From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 784E3940F93 for ; Thu, 7 Dec 2023 02:39:29 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=beSs+mNrRS/ZS+mF5I70HHhe9RwFWSqAkEsetv4XpaY=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1701916768; v=1; b=GSoZ5SJ96USNVQMvUWPuUEYyTmDCavEt8rOiZrMrFfU4c0/mYr5WwdaXhqUmvj7YFEUojVI9 u4MseNKcVEU/ddwCoPNrH50KkukeGiJAKIzYKyf42draHTVekm+KkT4hAf7RxKMZHGIvlr5HtHd 9GvZQoHxG1BESKJul/pQXuqM= X-Received: by 127.0.0.2 with SMTP id bl1eYY7687511x4mmDWeQFae; Wed, 06 Dec 2023 18:39:28 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.74869.1701916767160710926 for ; Wed, 06 Dec 2023 18:39:27 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10916"; a="384564642" X-IronPort-AV: E=Sophos;i="6.04,256,1695711600"; d="scan'208";a="384564642" X-Received: from orviesa002.jf.intel.com ([10.64.159.142]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Dec 2023 18:39:25 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.04,256,1695711600"; d="scan'208";a="12944491" X-Received: from shwdesfp01.ccr.corp.intel.com ([10.239.158.151]) by orviesa002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Dec 2023 18:39:24 -0800 From: "Zhiguang Liu" To: devel@edk2.groups.io Cc: Zhiguang Liu , Liming Gao , Jiaxin Wu , Ray Ni , Guo Dong , Sean Rhodes , James Lu , Gua Guo Subject: [edk2-devel] [PATCH 1/2] MdeModulePkg/DxeIpl: Add 5 level paging support Date: Thu, 7 Dec 2023 10:39:18 +0800 Message-Id: <20231207023918.799-1-zhiguang.liu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhiguang.liu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: dQC54hGE34hyEVdSD7CT2MJqx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=GSoZ5SJ9; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Add 5 level paging support when set the page table memory range as RO to protect page table. Cc: Liming Gao Cc: Jiaxin Wu Cc: Ray Ni Cc: Guo Dong Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: Zhiguang Liu --- .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 2 +- .../Core/DxeIplPeim/X64/VirtualMemory.c | 23 ++++++++++++------- .../Core/DxeIplPeim/X64/VirtualMemory.h | 5 +++- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c index 65e9bdc99e..ba871dafc7 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c @@ -166,7 +166,7 @@ Create4GPageTablesIa32Pae ( // Protect the page table by marking the memory used for page table to be // read-only. // - EnablePageTableProtection ((UINTN)PageMap, FALSE); + EnablePageTableProtection ((UINTN)PageMap, FALSE, FALSE); return (UINTN)PageMap; } diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c index 980c2002d4..1c2e29b132 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -486,13 +486,15 @@ Split1GPageTo2M ( @param[in] PageTableBase Base address of page table (CR3). @param[in] Address Start address of a page to be set as read-only. @param[in] Level4Paging Level 4 paging flag. + @param[in] Level5Paging Level 5 paging flag. **/ VOID SetPageTablePoolReadOnly ( IN UINTN PageTableBase, IN EFI_PHYSICAL_ADDRESS Address, - IN BOOLEAN Level4Paging + IN BOOLEAN Level4Paging, + IN BOOLEAN Level5Paging ) { UINTN Index; @@ -502,9 +504,9 @@ SetPageTablePoolReadOnly ( UINT64 *PageTable; UINT64 *NewPageTable; UINT64 PageAttr; - UINT64 LevelSize[5]; - UINT64 LevelMask[5]; - UINTN LevelShift[5]; + UINT64 LevelSize[6]; + UINT64 LevelMask[6]; + UINTN LevelShift[6]; UINTN Level; UINT64 PoolUnitSize; @@ -521,23 +523,26 @@ SetPageTablePoolReadOnly ( LevelShift[2] = PAGING_L2_ADDRESS_SHIFT; LevelShift[3] = PAGING_L3_ADDRESS_SHIFT; LevelShift[4] = PAGING_L4_ADDRESS_SHIFT; + LevelShift[5] = PAGING_L5_ADDRESS_SHIFT; LevelMask[1] = PAGING_4K_ADDRESS_MASK_64; LevelMask[2] = PAGING_2M_ADDRESS_MASK_64; LevelMask[3] = PAGING_1G_ADDRESS_MASK_64; LevelMask[4] = PAGING_1G_ADDRESS_MASK_64; + LevelMask[5] = 0; LevelSize[1] = SIZE_4KB; LevelSize[2] = SIZE_2MB; LevelSize[3] = SIZE_1GB; LevelSize[4] = SIZE_512GB; + LevelSize[5] = SIZE_256TB; AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64; PageTable = (UINT64 *)(UINTN)PageTableBase; PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE; - for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) { + for (Level = Level5Paging ? 5 : (Level4Paging ? 4 : 3); Level > 0; --Level) { Index = ((UINTN)RShiftU64 (Address, LevelShift[Level])); Index &= PAGING_PAE_INDEX_MASK; @@ -608,12 +613,14 @@ SetPageTablePoolReadOnly ( @param[in] PageTableBase Base address of page table (CR3). @param[in] Level4Paging Level 4 paging flag. + @param[in] Level5Paging Level 5 paging flag. **/ VOID EnablePageTableProtection ( IN UINTN PageTableBase, - IN BOOLEAN Level4Paging + IN BOOLEAN Level4Paging, + IN BOOLEAN Level5Paging ) { PAGE_TABLE_POOL *HeadPool; @@ -642,7 +649,7 @@ EnablePageTableProtection ( // protection to them one by one. // while (PoolSize > 0) { - SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging); + SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging, Level5Paging); Address += PAGE_TABLE_POOL_UNIT_SIZE; PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE; } @@ -959,7 +966,7 @@ CreateIdentityMappingPageTables ( // Protect the page table by marking the memory used for page table to be // read-only. // - EnablePageTableProtection ((UINTN)PageMap, TRUE); + EnablePageTableProtection ((UINTN)PageMap, !Page5LevelSupport, Page5LevelSupport); // // Set IA32_EFER.NXE if necessary. diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h index 616ebe42b0..f2a5cbec33 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h @@ -157,6 +157,7 @@ typedef union { #define PAGING_L2_ADDRESS_SHIFT 21 #define PAGING_L3_ADDRESS_SHIFT 30 #define PAGING_L4_ADDRESS_SHIFT 39 +#define PAGING_L5_ADDRESS_SHIFT 48 #define PAGING_PML4E_NUMBER 4 @@ -294,12 +295,14 @@ IsNullDetectionEnabled ( @param[in] PageTableBase Base address of page table (CR3). @param[in] Level4Paging Level 4 paging flag. + @param[in] Level5Paging Level 5 paging flag. **/ VOID EnablePageTableProtection ( IN UINTN PageTableBase, - IN BOOLEAN Level4Paging + IN BOOLEAN Level4Paging, + IN BOOLEAN Level5Paging ); /** -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112152): https://edk2.groups.io/g/devel/message/112152 Mute This Topic: https://groups.io/mt/103027553/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-