]> git.proxmox.com Git - mirror_edk2.git/blob - OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address
[mirror_edk2.git] / OvmfPkg / Library / BaseMemEncryptSevLib / X64 / PeiDxeVirtualMemory.c
1 /** @file
2
3 Virtual Memory Management Services to set or clear the memory encryption bit
4
5 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
6 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
7
8 SPDX-License-Identifier: BSD-2-Clause-Patent
9
10 Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
11
12 **/
13
14 #include <Library/CpuLib.h>
15 #include <Library/MemEncryptSevLib.h>
16 #include <Register/Amd/Cpuid.h>
17 #include <Register/Cpuid.h>
18
19 #include "VirtualMemory.h"
20 #include "SnpPageStateChange.h"
21
22 STATIC BOOLEAN mAddressEncMaskChecked = FALSE;
23 STATIC UINT64 mAddressEncMask;
24 STATIC PAGE_TABLE_POOL *mPageTablePool = NULL;
25
26 typedef enum {
27 SetCBit,
28 ClearCBit
29 } MAP_RANGE_MODE;
30
31 /**
32 Return the pagetable memory encryption mask.
33
34 @return The pagetable memory encryption mask.
35
36 **/
37 UINT64
38 EFIAPI
39 InternalGetMemEncryptionAddressMask (
40 VOID
41 )
42 {
43 UINT64 EncryptionMask;
44
45 if (mAddressEncMaskChecked) {
46 return mAddressEncMask;
47 }
48
49 EncryptionMask = MemEncryptSevGetEncryptionMask ();
50
51 mAddressEncMask = EncryptionMask & PAGING_1G_ADDRESS_MASK_64;
52 mAddressEncMaskChecked = TRUE;
53
54 return mAddressEncMask;
55 }
56
57 /**
58 Initialize a buffer pool for page table use only.
59
60 To reduce the potential split operation on page table, the pages reserved for
61 page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and
62 at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always
63 initialized with number of pages greater than or equal to the given
64 PoolPages.
65
66 Once the pages in the pool are used up, this method should be called again to
67 reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't
68 happen often in practice.
69
70 @param[in] PoolPages The least page number of the pool to be created.
71
72 @retval TRUE The pool is initialized successfully.
73 @retval FALSE The memory is out of resource.
74 **/
75 STATIC
76 BOOLEAN
77 InitializePageTablePool (
78 IN UINTN PoolPages
79 )
80 {
81 VOID *Buffer;
82
83 //
84 // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one page for
85 // header.
86 //
87 PoolPages += 1; // Add one page for header.
88 PoolPages = ((PoolPages - 1) / PAGE_TABLE_POOL_UNIT_PAGES + 1) *
89 PAGE_TABLE_POOL_UNIT_PAGES;
90 Buffer = AllocateAlignedPages (PoolPages, PAGE_TABLE_POOL_ALIGNMENT);
91 if (Buffer == NULL) {
92 DEBUG ((DEBUG_ERROR, "ERROR: Out of aligned pages\r\n"));
93 return FALSE;
94 }
95
96 //
97 // Link all pools into a list for easier track later.
98 //
99 if (mPageTablePool == NULL) {
100 mPageTablePool = Buffer;
101 mPageTablePool->NextPool = mPageTablePool;
102 } else {
103 ((PAGE_TABLE_POOL *)Buffer)->NextPool = mPageTablePool->NextPool;
104 mPageTablePool->NextPool = Buffer;
105 mPageTablePool = Buffer;
106 }
107
108 //
109 // Reserve one page for pool header.
110 //
111 mPageTablePool->FreePages = PoolPages - 1;
112 mPageTablePool->Offset = EFI_PAGES_TO_SIZE (1);
113
114 return TRUE;
115 }
116
117 /**
118 This API provides a way to allocate memory for page table.
119
120 This API can be called more than once to allocate memory for page tables.
121
122 Allocates the number of 4KB pages and returns a pointer to the allocated
123 buffer. The buffer returned is aligned on a 4KB boundary.
124
125 If Pages is 0, then NULL is returned.
126 If there is not enough memory remaining to satisfy the request, then NULL is
127 returned.
128
129 @param Pages The number of 4 KB pages to allocate.
130
131 @return A pointer to the allocated buffer or NULL if allocation fails.
132
133 **/
134 STATIC
135 VOID *
136 EFIAPI
137 AllocatePageTableMemory (
138 IN UINTN Pages
139 )
140 {
141 VOID *Buffer;
142
143 if (Pages == 0) {
144 return NULL;
145 }
146
147 //
148 // Renew the pool if necessary.
149 //
150 if ((mPageTablePool == NULL) ||
151 (Pages > mPageTablePool->FreePages))
152 {
153 if (!InitializePageTablePool (Pages)) {
154 return NULL;
155 }
156 }
157
158 Buffer = (UINT8 *)mPageTablePool + mPageTablePool->Offset;
159
160 mPageTablePool->Offset += EFI_PAGES_TO_SIZE (Pages);
161 mPageTablePool->FreePages -= Pages;
162
163 DEBUG ((
164 DEBUG_VERBOSE,
165 "%a:%a: Buffer=0x%Lx Pages=%ld\n",
166 gEfiCallerBaseName,
167 __FUNCTION__,
168 Buffer,
169 Pages
170 ));
171
172 return Buffer;
173 }
174
175 /**
176 Split 2M page to 4K.
177
178 @param[in] PhysicalAddress Start physical address the 2M page
179 covered.
180 @param[in, out] PageEntry2M Pointer to 2M page entry.
181 @param[in] StackBase Stack base address.
182 @param[in] StackSize Stack size.
183
184 **/
185 STATIC
186 VOID
187 Split2MPageTo4K (
188 IN PHYSICAL_ADDRESS PhysicalAddress,
189 IN OUT UINT64 *PageEntry2M,
190 IN PHYSICAL_ADDRESS StackBase,
191 IN UINTN StackSize
192 )
193 {
194 PHYSICAL_ADDRESS PhysicalAddress4K;
195 UINTN IndexOfPageTableEntries;
196 PAGE_TABLE_4K_ENTRY *PageTableEntry;
197 PAGE_TABLE_4K_ENTRY *PageTableEntry1;
198 UINT64 AddressEncMask;
199
200 PageTableEntry = AllocatePageTableMemory (1);
201
202 PageTableEntry1 = PageTableEntry;
203
204 AddressEncMask = InternalGetMemEncryptionAddressMask ();
205
206 ASSERT (PageTableEntry != NULL);
207 ASSERT (*PageEntry2M & AddressEncMask);
208
209 PhysicalAddress4K = PhysicalAddress;
210 for (IndexOfPageTableEntries = 0;
211 IndexOfPageTableEntries < 512;
212 (IndexOfPageTableEntries++,
213 PageTableEntry++,
214 PhysicalAddress4K += SIZE_4KB))
215 {
216 //
217 // Fill in the Page Table entries
218 //
219 PageTableEntry->Uint64 = (UINT64)PhysicalAddress4K | AddressEncMask;
220 PageTableEntry->Bits.ReadWrite = 1;
221 PageTableEntry->Bits.Present = 1;
222 if ((PhysicalAddress4K >= StackBase) &&
223 (PhysicalAddress4K < StackBase + StackSize))
224 {
225 //
226 // Set Nx bit for stack.
227 //
228 PageTableEntry->Bits.Nx = 1;
229 }
230 }
231
232 //
233 // Fill in 2M page entry.
234 //
235 *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
236 IA32_PG_P | IA32_PG_RW | AddressEncMask);
237 }
238
239 /**
240 Set one page of page table pool memory to be read-only.
241
242 @param[in] PageTableBase Base address of page table (CR3).
243 @param[in] Address Start address of a page to be set as read-only.
244 @param[in] Level4Paging Level 4 paging flag.
245
246 **/
247 STATIC
248 VOID
249 SetPageTablePoolReadOnly (
250 IN UINTN PageTableBase,
251 IN EFI_PHYSICAL_ADDRESS Address,
252 IN BOOLEAN Level4Paging
253 )
254 {
255 UINTN Index;
256 UINTN EntryIndex;
257 UINT64 AddressEncMask;
258 EFI_PHYSICAL_ADDRESS PhysicalAddress;
259 UINT64 *PageTable;
260 UINT64 *NewPageTable;
261 UINT64 PageAttr;
262 UINT64 LevelSize[5];
263 UINT64 LevelMask[5];
264 UINTN LevelShift[5];
265 UINTN Level;
266 UINT64 PoolUnitSize;
267
268 ASSERT (PageTableBase != 0);
269
270 //
271 // Since the page table is always from page table pool, which is always
272 // located at the boundary of PcdPageTablePoolAlignment, we just need to
273 // set the whole pool unit to be read-only.
274 //
275 Address = Address & PAGE_TABLE_POOL_ALIGN_MASK;
276
277 LevelShift[1] = PAGING_L1_ADDRESS_SHIFT;
278 LevelShift[2] = PAGING_L2_ADDRESS_SHIFT;
279 LevelShift[3] = PAGING_L3_ADDRESS_SHIFT;
280 LevelShift[4] = PAGING_L4_ADDRESS_SHIFT;
281
282 LevelMask[1] = PAGING_4K_ADDRESS_MASK_64;
283 LevelMask[2] = PAGING_2M_ADDRESS_MASK_64;
284 LevelMask[3] = PAGING_1G_ADDRESS_MASK_64;
285 LevelMask[4] = PAGING_1G_ADDRESS_MASK_64;
286
287 LevelSize[1] = SIZE_4KB;
288 LevelSize[2] = SIZE_2MB;
289 LevelSize[3] = SIZE_1GB;
290 LevelSize[4] = SIZE_512GB;
291
292 AddressEncMask = InternalGetMemEncryptionAddressMask ();
293 PageTable = (UINT64 *)(UINTN)PageTableBase;
294 PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE;
295
296 for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) {
297 Index = ((UINTN)RShiftU64 (Address, LevelShift[Level]));
298 Index &= PAGING_PAE_INDEX_MASK;
299
300 PageAttr = PageTable[Index];
301 if ((PageAttr & IA32_PG_PS) == 0) {
302 //
303 // Go to next level of table.
304 //
305 PageTable = (UINT64 *)(UINTN)(PageAttr & ~AddressEncMask &
306 PAGING_4K_ADDRESS_MASK_64);
307 continue;
308 }
309
310 if (PoolUnitSize >= LevelSize[Level]) {
311 //
312 // Clear R/W bit if current page granularity is not larger than pool unit
313 // size.
314 //
315 if ((PageAttr & IA32_PG_RW) != 0) {
316 while (PoolUnitSize > 0) {
317 //
318 // PAGE_TABLE_POOL_UNIT_SIZE and PAGE_TABLE_POOL_ALIGNMENT are fit in
319 // one page (2MB). Then we don't need to update attributes for pages
320 // crossing page directory. ASSERT below is for that purpose.
321 //
322 ASSERT (Index < EFI_PAGE_SIZE/sizeof (UINT64));
323
324 PageTable[Index] &= ~(UINT64)IA32_PG_RW;
325 PoolUnitSize -= LevelSize[Level];
326
327 ++Index;
328 }
329 }
330
331 break;
332 } else {
333 //
334 // The smaller granularity of page must be needed.
335 //
336 ASSERT (Level > 1);
337
338 NewPageTable = AllocatePageTableMemory (1);
339 ASSERT (NewPageTable != NULL);
340
341 PhysicalAddress = PageAttr & LevelMask[Level];
342 for (EntryIndex = 0;
343 EntryIndex < EFI_PAGE_SIZE/sizeof (UINT64);
344 ++EntryIndex)
345 {
346 NewPageTable[EntryIndex] = PhysicalAddress | AddressEncMask |
347 IA32_PG_P | IA32_PG_RW;
348 if (Level > 2) {
349 NewPageTable[EntryIndex] |= IA32_PG_PS;
350 }
351
352 PhysicalAddress += LevelSize[Level - 1];
353 }
354
355 PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
356 IA32_PG_P | IA32_PG_RW;
357 PageTable = NewPageTable;
358 }
359 }
360 }
361
362 /**
363 Prevent the memory pages used for page table from been overwritten.
364
365 @param[in] PageTableBase Base address of page table (CR3).
366 @param[in] Level4Paging Level 4 paging flag.
367
368 **/
369 STATIC
370 VOID
371 EnablePageTableProtection (
372 IN UINTN PageTableBase,
373 IN BOOLEAN Level4Paging
374 )
375 {
376 PAGE_TABLE_POOL *HeadPool;
377 PAGE_TABLE_POOL *Pool;
378 UINT64 PoolSize;
379 EFI_PHYSICAL_ADDRESS Address;
380
381 if (mPageTablePool == NULL) {
382 return;
383 }
384
385 //
386 // SetPageTablePoolReadOnly might update mPageTablePool. It's safer to
387 // remember original one in advance.
388 //
389 HeadPool = mPageTablePool;
390 Pool = HeadPool;
391 do {
392 Address = (EFI_PHYSICAL_ADDRESS)(UINTN)Pool;
393 PoolSize = Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages);
394
395 //
396 // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE,
397 // which is one of page size of the processor (2MB by default). Let's apply
398 // the protection to them one by one.
