]> git.proxmox.com Git - mirror_edk2.git/blob - MdeModulePkg/Core/Dxe/Mem/HeapGuard.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
MdeModulePkg: Clean up source files
[mirror_edk2.git] / MdeModulePkg / Core / Dxe / Mem / HeapGuard.c
1 /** @file
2 UEFI Heap Guard functions.
3
4 Copyright (c) 2017-2018, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "DxeMain.h"
16 #include "Imem.h"
17 #include "HeapGuard.h"
18
19 //
20 // Global to avoid infinite reentrance of memory allocation when updating
21 // page table attributes, which may need allocate pages for new PDE/PTE.
22 //
23 GLOBAL_REMOVE_IF_UNREFERENCED BOOLEAN mOnGuarding = FALSE;
24
25 //
26 // Pointer to table tracking the Guarded memory with bitmap, in which '1'
27 // is used to indicate memory guarded. '0' might be free memory or Guard
28 // page itself, depending on status of memory adjacent to it.
29 //
30 GLOBAL_REMOVE_IF_UNREFERENCED UINT64 mGuardedMemoryMap = 0;
31
32 //
33 // Current depth level of map table pointed by mGuardedMemoryMap.
34 // mMapLevel must be initialized at least by 1. It will be automatically
35 // updated according to the address of memory just tracked.
36 //
37 GLOBAL_REMOVE_IF_UNREFERENCED UINTN mMapLevel = 1;
38
39 //
40 // Shift and mask for each level of map table
41 //
42 GLOBAL_REMOVE_IF_UNREFERENCED UINTN mLevelShift[GUARDED_HEAP_MAP_TABLE_DEPTH]
43 = GUARDED_HEAP_MAP_TABLE_DEPTH_SHIFTS;
44 GLOBAL_REMOVE_IF_UNREFERENCED UINTN mLevelMask[GUARDED_HEAP_MAP_TABLE_DEPTH]
45 = GUARDED_HEAP_MAP_TABLE_DEPTH_MASKS;
46
47 /**
48 Set corresponding bits in bitmap table to 1 according to the address.
49
50 @param[in] Address Start address to set for.
51 @param[in] BitNumber Number of bits to set.
52 @param[in] BitMap Pointer to bitmap which covers the Address.
53
54 @return VOID.
55 **/
56 STATIC
57 VOID
58 SetBits (
59 IN EFI_PHYSICAL_ADDRESS Address,
60 IN UINTN BitNumber,
61 IN UINT64 *BitMap
62 )
63 {
64 UINTN Lsbs;
65 UINTN Qwords;
66 UINTN Msbs;
67 UINTN StartBit;
68 UINTN EndBit;
69
70 StartBit = (UINTN)GUARDED_HEAP_MAP_ENTRY_BIT_INDEX (Address);
71 EndBit = (StartBit + BitNumber - 1) % GUARDED_HEAP_MAP_ENTRY_BITS;
72
73 if ((StartBit + BitNumber) >= GUARDED_HEAP_MAP_ENTRY_BITS) {
74 Msbs = (GUARDED_HEAP_MAP_ENTRY_BITS - StartBit) %
75 GUARDED_HEAP_MAP_ENTRY_BITS;
76 Lsbs = (EndBit + 1) % GUARDED_HEAP_MAP_ENTRY_BITS;
77 Qwords = (BitNumber - Msbs) / GUARDED_HEAP_MAP_ENTRY_BITS;
78 } else {
79 Msbs = BitNumber;
80 Lsbs = 0;
81 Qwords = 0;
82 }
83
84 if (Msbs > 0) {
85 *BitMap |= LShiftU64 (LShiftU64 (1, Msbs) - 1, StartBit);
86 BitMap += 1;
87 }
88
89 if (Qwords > 0) {
90 SetMem64 ((VOID *)BitMap, Qwords * GUARDED_HEAP_MAP_ENTRY_BYTES,
91 (UINT64)-1);
92 BitMap += Qwords;
93 }
94
95 if (Lsbs > 0) {
96 *BitMap |= (LShiftU64 (1, Lsbs) - 1);
97 }
98 }
99
100 /**
101 Set corresponding bits in bitmap table to 0 according to the address.
102
103 @param[in] Address Start address to set for.
104 @param[in] BitNumber Number of bits to set.
105 @param[in] BitMap Pointer to bitmap which covers the Address.
106
107 @return VOID.
108 **/
109 STATIC
110 VOID
111 ClearBits (
112 IN EFI_PHYSICAL_ADDRESS Address,
113 IN UINTN BitNumber,
114 IN UINT64 *BitMap
115 )
116 {
117 UINTN Lsbs;
118 UINTN Qwords;
119 UINTN Msbs;
120 UINTN StartBit;
121 UINTN EndBit;
122
123 StartBit = (UINTN)GUARDED_HEAP_MAP_ENTRY_BIT_INDEX (Address);
124 EndBit = (StartBit + BitNumber - 1) % GUARDED_HEAP_MAP_ENTRY_BITS;
125
126 if ((StartBit + BitNumber) >= GUARDED_HEAP_MAP_ENTRY_BITS) {
127 Msbs = (GUARDED_HEAP_MAP_ENTRY_BITS - StartBit) %
128 GUARDED_HEAP_MAP_ENTRY_BITS;
129 Lsbs = (EndBit + 1) % GUARDED_HEAP_MAP_ENTRY_BITS;
130 Qwords = (BitNumber - Msbs) / GUARDED_HEAP_MAP_ENTRY_BITS;
131 } else {
132 Msbs = BitNumber;
133 Lsbs = 0;
134 Qwords = 0;
135 }
136
137 if (Msbs > 0) {
138 *BitMap &= ~LShiftU64 (LShiftU64 (1, Msbs) - 1, StartBit);
139 BitMap += 1;
140 }
141
142 if (Qwords > 0) {
143 SetMem64 ((VOID *)BitMap, Qwords * GUARDED_HEAP_MAP_ENTRY_BYTES, 0);
144 BitMap += Qwords;
145 }
146
147 if (Lsbs > 0) {
148 *BitMap &= ~(LShiftU64 (1, Lsbs) - 1);
149 }
150 }
151
152 /**
153 Get corresponding bits in bitmap table according to the address.
154
155 The value of bit 0 corresponds to the status of memory at given Address.
156 No more than 64 bits can be retrieved in one call.
157
158 @param[in] Address Start address to retrieve bits for.
