3 Virtual Memory Management Services to set or clear the memory encryption bit
5 Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
6 Copyright (c) 2017 - 2020, AMD Incorporated. All rights reserved.<BR>
8 SPDX-License-Identifier: BSD-2-Clause-Patent
10 Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
14 #include <Library/CpuLib.h>
15 #include <Library/MemEncryptSevLib.h>
16 #include <Register/Amd/Cpuid.h>
17 #include <Register/Cpuid.h>
19 #include "VirtualMemory.h"
21 STATIC BOOLEAN mAddressEncMaskChecked
= FALSE
;
22 STATIC UINT64 mAddressEncMask
;
23 STATIC PAGE_TABLE_POOL
*mPageTablePool
= NULL
;
31 Return the pagetable memory encryption mask.
33 @return The pagetable memory encryption mask.
38 InternalGetMemEncryptionAddressMask (
42 UINT64 EncryptionMask
;
44 if (mAddressEncMaskChecked
) {
45 return mAddressEncMask
;
48 EncryptionMask
= MemEncryptSevGetEncryptionMask ();
50 mAddressEncMask
= EncryptionMask
& PAGING_1G_ADDRESS_MASK_64
;
51 mAddressEncMaskChecked
= TRUE
;
53 return mAddressEncMask
;
57 Initialize a buffer pool for page table use only.
59 To reduce the potential split operation on page table, the pages reserved for
60 page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and
61 at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always
62 initialized with number of pages greater than or equal to the given
65 Once the pages in the pool are used up, this method should be called again to
66 reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't
67 happen often in practice.
69 @param[in] PoolPages The least page number of the pool to be created.
71 @retval TRUE The pool is initialized successfully.
72 @retval FALSE The memory is out of resource.
76 InitializePageTablePool (
83 // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one page for
86 PoolPages
+= 1; // Add one page for header.
87 PoolPages
= ((PoolPages
- 1) / PAGE_TABLE_POOL_UNIT_PAGES
+ 1) *
88 PAGE_TABLE_POOL_UNIT_PAGES
;
89 Buffer
= AllocateAlignedPages (PoolPages
, PAGE_TABLE_POOL_ALIGNMENT
);
91 DEBUG ((DEBUG_ERROR
, "ERROR: Out of aligned pages\r\n"));
96 // Link all pools into a list for easier track later.
98 if (mPageTablePool
== NULL
) {
99 mPageTablePool
= Buffer
;
100 mPageTablePool
->NextPool
= mPageTablePool
;
102 ((PAGE_TABLE_POOL
*)Buffer
)->NextPool
= mPageTablePool
->NextPool
;
103 mPageTablePool
->NextPool
= Buffer
;
104 mPageTablePool
= Buffer
;
108 // Reserve one page for pool header.
110 mPageTablePool
->FreePages
= PoolPages
- 1;
111 mPageTablePool
->Offset
= EFI_PAGES_TO_SIZE (1);
117 This API provides a way to allocate memory for page table.
119 This API can be called more than once to allocate memory for page tables.
121 Allocates the number of 4KB pages and returns a pointer to the allocated
122 buffer. The buffer returned is aligned on a 4KB boundary.
124 If Pages is 0, then NULL is returned.
125 If there is not enough memory remaining to satisfy the request, then NULL is
128 @param Pages The number of 4 KB pages to allocate.
130 @return A pointer to the allocated buffer or NULL if allocation fails.
136 AllocatePageTableMemory (
147 // Renew the pool if necessary.
149 if ((mPageTablePool
== NULL
) ||
150 (Pages
> mPageTablePool
->FreePages
))
152 if (!InitializePageTablePool (Pages
)) {
157 Buffer
= (UINT8
*)mPageTablePool
+ mPageTablePool
->Offset
;
159 mPageTablePool
->Offset
+= EFI_PAGES_TO_SIZE (Pages
);
160 mPageTablePool
->FreePages
-= Pages
;
164 "%a:%a: Buffer=0x%Lx Pages=%ld\n",
177 @param[in] PhysicalAddress Start physical address the 2M page
179 @param[in, out] PageEntry2M Pointer to 2M page entry.
