Patch V3 4/8] MdeModulePkg: " duntan
2023-04-24 10:05 ` [Patch V3 5/8] OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file duntan
2023-04-24 10:05 ` [Patch V3 6/8] MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib duntan
2023-04-24 10:05 ` [Patch V3 7/8] MdeModulePkg/DxeIpl: Remove duplicated code to enable NX duntan
2023-04-24 10:05 ` [Patch V3 8/8] MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO duntan
2023-04-24 17:23 ` [edk2-devel] [Patch V3 0/8] Create page table by CpuPageTableLib in DxeIpl Ard Biesheuvel
2023-04-24 17:51 ` Michael D Kinney
2023-04-24 18:07 ` Ard Biesheuvel
2023-04-25 2:45 ` Ni, Ray
2023-04-25 17:11 ` Ard Biesheuvel
2023-04-26 6:08 ` Ni, Ray
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox