#include <Library/DebugLib.h>\r
#include <Library/UefiBootServicesTableLib.h>\r
#include <Protocol/MpService.h>\r
+\r
+#include "CpuDxe.h"\r
#include "CpuPageTable.h"\r
\r
///\r
{Page1G, SIZE_1GB, PAGING_1G_ADDRESS_MASK_64},\r
};\r
\r
-/**\r
- Enable write protection function for AP.\r
-\r
- @param[in,out] Buffer The pointer to private data buffer.\r
-**/\r
-VOID\r
-EFIAPI\r
-SyncCpuEnableWriteProtection (\r
- IN OUT VOID *Buffer\r
- )\r
-{\r
- AsmWriteCr0 (AsmReadCr0 () | BIT16);\r
-}\r
-\r
-/**\r
- CpuFlushTlb function for AP.\r
-\r
- @param[in,out] Buffer The pointer to private data buffer.\r
-**/\r
-VOID\r
-EFIAPI\r
-SyncCpuFlushTlb (\r
- IN OUT VOID *Buffer\r
- )\r
-{\r
- CpuFlushTlb();\r
-}\r
-\r
-/**\r
- Sync memory page attributes for AP.\r
-\r
- @param[in] Procedure A pointer to the function to be run on enabled APs of\r
- the system.\r
-**/\r
-VOID\r
-SyncMemoryPageAttributesAp (\r
- IN EFI_AP_PROCEDURE Procedure\r
- )\r
-{\r
- EFI_STATUS Status;\r
- EFI_MP_SERVICES_PROTOCOL *MpService;\r
-\r
- Status = gBS->LocateProtocol (\r
- &gEfiMpServiceProtocolGuid,\r
- NULL,\r
- (VOID **)&MpService\r
- );\r
- //\r
- // Synchronize the update with all APs\r
- //\r
- if (!EFI_ERROR (Status)) {\r
- Status = MpService->StartupAllAPs (\r
- MpService, // This\r
- Procedure, // Procedure\r
- FALSE, // SingleThread\r
- NULL, // WaitEvent\r
- 0, // TimeoutInMicrosecsond\r
- NULL, // ProcedureArgument\r
- NULL // FailedCpuList\r
- );\r
- ASSERT (Status == EFI_SUCCESS || Status == EFI_NOT_STARTED || Status == EFI_NOT_READY);\r
- }\r
-}\r
+PAGE_TABLE_POOL *mPageTablePool = NULL;\r
\r
/**\r
Return current paging context.\r
}\r
if ((AsmReadCr0 () & BIT31) != 0) {\r
PagingContext->ContextData.X64.PageTableBase = (AsmReadCr3 () & PAGING_4K_ADDRESS_MASK_64);\r
- if ((AsmReadCr0 () & BIT16) == 0) {\r
- AsmWriteCr0 (AsmReadCr0 () | BIT16);\r
- SyncMemoryPageAttributesAp (SyncCpuEnableWriteProtection);\r
- }\r
} else {\r
PagingContext->ContextData.X64.PageTableBase = 0;\r
}\r
AsmCpuid (0x80000001, NULL, NULL, NULL, &RegEdx);\r
if ((RegEdx & BIT20) != 0) {\r
// XD supported\r
- if ((AsmReadMsr64 (0x000001A0) & BIT34) == 0) {\r
- // XD enabled\r
- if ((AsmReadMsr64 (0xC0000080) & BIT11) != 0) {\r
- // XD activated\r
- PagingContext->ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_XD_ACTIVATED;\r
- }\r
+ if ((AsmReadMsr64 (0xC0000080) & BIT11) != 0) {\r
+ // XD activated\r
+ PagingContext->ContextData.Ia32.Attributes |= PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_XD_ACTIVATED;\r
}\r
}\r
if ((RegEdx & BIT26) != 0) {\r
*PageEntry = NewPageEntry;\r
if (CurrentPageEntry != NewPageEntry) {\r
*IsModified = TRUE;\r
- DEBUG ((DEBUG_INFO, "ConvertPageEntryAttribute 0x%lx", CurrentPageEntry));\r
