1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
|
/** @file
Virtual Memory Management Services to set or clear the memory encryption bit
Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
**/
#include <Library/CpuLib.h>
#include <Register/Cpuid.h>
#include <Register/Amd/Cpuid.h>
#include "VirtualMemory.h"
STATIC BOOLEAN mAddressEncMaskChecked = FALSE;
STATIC UINT64 mAddressEncMask;
typedef enum {
SetCBit,
ClearCBit
} MAP_RANGE_MODE;
/**
Get the memory encryption mask
@param[out] EncryptionMask contains the pte mask.
**/
STATIC
UINT64
GetMemEncryptionAddressMask (
VOID
)
{
UINT64 EncryptionMask;
CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;
if (mAddressEncMaskChecked) {
return mAddressEncMask;
}
//
// CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
//
AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);
EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);
mAddressEncMask = EncryptionMask & PAGING_1G_ADDRESS_MASK_64;
mAddressEncMaskChecked = TRUE;
return mAddressEncMask;
}
/**
Split 2M page to 4K.
@param[in] PhysicalAddress Start physical address the 2M page covered.
@param[in, out] PageEntry2M Pointer to 2M page entry.
@param[in] StackBase Stack base address.
@param[in] StackSize Stack size.
**/
STATIC
VOID
Split2MPageTo4K (
IN PHYSICAL_ADDRESS PhysicalAddress,
IN OUT UINT64 *PageEntry2M,
IN PHYSICAL_ADDRESS StackBase,
IN UINTN StackSize
)
{
PHYSICAL_ADDRESS PhysicalAddress4K;
UINTN IndexOfPageTableEntries;
PAGE_TABLE_4K_ENTRY *PageTableEntry, *PageTableEntry1;
UINT64 AddressEncMask;
PageTableEntry = AllocatePages(1);
PageTableEntry1 = PageTableEntry;
AddressEncMask = GetMemEncryptionAddressMask ();
ASSERT (PageTableEntry != NULL);
ASSERT (*PageEntry2M & AddressEncMask);
PhysicalAddress4K = PhysicalAddress;
for (IndexOfPageTableEntries = 0; IndexOfPageTableEntries < 512; IndexOfPageTableEntries++, PageTableEntry++, PhysicalAddress4K += SIZE_4KB) {
//
// Fill in the Page Table entries
//
PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask;
PageTableEntry->Bits.ReadWrite = 1;
PageTableEntry->Bits.Present = 1;
if ((PhysicalAddress4K >= StackBase) && (PhysicalAddress4K < StackBase + StackSize)) {
//
// Set Nx bit for stack.
//
PageTableEntry->Bits.Nx = 1;
}
}
//
// Fill in 2M page entry.
//
*PageEntry2M = (UINT64) (UINTN) PageTableEntry1 | IA32_PG_P | IA32_PG_RW | AddressEncMask;
}
/**
Split 1G page to 2M.
@param[in] PhysicalAddress Start physical address the 1G page covered.
@param[in, out] PageEntry1G Pointer to 1G page entry.
@param[in] StackBase Stack base address.
@param[in] StackSize Stack size.
**/
STATIC
VOID
Split1GPageTo2M (
IN PHYSICAL_ADDRESS PhysicalAddress,
IN OUT UINT64 *PageEntry1G,
IN PHYSICAL_ADDRESS StackBase,
IN UINTN StackSize
)
{
PHYSICAL_ADDRESS PhysicalAddress2M;
UINTN IndexOfPageDirectoryEntries;
PAGE_TABLE_ENTRY *PageDirectoryEntry;
UINT64 AddressEncMask;
PageDirectoryEntry = AllocatePages(1);
AddressEncMask = GetMemEncryptionAddressMask ();
ASSERT (PageDirectoryEntry != NULL);
ASSERT (*PageEntry1G & GetMemEncryptionAddressMask ());
//
// Fill in 1G page entry.
//
*PageEntry1G = (UINT64) (UINTN) PageDirectoryEntry | IA32_PG_P | IA32_PG_RW | AddressEncMask;
PhysicalAddress2M = PhysicalAddress;
for (IndexOfPageDirectoryEntries = 0; IndexOfPageDirectoryEntries < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += SIZE_2MB) {
if ((PhysicalAddress2M < StackBase + StackSize) && ((PhysicalAddress2M + SIZE_2MB) > StackBase)) {
//
// Need to split this 2M page that covers stack range.
//
Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, StackBase, StackSize);
} else {
//
// Fill in the Page Directory entries
//
PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M | AddressEncMask;
PageDirectoryEntry->Bits.ReadWrite = 1;
PageDirectoryEntry->Bits.Present = 1;
PageDirectoryEntry->Bits.MustBe1 = 1;
}
}
}
/**
Set or Clear the memory encryption bit
@param[in] PagetablePoint Page table entry pointer (PTE).