399 //
400 while (PoolSize > 0) {
401 SetPageTablePoolReadOnly (PageTableBase, Address, Level4Paging);
402 Address += PAGE_TABLE_POOL_UNIT_SIZE;
403 PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE;
404 }
405
406 Pool = Pool->NextPool;
407 } while (Pool != HeadPool);
408 }
409
410 /**
411 Split 1G page to 2M.
412
413 @param[in] PhysicalAddress Start physical address the 1G page
414 covered.
415 @param[in, out] PageEntry1G Pointer to 1G page entry.
416 @param[in] StackBase Stack base address.
417 @param[in] StackSize Stack size.
418
419 **/
420 STATIC
421 VOID
422 Split1GPageTo2M (
423 IN PHYSICAL_ADDRESS PhysicalAddress,
424 IN OUT UINT64 *PageEntry1G,
425 IN PHYSICAL_ADDRESS StackBase,
426 IN UINTN StackSize
427 )
428 {
429 PHYSICAL_ADDRESS PhysicalAddress2M;
430 UINTN IndexOfPageDirectoryEntries;
431 PAGE_TABLE_ENTRY *PageDirectoryEntry;
432 UINT64 AddressEncMask;
433
434 PageDirectoryEntry = AllocatePageTableMemory (1);
435
436 AddressEncMask = InternalGetMemEncryptionAddressMask ();
437 ASSERT (PageDirectoryEntry != NULL);
438 ASSERT (*PageEntry1G & AddressEncMask);
439 //
440 // Fill in 1G page entry.
441 //
442 *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
443 IA32_PG_P | IA32_PG_RW | AddressEncMask);
444
445 PhysicalAddress2M = PhysicalAddress;
446 for (IndexOfPageDirectoryEntries = 0;
447 IndexOfPageDirectoryEntries < 512;
448 (IndexOfPageDirectoryEntries++,
449 PageDirectoryEntry++,
450 PhysicalAddress2M += SIZE_2MB))
451 {
452 if ((PhysicalAddress2M < StackBase + StackSize) &&
453 ((PhysicalAddress2M + SIZE_2MB) > StackBase))
454 {
455 //
456 // Need to split this 2M page that covers stack range.
457 //
458 Split2MPageTo4K (
459 PhysicalAddress2M,
460 (UINT64 *)PageDirectoryEntry,
461 StackBase,
462 StackSize
463 );
464 } else {
465 //
466 // Fill in the Page Directory entries
467 //
468 PageDirectoryEntry->Uint64 = (UINT64)PhysicalAddress2M | AddressEncMask;
469 PageDirectoryEntry->Bits.ReadWrite = 1;
470 PageDirectoryEntry->Bits.Present = 1;
471 PageDirectoryEntry->Bits.MustBe1 = 1;
472 }
473 }
474 }
475
476 /**
477 Set or Clear the memory encryption bit
478
479 @param[in, out] PageTablePointer Page table entry pointer (PTE).
480 @param[in] Mode Set or Clear encryption bit
481
482 **/
483 STATIC VOID
484 SetOrClearCBit (
485 IN OUT UINT64 *PageTablePointer,
486 IN MAP_RANGE_MODE Mode
487 )
488 {
489 UINT64 AddressEncMask;
490
491 AddressEncMask = InternalGetMemEncryptionAddressMask ();
492
493 if (Mode == SetCBit) {
494 *PageTablePointer |= AddressEncMask;
495 } else {
496 *PageTablePointer &= ~AddressEncMask;
497 }
498 }
499
500 /**
501 Check the WP status in CR0 register. This bit is used to lock or unlock write
502 access to pages marked as read-only.
503
504 @retval TRUE Write protection is enabled.
505 @retval FALSE Write protection is disabled.