- DEBUG ((DEBUG_INFO, "->0x%lx\n", NewPageEntry));\r
+ DEBUG ((DEBUG_VERBOSE, "ConvertPageEntryAttribute 0x%lx", CurrentPageEntry));\r
+ DEBUG ((DEBUG_VERBOSE, "->0x%lx\n", NewPageEntry));\r
} else {\r
*IsModified = FALSE;\r
}\r
for (Index = 0; Index < SIZE_4KB / sizeof(UINT64); Index++) {\r
NewPageEntry[Index] = (BaseAddress + SIZE_4KB * Index) | AddressEncMask | ((*PageEntry) & PAGE_PROGATE_BITS);\r
}\r
- (*PageEntry) = (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*PageEntry) & PAGE_PROGATE_BITS);\r
+ (*PageEntry) = (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*PageEntry) & PAGE_ATTRIBUTE_BITS);\r
return RETURN_SUCCESS;\r
} else {\r
return RETURN_UNSUPPORTED;\r
for (Index = 0; Index < SIZE_4KB / sizeof(UINT64); Index++) {\r
NewPageEntry[Index] = (BaseAddress + SIZE_2MB * Index) | AddressEncMask | IA32_PG_PS | ((*PageEntry) & PAGE_PROGATE_BITS);\r
}\r
- (*PageEntry) = (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*PageEntry) & PAGE_PROGATE_BITS);\r
+ (*PageEntry) = (UINT64)(UINTN)NewPageEntry | AddressEncMask | ((*PageEntry) & PAGE_ATTRIBUTE_BITS);\r
return RETURN_SUCCESS;\r
} else {\r
return RETURN_UNSUPPORTED;\r
}\r
}\r
\r
+/**\r
+ Check the WP status in CR0 register. This bit is used to lock or unlock write\r
+ access to pages marked as read-only.\r
+\r
+ @retval TRUE Write protection is enabled.\r
+ @retval FALSE Write protection is disabled.\r
+**/\r
+BOOLEAN\r
+IsReadOnlyPageWriteProtected (\r
+ VOID\r
+ )\r
+{\r
+ return ((AsmReadCr0 () & BIT16) != 0);\r
+}\r
+\r
+/**\r
+ Disable Write Protect on pages marked as read-only.\r
+**/\r
+VOID\r
+DisableReadOnlyPageWriteProtect (\r
+ VOID\r
+ )\r
+{\r
+ AsmWriteCr0 (AsmReadCr0() & ~BIT16);\r
+}\r
+\r
+/**\r
+ Enable Write Protect on pages marked as read-only.\r
+**/\r
+VOID\r
+EnableReadOnlyPageWriteProtect (\r
+ VOID\r
+ )\r
+{\r
+ AsmWriteCr0 (AsmReadCr0() | BIT16);\r
+}\r
+\r
/**\r
This function modifies the page attributes for the memory region specified by BaseAddress and\r
Length from their current attributes to the attributes specified by Attributes.\r
PAGE_ATTRIBUTE SplitAttribute;\r
RETURN_STATUS Status;\r
BOOLEAN IsEntryModified;\r
+ BOOLEAN IsWpEnabled;\r
\r
if ((BaseAddress & (SIZE_4KB - 1)) != 0) {\r
DEBUG ((DEBUG_ERROR, "BaseAddress(0x%lx) is not aligned!\n", BaseAddress));\r
switch(CurrentPagingContext.MachineType) {\r
case IMAGE_FILE_MACHINE_I386:\r
if (CurrentPagingContext.ContextData.Ia32.PageTableBase == 0) {\r
- DEBUG ((DEBUG_ERROR, "PageTable is 0!\n"));\r
if (Attributes == 0) {\r
return EFI_SUCCESS;\r
} else {\r
+ DEBUG ((DEBUG_ERROR, "PageTable is 0!\n"));\r
return EFI_UNSUPPORTED;\r
}\r
}\r
DEBUG ((DEBUG_ERROR, "Non-PAE Paging!\n"));\r
return EFI_UNSUPPORTED;\r
}\r
+ if ((BaseAddress + Length) > BASE_4GB) {\r
+ DEBUG ((DEBUG_ERROR, "Beyond 4GB memory in 32-bit mode!\n"));\r
+ return EFI_UNSUPPORTED;\r
+ }\r
break;\r
case IMAGE_FILE_MACHINE_X64:\r
ASSERT (CurrentPagingContext.ContextData.X64.PageTableBase != 0);\r
if (IsModified != NULL) {\r
*IsModified = FALSE;\r
}\r
+ if (AllocatePagesFunc == NULL) {\r
+ AllocatePagesFunc = AllocatePageTableMemory;\r
+ }\r
+\r
+ //\r
+ // Make sure that the page table is changeable.\r
+ //\r
+ IsWpEnabled = IsReadOnlyPageWriteProtected ();\r
+ if (IsWpEnabled) {\r
+ DisableReadOnlyPageWriteProtect ();\r
+ }\r
\r
//\r
// Below logic is to check 2M/4K page to make sure we donot waist memory.\r
//\r
+ Status = EFI_SUCCESS;\r
while (Length != 0) {\r
PageEntry = GetPageTableEntry (&CurrentPagingContext, BaseAddress, &PageAttribute);\r
if (PageEntry == NULL) {\r
- return RETURN_UNSUPPORTED;\r
+ Status = RETURN_UNSUPPORTED;\r
+ goto Done;\r
}\r
PageEntryLength = PageAttributeToLength (PageAttribute);\r
SplitAttribute = NeedSplitPage (BaseAddress, Length, PageEntry, PageAttribute);\r
Length -= PageEntryLength;\r
} else {\r
if (AllocatePagesFunc == NULL) {\r
- return RETURN_UNSUPPORTED;\r
+ Status = RETURN_UNSUPPORTED;\r
+ goto Done;\r
}\r
Status = SplitPage (PageEntry, PageAttribute, SplitAttribute, AllocatePagesFunc);\r
if (RETURN_ERROR (Status)) {\r
- return RETURN_UNSUPPORTED;\r
+ Status = RETURN_UNSUPPORTED;\r
+ goto Done;\r
}\r
if (IsSplitted != NULL) {\r
*IsSplitted = TRUE;\r
}\r
}\r
\r
- return RETURN_SUCCESS;\r
+Done:\r
+ //\r
+ // Restore page table write protection, if any.\r
+ //\r
+ if (IsWpEnabled) {\r
+ EnableReadOnlyPageWriteProtect ();\r
+ }\r
+ return Status;\r
}\r
\r
/**\r
if (!EFI_ERROR(Status)) {\r
if ((PagingContext == NULL) && IsModified) {\r
//\r
- // Flush TLB as last step\r
+ // Flush TLB as last step.\r
+ //\r
+ // Note: Since APs will always init CR3 register in HLT loop mode or do\r
+ // TLB flush in MWAIT loop mode, there's no need to flush TLB for them\r
+ // here.\r
//\r
CpuFlushTlb();\r
- SyncMemoryPageAttributesAp (SyncCpuFlushTlb);\r
}\r
}\r
\r
return Status;\r
}\r
\r
+/**\r
+ Check if Execute Disable feature is enabled or not.\r
+**/\r
+BOOLEAN\r
+IsExecuteDisableEnabled (\r
+ VOID\r
+ )\r
+{\r
+ MSR_CORE_IA32_EFER_REGISTER MsrEfer;\r
+\r
+ MsrEfer.Uint64 = AsmReadMsr64 (MSR_IA32_EFER);\r
+ return (MsrEfer.Bits.NXE == 1);\r
+}\r
+\r
+/**\r
+ Update GCD memory space attributes according to current page table setup.\r
+**/\r
+VOID\r
+RefreshGcdMemoryAttributesFromPaging (\r
+ VOID\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ UINTN NumberOfDescriptors;\r
+ EFI_GCD_MEMORY_SPACE_DESCRIPTOR *MemorySpaceMap;\r
+ PAGE_TABLE_LIB_PAGING_CONTEXT PagingContext;\r