180 @param[in] StackBase Stack base address.
181 @param[in] StackSize Stack size.
187 IN PHYSICAL_ADDRESS PhysicalAddress
,
188 IN OUT UINT64
*PageEntry2M
,
189 IN PHYSICAL_ADDRESS StackBase
,
193 PHYSICAL_ADDRESS PhysicalAddress4K
;
194 UINTN IndexOfPageTableEntries
;
195 PAGE_TABLE_4K_ENTRY
*PageTableEntry
;
196 PAGE_TABLE_4K_ENTRY
*PageTableEntry1
;
197 UINT64 AddressEncMask
;
199 PageTableEntry
= AllocatePageTableMemory (1);
201 PageTableEntry1
= PageTableEntry
;
203 AddressEncMask
= InternalGetMemEncryptionAddressMask ();
205 ASSERT (PageTableEntry
!= NULL
);
206 ASSERT (*PageEntry2M
& AddressEncMask
);
208 PhysicalAddress4K
= PhysicalAddress
;
209 for (IndexOfPageTableEntries
= 0;
210 IndexOfPageTableEntries
< 512;
211 (IndexOfPageTableEntries
++,
213 PhysicalAddress4K
+= SIZE_4KB
))
216 // Fill in the Page Table entries
218 PageTableEntry
->Uint64
= (UINT64
)PhysicalAddress4K
| AddressEncMask
;
219 PageTableEntry
->Bits
.ReadWrite
= 1;
220 PageTableEntry
->Bits
.Present
= 1;
221 if ((PhysicalAddress4K
>= StackBase
) &&
222 (PhysicalAddress4K
< StackBase
+ StackSize
))
225 // Set Nx bit for stack.
227 PageTableEntry
->Bits
.Nx
= 1;
232 // Fill in 2M page entry.
234 *PageEntry2M
= ((UINT64
)(UINTN
)PageTableEntry1
|
235 IA32_PG_P
| IA32_PG_RW
| AddressEncMask
);
239 Set one page of page table pool memory to be read-only.
241 @param[in] PageTableBase Base address of page table (CR3).
242 @param[in] Address Start address of a page to be set as read-only.
243 @param[in] Level4Paging Level 4 paging flag.
248 SetPageTablePoolReadOnly (
249 IN UINTN PageTableBase
,
250 IN EFI_PHYSICAL_ADDRESS Address
,
251 IN BOOLEAN Level4Paging
256 UINT64 AddressEncMask
;
257 EFI_PHYSICAL_ADDRESS PhysicalAddress
;
259 UINT64
*NewPageTable
;
267 ASSERT (PageTableBase
!= 0);
270 // Since the page table is always from page table pool, which is always
271 // located at the boundary of PcdPageTablePoolAlignment, we just need to
272 // set the whole pool unit to be read-only.
274 Address
= Address
& PAGE_TABLE_POOL_ALIGN_MASK
;
276 LevelShift
[1] = PAGING_L1_ADDRESS_SHIFT
;
277 LevelShift
[2] = PAGING_L2_ADDRESS_SHIFT
;
278 LevelShift
[3] = PAGING_L3_ADDRESS_SHIFT
;
279 LevelShift
[4] = PAGING_L4_ADDRESS_SHIFT
;
281 LevelMask
[1] = PAGING_4K_ADDRESS_MASK_64
;
282 LevelMask
[2] = PAGING_2M_ADDRESS_MASK_64
;
283 LevelMask
[3] = PAGING_1G_ADDRESS_MASK_64
;
284 LevelMask
[4] = PAGING_1G_ADDRESS_MASK_64
;
286 LevelSize
[1] = SIZE_4KB
;
287 LevelSize
[2] = SIZE_2MB
;
288 LevelSize
[3] = SIZE_1GB
;
289 LevelSize
[4] = SIZE_512GB
;
291 AddressEncMask
= InternalGetMemEncryptionAddressMask ();
292 PageTable
= (UINT64
*)(UINTN
)PageTableBase
;
293 PoolUnitSize
= PAGE_TABLE_POOL_UNIT_SIZE
;
295 for (Level
= (Level4Paging
) ? 4 : 3; Level
> 0; --Level
) {
296 Index
= ((UINTN
)RShiftU64 (Address
, LevelShift
[Level
]));
297 Index
&= PAGING_PAE_INDEX_MASK
;
299 PageAttr
= PageTable
[Index
];
300 if ((PageAttr
& IA32_PG_PS
) == 0) {
302 // Go to next level of table.
304 PageTable
= (UINT64
*)(UINTN
)(PageAttr
& ~AddressEncMask
&
305 PAGING_4K_ADDRESS_MASK_64
);
309 if (PoolUnitSize
>= LevelSize
[Level
]) {
311 // Clear R/W bit if current page granularity is not larger than pool unit
314 if ((PageAttr
& IA32_PG_RW
) != 0) {
315 while (PoolUnitSize
> 0) {
317 // PAGE_TABLE_POOL_UNIT_SIZE and PAGE_TABLE_POOL_ALIGNMENT are fit in
318 // one page (2MB). Then we don't need to update attributes for pages
319 // crossing page directory. ASSERT below is for that purpose.
321 ASSERT (Index
< EFI_PAGE_SIZE
/sizeof (UINT64
));
323 PageTable
[Index
] &= ~(UINT64
)IA32_PG_RW
;
324 PoolUnitSize
-= LevelSize
[Level
];
333 // The smaller granularity of page must be needed.
337 NewPageTable
= AllocatePageTableMemory (1);
338 ASSERT (NewPageTable
!= NULL
);
340 PhysicalAddress
= PageAttr
& LevelMask
[Level
];
342 EntryIndex
< EFI_PAGE_SIZE
/sizeof (UINT64
);
345 NewPageTable
[EntryIndex
] = PhysicalAddress
| AddressEncMask
|
346 IA32_PG_P
| IA32_PG_RW
;
348 NewPageTable
[EntryIndex
] |= IA32_PG_PS
;
351 PhysicalAddress
+= LevelSize
[Level
- 1];
354 PageTable
[Index
] = (UINT64
)(UINTN
)NewPageTable
| AddressEncMask
|
355 IA32_PG_P
| IA32_PG_RW
;
356 PageTable
= NewPageTable
;
362 Prevent the memory pages used for page table from been overwritten.
364 @param[in] PageTableBase Base address of page table (CR3).
365 @param[in] Level4Paging Level 4 paging flag.
370 EnablePageTableProtection (
371 IN UINTN PageTableBase
,
372 IN BOOLEAN Level4Paging
375 PAGE_TABLE_POOL
*HeadPool
;
376 PAGE_TABLE_POOL
*Pool
;
378 EFI_PHYSICAL_ADDRESS Address
;
380 if (mPageTablePool
== NULL
) {
385 // SetPageTablePoolReadOnly might update mPageTablePool. It's safer to
386 // remember original one in advance.
388 HeadPool
= mPageTablePool
;
391 Address
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)Pool
;
392 PoolSize
= Pool
->Offset
+ EFI_PAGES_TO_SIZE (Pool
->FreePages
);
395 // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE,
396 // which is one of page size of the processor (2MB by default). Let's apply
397 // the protection to them one by one.
399 while (PoolSize
> 0) {
400 SetPageTablePoolReadOnly (PageTableBase
, Address
, Level4Paging
);
401 Address
+= PAGE_TABLE_POOL_UNIT_SIZE
;
402 PoolSize
-= PAGE_TABLE_POOL_UNIT_SIZE
;
405 Pool
= Pool
->NextPool
;
406 } while (Pool
!= HeadPool
);
412 @param[in] PhysicalAddress Start physical address the 1G page
414 @param[in, out] PageEntry1G Pointer to 1G page entry.
415 @param[in] StackBase Stack base address.
