Reviewed-by: Gua Guo <gua.guo@intel.com>
________________________________
From: Liu, Zhiguang <zhiguang.liu@intel.com>
Sent: Thursday, December 14, 2023 3:59:38 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Gao, Liming <gaoliming@byosoft.com.cn>; Wu, Jiaxin <jiaxin.wu@intel.com>; Ni, Ray <ray.ni@intel.com>; Dong, Guo <guo.dong@intel.com>; Rhodes, Sean <sean@starlabs.systems>; Lu, James <james.lu@intel.com>; Guo, Gua <gua.guo@intel.com>
Subject: RE: [PATCH 1/2] MdeModulePkg/DxeIpl: Add 5 level paging support

Hi MdeModulePkg/UefiPayloadPkg Maintainers,

This patch set fix a potential issue when handling paging table.
Please help review.

Thanks
Zhiguang

> -----Original Message-----
> From: Liu, Zhiguang <zhiguang.liu@intel.com>
> Sent: Thursday, December 7, 2023 10:39 AM
> To: devel@edk2.groups.io
> Cc: Liu, Zhiguang <zhiguang.liu@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>; Wu, Jiaxin <jiaxin.wu@intel.com>; Ni, Ray
> <ray.ni@intel.com>; Dong, Guo <guo.dong@intel.com>; Rhodes, Sean
> <sean@starlabs.systems>; Lu, James <james.lu@intel.com>; Guo, Gua
> <gua.guo@intel.com>
> Subject: [PATCH 1/2] MdeModulePkg/DxeIpl: Add 5 level paging support
>
> Add 5 level paging support when set the page table memory range as RO to
> protect page table.
>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Sean Rhodes <sean@starlabs.systems>
> Cc: James Lu <james.lu@intel.com>
> Cc: Gua Guo <gua.guo@intel.com>
> Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
> ---
>  .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c        |  2 +-
>  .../Core/DxeIplPeim/X64/VirtualMemory.c       | 23 ++++++++++++-------
>  .../Core/DxeIplPeim/X64/VirtualMemory.h       |  5 +++-
>  3 files changed, 20 insertions(+), 10 deletions(-)
>
> diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> index 65e9bdc99e..ba871dafc7 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
> @@ -166,7 +166,7 @@ Create4GPageTablesIa32Pae (
>    // Protect the page table by marking the memory used for page table to be
>    // read-only.
>    //
> -  EnablePageTableProtection ((UINTN)PageMap, FALSE);
> +  EnablePageTableProtection ((UINTN)PageMap, FALSE, FALSE);
>
>    return (UINTN)PageMap;
>  }
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> index 980c2002d4..1c2e29b132 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
> @@ -486,13 +486,15 @@ Split1GPageTo2M (
>    @param[in] PageTableBase    Base address of page table (CR3).
>    @param[in] Address          Start address of a page to be set as read-only.
>    @param[in] Level4Paging     Level 4 paging flag.
> +  @param[in] Level5Paging     Level 5 paging flag.
>
>  **/
>  VOID
>  SetPageTablePoolReadOnly (
>    IN  UINTN                 PageTableBase,
>    IN  EFI_PHYSICAL_ADDRESS  Address,
> -  IN  BOOLEAN               Level4Paging
> +  IN  BOOLEAN               Level4Paging,
> +  IN  BOOLEAN               Level5Paging
>    )
>  {
>    UINTN                 Index;
> @@ -502,9 +504,9 @@ SetPageTablePoolReadOnly (
>    UINT64                *PageTable;
>    UINT64                *NewPageTable;
>    UINT64                PageAttr;
> -  UINT64                LevelSize[5];
> -  UINT64                LevelMask[5];
> -  UINTN                 LevelShift[5];
> +  UINT64                LevelSize[6];
> +  UINT64                LevelMask[6];
> +  UINTN                 LevelShift[6];
>    UINTN                 Level;