+ PAGE_ATTRIBUTE PageAttribute;\r
+ UINT64 *PageEntry;\r
+ UINT64 PageLength;\r
+ UINT64 MemorySpaceLength;\r
+ UINT64 Length;\r
+ UINT64 BaseAddress;\r
+ UINT64 PageStartAddress;\r
+ UINT64 Attributes;\r
+ UINT64 Capabilities;\r
+ UINT64 NewAttributes;\r
+ UINTN Index;\r
+\r
+ //\r
+ // Assuming that memory space map returned is sorted already; otherwise sort\r
+ // them in the order of lowest address to highest address.\r
+ //\r
+ Status = gDS->GetMemorySpaceMap (&NumberOfDescriptors, &MemorySpaceMap);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ GetCurrentPagingContext (&PagingContext);\r
+\r
+ Attributes = 0;\r
+ NewAttributes = 0;\r
+ BaseAddress = 0;\r
+ PageLength = 0;\r
+\r
+ if (IsExecuteDisableEnabled ()) {\r
+ Capabilities = EFI_MEMORY_RO | EFI_MEMORY_RP | EFI_MEMORY_XP;\r
+ } else {\r
+ Capabilities = EFI_MEMORY_RO | EFI_MEMORY_RP;\r
+ }\r
+\r
+ for (Index = 0; Index < NumberOfDescriptors; Index++) {\r
+ if (MemorySpaceMap[Index].GcdMemoryType == EfiGcdMemoryTypeNonExistent) {\r
+ continue;\r
+ }\r
+\r
+ //\r
+ // Sync the actual paging related capabilities back to GCD service first.\r
+ // As a side effect (good one), this can also help to avoid unnecessary\r
+ // memory map entries due to the different capabilities of the same type\r
+ // memory, such as multiple RT_CODE and RT_DATA entries in memory map,\r
+ // which could cause boot failure of some old Linux distro (before v4.3).\r
+ //\r
+ Status = gDS->SetMemorySpaceCapabilities (\r
+ MemorySpaceMap[Index].BaseAddress,\r
+ MemorySpaceMap[Index].Length,\r
+ MemorySpaceMap[Index].Capabilities | Capabilities\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ //\r
+ // If we cannot udpate the capabilities, we cannot update its\r
+ // attributes either. So just simply skip current block of memory.\r
+ //\r
+ DEBUG ((\r
+ DEBUG_WARN,\r
+ "Failed to update capability: [%lu] %016lx - %016lx (%016lx -> %016lx)\r\n",\r
+ (UINT64)Index, MemorySpaceMap[Index].BaseAddress,\r
+ MemorySpaceMap[Index].BaseAddress + MemorySpaceMap[Index].Length - 1,\r
+ MemorySpaceMap[Index].Capabilities,\r
+ MemorySpaceMap[Index].Capabilities | Capabilities\r
+ ));\r
+ continue;\r
+ }\r
+\r
+ if (MemorySpaceMap[Index].BaseAddress >= (BaseAddress + PageLength)) {\r
+ //\r
+ // Current memory space starts at a new page. Resetting PageLength will\r
+ // trigger a retrieval of page attributes at new address.\r
+ //\r
+ PageLength = 0;\r
+ } else {\r
+ //\r
+ // In case current memory space is not adjacent to last one\r
+ //\r
+ PageLength -= (MemorySpaceMap[Index].BaseAddress - BaseAddress);\r
+ }\r
+\r
+ //\r
+ // Sync actual page attributes to GCD\r
+ //\r
+ BaseAddress = MemorySpaceMap[Index].BaseAddress;\r