416 @param[in] StackSize Stack size.
422 IN PHYSICAL_ADDRESS PhysicalAddress
,
423 IN OUT UINT64
*PageEntry1G
,
424 IN PHYSICAL_ADDRESS StackBase
,
428 PHYSICAL_ADDRESS PhysicalAddress2M
;
429 UINTN IndexOfPageDirectoryEntries
;
430 PAGE_TABLE_ENTRY
*PageDirectoryEntry
;
431 UINT64 AddressEncMask
;
433 PageDirectoryEntry
= AllocatePageTableMemory (1);
435 AddressEncMask
= InternalGetMemEncryptionAddressMask ();
436 ASSERT (PageDirectoryEntry
!= NULL
);
437 ASSERT (*PageEntry1G
& AddressEncMask
);
439 // Fill in 1G page entry.
441 *PageEntry1G
= ((UINT64
)(UINTN
)PageDirectoryEntry
|
442 IA32_PG_P
| IA32_PG_RW
| AddressEncMask
);
444 PhysicalAddress2M
= PhysicalAddress
;
445 for (IndexOfPageDirectoryEntries
= 0;
446 IndexOfPageDirectoryEntries
< 512;
447 (IndexOfPageDirectoryEntries
++,
448 PageDirectoryEntry
++,
449 PhysicalAddress2M
+= SIZE_2MB
))
451 if ((PhysicalAddress2M
< StackBase
+ StackSize
) &&
452 ((PhysicalAddress2M
+ SIZE_2MB
) > StackBase
))
455 // Need to split this 2M page that covers stack range.
459 (UINT64
*)PageDirectoryEntry
,
465 // Fill in the Page Directory entries
467 PageDirectoryEntry
->Uint64
= (UINT64
)PhysicalAddress2M
| AddressEncMask
;
468 PageDirectoryEntry
->Bits
.ReadWrite
= 1;
469 PageDirectoryEntry
->Bits
.Present
= 1;
470 PageDirectoryEntry
->Bits
.MustBe1
= 1;
476 Set or Clear the memory encryption bit
478 @param[in, out] PageTablePointer Page table entry pointer (PTE).
479 @param[in] Mode Set or Clear encryption bit
484 IN OUT UINT64
*PageTablePointer
,
485 IN MAP_RANGE_MODE Mode
488 UINT64 AddressEncMask
;
490 AddressEncMask
= InternalGetMemEncryptionAddressMask ();
492 if (Mode
== SetCBit
) {
493 *PageTablePointer
|= AddressEncMask
;
495 *PageTablePointer
&= ~AddressEncMask
;
500 Check the WP status in CR0 register. This bit is used to lock or unlock write
501 access to pages marked as read-only.
503 @retval TRUE Write protection is enabled.
504 @retval FALSE Write protection is disabled.
508 IsReadOnlyPageWriteProtected (
512 return ((AsmReadCr0 () & BIT16
) != 0);
516 Disable Write Protect on pages marked as read-only.
520 DisableReadOnlyPageWriteProtect (
524 AsmWriteCr0 (AsmReadCr0 () & ~BIT16
);
528 Enable Write Protect on pages marked as read-only.
532 EnableReadOnlyPageWriteProtect (
536 AsmWriteCr0 (AsmReadCr0 () | BIT16
);
540 This function either sets or clears memory encryption bit for the memory
541 region specified by PhysicalAddress and Length from the current page table
544 The function iterates through the PhysicalAddress one page at a time, and set
545 or clears the memory encryption mask in the page table. If it encounters
546 that a given physical address range is part of large page then it attempts to
547 change the attribute at one go (based on size), otherwise it splits the
548 large pages into smaller (e.g 2M page into 4K pages) and then try to set or
549 clear the encryption bit on the smallest page size.
551 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
553 @param[in] PhysicalAddress The physical address that is the start
554 address of a memory region.