506 **/
507 STATIC
508 BOOLEAN
509 IsReadOnlyPageWriteProtected (
510 VOID
511 )
512 {
513 return ((AsmReadCr0 () & BIT16) != 0);
514 }
515
516 /**
517 Disable Write Protect on pages marked as read-only.
518 **/
519 STATIC
520 VOID
521 DisableReadOnlyPageWriteProtect (
522 VOID
523 )
524 {
525 AsmWriteCr0 (AsmReadCr0 () & ~BIT16);
526 }
527
528 /**
529 Enable Write Protect on pages marked as read-only.
530 **/
531 STATIC
532 VOID
533 EnableReadOnlyPageWriteProtect (
534 VOID
535 )
536 {
537 AsmWriteCr0 (AsmReadCr0 () | BIT16);
538 }
539
540 RETURN_STATUS
541 EFIAPI
542 InternalMemEncryptSevCreateIdentityMap1G (
543 IN PHYSICAL_ADDRESS Cr3BaseAddress,
544 IN PHYSICAL_ADDRESS PhysicalAddress,
545 IN UINTN Length
546 )
547 {
548 PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry;
549 PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry;
550 UINT64 PgTableMask;
551 UINT64 AddressEncMask;
552 BOOLEAN IsWpEnabled;
553 RETURN_STATUS Status;
554
555 //
556 // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
557 //
558 PageMapLevel4Entry = NULL;
559
560 DEBUG ((
561 DEBUG_VERBOSE,
562 "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx\n",
563 gEfiCallerBaseName,
564 __FUNCTION__,
565 Cr3BaseAddress,
566 PhysicalAddress,
567 (UINT64)Length
568 ));
569
570 if (Length == 0) {
571 return RETURN_INVALID_PARAMETER;
572 }
573
574 //
575 // Check if we have a valid memory encryption mask
576 //
577 AddressEncMask = InternalGetMemEncryptionAddressMask ();
578 if (!AddressEncMask) {
579 return RETURN_ACCESS_DENIED;
580 }
581
582 PgTableMask = AddressEncMask | EFI_PAGE_MASK;
583
584 //
585 // Make sure that the page table is changeable.
586 //
587 IsWpEnabled = IsReadOnlyPageWriteProtected ();
588 if (IsWpEnabled) {
589 DisableReadOnlyPageWriteProtect ();
590 }
591
592 Status = EFI_SUCCESS;
593
594 while (Length) {
595 //
596 // If Cr3BaseAddress is not specified then read the current CR3
597 //
598 if (Cr3BaseAddress == 0) {
599 Cr3BaseAddress = AsmReadCr3 ();
600 }
601
602 PageMapLevel4Entry = (VOID *)(Cr3BaseAddress & ~PgTableMask);
603 PageMapLevel4Entry += PML4_OFFSET (PhysicalAddress);
604 if (!PageMapLevel4Entry->Bits.Present) {
605 DEBUG ((
606 DEBUG_ERROR,
607 "%a:%a: bad PML4 for Physical=0x%Lx\n",
608 gEfiCallerBaseName,
609 __FUNCTION__,
610 PhysicalAddress
611 ));
612 Status = RETURN_NO_MAPPING;
613 goto Done;
614 }
615
616 PageDirectory1GEntry = (VOID *)(
617 (PageMapLevel4Entry->Bits.PageTableBaseAddress <<
618 12) & ~PgTableMask
619 );
620 PageDirectory1GEntry += PDP_OFFSET (PhysicalAddress);
621 if (!PageDirectory1GEntry->Bits.Present) {
622 PageDirectory1GEntry->Bits.Present = 1;
623 PageDirectory1GEntry->Bits.MustBe1 = 1;
624 PageDirectory1GEntry->Bits.MustBeZero = 0;
625 PageDirectory1GEntry->Bits.ReadWrite = 1;
626 PageDirectory1GEntry->Uint64 |= (UINT64)PhysicalAddress | AddressEncMask;
627 }
628
629 if (Length <= BIT30) {
630 Length = 0;
631 } else {
632 Length -= BIT30;
633 }
634
635 PhysicalAddress += BIT30;
636 }
637
638 //
639 // Flush TLB
640 //
641 CpuFlushTlb ();
642
643 Done:
644 //
645 // Restore page table write protection, if any.
646 //
647 if (IsWpEnabled) {
648 EnableReadOnlyPageWriteProtect ();
649 }
650
651 return Status;
652 }
653
654 /**
655 This function either sets or clears memory encryption bit for the memory
656 region specified by PhysicalAddress and Length from the current page table
657 context.
658
659 The function iterates through the PhysicalAddress one page at a time, and set
660 or clears the memory encryption mask in the page table. If it encounters
661 that a given physical address range is part of large page then it attempts to
662 change the attribute at one go (based on size), otherwise it splits the
663 large pages into smaller (e.g 2M page into 4K pages) and then try to set or
664 clear the encryption bit on the smallest page size.
665
666 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
667 current CR3)
668 @param[in] PhysicalAddress The physical address that is the start
669 address of a memory region.