>    UINT64                PoolUnitSize;
>
> @@ -521,23 +523,26 @@ SetPageTablePoolReadOnly (
>    LevelShift[2] = PAGING_L2_ADDRESS_SHIFT;
>    LevelShift[3] = PAGING_L3_ADDRESS_SHIFT;
>    LevelShift[4] = PAGING_L4_ADDRESS_SHIFT;
> +  LevelShift[5] = PAGING_L5_ADDRESS_SHIFT;
>
>    LevelMask[1] = PAGING_4K_ADDRESS_MASK_64;
>    LevelMask[2] = PAGING_2M_ADDRESS_MASK_64;
>    LevelMask[3] = PAGING_1G_ADDRESS_MASK_64;
>    LevelMask[4] = PAGING_1G_ADDRESS_MASK_64;
> +  LevelMask[5] = 0;
>
>    LevelSize[1] = SIZE_4KB;
>    LevelSize[2] = SIZE_2MB;
>    LevelSize[3] = SIZE_1GB;
>    LevelSize[4] = SIZE_512GB;
> +  LevelSize[5] = SIZE_256TB;
>
>    AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) &
>                     PAGING_1G_ADDRESS_MASK_64;
>    PageTable    = (UINT64 *)(UINTN)PageTableBase;
>    PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE;
>
> -  for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) {
> +  for (Level = Level5Paging ? 5 : (Level4Paging ? 4 : 3); Level > 0;
> + --Level) {
>      Index  = ((UINTN)RShiftU64 (Address, LevelShift[Level]));
>      Index &= PAGING_PAE_INDEX_MASK;
>
> @@ -608,12 +613,14 @@ SetPageTablePoolReadOnly (
>
>    @param[in] PageTableBase    Base address of page table (CR3).
>    @param[in] Level4Paging     Level 4 paging flag.
> +  @param[in] Level5Paging     Level 5 paging flag.
>
>  **/
>  VOID
>  EnablePageTableProtection (
>    IN  UINTN    PageTableBase,
> -  IN  BOOLEAN  Level4Paging
> +  IN  BOOLEAN  Level4Paging,
> +  IN  BOOLEAN  Level5Paging
>    )
>  {
>    PAGE_TABLE_POOL       *HeadPool;
> @@ -642,7 +649,7 @@ EnablePageTableProtection (
>      // protection to them one by one.
>      //
>      while (PoolSize > 0) {
> -      SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging);
> +      SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging,
> + Level5Paging);
>        Address  += PAGE_TABLE_POOL_UNIT_SIZE;
>        PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE;
>      }
> @@ -959,7 +966,7 @@ CreateIdentityMappingPageTables (
>    // Protect the page table by marking the memory used for page table to be
>    // read-only.
>    //
> -  EnablePageTableProtection ((UINTN)PageMap, TRUE);
> +  EnablePageTableProtection ((UINTN)PageMap, !Page5LevelSupport,
> + Page5LevelSupport);
>
>    //
>    // Set IA32_EFER.NXE if necessary.
> diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> index 616ebe42b0..f2a5cbec33 100644
> --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
> @@ -157,6 +157,7 @@ typedef union {
>  #define PAGING_L2_ADDRESS_SHIFT  21
>  #define PAGING_L3_ADDRESS_SHIFT  30
>  #define PAGING_L4_ADDRESS_SHIFT  39
> +#define PAGING_L5_ADDRESS_SHIFT  48
>
>  #define PAGING_PML4E_NUMBER  4
>
> @@ -294,12 +295,14 @@ IsNullDetectionEnabled (
>
>    @param[in] PageTableBase    Base address of page table (CR3).
>    @param[in] Level4Paging     Level 4 paging flag.
> +  @param[in] Level5Paging     Level 5 paging flag.
>
>  **/
>  VOID
>  EnablePageTableProtection (
>    IN  UINTN    PageTableBase,
> -  IN  BOOLEAN  Level4Paging
> +  IN  BOOLEAN  Level4Paging,
> +  IN  BOOLEAN  Level5Paging
>    );
>
>  /**
> --
> 2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112519): https://edk2.groups.io/g/devel/message/112519
Mute This Topic: https://groups.io/mt/103027553/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-