From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 91F85740032 for ; Thu, 7 Dec 2023 02:39:56 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=PWdIa8aDKtlqmN46DVo9rZXWHLXUj0MgnOPOApA71Tc=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1701916795; v=1; b=mV0fs9tQ9gt+2N2lxgw1mUuSoNyvEH5UokAtkKmhEqEywQusAJzoePSzQ6oYd3yCjXP9CBwC 3lSn6gZOu3VkBC6IhkvdLpd03BuT5/nMB72hs2AP9xtSjdiFDmIX8qYJAYHHgPz1zvC4KRPHR+l nzJZLBUhznpM79wvzFXe0zvw= X-Received: by 127.0.0.2 with SMTP id a0U6YY7687511xjYrgIj1Z4c; Wed, 06 Dec 2023 18:39:55 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.74523.1701916794619506740 for ; Wed, 06 Dec 2023 18:39:54 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10916"; a="425314659" X-IronPort-AV: E=Sophos;i="6.04,256,1695711600"; d="scan'208";a="425314659" X-Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Dec 2023 18:39:54 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10916"; a="915402444" X-IronPort-AV: E=Sophos;i="6.04,256,1695711600"; d="scan'208";a="915402444" X-Received: from shwdesfp01.ccr.corp.intel.com ([10.239.158.151]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Dec 2023 18:39:51 -0800 From: "Zhiguang Liu" To: devel@edk2.groups.io Cc: Zhiguang Liu , Liming Gao , Jiaxin Wu , Ray Ni , Guo Dong , Sean Rhodes , James Lu , Gua Guo Subject: [edk2-devel] [PATCH 2/2] UefiPayloadPkg/UefiPayloadEntry: Add 5 level paging support Date: Thu, 7 Dec 2023 10:39:46 +0800 Message-Id: <20231207023946.1055-1-zhiguang.liu@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,zhiguang.liu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: eio4s9u857x3I9tN4C2BzZnox7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=mV0fs9tQ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Add 5 level paging support when set the page table memory range as RO to protect page table. Cc: Liming Gao Cc: Jiaxin Wu Cc: Ray Ni Cc: Guo Dong Cc: Sean Rhodes Cc: James Lu Cc: Gua Guo Signed-off-by: Zhiguang Liu --- .../UefiPayloadEntry/Ia32/DxeLoadFunc.c | 2 +- .../UefiPayloadEntry/X64/VirtualMemory.c | 23 ++++++++++++------- .../UefiPayloadEntry/X64/VirtualMemory.h | 5 +++- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c index 61a9f01ec9..4912298109 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c +++ b/UefiPayloadPkg/UefiPayloadEntry/Ia32/DxeLoadFunc.c @@ -174,7 +174,7 @@ Create4GPageTablesIa32Pae ( // Protect the page table by marking the memory used for page table to be // read-only. // - EnablePageTableProtection ((UINTN)PageMap, FALSE); + EnablePageTableProtection ((UINTN)PageMap, FALSE, FALSE); return (UINTN)PageMap; } diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c index 1899404b24..8401eba83d 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c +++ b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.c @@ -482,13 +482,15 @@ Split1GPageTo2M ( @param[in] PageTableBase Base address of page table (CR3). @param[in] Address Start address of a page to be set as read-only. @param[in] Level4Paging Level 4 paging flag. + @param[in] Level5Paging Level 5 paging flag. **/ VOID SetPageTablePoolReadOnly ( IN UINTN PageTableBase, IN EFI_PHYSICAL_ADDRESS Address, - IN BOOLEAN Level4Paging + IN BOOLEAN Level4Paging, + IN BOOLEAN Level5Paging ) { UINTN Index; @@ -498,9 +500,9 @@ SetPageTablePoolReadOnly ( UINT64 *PageTable; UINT64 *NewPageTable; UINT64 PageAttr; - UINT64 LevelSize[5]; - UINT64 LevelMask[5]; - UINTN LevelShift[5]; + UINT64 LevelSize[6]; + UINT64 LevelMask[6]; + UINTN LevelShift[6]; UINTN Level; UINT64 PoolUnitSize; @@ -517,23 +519,26 @@ SetPageTablePoolReadOnly ( LevelShift[2] = PAGING_L2_ADDRESS_SHIFT; LevelShift[3] = PAGING_L3_ADDRESS_SHIFT; LevelShift[4] = PAGING_L4_ADDRESS_SHIFT; + LevelShift[5] = PAGING_L5_ADDRESS_SHIFT; LevelMask[1] = PAGING_4K_ADDRESS_MASK_64; LevelMask[2] = PAGING_2M_ADDRESS_MASK_64; LevelMask[3] = PAGING_1G_ADDRESS_MASK_64; LevelMask[4] = PAGING_1G_ADDRESS_MASK_64; + LevelMask[5] = 0; LevelSize[1] = SIZE_4KB; LevelSize[2] = SIZE_2MB; LevelSize[3] = SIZE_1GB; LevelSize[4] = SIZE_512GB; + LevelSize[5] = SIZE_256TB; AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) & PAGING_1G_ADDRESS_MASK_64; PageTable = (UINT64 *)(UINTN)PageTableBase; PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE; - for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) { + for (Level = Level5Paging ? 5 : (Level4Paging ? 4 : 3); Level > 0; --Level) { Index = ((UINTN)RShiftU64 (Address, LevelShift[Level])); Index &= PAGING_PAE_INDEX_MASK; @@ -604,12 +609,14 @@ SetPageTablePoolReadOnly ( @param[in] PageTableBase Base address of page table (CR3). @param[in] Level4Paging Level 4 paging flag. + @param[in] Level5Paging Level 5 paging flag. **/ VOID EnablePageTableProtection ( IN UINTN PageTableBase, - IN BOOLEAN Level4Paging + IN BOOLEAN Level4Paging, + IN BOOLEAN Level5Paging ) { PAGE_TABLE_POOL *HeadPool; @@ -638,7 +645,7 @@ EnablePageTableProtection ( // protection to them one by one. // while (PoolSize > 0) { - SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging); + SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging, Level5Paging); Address += PAGE_TABLE_POOL_UNIT_SIZE; PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE; } @@ -933,7 +940,7 @@ CreateIdentityMappingPageTables ( // Protect the page table by marking the memory used for page table to be // read-only. // - EnablePageTableProtection ((UINTN)PageMap, TRUE); + EnablePageTableProtection ((UINTN)PageMap, !Enable5LevelPaging, Enable5LevelPaging); // // Set IA32_EFER.NXE if necessary. diff --git a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h index 616ebe42b0..f2a5cbec33 100644 --- a/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h +++ b/UefiPayloadPkg/UefiPayloadEntry/X64/VirtualMemory.h @@ -157,6 +157,7 @@ typedef union { #define PAGING_L2_ADDRESS_SHIFT 21 #define PAGING_L3_ADDRESS_SHIFT 30 #define PAGING_L4_ADDRESS_SHIFT 39 +#define PAGING_L5_ADDRESS_SHIFT 48 #define PAGING_PML4E_NUMBER 4 @@ -294,12 +295,14 @@ IsNullDetectionEnabled ( @param[in] PageTableBase Base address of page table (CR3). @param[in] Level4Paging Level 4 paging flag. + @param[in] Level5Paging Level 5 paging flag. **/ VOID EnablePageTableProtection ( IN UINTN PageTableBase, - IN BOOLEAN Level4Paging + IN BOOLEAN Level4Paging, + IN BOOLEAN Level5Paging ); /** -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#112153): https://edk2.groups.io/g/devel/message/112153 Mute This Topic: https://groups.io/mt/103027561/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-