670 @param[in] Length The length of memory region
671 @param[in] Mode Set or Clear mode
672 @param[in] CacheFlush Flush the caches before applying the
673 encryption mask
674 @param[in] Mmio The physical address specified is Mmio
675
676 @retval RETURN_SUCCESS The attributes were cleared for the
677 memory region.
678 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
679 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
680 is not supported
681 **/
682 STATIC
683 RETURN_STATUS
684 EFIAPI
685 SetMemoryEncDec (
686 IN PHYSICAL_ADDRESS Cr3BaseAddress,
687 IN PHYSICAL_ADDRESS PhysicalAddress,
688 IN UINTN Length,
689 IN MAP_RANGE_MODE Mode,
690 IN BOOLEAN CacheFlush,
691 IN BOOLEAN Mmio
692 )
693 {
694 PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry;
695 PAGE_MAP_AND_DIRECTORY_POINTER *PageUpperDirectoryPointerEntry;
696 PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;
697 PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry;
698 PAGE_TABLE_ENTRY *PageDirectory2MEntry;
699 PHYSICAL_ADDRESS OrigPhysicalAddress;
700 PAGE_TABLE_4K_ENTRY *PageTableEntry;
701 UINT64 PgTableMask;
702 UINT64 AddressEncMask;
703 BOOLEAN IsWpEnabled;
704 UINTN OrigLength;
705 RETURN_STATUS Status;
706
707 //
708 // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
709 //
710 PageMapLevel4Entry = NULL;
711
712 DEBUG ((
713 DEBUG_VERBOSE,
714 "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u Mmio=%u\n",
715 gEfiCallerBaseName,
716 __FUNCTION__,
717 Cr3BaseAddress,
718 PhysicalAddress,
719 (UINT64)Length,
720 (Mode == SetCBit) ? "Encrypt" : "Decrypt",
721 (UINT32)CacheFlush,
722 (UINT32)Mmio
723 ));
724
725 //
726 // Check if we have a valid memory encryption mask
727 //
728 AddressEncMask = InternalGetMemEncryptionAddressMask ();
729 if (!AddressEncMask) {
730 return RETURN_ACCESS_DENIED;
731 }
732
733 PgTableMask = AddressEncMask | EFI_PAGE_MASK;
734
735 if (Length == 0) {
736 return RETURN_INVALID_PARAMETER;
737 }
738
739 //
740 // We are going to change the memory encryption attribute from C=0 -> C=1 or
741 // vice versa Flush the caches to ensure that data is written into memory
742 // with correct C-bit
743 //
744 if (CacheFlush) {
745 WriteBackInvalidateDataCacheRange ((VOID *)(UINTN)PhysicalAddress, Length);
746 }
747
748 //
749 // Make sure that the page table is changeable.
750 //
751 IsWpEnabled = IsReadOnlyPageWriteProtected ();
752 if (IsWpEnabled) {
753 DisableReadOnlyPageWriteProtect ();
754 }
755
756 Status = EFI_SUCCESS;
757
758 //
759 // To maintain the security gurantees we must set the page to shared in the RMP
760 // table before clearing the memory encryption mask from the current page table.
761 //
762 // The InternalSetPageState() is used for setting the page state in the RMP table.
763 //
764 if (!Mmio && (Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) {
765 InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), SevSnpPageShared, FALSE);
766 }
767
768 //
769 // Save the specified length and physical address (we need it later).