159 @param[in] BitNumber Number of bits to get.
160 @param[in] BitMap Pointer to bitmap which covers the Address.
161
162 @return An integer containing the bits information.
163 **/
164 STATIC
165 UINT64
166 GetBits (
167 IN EFI_PHYSICAL_ADDRESS Address,
168 IN UINTN BitNumber,
169 IN UINT64 *BitMap
170 )
171 {
172 UINTN StartBit;
173 UINTN EndBit;
174 UINTN Lsbs;
175 UINTN Msbs;
176 UINT64 Result;
177
178 ASSERT (BitNumber <= GUARDED_HEAP_MAP_ENTRY_BITS);
179
180 StartBit = (UINTN)GUARDED_HEAP_MAP_ENTRY_BIT_INDEX (Address);
181 EndBit = (StartBit + BitNumber - 1) % GUARDED_HEAP_MAP_ENTRY_BITS;
182
183 if ((StartBit + BitNumber) > GUARDED_HEAP_MAP_ENTRY_BITS) {
184 Msbs = GUARDED_HEAP_MAP_ENTRY_BITS - StartBit;
185 Lsbs = (EndBit + 1) % GUARDED_HEAP_MAP_ENTRY_BITS;
186 } else {
187 Msbs = BitNumber;
188 Lsbs = 0;
189 }
190
191 if (StartBit == 0 && BitNumber == GUARDED_HEAP_MAP_ENTRY_BITS) {
192 Result = *BitMap;
193 } else {
194 Result = RShiftU64((*BitMap), StartBit) & (LShiftU64(1, Msbs) - 1);
195 if (Lsbs > 0) {
196 BitMap += 1;
197 Result |= LShiftU64 ((*BitMap) & (LShiftU64 (1, Lsbs) - 1), Msbs);
198 }
199 }
200
201 return Result;
202 }
203
204 /**
205 Locate the pointer of bitmap from the guarded memory bitmap tables, which
206 covers the given Address.
207
208 @param[in] Address Start address to search the bitmap for.
209 @param[in] AllocMapUnit Flag to indicate memory allocation for the table.
210 @param[out] BitMap Pointer to bitmap which covers the Address.
211
212 @return The bit number from given Address to the end of current map table.
213 **/
214 UINTN
215 FindGuardedMemoryMap (
216 IN EFI_PHYSICAL_ADDRESS Address,
217 IN BOOLEAN AllocMapUnit,
218 OUT UINT64 **BitMap
219 )
220 {
221 UINTN Level;
222 UINT64 *GuardMap;
223 UINT64 MapMemory;
224 UINTN Index;
225 UINTN Size;
226 UINTN BitsToUnitEnd;
227 EFI_STATUS Status;
228
229 //
230 // Adjust current map table depth according to the address to access
231 //
232 while (AllocMapUnit &&
233 mMapLevel < GUARDED_HEAP_MAP_TABLE_DEPTH &&
234 RShiftU64 (
235 Address,
236 mLevelShift[GUARDED_HEAP_MAP_TABLE_DEPTH - mMapLevel - 1]
237 ) != 0) {
238
239 if (mGuardedMemoryMap != 0) {
240 Size = (mLevelMask[GUARDED_HEAP_MAP_TABLE_DEPTH - mMapLevel - 1] + 1)
241 * GUARDED_HEAP_MAP_ENTRY_BYTES;
242 Status = CoreInternalAllocatePages (
243 AllocateAnyPages,
244 EfiBootServicesData,
245 EFI_SIZE_TO_PAGES (Size),
246 &MapMemory,
247 FALSE
248 );
249 ASSERT_EFI_ERROR (Status);
250 ASSERT (MapMemory != 0);
251
252 SetMem ((VOID *)(UINTN)MapMemory, Size, 0);
253
254 *(UINT64 *)(UINTN)MapMemory = mGuardedMemoryMap;
255 mGuardedMemoryMap = MapMemory;
256 }
257
258 mMapLevel++;
259
260 }
261
262 GuardMap = &mGuardedMemoryMap;
263 for (Level = GUARDED_HEAP_MAP_TABLE_DEPTH - mMapLevel;
264 Level < GUARDED_HEAP_MAP_TABLE_DEPTH;
265 ++Level) {
266
267 if (*GuardMap == 0) {
268 if (!AllocMapUnit) {
269 GuardMap = NULL;
270 break;
271 }
272
273 Size = (mLevelMask[Level] + 1) * GUARDED_HEAP_MAP_ENTRY_BYTES;
274 Status = CoreInternalAllocatePages (
275 AllocateAnyPages,
276 EfiBootServicesData,
277 EFI_SIZE_TO_PAGES (Size),
278 &MapMemory,
279 FALSE
280 );
281 ASSERT_EFI_ERROR (Status);
282 ASSERT (MapMemory != 0);
283
284 SetMem ((VOID *)(UINTN)MapMemory, Size, 0);
285 *GuardMap = MapMemory;
286 }
287
288 Index = (UINTN)RShiftU64 (Address, mLevelShift[Level]);
289 Index &= mLevelMask[Level];
290 GuardMap = (UINT64 *)(UINTN)((*GuardMap) + Index * sizeof (UINT64));
291
292 }
293
294 BitsToUnitEnd = GUARDED_HEAP_MAP_BITS - GUARDED_HEAP_MAP_BIT_INDEX (Address);
295 *BitMap = GuardMap;
296
297 return BitsToUnitEnd;
298 }
299
300 /**
301 Set corresponding bits in bitmap table to 1 according to given memory range.
302
303 @param[in] Address Memory address to guard from.
304 @param[in] NumberOfPages Number of pages to guard.
305
306 @return VOID.