@param[in] Mode Set or Clear encryption bit
**/
STATIC VOID
SetOrClearCBit(
IN OUT UINT64* PageTablePointer,
IN MAP_RANGE_MODE Mode
)
{
UINT64 AddressEncMask;
AddressEncMask = GetMemEncryptionAddressMask ();
if (Mode == SetCBit) {
*PageTablePointer |= AddressEncMask;
} else {
*PageTablePointer &= ~AddressEncMask;
}
}
/**
This function either sets or clears memory encryption bit for the memory region
specified by PhysicalAddress and length from the current page table context.
The function iterates through the physicalAddress one page at a time, and set
or clears the memory encryption mask in the page table. If it encounters
that a given physical address range is part of large page then it attempts to
change the attribute at one go (based on size), otherwise it splits the
large pages into smaller (e.g 2M page into 4K pages) and then try to set or
clear the encryption bit on the smallest page size.
@param[in] PhysicalAddress The physical address that is the start
address of a memory region.
@param[in] Length The length of memory region
@param[in] Mode Set or Clear mode
@param[in] Flush Flush the caches before applying the
encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is
not supported
**/
STATIC
RETURN_STATUS
EFIAPI
SetMemoryEncDec (
IN PHYSICAL_ADDRESS Cr3BaseAddress,
IN PHYSICAL_ADDRESS PhysicalAddress,
IN UINTN Length,
IN MAP_RANGE_MODE Mode,
IN BOOLEAN CacheFlush
)
{
PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry;
PAGE_MAP_AND_DIRECTORY_POINTER *PageUpperDirectoryPointerEntry;
PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;
PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry;
PAGE_TABLE_ENTRY *PageDirectory2MEntry;
PAGE_TABLE_4K_ENTRY *PageTableEntry;
UINT64 PgTableMask;
UINT64 AddressEncMask;
//
// Check if we have a valid memory encryption mask
//
AddressEncMask = GetMemEncryptionAddressMask ();
if (!AddressEncMask) {
return RETURN_ACCESS_DENIED;
}
PgTableMask = AddressEncMask | EFI_PAGE_MASK;
if (Length == 0) {
return RETURN_INVALID_PARAMETER;
}
//
// We are going to change the memory encryption attribute from C=0 -> C=1 or
// vice versa Flush the caches to ensure that data is written into memory with
// correct C-bit
//
if (CacheFlush) {
WriteBackInvalidateDataCacheRange((VOID*) (UINTN)PhysicalAddress, Length);
}
while (Length)
{
//
// If Cr3BaseAddress is not specified then read the current CR3
//
if (Cr3BaseAddress == 0) {
Cr3BaseAddress = AsmReadCr3();
}
PageMapLevel4Entry = (VOID*) (Cr3BaseAddress & ~PgTableMask);
PageMapLevel4Entry += PML4_OFFSET(PhysicalAddress);
if (!PageMapLevel4Entry->Bits.Present) {
DEBUG ((DEBUG_WARN,
"%a:%a ERROR bad PML4 for %lx\n", gEfiCallerBaseName, __FUNCTION__,
PhysicalAddress));
return RETURN_NO_MAPPING;
}
PageDirectory1GEntry = (VOID*) ((PageMapLevel4Entry->Bits.PageTableBaseAddress<<12) & ~PgTableMask);
PageDirectory1GEntry += PDP_OFFSET(PhysicalAddress);
if (!PageDirectory1GEntry->Bits.Present) {
DEBUG ((DEBUG_WARN,
"%a:%a ERROR bad PDPE for %lx\n", gEfiCallerBaseName,
__FUNCTION__, PhysicalAddress));
return RETURN_NO_MAPPING;
}
//
// If the MustBe1 bit is not 1, it's not actually a 1GB entry
//
if (PageDirectory1GEntry->Bits.MustBe1) {
//
// Valid 1GB page
// If we have at least 1GB to go, we can just update this entry
//
if (!(PhysicalAddress & (BIT30 - 1)) && Length >= BIT30) {
SetOrClearCBit(&PageDirectory1GEntry->Uint64, Mode);
DEBUG ((DEBUG_VERBOSE,
"%a:%a Updated 1GB entry for %lx\n", gEfiCallerBaseName,
__FUNCTION__, PhysicalAddress));
PhysicalAddress += BIT30;
Length -= BIT30;
} else {
//
// We must split the page
//
DEBUG ((DEBUG_VERBOSE,
"%a:%a Spliting 1GB page\n", gEfiCallerBaseName, __FUNCTION__));