770 //
771 OrigLength = Length;
772 OrigPhysicalAddress = PhysicalAddress;
773
774 while (Length != 0) {
775 //
776 // If Cr3BaseAddress is not specified then read the current CR3
777 //
778 if (Cr3BaseAddress == 0) {
779 Cr3BaseAddress = AsmReadCr3 ();
780 }
781
782 PageMapLevel4Entry = (VOID *)(Cr3BaseAddress & ~PgTableMask);
783 PageMapLevel4Entry += PML4_OFFSET (PhysicalAddress);
784 if (!PageMapLevel4Entry->Bits.Present) {
785 DEBUG ((
786 DEBUG_ERROR,
787 "%a:%a: bad PML4 for Physical=0x%Lx\n",
788 gEfiCallerBaseName,
789 __FUNCTION__,
790 PhysicalAddress
791 ));
792 Status = RETURN_NO_MAPPING;
793 goto Done;
794 }
795
796 PageDirectory1GEntry = (VOID *)(
797 (PageMapLevel4Entry->Bits.PageTableBaseAddress <<
798 12) & ~PgTableMask
799 );
800 PageDirectory1GEntry += PDP_OFFSET (PhysicalAddress);
801 if (!PageDirectory1GEntry->Bits.Present) {
802 DEBUG ((
803 DEBUG_ERROR,
804 "%a:%a: bad PDPE for Physical=0x%Lx\n",
805 gEfiCallerBaseName,
806 __FUNCTION__,
807 PhysicalAddress
808 ));
809 Status = RETURN_NO_MAPPING;
810 goto Done;
811 }
812
813 //
814 // If the MustBe1 bit is not 1, it's not actually a 1GB entry
815 //
816 if (PageDirectory1GEntry->Bits.MustBe1) {
817 //
818 // Valid 1GB page
819 // If we have at least 1GB to go, we can just update this entry
820 //
821 if (((PhysicalAddress & (BIT30 - 1)) == 0) && (Length >= BIT30)) {
822 SetOrClearCBit (&PageDirectory1GEntry->Uint64, Mode);
823 DEBUG ((
824 DEBUG_VERBOSE,
825 "%a:%a: updated 1GB entry for Physical=0x%Lx\n",
826 gEfiCallerBaseName,
827 __FUNCTION__,
828 PhysicalAddress
829 ));
830 PhysicalAddress += BIT30;
831 Length -= BIT30;
832 } else {
833 //
834 // We must split the page
835 //
836 DEBUG ((
837 DEBUG_VERBOSE,
838 "%a:%a: splitting 1GB page for Physical=0x%Lx\n",
839 gEfiCallerBaseName,
840 __FUNCTION__,
841 PhysicalAddress
842 ));
843 Split1GPageTo2M (
844 (UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30,
845 (UINT64 *)PageDirectory1GEntry,
846 0,
847 0
848 );
849 continue;
850 }
851 } else {
852 //
853 // Actually a PDP
854 //
855 PageUpperDirectoryPointerEntry =
856 (PAGE_MAP_AND_DIRECTORY_POINTER *)PageDirectory1GEntry;
857 PageDirectory2MEntry =
858 (VOID *)(
859 (PageUpperDirectoryPointerEntry->Bits.PageTableBaseAddress <<
860 12) & ~PgTableMask
861 );
862 PageDirectory2MEntry += PDE_OFFSET (PhysicalAddress);
863 if (!PageDirectory2MEntry->Bits.Present) {
864 DEBUG ((
865 DEBUG_ERROR,
866 "%a:%a: bad PDE for Physical=0x%Lx\n",
867 gEfiCallerBaseName,
868 __FUNCTION__,
869 PhysicalAddress
870 ));
871 Status = RETURN_NO_MAPPING;
872 goto Done;
873 }
874
875 //
876 // If the MustBe1 bit is not a 1, it's not a 2MB entry
877 //
878 if (PageDirectory2MEntry->Bits.MustBe1) {
879 //
880 // Valid 2MB page
881 // If we have at least 2MB left to go, we can just update this entry
882 //
883 if (((PhysicalAddress & (BIT21-1)) == 0) && (Length >= BIT21)) {
884 SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
885 PhysicalAddress += BIT21;
886 Length -= BIT21;
887 } else {
888 //
889 // We must split up this page into 4K pages
890 //
891 DEBUG ((
892 DEBUG_VERBOSE,
893 "%a:%a: splitting 2MB page for Physical=0x%Lx\n",
894 gEfiCallerBaseName,
895 __FUNCTION__,
896 PhysicalAddress
897 ));
898 Split2MPageTo4K (
899 (UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21,
900 (UINT64 *)PageDirectory2MEntry,
901 0,
902 0
903 );
904 continue;
905 }
906 } else {
907 PageDirectoryPointerEntry =
908 (PAGE_MAP_AND_DIRECTORY_POINTER *)PageDirectory2MEntry;
909 PageTableEntry =
910 (VOID *)(
911 (PageDirectoryPointerEntry->Bits.PageTableBaseAddress <<
912 12) & ~PgTableMask
913 );
914 PageTableEntry += PTE_OFFSET (PhysicalAddress);
915 if (!PageTableEntry->Bits.Present) {
916 DEBUG ((
917 DEBUG_ERROR,
918 "%a:%a: bad PTE for Physical=0x%Lx\n",
919 gEfiCallerBaseName,
920 __FUNCTION__,
921 PhysicalAddress
922 ));
923 Status = RETURN_NO_MAPPING;
924 goto Done;
925 }
926
927 SetOrClearCBit (&PageTableEntry->Uint64, Mode);
928 PhysicalAddress += EFI_PAGE_SIZE;
929 Length -= EFI_PAGE_SIZE;
930 }
931 }
932 }
933
934 //
935 // Protect the page table by marking the memory used for page table to be
936 // read-only.