555 @param[in] Length The length of memory region
556 @param[in] Mode Set or Clear mode
557 @param[in] CacheFlush Flush the caches before applying the
560 @retval RETURN_SUCCESS The attributes were cleared for the
562 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
563 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
570 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
571 IN PHYSICAL_ADDRESS PhysicalAddress
,
573 IN MAP_RANGE_MODE Mode
,
574 IN BOOLEAN CacheFlush
577 PAGE_MAP_AND_DIRECTORY_POINTER
*PageMapLevel4Entry
;
578 PAGE_MAP_AND_DIRECTORY_POINTER
*PageUpperDirectoryPointerEntry
;
579 PAGE_MAP_AND_DIRECTORY_POINTER
*PageDirectoryPointerEntry
;
580 PAGE_TABLE_1G_ENTRY
*PageDirectory1GEntry
;
581 PAGE_TABLE_ENTRY
*PageDirectory2MEntry
;
582 PAGE_TABLE_4K_ENTRY
*PageTableEntry
;
584 UINT64 AddressEncMask
;
586 RETURN_STATUS Status
;
589 // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
591 PageMapLevel4Entry
= NULL
;
595 "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u\n",
601 (Mode
== SetCBit
) ? "Encrypt" : "Decrypt",
606 // Check if we have a valid memory encryption mask
608 AddressEncMask
= InternalGetMemEncryptionAddressMask ();
609 if (!AddressEncMask
) {
610 return RETURN_ACCESS_DENIED
;
613 PgTableMask
= AddressEncMask
| EFI_PAGE_MASK
;
616 return RETURN_INVALID_PARAMETER
;
620 // We are going to change the memory encryption attribute from C=0 -> C=1 or
621 // vice versa Flush the caches to ensure that data is written into memory
622 // with correct C-bit
625 WriteBackInvalidateDataCacheRange ((VOID
*)(UINTN
)PhysicalAddress
, Length
);
629 // Make sure that the page table is changeable.
631 IsWpEnabled
= IsReadOnlyPageWriteProtected ();
633 DisableReadOnlyPageWriteProtect ();
636 Status
= EFI_SUCCESS
;
638 while (Length
!= 0) {
640 // If Cr3BaseAddress is not specified then read the current CR3
642 if (Cr3BaseAddress
== 0) {
643 Cr3BaseAddress
= AsmReadCr3 ();
646 PageMapLevel4Entry
= (VOID
*)(Cr3BaseAddress
& ~PgTableMask
);
647 PageMapLevel4Entry
+= PML4_OFFSET (PhysicalAddress
);
648 if (!PageMapLevel4Entry
->Bits
.Present
) {
651 "%a:%a: bad PML4 for Physical=0x%Lx\n",
656 Status
= RETURN_NO_MAPPING
;
660 PageDirectory1GEntry
= (VOID
*)(
661 (PageMapLevel4Entry
->Bits
.PageTableBaseAddress
<<
664 PageDirectory1GEntry
+= PDP_OFFSET (PhysicalAddress
);
665 if (!PageDirectory1GEntry
->Bits
.Present
) {
668 "%a:%a: bad PDPE for Physical=0x%Lx\n",
673 Status
= RETURN_NO_MAPPING
;
678 // If the MustBe1 bit is not 1, it's not actually a 1GB entry
680 if (PageDirectory1GEntry
->Bits
.MustBe1
) {
683 // If we have at least 1GB to go, we can just update this entry
685 if (((PhysicalAddress
& (BIT30
- 1)) == 0) && (Length
>= BIT30
)) {
686 SetOrClearCBit (&PageDirectory1GEntry
->Uint64
, Mode
);
689 "%a:%a: updated 1GB entry for Physical=0x%Lx\n",
694 PhysicalAddress
+= BIT30
;
698 // We must split the page
702 "%a:%a: splitting 1GB page for Physical=0x%Lx\n",
708 (UINT64
)PageDirectory1GEntry
->Bits
.PageTableBaseAddress
<< 30,
709 (UINT64
*)PageDirectory1GEntry
,
719 PageUpperDirectoryPointerEntry
=
720 (PAGE_MAP_AND_DIRECTORY_POINTER
*)PageDirectory1GEntry
;
721 PageDirectory2MEntry
=
723 (PageUpperDirectoryPointerEntry
->Bits
.PageTableBaseAddress
<<
726 PageDirectory2MEntry
+= PDE_OFFSET (PhysicalAddress
);
727 if (!PageDirectory2MEntry
->Bits
.Present
) {
730 "%a:%a: bad PDE for Physical=0x%Lx\n",