307 **/
308 VOID
309 EFIAPI
310 SetGuardedMemoryBits (
311 IN EFI_PHYSICAL_ADDRESS Address,
312 IN UINTN NumberOfPages
313 )
314 {
315 UINT64 *BitMap;
316 UINTN Bits;
317 UINTN BitsToUnitEnd;
318
319 while (NumberOfPages > 0) {
320 BitsToUnitEnd = FindGuardedMemoryMap (Address, TRUE, &BitMap);
321 ASSERT (BitMap != NULL);
322
323 if (NumberOfPages > BitsToUnitEnd) {
324 // Cross map unit
325 Bits = BitsToUnitEnd;
326 } else {
327 Bits = NumberOfPages;
328 }
329
330 SetBits (Address, Bits, BitMap);
331
332 NumberOfPages -= Bits;
333 Address += EFI_PAGES_TO_SIZE (Bits);
334 }
335 }
336
337 /**
338 Clear corresponding bits in bitmap table according to given memory range.
339
340 @param[in] Address Memory address to unset from.
341 @param[in] NumberOfPages Number of pages to unset guard.
342
343 @return VOID.
344 **/
345 VOID
346 EFIAPI
347 ClearGuardedMemoryBits (
348 IN EFI_PHYSICAL_ADDRESS Address,
349 IN UINTN NumberOfPages
350 )
351 {
352 UINT64 *BitMap;
353 UINTN Bits;
354 UINTN BitsToUnitEnd;
355
356 while (NumberOfPages > 0) {
357 BitsToUnitEnd = FindGuardedMemoryMap (Address, TRUE, &BitMap);
358 ASSERT (BitMap != NULL);
359
360 if (NumberOfPages > BitsToUnitEnd) {
361 // Cross map unit
362 Bits = BitsToUnitEnd;
363 } else {
364 Bits = NumberOfPages;
365 }
366
367 ClearBits (Address, Bits, BitMap);
368
369 NumberOfPages -= Bits;
370 Address += EFI_PAGES_TO_SIZE (Bits);
371 }
372 }
373
374 /**
375 Retrieve corresponding bits in bitmap table according to given memory range.
376
377 @param[in] Address Memory address to retrieve from.
378 @param[in] NumberOfPages Number of pages to retrieve.
379
380 @return An integer containing the guarded memory bitmap.
381 **/
382 UINTN
383 GetGuardedMemoryBits (
384 IN EFI_PHYSICAL_ADDRESS Address,
385 IN UINTN NumberOfPages
386 )
387 {
388 UINT64 *BitMap;
389 UINTN Bits;
390 UINTN Result;
391 UINTN Shift;
392 UINTN BitsToUnitEnd;
393
394 ASSERT (NumberOfPages <= GUARDED_HEAP_MAP_ENTRY_BITS);
395
396 Result = 0;
397 Shift = 0;
398 while (NumberOfPages > 0) {
399 BitsToUnitEnd = FindGuardedMemoryMap (Address, FALSE, &BitMap);
400
401 if (NumberOfPages > BitsToUnitEnd) {
402 // Cross map unit
403 Bits = BitsToUnitEnd;
404 } else {
405 Bits = NumberOfPages;
406 }
407
408 if (BitMap != NULL) {
409 Result |= LShiftU64 (GetBits (Address, Bits, BitMap), Shift);
410 }
411
412 Shift += Bits;
413 NumberOfPages -= Bits;
414 Address += EFI_PAGES_TO_SIZE (Bits);
415 }
416
417 return Result;
418 }
419
420 /**
421 Get bit value in bitmap table for the given address.
422
423 @param[in] Address The address to retrieve for.
424
425 @return 1 or 0.
426 **/
427 UINTN
428 EFIAPI
429 GetGuardMapBit (
430 IN EFI_PHYSICAL_ADDRESS Address
431 )
432 {
433 UINT64 *GuardMap;
434
435 FindGuardedMemoryMap (Address, FALSE, &GuardMap);
436 if (GuardMap != NULL) {
437 if (RShiftU64 (*GuardMap,
438 GUARDED_HEAP_MAP_ENTRY_BIT_INDEX (Address)) & 1) {
439 return 1;
440 }
441 }
442
443 return 0;
444 }
445
446 /**
447 Set the bit in bitmap table for the given address.
448
449 @param[in] Address The address to set for.
450
451 @return VOID.
452 **/
453 VOID
454 EFIAPI
455 SetGuardMapBit (
456 IN EFI_PHYSICAL_ADDRESS Address
457 )
458 {
459 UINT64 *GuardMap;
460 UINT64 BitMask;
461
462 FindGuardedMemoryMap (Address, TRUE, &GuardMap);
463 if (GuardMap != NULL) {
464 BitMask = LShiftU64 (1, GUARDED_HEAP_MAP_ENTRY_BIT_INDEX (Address));
465 *GuardMap |= BitMask;
466 }
467 }
468
469 /**
470 Clear the bit in bitmap table for the given address.
471
472 @param[in] Address The address to clear for.
473
474 @return VOID.
475 **/
476 VOID
477 EFIAPI
478 ClearGuardMapBit (
479 IN EFI_PHYSICAL_ADDRESS Address
480 )
481 {
482 UINT64 *GuardMap;
483 UINT64 BitMask;
484
485 FindGuardedMemoryMap (Address, TRUE, &GuardMap);
486 if (GuardMap != NULL) {
487 BitMask = LShiftU64 (1, GUARDED_HEAP_MAP_ENTRY_BIT_INDEX (Address));
488 *GuardMap &= ~BitMask;
489 }
490 }
491
492 /**
493 Check to see if the page at the given address is a Guard page or not.
494
495 @param[in] Address The address to check for.
496
497 @return TRUE The page at Address is a Guard page.
498 @return FALSE The page at Address is not a Guard page.
499 **/
500 BOOLEAN
501 EFIAPI
502 IsGuardPage (
503 IN EFI_PHYSICAL_ADDRESS Address
504 )
505 {
506 UINTN BitMap;
507
508 //
509 // There must be at least one guarded page before and/or after given
510 // address if it's a Guard page. The bitmap pattern should be one of
511 // 001, 100 and 101
512 //
513 BitMap = GetGuardedMemoryBits (Address - EFI_PAGE_SIZE, 3);
514 return ((BitMap == BIT0) || (BitMap == BIT2) || (BitMap == (BIT2 | BIT0)));
515 }
516
517 /**
518 Check to see if the page at the given address is a head Guard page or not.
519
520 @param[in] Address The address to check for
521
522 @return TRUE The page at Address is a head Guard page
523 @return FALSE The page at Address is not a head Guard page
524 **/
525 BOOLEAN
526 EFIAPI
527 IsHeadGuard (
528 IN EFI_PHYSICAL_ADDRESS Address
529 )
530 {
531 return (GetGuardedMemoryBits (Address, 2) == BIT1);
532 }
533
534 /**
535 Check to see if the page at the given address is a tail Guard page or not.
536
537 @param[in] Address The address to check for.
538
539 @return TRUE The page at Address is a tail Guard page.
540 @return FALSE The page at Address is not a tail Guard page.
541 **/
542 BOOLEAN
543 EFIAPI
544 IsTailGuard (
545 IN EFI_PHYSICAL_ADDRESS Address
546 )
547 {
548 return (GetGuardedMemoryBits (Address - EFI_PAGE_SIZE, 2) == BIT0);
549 }
550
551 /**
552 Check to see if the page at the given address is guarded or not.
553
554 @param[in] Address The address to check for.
555
556 @return TRUE The page at Address is guarded.
557 @return FALSE The page at Address is not guarded.
558 **/
559 BOOLEAN
560 EFIAPI
561 IsMemoryGuarded (
562 IN EFI_PHYSICAL_ADDRESS Address
563 )
564 {
565 return (GetGuardMapBit (Address) == 1);
566 }
567
568 /**
569 Set the page at the given address to be a Guard page.
570
571 This is done by changing the page table attribute to be NOT PRSENT.
572
573 @param[in] BaseAddress Page address to Guard at
574
575 @return VOID
576 **/
577 VOID
578 EFIAPI
579 SetGuardPage (
580 IN EFI_PHYSICAL_ADDRESS BaseAddress
581 )
582 {
583 EFI_STATUS Status;
584
585 if (gCpu == NULL) {
586 return;
587 }
588
589 //
590 // Set flag to make sure allocating memory without GUARD for page table
591 // operation; otherwise infinite loops could be caused.
592 //
593 mOnGuarding = TRUE;
594 //
595 // Note: This might overwrite other attributes needed by other features,
596 // such as NX memory protection.
597 //
598 Status = gCpu->SetMemoryAttributes (gCpu, BaseAddress, EFI_PAGE_SIZE, EFI_MEMORY_RP);
599 ASSERT_EFI_ERROR (Status);
600 mOnGuarding = FALSE;
601 }
602
603 /**
604 Unset the Guard page at the given address to the normal memory.
605
606 This is done by changing the page table attribute to be PRSENT.
607
608 @param[in] BaseAddress Page address to Guard at.
609
610 @return VOID.
611 **/
612 VOID
613 EFIAPI
614 UnsetGuardPage (
615 IN EFI_PHYSICAL_ADDRESS BaseAddress
616 )
617 {
618 UINT64 Attributes;
619 EFI_STATUS Status;
620
621 if (gCpu == NULL) {
622 return;
623 }
624
625 //
626 // Once the Guard page is unset, it will be freed back to memory pool. NX
627 // memory protection must be restored for this page if NX is enabled for free
628 // memory.
629 //
630 Attributes = 0;
631 if ((PcdGet64 (PcdDxeNxMemoryProtectionPolicy) & (1 << EfiConventionalMemory)) != 0) {
632 Attributes |= EFI_MEMORY_XP;
633 }
634
635 //
636 // Set flag to make sure allocating memory without GUARD for page table
637 // operation; otherwise infinite loops could be caused.
638 //
639 mOnGuarding = TRUE;
640 //
641 // Note: This might overwrite other attributes needed by other features,
642 // such as memory protection (NX). Please make sure they are not enabled
643 // at the same time.
644 //
645 Status = gCpu->SetMemoryAttributes (gCpu, BaseAddress, EFI_PAGE_SIZE, Attributes);
646 ASSERT_EFI_ERROR (Status);
647 mOnGuarding = FALSE;
648 }
649
650 /**
651 Check to see if the memory at the given address should be guarded or not.
652
653 @param[in] MemoryType Memory type to check.
654 @param[in] AllocateType Allocation type to check.
655 @param[in] PageOrPool Indicate a page allocation or pool allocation.
656
657
658 @return TRUE The given type of memory should be guarded.
659 @return FALSE The given type of memory should not be guarded.
660 **/
661 BOOLEAN
662 IsMemoryTypeToGuard (
663 IN EFI_MEMORY_TYPE MemoryType,
664 IN EFI_ALLOCATE_TYPE AllocateType,
665 IN UINT8 PageOrPool
666 )
667 {
668 UINT64 TestBit;
669 UINT64 ConfigBit;
670
671 if (AllocateType == AllocateAddress) {
672 return FALSE;
673 }
674
675 if ((PcdGet8 (PcdHeapGuardPropertyMask) & PageOrPool) == 0) {
676 return FALSE;
677 }
678
679 if (PageOrPool == GUARD_HEAP_TYPE_POOL) {
680 ConfigBit = PcdGet64 (PcdHeapGuardPoolType);
681 } else if (PageOrPool == GUARD_HEAP_TYPE_PAGE) {
682 ConfigBit = PcdGet64 (PcdHeapGuardPageType);
683 } else {
684 ConfigBit = (UINT64)-1;
685 }
686
687 if ((UINT32)MemoryType >= MEMORY_TYPE_OS_RESERVED_MIN) {
688 TestBit = BIT63;
689 } else if ((UINT32) MemoryType >= MEMORY_TYPE_OEM_RESERVED_MIN) {
690 TestBit = BIT62;
691 } else if (MemoryType < EfiMaxMemoryType) {
692 TestBit = LShiftU64 (1, MemoryType);
693 } else if (MemoryType == EfiMaxMemoryType) {
694 TestBit = (UINT64)-1;
695 } else {
696 TestBit = 0;
697 }
698
699 return ((ConfigBit & TestBit) != 0);
700 }
701
702 /**
703 Check to see if the pool at the given address should be guarded or not.
704
705 @param[in] MemoryType Pool type to check.
706
707
708 @return TRUE The given type of pool should be guarded.
709 @return FALSE The given type of pool should not be guarded.
710 **/
711 BOOLEAN
712 IsPoolTypeToGuard (
713 IN EFI_MEMORY_TYPE MemoryType
714 )
715 {
716 return IsMemoryTypeToGuard (MemoryType, AllocateAnyPages,
717 GUARD_HEAP_TYPE_POOL);
718 }
719
720 /**
721 Check to see if the page at the given address should be guarded or not.
722
723 @param[in] MemoryType Page type to check.
724 @param[in] AllocateType Allocation type to check.
725
726 @return TRUE The given type of page should be guarded.
727 @return FALSE The given type of page should not be guarded.
728 **/
729 BOOLEAN
730 IsPageTypeToGuard (
731 IN EFI_MEMORY_TYPE MemoryType,
732 IN EFI_ALLOCATE_TYPE AllocateType
733 )
734 {
735 return IsMemoryTypeToGuard (MemoryType, AllocateType, GUARD_HEAP_TYPE_PAGE);
736 }
737
738 /**
739 Check to see if the heap guard is enabled for page and/or pool allocation.
740
741 @return TRUE/FALSE.
742 **/
743 BOOLEAN
744 IsHeapGuardEnabled (
745 VOID
746 )
747 {
748 return IsMemoryTypeToGuard (EfiMaxMemoryType, AllocateAnyPages,
749 GUARD_HEAP_TYPE_POOL|GUARD_HEAP_TYPE_PAGE);
750 }
751
752 /**
753 Set head Guard and tail Guard for the given memory range.
754
755 @param[in] Memory Base address of memory to set guard for.
756 @param[in] NumberOfPages Memory size in pages.
757
758 @return VOID
759 **/
760 VOID
761 SetGuardForMemory (
762 IN EFI_PHYSICAL_ADDRESS Memory,
763 IN UINTN NumberOfPages
764 )
765 {
766 EFI_PHYSICAL_ADDRESS GuardPage;
767
768 //
769 // Set tail Guard
770 //
771 GuardPage = Memory + EFI_PAGES_TO_SIZE (NumberOfPages);
772 if (!IsGuardPage (GuardPage)) {
773 SetGuardPage (GuardPage);
774 }
775
776 // Set head Guard
777 GuardPage = Memory - EFI_PAGES_TO_SIZE (1);
778 if (!IsGuardPage (GuardPage)) {
779 SetGuardPage (GuardPage);
780 }
781
782 //
783 // Mark the memory range as Guarded
784 //
785 SetGuardedMemoryBits (Memory, NumberOfPages);
786 }
787
788 /**
789 Unset head Guard and tail Guard for the given memory range.
790
791 @param[in] Memory Base address of memory to unset guard for.
792 @param[in] NumberOfPages Memory size in pages.
793
794 @return VOID
795 **/
796 VOID
797 UnsetGuardForMemory (
798 IN EFI_PHYSICAL_ADDRESS Memory,
799 IN UINTN NumberOfPages
800 )
801 {
802 EFI_PHYSICAL_ADDRESS GuardPage;
803 UINT64 GuardBitmap;
804
805 if (NumberOfPages == 0) {
806 return;
807 }
808
809 //
810 // Head Guard must be one page before, if any.
811 //
812 // MSB-> 1 0 <-LSB
813 // -------------------
814 // Head Guard -> 0 1 -> Don't free Head Guard (shared Guard)
815 // Head Guard -> 0 0 -> Free Head Guard either (not shared Guard)
816 // 1 X -> Don't free first page (need a new Guard)
817 // (it'll be turned into a Guard page later)
818 // -------------------
819 // Start -> -1 -2
820 //
821 GuardPage = Memory - EFI_PAGES_TO_SIZE (1);
822 GuardBitmap = GetGuardedMemoryBits (Memory - EFI_PAGES_TO_SIZE (2), 2);
823 if ((GuardBitmap & BIT1) == 0) {
824 //
825 // Head Guard exists.
826 //
827 if ((GuardBitmap & BIT0) == 0) {
828 //
829 // If the head Guard is not a tail Guard of adjacent memory block,
830 // unset it.
831 //
832 UnsetGuardPage (GuardPage);
833 }
834 } else {
835 //
836 // Pages before memory to free are still in Guard. It's a partial free
837 // case. Turn first page of memory block to free into a new Guard.
838 //
839 SetGuardPage (Memory);
840 }
841
842 //
843 // Tail Guard must be the page after this memory block to free, if any.
844 //
845 // MSB-> 1 0 <-LSB
846 // --------------------
847 // 1 0 <- Tail Guard -> Don't free Tail Guard (shared Guard)
848 // 0 0 <- Tail Guard -> Free Tail Guard either (not shared Guard)
849 // X 1 -> Don't free last page (need a new Guard)
850 // (it'll be turned into a Guard page later)
851 // --------------------
852 // +1 +0 <- End
853 //
854 GuardPage = Memory + EFI_PAGES_TO_SIZE (NumberOfPages);
855 GuardBitmap = GetGuardedMemoryBits (GuardPage, 2);
856 if ((GuardBitmap & BIT0) == 0) {
857 //
858 // Tail Guard exists.
859 //
860 if ((GuardBitmap & BIT1) == 0) {
861 //
862 // If the tail Guard is not a head Guard of adjacent memory block,
863 // free it; otherwise, keep it.
864 //
865 UnsetGuardPage (GuardPage);
866 }
867 } else {
868 //
869 // Pages after memory to free are still in Guard. It's a partial free
870 // case. We need to keep one page to be a head Guard.
871 //
872 SetGuardPage (GuardPage - EFI_PAGES_TO_SIZE (1));
873 }
874
875 //
876 // No matter what, we just clear the mark of the Guarded memory.
877 //
878 ClearGuardedMemoryBits(Memory, NumberOfPages);
879 }
880
881 /**
882 Adjust address of free memory according to existing and/or required Guard.
883
884 This function will check if there're existing Guard pages of adjacent
885 memory blocks, and try to use it as the Guard page of the memory to be
886 allocated.
887
888 @param[in] Start Start address of free memory block.
889 @param[in] Size Size of free memory block.
890 @param[in] SizeRequested Size of memory to allocate.
891
892 @return The end address of memory block found.
893 @return 0 if no enough space for the required size of memory and its Guard.
894 **/
895 UINT64
896 AdjustMemoryS (
897 IN UINT64 Start,
898 IN UINT64 Size,
899 IN UINT64 SizeRequested
900 )
901 {
902 UINT64 Target;
903
904 //
905 // UEFI spec requires that allocated pool must be 8-byte aligned. If it's
906 // indicated to put the pool near the Tail Guard, we need extra bytes to
907 // make sure alignment of the returned pool address.
