From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.86]) by mx.groups.io with SMTP id smtpd.web09.1685.1580857326836339527 for ; Tue, 04 Feb 2020 15:02:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=TPzZURvd; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.92.86, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j2X572ViYBV8j4I3CSv3w7FShM13vXmKmrrbOiRVM2dilZAqlos7Wy51lFGzJF3PJCAgLju8XVqkz6gHYhdUoEPG51/GUU1iHbmZpPhY0tdt3JMr5D6BTkk4i2Q5dD4tdBOMjKzChtqtfJ725No35llk3JYxvbc40zNgVuJELGTJvUoh3U6trFOQzgcscc821znsx1lmOUKlxLGB44sp0CaDxH8XzfxbDNfFWq4F0WIYRJRMD6jlaGob6RDRlShGT0OkBtq5/yLCJ0lMvU1O5W3gqXEmBKcImesTRKA4mwMgH+vALNN7qY/DdIQIqr7Omux8hyFWpYiC8vdAak7mxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yezQhckrMZQ1AswvFMcMcVc3R0jz1u2cCwDS6NLj0nk=; b=Ugx+zk03+vDwSOZV6GTDzlkq9zuKFFO+wcAFSnc/41DxyQkyYGsplDziZO0GvcuAgQG0VWFJxAVWY6fOHQEIBDKoF3c4OHiN1nki+7Ndstwr4ajUDGhn1sNh6981HsWGqr01jaxa+yB4zq0A0lEZYlwyWM0IKwVtYrVcdvvp5sj9mQKKIPXPJjKX1QvzPWg6uTqDq33qs1+vmP68WfX9E8J7ITbFJZWbmDS/w5E0ucW8i9BIr/9sXNrtcnxelS8zDCfKUMQsRzslaAXQo2+kMs6MYVzBsJFYVTffcJAGWB4JH/Ie2FISVa1wg/BsxW8tj4wruYenZAZScfivZIfKyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yezQhckrMZQ1AswvFMcMcVc3R0jz1u2cCwDS6NLj0nk=; b=TPzZURvds2mnrYSqK6sHXvYuFH6AUq2+6X/WjcoPgDZzhPtbPdyO4NWLTwpMXaqp4V+k01jsZomoEJPMljbaYcik9V8DcmYN5EXfOyzqmMHTNwkyTC5TJWyGIRfgNMLLnMxkfV/8syAUyX4mCUrRyNDM0/cNg2yVOSblzjRimVs= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from DM6PR12MB3163.namprd12.prod.outlook.com (20.179.71.154) by DM6PR12MB3930.namprd12.prod.outlook.com (10.255.174.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.29; Tue, 4 Feb 2020 23:02:04 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::a0cd:463:f444:c270]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::a0cd:463:f444:c270%7]) with mapi id 15.20.2707.020; Tue, 4 Feb 2020 23:02:04 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Jian J Wang , Hao A Wu , Dandan Bi Subject: [PATCH v4 04/40] MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables Date: Tue, 4 Feb 2020 17:01:08 -0600 Message-Id: <83ebcd61855d83ba70c7ffb2f11c351826cc17a2.1580857303.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: SN6PR16CA0062.namprd16.prod.outlook.com (2603:10b6:805:ca::39) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR16CA0062.namprd16.prod.outlook.com (2603:10b6:805:ca::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.32 via Frontend Transport; Tue, 4 Feb 2020 23:02:03 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9b998ab4-ca18-4284-b12e-08d7a9c6404c X-MS-TrafficTypeDiagnostic: DM6PR12MB3930:|DM6PR12MB3930: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-Forefront-PRVS: 03030B9493 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(366004)(376002)(136003)(396003)(346002)(199004)(189003)(4326008)(478600001)(6916009)(81156014)(2616005)(956004)(81166006)(8676002)(966005)(316002)(54906003)(19627235002)(2906002)(6486002)(66476007)(66556008)(30864003)(7416002)(52116002)(7696005)(186003)(26005)(16526019)(5660300002)(86362001)(36756003)(66946007)(8936002);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3930;H:DM6PR12MB3163.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DZF1jPldDBRM1ogXvcFRlIHSPu0YjGNItam40NaTw+n+dtIdvFiw/qhUSJKJnKJw4gHrqy4eAxakZ/Ed8DVjYubY52GtBDzF0+it0xubr9OnPOUGULU+ANRnAel4KSv7NsURo9PtL8U7P7rZRdaaWUAAMhD63qxYG7IOhw0QoQj75ZGXkRanxlh8Ii4SkA6ECmMY/5p4ExvsJ2G09fYfmE3/3DgObPIyYJj7XMZRVGxqZRafPJf4wrfWdnMOcdTiVRSGBCPIkcHUPF8ZFjhTHkyCTJFAORAcpPEhn6Hl28At6mzwteiVqCscVsbnh5MACsOKIbFcfwvztkxqjv3MEPubV47xwEkhYNE3uRcxNuSFY54vWOwpv5Trr/YHaRstNU7M8NE0bY9UFPbw1x0sS0KbR0CJ0xhQRCVn6hIA3ahr2bzker9MGUidXOdSZjgmfM50St8Wcx/y3msHtspn5p2aqos5MVQDj/k1n42f+9M4GCaAcZqdVKg8/WW4Psz7FC6Jo3r7flgujpZgn+SJgA== X-MS-Exchange-AntiSpam-MessageData: Qc7qR5QWn7ORHpQh2vLzfivnfG7rLwScbq3GB+8IMKhWT8oT6hH8tf4GvnDgw7iBTsVvmpp/1vsntv5B9Ik1mJZkYdO/9AjsTRxkBW81iFViI8f8TPiJgjgye9br0CFdJgI7zBv2iF57pnrvyUCaIA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9b998ab4-ca18-4284-b12e-08d7a9c6404c X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Feb 2020 23:02:04.6109 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1OqznCbeUtIkQvOHpWW8uJnuJkRVTRmCvQ+ko0A0I5TBKkOXXcCf1+hObjhc6O7MFDHhQIyOwFUCDJoFBrP4KQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3930 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 GHCB pages must be mapped as shared pages, so modify the process of creating identity mapped pagetable entries so that GHCB entries are created without the encryption bit set. Cc: Jian J Wang Cc: Hao A Wu Cc: Dandan Bi Cc: Liming Gao Signed-off-by: Tom Lendacky --- MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 2 + .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 ++++- .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +- .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 ++++- .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 ++++++++++++++----- 5 files changed, 62 insertions(+), 16 deletions(-) diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf index 98bc17fc9d1f..5e6b78e295e6 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -111,6 +111,8 @@ [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdUse5LevelPageTable ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize ## CONSUMES [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIMES_CONSUMES diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h index 2d0493f109e8..6b7c38a441d6 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h @@ -201,6 +201,8 @@ EnableExecuteDisableBit ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. **/ VOID @@ -208,7 +210,9 @@ Split2MPageTo4K ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ); /** @@ -217,6 +221,8 @@ Split2MPageTo4K ( @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. @return The address of 4 level page map. @@ -224,7 +230,9 @@ Split2MPageTo4K ( UINTN CreateIdentityMappingPageTables ( IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbkSize ); diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c index 6e8ca824d469..284b34818ca7 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c @@ -123,7 +123,7 @@ Create4GPageTablesIa32Pae ( // // Need to split this 2M page that covers stack range. // - Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize); + Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, 0, 0); } else { // // Fill in the Page Directory entries @@ -282,7 +282,7 @@ HandOffToDxeCore ( // // Create page table and save PageMapLevel4 to CR3 // - PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE); + PageTables = CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZE, 0, 0); // // End of PEI phase signal diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c index f465eb1d8ac4..156a477d8467 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c @@ -35,6 +35,8 @@ HandOffToDxeCore ( UINT32 Index; EFI_VECTOR_HANDOFF_INFO *VectorInfo; EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; + VOID *GhcbBase; + UINTN GhcbSize; // // Clear page 0 and mark it as allocated if NULL pointer detection is enabled. @@ -81,12 +83,19 @@ HandOffToDxeCore ( TopOfStack = (VOID *) ((UINTN) BaseOfStack + EFI_SIZE_TO_PAGES (STACK_SIZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); TopOfStack = ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); + // + // Get the address and size of the GHCB pages + // + GhcbBase = (VOID *) PcdGet64 (PcdGhcbBase); + GhcbSize = PcdGet64 (PcdGhcbSize); + PageTables = 0; if (FeaturePcdGet (PcdDxeIplBuildPageTables)) { // // Create page table and save PageMapLevel4 to CR3 // - PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (UINTN) BaseOfStack, STACK_SIZE); + PageTables = CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS) (UINTN) BaseOfStack, STACK_SIZE, + (EFI_PHYSICAL_ADDRESS) (UINTN) GhcbBase, GhcbSize); } else { // // Set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c index 516cf908bc88..32a81d1f3c21 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -181,6 +181,8 @@ EnableExecuteDisableBit ( @param Size Size of the given physical memory. @param StackBase Base address of stack. @param StackSize Size of stack. + @param GhcbBase Base address of GHCB pages. + @param GhcbSize Size of GHCB area. @retval TRUE Page table should be split. @retval FALSE Page table should not be split. @@ -190,7 +192,9 @@ ToSplitPageTable ( IN EFI_PHYSICAL_ADDRESS Address, IN UINTN Size, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { if (IsNullDetectionEnabled () && Address == 0) { @@ -209,6 +213,12 @@ ToSplitPageTable ( } } + if (GhcbBase) { + if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase)) { + return TRUE; + } + } + return FALSE; } /** @@ -322,6 +332,8 @@ AllocatePageTableMemory ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. **/ VOID @@ -329,7 +341,9 @@ Split2MPageTo4K ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { EFI_PHYSICAL_ADDRESS PhysicalAddress4K; @@ -355,7 +369,12 @@ Split2MPageTo4K ( // // Fill in the Page Table entries // - PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask; + PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K; + if (!GhcbBase + || (PhysicalAddress4K < GhcbBase) + || (PhysicalAddress4K >= GhcbBase + GhcbSize)) { + PageTableEntry->Uint64 |= AddressEncMask; + } PageTableEntry->Bits.ReadWrite = 1; if ((IsNullDetectionEnabled () && PhysicalAddress4K == 0) || @@ -383,6 +402,8 @@ Split2MPageTo4K ( @param[in, out] PageEntry1G Pointer to 1G page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. **/ VOID @@ -390,7 +411,9 @@ Split1GPageTo2M ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry1G, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { EFI_PHYSICAL_ADDRESS PhysicalAddress2M; @@ -413,11 +436,11 @@ Split1GPageTo2M ( PhysicalAddress2M = PhysicalAddress; for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) { - if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize)) { + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) { // // Need to split this 2M page that covers NULL or stack range. // - Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize); + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries @@ -616,6 +639,8 @@ EnablePageTableProtection ( @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB base address. + @param[in] GhcbSize GHCB size. @return The address of 4 level page map. @@ -623,7 +648,9 @@ EnablePageTableProtection ( UINTN CreateIdentityMappingPageTables ( IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { UINT32 RegEax; @@ -809,8 +836,8 @@ CreateIdentityMappingPageTables ( PageDirectory1GEntry = (VOID *) PageDirectoryPointerEntry; for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += SIZE_1GB) { - if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize)) { - Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, StackBase, StackSize); + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize, GhcbBase, GhcbSize)) { + Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, StackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries @@ -840,11 +867,11 @@ CreateIdentityMappingPageTables ( PageDirectoryPointerEntry->Bits.Present = 1; for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += SIZE_2MB) { - if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize)) { + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSize, GhcbBase, GhcbSize)) { // // Need to split this 2M page that covers NULL or stack range. // - Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize); + Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, StackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries -- 2.17.1