+ MemorySpaceLength = MemorySpaceMap[Index].Length;\r
+ while (MemorySpaceLength > 0) {\r
+ if (PageLength == 0) {\r
+ PageEntry = GetPageTableEntry (&PagingContext, BaseAddress, &PageAttribute);\r
+ if (PageEntry == NULL) {\r
+ break;\r
+ }\r
+\r
+ //\r
+ // Note current memory space might start in the middle of a page\r
+ //\r
+ PageStartAddress = (*PageEntry) & (UINT64)PageAttributeToMask(PageAttribute);\r
+ PageLength = PageAttributeToLength (PageAttribute) - (BaseAddress - PageStartAddress);\r
+ Attributes = GetAttributesFromPageEntry (PageEntry);\r
+ }\r
+\r
+ Length = MIN (PageLength, MemorySpaceLength);\r
+ if (Attributes != (MemorySpaceMap[Index].Attributes &\r
+ EFI_MEMORY_PAGETYPE_MASK)) {\r
+ NewAttributes = (MemorySpaceMap[Index].Attributes &\r
+ ~EFI_MEMORY_PAGETYPE_MASK) | Attributes;\r
+ Status = gDS->SetMemorySpaceAttributes (\r
+ BaseAddress,\r
+ Length,\r
+ NewAttributes\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+ DEBUG ((\r
+ DEBUG_VERBOSE,\r
+ "Updated memory space attribute: [%lu] %016lx - %016lx (%016lx -> %016lx)\r\n",\r
+ (UINT64)Index, BaseAddress, BaseAddress + Length - 1,\r
+ MemorySpaceMap[Index].Attributes,\r
+ NewAttributes\r
+ ));\r
+ }\r
+\r
+ PageLength -= Length;\r
+ MemorySpaceLength -= Length;\r
+ BaseAddress += Length;\r
+ }\r
+ }\r
+\r
+ FreePool (MemorySpaceMap);\r
+}\r
+\r
+/**\r
+ Initialize a buffer pool for page table use only.\r
+\r
+ To reduce the potential split operation on page table, the pages reserved for\r
+ page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and\r
+ at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always\r
+ initialized with number of pages greater than or equal to the given PoolPages.\r
+\r
+ Once the pages in the pool are used up, this method should be called again to\r
+ reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't happen\r
+ often in practice.\r
+\r
+ @param[in] PoolPages The least page number of the pool to be created.\r
+\r
+ @retval TRUE The pool is initialized successfully.\r
+ @retval FALSE The memory is out of resource.\r
+**/\r
+BOOLEAN\r
+InitializePageTablePool (\r
+ IN UINTN PoolPages\r
+ )\r
+{\r
+ VOID *Buffer;\r
+ BOOLEAN IsModified;\r
+\r
+ //\r
+ // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one page for\r
+ // header.\r
+ //\r
+ PoolPages += 1; // Add one page for header.\r
+ PoolPages = ((PoolPages - 1) / PAGE_TABLE_POOL_UNIT_PAGES + 1) *\r
+ PAGE_TABLE_POOL_UNIT_PAGES;\r
+ Buffer = AllocateAlignedPages (PoolPages, PAGE_TABLE_POOL_ALIGNMENT);\r
+ if (Buffer == NULL) {\r
+ DEBUG ((DEBUG_ERROR, "ERROR: Out of aligned pages\r\n"));\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Link all pools into a list for easier track later.\r
+ //\r