908 //
909 if ((PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) == 0) {
910 SizeRequested = ALIGN_VALUE(SizeRequested, 8);
911 }
912
913 Target = Start + Size - SizeRequested;
914 ASSERT (Target >= Start);
915 if (Target == 0) {
916 return 0;
917 }
918
919 if (!IsGuardPage (Start + Size)) {
920 // No Guard at tail to share. One more page is needed.
921 Target -= EFI_PAGES_TO_SIZE (1);
922 }
923
924 // Out of range?
925 if (Target < Start) {
926 return 0;
927 }
928
929 // At the edge?
930 if (Target == Start) {
931 if (!IsGuardPage (Target - EFI_PAGES_TO_SIZE (1))) {
932 // No enough space for a new head Guard if no Guard at head to share.
933 return 0;
934 }
935 }
936
937 // OK, we have enough pages for memory and its Guards. Return the End of the
938 // free space.
939 return Target + SizeRequested - 1;
940 }
941
942 /**
943 Adjust the start address and number of pages to free according to Guard.
944
945 The purpose of this function is to keep the shared Guard page with adjacent
946 memory block if it's still in guard, or free it if no more sharing. Another
947 is to reserve pages as Guard pages in partial page free situation.
948
949 @param[in,out] Memory Base address of memory to free.
950 @param[in,out] NumberOfPages Size of memory to free.
951
952 @return VOID.
953 **/
954 VOID
955 AdjustMemoryF (
956 IN OUT EFI_PHYSICAL_ADDRESS *Memory,
957 IN OUT UINTN *NumberOfPages
958 )
959 {
960 EFI_PHYSICAL_ADDRESS Start;
961 EFI_PHYSICAL_ADDRESS MemoryToTest;
962 UINTN PagesToFree;
963 UINT64 GuardBitmap;
964
965 if (Memory == NULL || NumberOfPages == NULL || *NumberOfPages == 0) {
966 return;
967 }
968
969 Start = *Memory;
970 PagesToFree = *NumberOfPages;
971
972 //
973 // Head Guard must be one page before, if any.
974 //
975 // MSB-> 1 0 <-LSB
976 // -------------------
977 // Head Guard -> 0 1 -> Don't free Head Guard (shared Guard)
978 // Head Guard -> 0 0 -> Free Head Guard either (not shared Guard)
979 // 1 X -> Don't free first page (need a new Guard)
980 // (it'll be turned into a Guard page later)
981 // -------------------
982 // Start -> -1 -2
983 //
984 MemoryToTest = Start - EFI_PAGES_TO_SIZE (2);
985 GuardBitmap = GetGuardedMemoryBits (MemoryToTest, 2);
986 if ((GuardBitmap & BIT1) == 0) {
987 //
988 // Head Guard exists.
989 //
990 if ((GuardBitmap & BIT0) == 0) {
991 //
992 // If the head Guard is not a tail Guard of adjacent memory block,
993 // free it; otherwise, keep it.
994 //
995 Start -= EFI_PAGES_TO_SIZE (1);
996 PagesToFree += 1;
997 }
998 } else {
999 //
1000 // No Head Guard, and pages before memory to free are still in Guard. It's a
1001 // partial free case. We need to keep one page to be a tail Guard.
1002 //
1003 Start += EFI_PAGES_TO_SIZE (1);
1004 PagesToFree -= 1;
1005 }
1006
1007 //
1008 // Tail Guard must be the page after this memory block to free, if any.
1009 //
1010 // MSB-> 1 0 <-LSB
1011 // --------------------
1012 // 1 0 <- Tail Guard -> Don't free Tail Guard (shared Guard)
1013 // 0 0 <- Tail Guard -> Free Tail Guard either (not shared Guard)
1014 // X 1 -> Don't free last page (need a new Guard)
1015 // (it'll be turned into a Guard page later)
1016 // --------------------
1017 // +1 +0 <- End
1018 //
1019 MemoryToTest = Start + EFI_PAGES_TO_SIZE (PagesToFree);
1020 GuardBitmap = GetGuardedMemoryBits (MemoryToTest, 2);
1021 if ((GuardBitmap & BIT0) == 0) {
1022 //
1023 // Tail Guard exists.
1024 //
1025 if ((GuardBitmap & BIT1) == 0) {
1026 //
1027 // If the tail Guard is not a head Guard of adjacent memory block,
1028 // free it; otherwise, keep it.
1029 //
1030 PagesToFree += 1;
1031 }
1032 } else if (PagesToFree > 0) {
1033 //
1034 // No Tail Guard, and pages after memory to free are still in Guard. It's a
1035 // partial free case. We need to keep one page to be a head Guard.
1036 //
1037 PagesToFree -= 1;
1038 }
1039
1040 *Memory = Start;
1041 *NumberOfPages = PagesToFree;
1042 }
1043
1044 /**
1045 Adjust the base and number of pages to really allocate according to Guard.
1046
1047 @param[in,out] Memory Base address of free memory.
1048 @param[in,out] NumberOfPages Size of memory to allocate.
1049
1050 @return VOID.
1051 **/
1052 VOID
1053 AdjustMemoryA (
1054 IN OUT EFI_PHYSICAL_ADDRESS *Memory,
1055 IN OUT UINTN *NumberOfPages
1056 )
1057 {
1058 //
1059 // FindFreePages() has already taken the Guard into account. It's safe to
1060 // adjust the start address and/or number of pages here, to make sure that
1061 // the Guards are also "allocated".
1062 //
1063 if (!IsGuardPage (*Memory + EFI_PAGES_TO_SIZE (*NumberOfPages))) {
1064 // No tail Guard, add one.
1065 *NumberOfPages += 1;
1066 }
1067
1068 if (!IsGuardPage (*Memory - EFI_PAGE_SIZE)) {
1069 // No head Guard, add one.
1070 *Memory -= EFI_PAGE_SIZE;
1071 *NumberOfPages += 1;
1072 }
1073 }
1074
1075 /**
1076 Adjust the pool head position to make sure the Guard page is adjavent to
1077 pool tail or pool head.
1078
1079 @param[in] Memory Base address of memory allocated.
1080 @param[in] NoPages Number of pages actually allocated.
1081 @param[in] Size Size of memory requested.