937 //
938 if (IsWpEnabled) {
939 EnablePageTableProtection ((UINTN)PageMapLevel4Entry, TRUE);
940 }
941
942 //
943 // Flush TLB
944 //
945 CpuFlushTlb ();
946
947 //
948 // SEV-SNP requires that all the private pages (i.e pages mapped encrypted) must be
949 // added in the RMP table before the access.
950 //
951 // The InternalSetPageState() is used for setting the page state in the RMP table.
952 //
953 if ((Mode == SetCBit) && MemEncryptSevSnpIsEnabled ()) {
954 InternalSetPageState (
955 OrigPhysicalAddress,
956 EFI_SIZE_TO_PAGES (OrigLength),
957 SevSnpPagePrivate,
958 FALSE
959 );
960 }
961
962 Done:
963 //
964 // Restore page table write protection, if any.
965 //
966 if (IsWpEnabled) {
967 EnableReadOnlyPageWriteProtect ();
968 }
969
970 return Status;
971 }
972
973 /**
974 This function clears memory encryption bit for the memory region specified by
975 PhysicalAddress and Length from the current page table context.
976
977 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
978 current CR3)
979 @param[in] PhysicalAddress The physical address that is the start
980 address of a memory region.
981 @param[in] Length The length of memory region
982
983 @retval RETURN_SUCCESS The attributes were cleared for the
984 memory region.
985 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
986 @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute
987 is not supported
988 **/
989 RETURN_STATUS
990 EFIAPI
991 InternalMemEncryptSevSetMemoryDecrypted (
992 IN PHYSICAL_ADDRESS Cr3BaseAddress,
993 IN PHYSICAL_ADDRESS PhysicalAddress,
994 IN UINTN Length
995 )
996 {
997 return SetMemoryEncDec (
998 Cr3BaseAddress,
999 PhysicalAddress,
1000 Length,
1001 ClearCBit,
1002 TRUE,
1003 FALSE
1004 );
1005 }
1006
1007 /**
1008 This function sets memory encryption bit for the memory region specified by
1009 PhysicalAddress and Length from the current page table context.
1010
1011 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
1012 current CR3)
1013 @param[in] PhysicalAddress The physical address that is the start
1014 address of a memory region.
1015 @param[in] Length The length of memory region
1016
1017 @retval RETURN_SUCCESS The attributes were set for the memory
1018 region.
1019 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
1020 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
1021 is not supported
1022 **/
1023 RETURN_STATUS
1024 EFIAPI
1025 InternalMemEncryptSevSetMemoryEncrypted (
1026 IN PHYSICAL_ADDRESS Cr3BaseAddress,
1027 IN PHYSICAL_ADDRESS PhysicalAddress,
1028 IN UINTN Length
1029 )
1030 {
1031 return SetMemoryEncDec (
1032 Cr3BaseAddress,
1033 PhysicalAddress,
1034 Length,
1035 SetCBit,
1036 TRUE,
1037 FALSE
1038 );
1039 }
1040
1041 /**
1042 This function clears memory encryption bit for the MMIO region specified by
1043 PhysicalAddress and Length.
1044
1045 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
1046 current CR3)
1047 @param[in] PhysicalAddress The physical address that is the start
1048 address of a MMIO region.
1049 @param[in] Length The length of memory region
1050
1051 @retval RETURN_SUCCESS The attributes were cleared for the
1052 memory region.
1053 @retval RETURN_INVALID_PARAMETER Length is zero.
1054 @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute
1055 is not supported
1056 **/
1057 RETURN_STATUS
1058 EFIAPI
1059 InternalMemEncryptSevClearMmioPageEncMask (
1060 IN PHYSICAL_ADDRESS Cr3BaseAddress,
1061 IN PHYSICAL_ADDRESS PhysicalAddress,
1062 IN UINTN Length
1063 )
1064 {
1065 return SetMemoryEncDec (
1066 Cr3BaseAddress,
1067 PhysicalAddress,
1068 Length,
1069 ClearCBit,
1070 FALSE,
1071 TRUE
1072 );
1073 }
EFI Development Kit II mirror for PVE