+ if (mPageTablePool == NULL) {\r
+ mPageTablePool = Buffer;\r
+ mPageTablePool->NextPool = mPageTablePool;\r
+ } else {\r
+ ((PAGE_TABLE_POOL *)Buffer)->NextPool = mPageTablePool->NextPool;\r
+ mPageTablePool->NextPool = Buffer;\r
+ mPageTablePool = Buffer;\r
+ }\r
+\r
+ //\r
+ // Reserve one page for pool header.\r
+ //\r
+ mPageTablePool->FreePages = PoolPages - 1;\r
+ mPageTablePool->Offset = EFI_PAGES_TO_SIZE (1);\r
+\r
+ //\r
+ // Mark the whole pool pages as read-only.\r
+ //\r
+ ConvertMemoryPageAttributes (\r
+ NULL,\r
+ (PHYSICAL_ADDRESS)(UINTN)Buffer,\r
+ EFI_PAGES_TO_SIZE (PoolPages),\r
+ EFI_MEMORY_RO,\r
+ PageActionSet,\r
+ AllocatePageTableMemory,\r
+ NULL,\r
+ &IsModified\r
+ );\r
+ ASSERT (IsModified == TRUE);\r
+\r
+ return TRUE;\r
+}\r
+\r
+/**\r
+ This API provides a way to allocate memory for page table.\r
+\r
+ This API can be called more than once to allocate memory for page tables.\r
+\r
+ Allocates the number of 4KB pages and returns a pointer to the allocated\r
+ buffer. The buffer returned is aligned on a 4KB boundary.\r
+\r
+ If Pages is 0, then NULL is returned.\r
+ If there is not enough memory remaining to satisfy the request, then NULL is\r
+ returned.\r
+\r
+ @param Pages The number of 4 KB pages to allocate.\r
+\r
+ @return A pointer to the allocated buffer or NULL if allocation fails.\r
+\r
+**/\r
+VOID *\r
+EFIAPI\r
+AllocatePageTableMemory (\r
+ IN UINTN Pages\r
+ )\r
+{\r
+ VOID *Buffer;\r
+\r
+ if (Pages == 0) {\r
+ return NULL;\r
+ }\r
+\r
+ //\r
+ // Renew the pool if necessary.\r
+ //\r
+ if (mPageTablePool == NULL ||\r
+ Pages > mPageTablePool->FreePages) {\r
+ if (!InitializePageTablePool (Pages)) {\r
+ return NULL;\r
+ }\r
+ }\r
+\r
+ Buffer = (UINT8 *)mPageTablePool + mPageTablePool->Offset;\r
+\r
+ mPageTablePool->Offset += EFI_PAGES_TO_SIZE (Pages);\r
+ mPageTablePool->FreePages -= Pages;\r
+\r
+ return Buffer;\r
+}\r
+\r
/**\r
Initialize the Page Table lib.\r
**/\r
PAGE_TABLE_LIB_PAGING_CONTEXT CurrentPagingContext;\r
\r
GetCurrentPagingContext (&CurrentPagingContext);\r
+\r
+ //\r
+ // Reserve memory of page tables for future uses, if paging is enabled.\r
+ //\r
+ if (CurrentPagingContext.ContextData.X64.PageTableBase != 0 &&\r
+ (CurrentPagingContext.ContextData.Ia32.Attributes &\r
+ PAGE_TABLE_LIB_PAGING_CONTEXT_IA32_X64_ATTRIBUTES_PAE) != 0) {\r
+ DisableReadOnlyPageWriteProtect ();\r
+ InitializePageTablePool (1);\r
+ EnableReadOnlyPageWriteProtect ();\r
+ }\r
+\r
DEBUG ((DEBUG_INFO, "CurrentPagingContext:\n", CurrentPagingContext.MachineType));\r
DEBUG ((DEBUG_INFO, " MachineType - 0x%x\n", CurrentPagingContext.MachineType));\r
DEBUG ((DEBUG_INFO, " PageTableBase - 0x%x\n", CurrentPagingContext.ContextData.X64.PageTableBase));\r