735 Status
= RETURN_NO_MAPPING
;
740 // If the MustBe1 bit is not a 1, it's not a 2MB entry
742 if (PageDirectory2MEntry
->Bits
.MustBe1
) {
745 // If we have at least 2MB left to go, we can just update this entry
747 if (((PhysicalAddress
& (BIT21
-1)) == 0) && (Length
>= BIT21
)) {
748 SetOrClearCBit (&PageDirectory2MEntry
->Uint64
, Mode
);
749 PhysicalAddress
+= BIT21
;
753 // We must split up this page into 4K pages
757 "%a:%a: splitting 2MB page for Physical=0x%Lx\n",
763 (UINT64
)PageDirectory2MEntry
->Bits
.PageTableBaseAddress
<< 21,
764 (UINT64
*)PageDirectory2MEntry
,
771 PageDirectoryPointerEntry
=
772 (PAGE_MAP_AND_DIRECTORY_POINTER
*)PageDirectory2MEntry
;
775 (PageDirectoryPointerEntry
->Bits
.PageTableBaseAddress
<<
778 PageTableEntry
+= PTE_OFFSET (PhysicalAddress
);
779 if (!PageTableEntry
->Bits
.Present
) {
782 "%a:%a: bad PTE for Physical=0x%Lx\n",
787 Status
= RETURN_NO_MAPPING
;
791 SetOrClearCBit (&PageTableEntry
->Uint64
, Mode
);
792 PhysicalAddress
+= EFI_PAGE_SIZE
;
793 Length
-= EFI_PAGE_SIZE
;
799 // Protect the page table by marking the memory used for page table to be
803 EnablePageTableProtection ((UINTN
)PageMapLevel4Entry
, TRUE
);
813 // Restore page table write protection, if any.
816 EnableReadOnlyPageWriteProtect ();
823 This function clears memory encryption bit for the memory region specified by
824 PhysicalAddress and Length from the current page table context.
826 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
828 @param[in] PhysicalAddress The physical address that is the start
829 address of a memory region.
830 @param[in] Length The length of memory region
832 @retval RETURN_SUCCESS The attributes were cleared for the
834 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
835 @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute
840 InternalMemEncryptSevSetMemoryDecrypted (
841 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
842 IN PHYSICAL_ADDRESS PhysicalAddress
,
846 return SetMemoryEncDec (
856 This function sets memory encryption bit for the memory region specified by
857 PhysicalAddress and Length from the current page table context.
859 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
861 @param[in] PhysicalAddress The physical address that is the start
862 address of a memory region.
863 @param[in] Length The length of memory region
865 @retval RETURN_SUCCESS The attributes were set for the memory
867 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
868 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
873 InternalMemEncryptSevSetMemoryEncrypted (
874 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
875 IN PHYSICAL_ADDRESS PhysicalAddress
,
879 return SetMemoryEncDec (
889 This function clears memory encryption bit for the MMIO region specified by
890 PhysicalAddress and Length.
892 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
894 @param[in] PhysicalAddress The physical address that is the start
895 address of a MMIO region.
896 @param[in] Length The length of memory region
898 @retval RETURN_SUCCESS The attributes were cleared for the
900 @retval RETURN_INVALID_PARAMETER Length is zero.
901 @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute
906 InternalMemEncryptSevClearMmioPageEncMask (
907 IN PHYSICAL_ADDRESS Cr3BaseAddress
,
908 IN PHYSICAL_ADDRESS PhysicalAddress
,
912 return SetMemoryEncDec (