1082 (plus pool head/tail overhead)
1083
1084 @return Address of pool head.
1085 **/
1086 VOID *
1087 AdjustPoolHeadA (
1088 IN EFI_PHYSICAL_ADDRESS Memory,
1089 IN UINTN NoPages,
1090 IN UINTN Size
1091 )
1092 {
1093 if (Memory == 0 || (PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0) {
1094 //
1095 // Pool head is put near the head Guard
1096 //
1097 return (VOID *)(UINTN)Memory;
1098 }
1099
1100 //
1101 // Pool head is put near the tail Guard
1102 //
1103 Size = ALIGN_VALUE (Size, 8);
1104 return (VOID *)(UINTN)(Memory + EFI_PAGES_TO_SIZE (NoPages) - Size);
1105 }
1106
1107 /**
1108 Get the page base address according to pool head address.
1109
1110 @param[in] Memory Head address of pool to free.
1111
1112 @return Address of pool head.
1113 **/
1114 VOID *
1115 AdjustPoolHeadF (
1116 IN EFI_PHYSICAL_ADDRESS Memory
1117 )
1118 {
1119 if (Memory == 0 || (PcdGet8 (PcdHeapGuardPropertyMask) & BIT7) != 0) {
1120 //
1121 // Pool head is put near the head Guard
1122 //
1123 return (VOID *)(UINTN)Memory;
1124 }
1125
1126 //
1127 // Pool head is put near the tail Guard
1128 //
1129 return (VOID *)(UINTN)(Memory & ~EFI_PAGE_MASK);
1130 }
1131
1132 /**
1133 Allocate or free guarded memory.
1134
1135 @param[in] Start Start address of memory to allocate or free.
1136 @param[in] NumberOfPages Memory size in pages.
1137 @param[in] NewType Memory type to convert to.
1138
1139 @return VOID.
1140 **/
1141 EFI_STATUS
1142 CoreConvertPagesWithGuard (
1143 IN UINT64 Start,
1144 IN UINTN NumberOfPages,
1145 IN EFI_MEMORY_TYPE NewType
1146 )
1147 {
1148 UINT64 OldStart;
1149 UINTN OldPages;
1150
1151 if (NewType == EfiConventionalMemory) {
1152 OldStart = Start;
1153 OldPages = NumberOfPages;
1154
1155 AdjustMemoryF (&Start, &NumberOfPages);
1156 //
1157 // It's safe to unset Guard page inside memory lock because there should
1158 // be no memory allocation occurred in updating memory page attribute at
1159 // this point. And unsetting Guard page before free will prevent Guard
1160 // page just freed back to pool from being allocated right away before
1161 // marking it usable (from non-present to present).
1162 //
1163 UnsetGuardForMemory (OldStart, OldPages);
1164 if (NumberOfPages == 0) {
1165 return EFI_SUCCESS;
1166 }
1167 } else {
1168 AdjustMemoryA (&Start, &NumberOfPages);
1169 }
1170
1171 return CoreConvertPages (Start, NumberOfPages, NewType);
1172 }
1173
1174 /**
1175 Set all Guard pages which cannot be set before CPU Arch Protocol installed.
1176 **/
1177 VOID
1178 SetAllGuardPages (
1179 VOID
1180 )
1181 {
1182 UINTN Entries[GUARDED_HEAP_MAP_TABLE_DEPTH];
1183 UINTN Shifts[GUARDED_HEAP_MAP_TABLE_DEPTH];
1184 UINTN Indices[GUARDED_HEAP_MAP_TABLE_DEPTH];
1185 UINT64 Tables[GUARDED_HEAP_MAP_TABLE_DEPTH];
1186 UINT64 Addresses[GUARDED_HEAP_MAP_TABLE_DEPTH];
1187 UINT64 TableEntry;
1188 UINT64 Address;
1189 UINT64 GuardPage;
1190 INTN Level;
1191 UINTN Index;
1192 BOOLEAN OnGuarding;
1193
1194 if (mGuardedMemoryMap == 0 ||
1195 mMapLevel == 0 ||
1196 mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
1197 return;
1198 }
1199
1200 CopyMem (Entries, mLevelMask, sizeof (Entries));
1201 CopyMem (Shifts, mLevelShift, sizeof (Shifts));
1202
1203 SetMem (Tables, sizeof(Tables), 0);
1204 SetMem (Addresses, sizeof(Addresses), 0);
1205 SetMem (Indices, sizeof(Indices), 0);
1206
1207 Level = GUARDED_HEAP_MAP_TABLE_DEPTH - mMapLevel;
1208 Tables[Level] = mGuardedMemoryMap;
1209 Address = 0;
1210 OnGuarding = FALSE;
1211
1212 DEBUG_CODE (
1213 DumpGuardedMemoryBitmap ();
1214 );
1215
1216 while (TRUE) {
1217 if (Indices[Level] > Entries[Level]) {
1218 Tables[Level] = 0;
1219 Level -= 1;
1220 } else {
1221
1222 TableEntry = ((UINT64 *)(UINTN)(Tables[Level]))[Indices[Level]];
1223 Address = Addresses[Level];
1224
1225 if (TableEntry == 0) {
1226
1227 OnGuarding = FALSE;
1228
1229 } else if (Level < GUARDED_HEAP_MAP_TABLE_DEPTH - 1) {
1230
1231 Level += 1;
1232 Tables[Level] = TableEntry;
1233 Addresses[Level] = Address;
1234 Indices[Level] = 0;
1235
1236 continue;
1237
1238 } else {
1239
1240 Index = 0;
1241 while (Index < GUARDED_HEAP_MAP_ENTRY_BITS) {
1242 if ((TableEntry & 1) == 1) {
1243 if (OnGuarding) {
1244 GuardPage = 0;
1245 } else {
1246 GuardPage = Address - EFI_PAGE_SIZE;
1247 }
1248 OnGuarding = TRUE;
1249 } else {
1250 if (OnGuarding) {
1251 GuardPage = Address;
1252 } else {
1253 GuardPage = 0;
1254 }
1255 OnGuarding = FALSE;
1256 }
1257
1258 if (GuardPage != 0) {
1259 SetGuardPage (GuardPage);
1260 }
1261
1262 if (TableEntry == 0) {
1263 break;
1264 }
1265
1266 TableEntry = RShiftU64 (TableEntry, 1);
1267 Address += EFI_PAGE_SIZE;
1268 Index += 1;
1269 }
1270 }
1271 }
1272
1273 if (Level < (GUARDED_HEAP_MAP_TABLE_DEPTH - (INTN)mMapLevel)) {
1274 break;