Split1GPageTo2M(((UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress)<<30, (UINT64*) PageDirectory1GEntry, 0, 0);
continue;
}
} else {
//
// Actually a PDP
//
PageUpperDirectoryPointerEntry = (PAGE_MAP_AND_DIRECTORY_POINTER*) PageDirectory1GEntry;
PageDirectory2MEntry = (VOID*) ((PageUpperDirectoryPointerEntry->Bits.PageTableBaseAddress<<12) & ~PgTableMask);
PageDirectory2MEntry += PDE_OFFSET(PhysicalAddress);
if (!PageDirectory2MEntry->Bits.Present) {
DEBUG ((DEBUG_WARN,
"%a:%a ERROR bad PDE for %lx\n", gEfiCallerBaseName, __FUNCTION__,
PhysicalAddress));
return RETURN_NO_MAPPING;
}
//
// If the MustBe1 bit is not a 1, it's not a 2MB entry
//
if (PageDirectory2MEntry->Bits.MustBe1) {
//
// Valid 2MB page
// If we have at least 2MB left to go, we can just update this entry
//
if (!(PhysicalAddress & (BIT21-1)) && Length >= BIT21) {
SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
PhysicalAddress += BIT21;
Length -= BIT21;
} else {
//
// We must split up this page into 4K pages
//
DEBUG ((DEBUG_VERBOSE,
"%a:%a Spliting 2MB page at %lx\n", gEfiCallerBaseName,__FUNCTION__,
PhysicalAddress));
Split2MPageTo4K (((UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress) << 21, (UINT64*) PageDirectory2MEntry, 0, 0);
continue;
}
} else {
PageDirectoryPointerEntry = (PAGE_MAP_AND_DIRECTORY_POINTER*) PageDirectory2MEntry;
PageTableEntry = (VOID*) (PageDirectoryPointerEntry->Bits.PageTableBaseAddress<<12 & ~PgTableMask);
PageTableEntry += PTE_OFFSET(PhysicalAddress);
if (!PageTableEntry->Bits.Present) {
DEBUG ((DEBUG_WARN,
"%a:%a ERROR bad PTE for %lx\n", gEfiCallerBaseName,
__FUNCTION__, PhysicalAddress));
return RETURN_NO_MAPPING;
}
SetOrClearCBit (&PageTableEntry->Uint64, Mode);
PhysicalAddress += EFI_PAGE_SIZE;
Length -= EFI_PAGE_SIZE;
}
}
}
//
// Flush TLB
//
CpuFlushTlb();
return RETURN_SUCCESS;
}
/**
This function clears memory encryption bit for the memory region specified by
PhysicalAddress and length from the current page table context.
@param[in] PhysicalAddress The physical address that is the start
address of a memory region.
@param[in] Length The length of memory region
@param[in] Flush Flush the caches before applying the
encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is
not supported
**/
RETURN_STATUS
EFIAPI
InternalMemEncryptSevSetMemoryDecrypted (
IN PHYSICAL_ADDRESS Cr3BaseAddress,
IN PHYSICAL_ADDRESS PhysicalAddress,
IN UINTN Length,
IN BOOLEAN Flush
)
{
DEBUG ((DEBUG_VERBOSE,
"%a:%a Clear C-bit Cr3 %Lx Base %Lx Length %Lx flush %d\n",
gEfiCallerBaseName, __FUNCTION__, Cr3BaseAddress, PhysicalAddress, Length,
Flush));
return SetMemoryEncDec (Cr3BaseAddress, PhysicalAddress, Length, ClearCBit, Flush);
}
/**
This function sets memory encryption bit for the memory region specified by
PhysicalAddress and length from the current page table context.
@param[in] PhysicalAddress The physical address that is the start address
of a memory region.
@param[in] Length The length of memory region
@param[in] Flush Flush the caches before applying the
encryption mask
@retval RETURN_SUCCESS The attributes were cleared for the memory
region.
@retval RETURN_INVALID_PARAMETER Number of pages is zero.
@retval RETURN_UNSUPPORTED Setting the memory encyrption attribute is
not supported
**/
RETURN_STATUS
EFIAPI
InternalMemEncryptSevSetMemoryEncrypted (
IN PHYSICAL_ADDRESS Cr3BaseAddress,
IN PHYSICAL_ADDRESS PhysicalAddress,
IN UINTN Length,
IN BOOLEAN Flush
)
{
DEBUG ((DEBUG_VERBOSE,
"%a:%a Set C-bit Cr3 %Lx Base %Lx Length %Lx flush %d\n",
gEfiCallerBaseName, __FUNCTION__, Cr3BaseAddress, PhysicalAddress, Length,
Flush));
return SetMemoryEncDec (Cr3BaseAddress, PhysicalAddress, Length, SetCBit, Flush);
}
|
