[edk2-devel] [PATCH 1/2] MdeModulePkg/DxeIpl: Add 5 level paging support

Wed, 06 Dec 2023 18:39:31 -0800 

Add 5 level paging support when set the page table
memory range as RO to protect page table.

Cc: Liming Gao <gaolim...@byosoft.com.cn>
Cc: Jiaxin Wu <jiaxin...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Guo Dong <guo.d...@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james...@intel.com>
Cc: Gua Guo <gua....@intel.com>
Signed-off-by: Zhiguang Liu <zhiguang....@intel.com>
---
 .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c        |  2 +-
 .../Core/DxeIplPeim/X64/VirtualMemory.c       | 23 ++++++++++++-------
 .../Core/DxeIplPeim/X64/VirtualMemory.h       |  5 +++-
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c 
b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
index 65e9bdc99e..ba871dafc7 100644
--- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
+++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c
@@ -166,7 +166,7 @@ Create4GPageTablesIa32Pae (
   // Protect the page table by marking the memory used for page table to be
   // read-only.
   //
-  EnablePageTableProtection ((UINTN)PageMap, FALSE);
+  EnablePageTableProtection ((UINTN)PageMap, FALSE, FALSE);
 
   return (UINTN)PageMap;
 }
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c 
b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index 980c2002d4..1c2e29b132 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -486,13 +486,15 @@ Split1GPageTo2M (
   @param[in] PageTableBase    Base address of page table (CR3).
   @param[in] Address          Start address of a page to be set as read-only.
   @param[in] Level4Paging     Level 4 paging flag.
+  @param[in] Level5Paging     Level 5 paging flag.
 
 **/
 VOID
 SetPageTablePoolReadOnly (
   IN  UINTN                 PageTableBase,
   IN  EFI_PHYSICAL_ADDRESS  Address,
-  IN  BOOLEAN               Level4Paging
+  IN  BOOLEAN               Level4Paging,
+  IN  BOOLEAN               Level5Paging
   )
 {
   UINTN                 Index;
@@ -502,9 +504,9 @@ SetPageTablePoolReadOnly (
   UINT64                *PageTable;
   UINT64                *NewPageTable;
   UINT64                PageAttr;
-  UINT64                LevelSize[5];
-  UINT64                LevelMask[5];
-  UINTN                 LevelShift[5];
+  UINT64                LevelSize[6];
+  UINT64                LevelMask[6];
+  UINTN                 LevelShift[6];
   UINTN                 Level;
   UINT64                PoolUnitSize;
 
@@ -521,23 +523,26 @@ SetPageTablePoolReadOnly (
   LevelShift[2] = PAGING_L2_ADDRESS_SHIFT;
   LevelShift[3] = PAGING_L3_ADDRESS_SHIFT;
   LevelShift[4] = PAGING_L4_ADDRESS_SHIFT;
+  LevelShift[5] = PAGING_L5_ADDRESS_SHIFT;
 
   LevelMask[1] = PAGING_4K_ADDRESS_MASK_64;
   LevelMask[2] = PAGING_2M_ADDRESS_MASK_64;
   LevelMask[3] = PAGING_1G_ADDRESS_MASK_64;
   LevelMask[4] = PAGING_1G_ADDRESS_MASK_64;
+  LevelMask[5] = 0;
 
   LevelSize[1] = SIZE_4KB;
   LevelSize[2] = SIZE_2MB;
   LevelSize[3] = SIZE_1GB;
   LevelSize[4] = SIZE_512GB;
+  LevelSize[5] = SIZE_256TB;
 
   AddressEncMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) &
                    PAGING_1G_ADDRESS_MASK_64;
   PageTable    = (UINT64 *)(UINTN)PageTableBase;
   PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE;
 
-  for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) {
+  for (Level = Level5Paging ? 5 : (Level4Paging ? 4 : 3); Level > 0; --Level) {
     Index  = ((UINTN)RShiftU64 (Address, LevelShift[Level]));
     Index &= PAGING_PAE_INDEX_MASK;
 
@@ -608,12 +613,14 @@ SetPageTablePoolReadOnly (
 
   @param[in] PageTableBase    Base address of page table (CR3).
   @param[in] Level4Paging     Level 4 paging flag.
+  @param[in] Level5Paging     Level 5 paging flag.
 
 **/
 VOID
 EnablePageTableProtection (
   IN  UINTN    PageTableBase,
-  IN  BOOLEAN  Level4Paging
+  IN  BOOLEAN  Level4Paging,
+  IN  BOOLEAN  Level5Paging
   )
 {
   PAGE_TABLE_POOL       *HeadPool;
@@ -642,7 +649,7 @@ EnablePageTableProtection (
     // protection to them one by one.
     //
     while (PoolSize > 0) {
-      SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging);
+      SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging, 
Level5Paging);
       Address  += PAGE_TABLE_POOL_UNIT_SIZE;
       PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE;
     }
@@ -959,7 +966,7 @@ CreateIdentityMappingPageTables (
   // Protect the page table by marking the memory used for page table to be
   // read-only.
   //
-  EnablePageTableProtection ((UINTN)PageMap, TRUE);
+  EnablePageTableProtection ((UINTN)PageMap, !Page5LevelSupport, 
Page5LevelSupport);
 
   //
   // Set IA32_EFER.NXE if necessary.
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h 
b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
index 616ebe42b0..f2a5cbec33 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h
@@ -157,6 +157,7 @@ typedef union {
 #define PAGING_L2_ADDRESS_SHIFT  21
 #define PAGING_L3_ADDRESS_SHIFT  30
 #define PAGING_L4_ADDRESS_SHIFT  39
+#define PAGING_L5_ADDRESS_SHIFT  48
 
 #define PAGING_PML4E_NUMBER  4
 
@@ -294,12 +295,14 @@ IsNullDetectionEnabled (
 
   @param[in] PageTableBase    Base address of page table (CR3).
   @param[in] Level4Paging     Level 4 paging flag.
+  @param[in] Level5Paging     Level 5 paging flag.
 
 **/
 VOID
 EnablePageTableProtection (
   IN  UINTN    PageTableBase,
-  IN  BOOLEAN  Level4Paging
+  IN  BOOLEAN  Level4Paging,
+  IN  BOOLEAN  Level5Paging
   );
 
 /**
-- 
2.31.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112152): https://edk2.groups.io/g/devel/message/112152
Mute This Topic: https://groups.io/mt/103027553/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to