From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.3428.1576133647226747891 for ; Wed, 11 Dec 2019 22:54:07 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: ray.ni@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2019 22:54:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,304,1571727600"; d="scan'208";a="211008780" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga008.fm.intel.com with ESMTP; 11 Dec 2019 22:54:00 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 11 Dec 2019 22:53:59 -0800 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.90]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.222]) with mapi id 14.03.0439.000; Thu, 12 Dec 2019 14:53:57 +0800 From: "Ni, Ray" To: "devel@edk2.groups.io" , "thomas.lendacky@amd.com" CC: "Justen, Jordan L" , Laszlo Ersek , Ard Biesheuvel , "Kinney, Michael D" , "Gao, Liming" , "Dong, Eric" , Brijesh Singh , "Wang, Jian J" , "Wu, Hao A" , "Bi, Dandan" Subject: Re: [edk2-devel] [RFC PATCH v3 04/43] MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables Thread-Topic: [edk2-devel] [RFC PATCH v3 04/43] MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables Thread-Index: AQHVn94m/hbvSL3D7UWAcpgzTG5/Hqe2Kz4A Date: Thu, 12 Dec 2019 06:53:57 +0000 Message-ID: <734D49CCEBEEF84792F5B80ED585239D5C399A24@SHSMSX104.ccr.corp.intel.com> References: In-Reply-To: Accept-Language: en-US, zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZWI5YTZkYTctNWMwMi00MWVlLWFlYjQtODE1Y2IxMjIyMmU4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiXC9FNTlZaXN3NjBQVDUyekFkWHdRNVdPN3RzRTJoSlwvZ2g5ODdHalYrTDFtejBSbUhOb3o4Zm51bU5vN0JuS3RwIn0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: ray.ni@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Tom, When are GHCP pages are allocated? Can DxeIpl gets the address by reading = the GHCB MSR? Can the GHCB PCD be eliminated by updating all GHCB address consumer to re= ad the GHCB MSR? Thanks, Ray > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Lendacky,= Thomas > Sent: Thursday, November 21, 2019 4:06 AM > To: devel@edk2.groups.io > Cc: Justen, Jordan L ; Laszlo Ersek ; Ard Biesheuvel > ; Kinney, Michael D ; Gao, Liming ; Dong, > Eric ; Ni, Ray ; Brijesh Singh ; Wang, Jian J > ; Wu, Hao A ; Bi, Dandan > Subject: [edk2-devel] [RFC PATCH v3 04/43] MdeModulePkg/DxeIplPeim: Supp= ort GHCB pages when creating page tables >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2198 >=20 > GHCB pages must be mapped as shared pages, so modify the process of > creating identity mapped pagetable entries so that GHCB entries are > created without the encryption bit set. >=20 > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Dandan Bi > Cc: Liming Gao > Signed-off-by: Tom Lendacky > --- > MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 2 + > .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 ++++- > .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +- > .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 ++++- > .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 ++++++++++++++----- > 5 files changed, 62 insertions(+), 16 deletions(-) >=20 > diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core= /DxeIplPeim/DxeIpl.inf > index 98bc17fc9d1f..5e6b78e295e6 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf > @@ -111,6 +111,8 @@ [Pcd.IA32,Pcd.X64] > gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask = ## CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard = ## CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable = ## SOMETIMES_CONSUMES > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase = ## CONSUMES > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize = ## CONSUMES >=20 > [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] > gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOME= TIMES_CONSUMES > diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h > b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h > index 2d0493f109e8..6b7c38a441d6 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h > +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h > @@ -201,6 +201,8 @@ EnableExecuteDisableBit ( > @param[in, out] PageEntry2M Pointer to 2M page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. >=20 > **/ > VOID > @@ -208,7 +210,9 @@ Split2MPageTo4K ( > IN EFI_PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry2M, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ); >=20 > /** > @@ -217,6 +221,8 @@ Split2MPageTo4K ( >=20 > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. >=20 > @return The address of 4 level page map. >=20 > @@ -224,7 +230,9 @@ Split2MPageTo4K ( > UINTN > CreateIdentityMappingPageTables ( > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbkSize > ); >=20 >=20 > diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModule= Pkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c > index 6e8ca824d469..284b34818ca7 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c > +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c > @@ -123,7 +123,7 @@ Create4GPageTablesIa32Pae ( > // > // Need to split this 2M page that covers stack range. > // > - Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry= , StackBase, StackSize); > + Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry= , StackBase, StackSize, 0, 0); > } else { > // > // Fill in the Page Directory entries > @@ -282,7 +282,7 @@ HandOffToDxeCore ( > // > // Create page table and save PageMapLevel4 to CR3 > // > - PageTables =3D CreateIdentityMappingPageTables (BaseOfStack, STACK_= SIZE); > + PageTables =3D CreateIdentityMappingPageTables (BaseOfStack, STACK_= SIZE, 0, 0); >=20 > // > // End of PEI phase signal > diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModuleP= kg/Core/DxeIplPeim/X64/DxeLoadFunc.c > index f465eb1d8ac4..156a477d8467 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c > +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c > @@ -35,6 +35,8 @@ HandOffToDxeCore ( > UINT32 Index; > EFI_VECTOR_HANDOFF_INFO *VectorInfo; > EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; > + VOID *GhcbBase; > + UINTN GhcbSize; >=20 > // > // Clear page 0 and mark it as allocated if NULL pointer detection is= enabled. > @@ -81,12 +83,19 @@ HandOffToDxeCore ( > TopOfStack =3D (VOID *) ((UINTN) BaseOfStack + EFI_SIZE_TO_PAGES (STA= CK_SIZE) * EFI_PAGE_SIZE - > CPU_STACK_ALIGNMENT); > TopOfStack =3D ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); >=20 > + // > + // Get the address and size of the GHCB pages > + // > + GhcbBase =3D (VOID *) PcdGet64 (PcdGhcbBase); > + GhcbSize =3D PcdGet64 (PcdGhcbSize); > + > PageTables =3D 0; > if (FeaturePcdGet (PcdDxeIplBuildPageTables)) { > // > // Create page table and save PageMapLevel4 to CR3 > // > - PageTables =3D CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRE= SS) (UINTN) BaseOfStack, STACK_SIZE); > + PageTables =3D CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRE= SS) (UINTN) BaseOfStack, STACK_SIZE, > + (EFI_PHYSICAL_ADDRESS= ) (UINTN) GhcbBase, GhcbSize); > } else { > // > // Set NX for stack feature also require PcdDxeIplBuildPageTables b= e TRUE > diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > index 516cf908bc88..32a81d1f3c21 100644 > --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c > @@ -181,6 +181,8 @@ EnableExecuteDisableBit ( > @param Size Size of the given physical memory. > @param StackBase Base address of stack. > @param StackSize Size of stack. > + @param GhcbBase Base address of GHCB pages. > + @param GhcbSize Size of GHCB area. >=20 > @retval TRUE Page table should be split. > @retval FALSE Page table should not be split. > @@ -190,7 +192,9 @@ ToSplitPageTable ( > IN EFI_PHYSICAL_ADDRESS Address, > IN UINTN Size, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > if (IsNullDetectionEnabled () && Address =3D=3D 0) { > @@ -209,6 +213,12 @@ ToSplitPageTable ( > } > } >=20 > + if (GhcbBase) { > + if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase= )) { > + return TRUE; > + } > + } > + > return FALSE; > } > /** > @@ -322,6 +332,8 @@ AllocatePageTableMemory ( > @param[in, out] PageEntry2M Pointer to 2M page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. >=20 > **/ > VOID > @@ -329,7 +341,9 @@ Split2MPageTo4K ( > IN EFI_PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry2M, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > EFI_PHYSICAL_ADDRESS PhysicalAddress4K; > @@ -355,7 +369,12 @@ Split2MPageTo4K ( > // > // Fill in the Page Table entries > // > - PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncM= ask; > + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K; > + if (!GhcbBase > + || (PhysicalAddress4K < GhcbBase) > + || (PhysicalAddress4K >=3D GhcbBase + GhcbSize)) { > + PageTableEntry->Uint64 |=3D AddressEncMask; > + } > PageTableEntry->Bits.ReadWrite =3D 1; >=20 > if ((IsNullDetectionEnabled () && PhysicalAddress4K =3D=3D 0) || > @@ -383,6 +402,8 @@ Split2MPageTo4K ( > @param[in, out] PageEntry1G Pointer to 1G page entry. > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB page area base address. > + @param[in] GhcbSize GHCB page area size. >=20 > **/ > VOID > @@ -390,7 +411,9 @@ Split1GPageTo2M ( > IN EFI_PHYSICAL_ADDRESS PhysicalAddress, > IN OUT UINT64 *PageEntry1G, > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > EFI_PHYSICAL_ADDRESS PhysicalAddress2M; > @@ -413,11 +436,11 @@ Split1GPageTo2M ( >=20 > PhysicalAddress2M =3D PhysicalAddress; > for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries <= 512; IndexOfPageDirectoryEntries++, > PageDirectoryEntry++, PhysicalAddress2M +=3D SIZE_2MB) { > - if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, Stack= Size)) { > + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, Stack= Size, GhcbBase, GhcbSize)) { > // > // Need to split this 2M page that covers NULL or stack range. > // > - Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry= , StackBase, StackSize); > + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry= , StackBase, StackSize, GhcbBase, GhcbSize); > } else { > // > // Fill in the Page Directory entries > @@ -616,6 +639,8 @@ EnablePageTableProtection ( >=20 > @param[in] StackBase Stack base address. > @param[in] StackSize Stack size. > + @param[in] GhcbBase GHCB base address. > + @param[in] GhcbSize GHCB size. >=20 > @return The address of 4 level page map. >=20 > @@ -623,7 +648,9 @@ EnablePageTableProtection ( > UINTN > CreateIdentityMappingPageTables ( > IN EFI_PHYSICAL_ADDRESS StackBase, > - IN UINTN StackSize > + IN UINTN StackSize, > + IN EFI_PHYSICAL_ADDRESS GhcbBase, > + IN UINTN GhcbSize > ) > { > UINT32 RegEax; > @@ -809,8 +836,8 @@ CreateIdentityMappingPageTables ( > PageDirectory1GEntry =3D (VOID *) PageDirectoryPointerEntry; >=20 > for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEnt= ries < 512; IndexOfPageDirectoryEntries++, > PageDirectory1GEntry++, PageAddress +=3D SIZE_1GB) { > - if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, Stack= Size)) { > - Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEnt= ry, StackBase, StackSize); > + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, Stack= Size, GhcbBase, GhcbSize)) { > + Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEnt= ry, StackBase, StackSize, GhcbBase, GhcbSize); > } else { > // > // Fill in the Page Directory entries > @@ -840,11 +867,11 @@ CreateIdentityMappingPageTables ( > PageDirectoryPointerEntry->Bits.Present =3D 1; >=20 > for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryE= ntries < 512; IndexOfPageDirectoryEntries++, > PageDirectoryEntry++, PageAddress +=3D SIZE_2MB) { > - if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, Sta= ckSize)) { > + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, Sta= ckSize, GhcbBase, GhcbSize)) { > // > // Need to split this 2M page that covers NULL or stack r= ange. > // > - Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEnt= ry, StackBase, StackSize); > + Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEnt= ry, StackBase, StackSize, GhcbBase, GhcbSize); > } else { > // > // Fill in the Page Directory entries > -- > 2.17.1 >=20 >=20 >=20