From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 97290AC0E30 for ; Fri, 17 May 2024 09:45:15 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=DwM0zEusdDILs1fwvyTqTro6DnS8NpX9fLMUxZnA2Y4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715939113; v=1; b=Y0XJZo0II6HlSnigzwAj6pr7EysPxMhvqsgFA/GnYzA303aWKjGvK6hqexY74tSSg5gTd1SB 5g56YwnCPhvWrPw09SV7OYVtoD9o82aYFNGT0EojOQCKn1t3zeelWG4FtNo5wPzBt19dGKqv1yj TWeJxwnFpLQh4UCBBlvRdCg8nuiicTYAWyqWO6QqbI8kcrHm/MdaGbyIidMOCem46ume63cjvIP iy5ULPYQJPLqAt07f0vUhW6792h3tkryGE0Cb45zeGWciKXoOUhLXlf9zrZlS/2vjdP9X6qfKVs t+Oo8B5AiZnuRulGEsy+nE3K2XDsdfQPBI6rSzp7ZrSQA== X-Received: by 127.0.0.2 with SMTP id dsE3YY7687511xUhwEE8rU1P; Fri, 17 May 2024 02:45:13 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.14]) by mx.groups.io with SMTP id smtpd.web10.35962.1715939112915882996 for ; Fri, 17 May 2024 02:45:13 -0700 X-CSE-ConnectionGUID: T9U5oEdRQ2yK2EZiUFyPWA== X-CSE-MsgGUID: Vr0ue9VWRhO3SCnxeVFd/A== X-IronPort-AV: E=McAfee;i="6600,9927,11074"; a="15932815" X-IronPort-AV: E=Sophos;i="6.08,167,1712646000"; d="scan'208";a="15932815" X-Received: from orviesa003.jf.intel.com ([10.64.159.143]) by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2024 02:45:12 -0700 X-CSE-ConnectionGUID: ftOmF0RBT4KBU4rH8x81lA== X-CSE-MsgGUID: zjUxP2zTQ9i+tSJBR5CzIQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,167,1712646000"; d="scan'208";a="36476842" X-Received: from unknown (HELO shwdeopenlab702.ccr.corp.intel.com) ([10.239.55.43]) by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2024 02:45:09 -0700 From: "duntan" To: devel@edk2.groups.io Cc: Ray Ni , Rahul Kumar , Gerd Hoffmann , Jiaxin Wu , Zhou Jianfeng Subject: [edk2-devel] [PATCH] UefiCpuPkg:fix issue when splitting paging entry Date: Fri, 17 May 2024 17:44:58 +0800 Message-Id: <20240517094458.2068-1-dun.tan@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 17 May 2024 02:45:13 -0700 Resent-From: dun.tan@intel.com Reply-To: devel@edk2.groups.io,dun.tan@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: cyaJ7TkTnM21Ej1OZxmK2fZCx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Y0XJZo0I; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io This patch is to fix issue when splitting leaf paging entry in CpuPageTableLib code. In previous code, before we assign the new child paging structure address to the content of splitted paging entry, PageTableLibSetPnle() is called to make sure the bit7 is set to 0, which indicate the previous leaf entry is changed to non-leaf entry now. There is a gap between we change the bit7 and we assign the new child paging structure address to the content of the splitted paging entry. If the address of code execution or data access happens to be in the range covered by the splitted paging entry, this gap may cause issue. In this patch, we prepare the new paging entry content value in a local variable and assign the value to the splitted paging entry at once. The volatile keyword is used to ensure that no optimization will occur in compilation. Signed-off-by: Dun Tan Cc: Ray Ni Cc: Rahul Kumar Cc: Gerd Hoffmann Cc: Jiaxin Wu Cc: Zhou Jianfeng --- UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c b/UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c index b10a3008e4..bdc411338f 100644 --- a/UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c +++ b/UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c @@ -342,6 +342,7 @@ PageTableLibMapInLevel ( UINT64 PhysicalAddrInAttr; IA32_PAGING_ENTRY OriginalParentPagingEntry; IA32_PAGING_ENTRY OriginalCurrentPagingEntry; + IA32_PAGING_ENTRY TempPagingEntry; ASSERT (Level != 0); ASSERT ((Attribute != NULL) && (Mask != NULL)); @@ -359,6 +360,8 @@ PageTableLibMapInLevel ( OriginalParentPagingEntry.Uint64 = ParentPagingEntry->Uint64; OneOfPagingEntry.Uint64 = 0; + TempPagingEntry.Uint64 = 0; + // // RegionLength: 256T (1 << 48) 512G (1 << 39), 1G (1 << 30), 2M (1 << 21) or 4K (1 << 12). // @@ -441,8 +444,10 @@ PageTableLibMapInLevel ( // Non-leaf entry doesn't have PAT bit. So use ~IA32_PE_BASE_ADDRESS_MASK_40 is to make sure PAT bit // (bit12) in original big-leaf entry is not assigned to PageTableBaseAddress field of non-leaf entry. // - PageTableLibSetPnle (&ParentPagingEntry->Pnle, &NopAttribute, &AllOneMask); - ParentPagingEntry->Uint64 = ((UINTN)(VOID *)PagingEntry) | (ParentPagingEntry->Uint64 & (~IA32_PE_BASE_ADDRESS_MASK_40)); + TempPagingEntry.Uint64 = ParentPagingEntry->Uint64; + PageTableLibSetPnle (&TempPagingEntry.Pnle, &NopAttribute, &AllOneMask); + TempPagingEntry.Uint64 = ((UINTN)(VOID *)PagingEntry) | (TempPagingEntry.Uint64 & (~IA32_PE_BASE_ADDRESS_MASK_40)); + *(volatile UINT64 *)&(ParentPagingEntry->Uint64) = TempPagingEntry.Uint64; } } else { // -- 2.31.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118996): https://edk2.groups.io/g/devel/message/118996 Mute This Topic: https://groups.io/mt/106150750/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-