1275 }
1276
1277 Indices[Level] += 1;
1278 Address = (Level == 0) ? 0 : Addresses[Level - 1];
1279 Addresses[Level] = Address | LShiftU64(Indices[Level], Shifts[Level]);
1280
1281 }
1282 }
1283
1284 /**
1285 Notify function used to set all Guard pages before CPU Arch Protocol installed.
1286 **/
1287 VOID
1288 HeapGuardCpuArchProtocolNotify (
1289 VOID
1290 )
1291 {
1292 ASSERT (gCpu != NULL);
1293 SetAllGuardPages ();
1294 }
1295
1296 /**
1297 Helper function to convert a UINT64 value in binary to a string.
1298
1299 @param[in] Value Value of a UINT64 integer.
1300 @param[out] BinString String buffer to contain the conversion result.
1301
1302 @return VOID.
1303 **/
1304 VOID
1305 Uint64ToBinString (
1306 IN UINT64 Value,
1307 OUT CHAR8 *BinString
1308 )
1309 {
1310 UINTN Index;
1311
1312 if (BinString == NULL) {
1313 return;
1314 }
1315
1316 for (Index = 64; Index > 0; --Index) {
1317 BinString[Index - 1] = '0' + (Value & 1);
1318 Value = RShiftU64 (Value, 1);
1319 }
1320 BinString[64] = '\0';
1321 }
1322
1323 /**
1324 Dump the guarded memory bit map.
1325 **/
1326 VOID
1327 EFIAPI
1328 DumpGuardedMemoryBitmap (
1329 VOID
1330 )
1331 {
1332 UINTN Entries[GUARDED_HEAP_MAP_TABLE_DEPTH];
1333 UINTN Shifts[GUARDED_HEAP_MAP_TABLE_DEPTH];
1334 UINTN Indices[GUARDED_HEAP_MAP_TABLE_DEPTH];
1335 UINT64 Tables[GUARDED_HEAP_MAP_TABLE_DEPTH];
1336 UINT64 Addresses[GUARDED_HEAP_MAP_TABLE_DEPTH];
1337 UINT64 TableEntry;
1338 UINT64 Address;
1339 INTN Level;
1340 UINTN RepeatZero;
1341 CHAR8 String[GUARDED_HEAP_MAP_ENTRY_BITS + 1];
1342 CHAR8 *Ruler1;
1343 CHAR8 *Ruler2;
1344
1345 if (mGuardedMemoryMap == 0 ||
1346 mMapLevel == 0 ||
1347 mMapLevel > GUARDED_HEAP_MAP_TABLE_DEPTH) {
1348 return;
1349 }
1350
1351 Ruler1 = " 3 2 1 0";
1352 Ruler2 = "FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210FEDCBA9876543210";
1353
1354 DEBUG ((HEAP_GUARD_DEBUG_LEVEL, "============================="
1355 " Guarded Memory Bitmap "
1356 "==============================\r\n"));
1357 DEBUG ((HEAP_GUARD_DEBUG_LEVEL, " %a\r\n", Ruler1));
1358 DEBUG ((HEAP_GUARD_DEBUG_LEVEL, " %a\r\n", Ruler2));
1359
1360 CopyMem (Entries, mLevelMask, sizeof (Entries));
1361 CopyMem (Shifts, mLevelShift, sizeof (Shifts));
1362
1363 SetMem (Indices, sizeof(Indices), 0);
1364 SetMem (Tables, sizeof(Tables), 0);
1365 SetMem (Addresses, sizeof(Addresses), 0);
1366
1367 Level = GUARDED_HEAP_MAP_TABLE_DEPTH - mMapLevel;
1368 Tables[Level] = mGuardedMemoryMap;
1369 Address = 0;
1370 RepeatZero = 0;
1371
1372 while (TRUE) {
1373 if (Indices[Level] > Entries[Level]) {
1374
1375 Tables[Level] = 0;
1376 Level -= 1;
1377 RepeatZero = 0;
1378
1379 DEBUG ((
1380 HEAP_GUARD_DEBUG_LEVEL,
1381 "========================================="
1382 "=========================================\r\n"
1383 ));
1384
1385 } else {
1386
1387 TableEntry = ((UINT64 *)(UINTN)Tables[Level])[Indices[Level]];
1388 Address = Addresses[Level];
1389
1390 if (TableEntry == 0) {
1391
1392 if (Level == GUARDED_HEAP_MAP_TABLE_DEPTH - 1) {
1393 if (RepeatZero == 0) {
1394 Uint64ToBinString(TableEntry, String);
1395 DEBUG ((HEAP_GUARD_DEBUG_LEVEL, "%016lx: %a\r\n", Address, String));
1396 } else if (RepeatZero == 1) {
1397 DEBUG ((HEAP_GUARD_DEBUG_LEVEL, "... : ...\r\n"));
1398 }
1399 RepeatZero += 1;
1400 }
1401
1402 } else if (Level < GUARDED_HEAP_MAP_TABLE_DEPTH - 1) {
1403
1404 Level += 1;
1405 Tables[Level] = TableEntry;
1406 Addresses[Level] = Address;
1407 Indices[Level] = 0;
1408 RepeatZero = 0;
1409
1410 continue;
1411
1412 } else {
1413
1414 RepeatZero = 0;
1415 Uint64ToBinString(TableEntry, String);
1416 DEBUG ((HEAP_GUARD_DEBUG_LEVEL, "%016lx: %a\r\n", Address, String));
1417
1418 }
1419 }
1420
1421 if (Level < (GUARDED_HEAP_MAP_TABLE_DEPTH - (INTN)mMapLevel)) {
1422 break;
1423 }
1424
1425 Indices[Level] += 1;
1426 Address = (Level == 0) ? 0 : Addresses[Level - 1];
1427 Addresses[Level] = Address | LShiftU64(Indices[Level], Shifts[Level]);
1428
1429 }
1430 }
1431
EFI Development Kit II mirror for PVE