]> git.proxmox.com Git - mirror_edk2.git/blob - OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
projects / mirror_edk2.git / blob
? search:


39b246048f1f2f37b745d6a60e1b82ca4c643d79
[mirror_edk2.git] / OvmfPkg / Library / BaseMemEncryptSevLib / X64 / VirtualMemory.c
1 /** @file
2
3 Virtual Memory Management Services to set or clear the memory encryption bit
4
5 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>
6 Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
7
8 This program and the accompanying materials are licensed and made available
9 under the terms and conditions of the BSD License which accompanies this
10 distribution. The full text of the license may be found at
11 http://opensource.org/licenses/bsd-license.php
12
13 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
14 WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15
16 Code is derived from MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
17
18 **/
19
20 #include <Library/CpuLib.h>
21 #include <Register/Cpuid.h>
22 #include <Register/Amd/Cpuid.h>
23
24 #include "VirtualMemory.h"
25
26 STATIC BOOLEAN mAddressEncMaskChecked = FALSE;
27 STATIC UINT64 mAddressEncMask;
28 STATIC PAGE_TABLE_POOL *mPageTablePool = NULL;
29
30 typedef enum {
31 SetCBit,
32 ClearCBit
33 } MAP_RANGE_MODE;
34
35 /**
36 Get the memory encryption mask
37
38 @param[out] EncryptionMask contains the pte mask.
39
40 **/
41 STATIC
42 UINT64
43 GetMemEncryptionAddressMask (
44 VOID
45 )
46 {
47 UINT64 EncryptionMask;
48 CPUID_MEMORY_ENCRYPTION_INFO_EBX Ebx;
49
50 if (mAddressEncMaskChecked) {
51 return mAddressEncMask;
52 }
53
54 //
55 // CPUID Fn8000_001F[EBX] Bit 0:5 (memory encryption bit position)
56 //
57 AsmCpuid (CPUID_MEMORY_ENCRYPTION_INFO, NULL, &Ebx.Uint32, NULL, NULL);
58 EncryptionMask = LShiftU64 (1, Ebx.Bits.PtePosBits);
59
60 mAddressEncMask = EncryptionMask & PAGING_1G_ADDRESS_MASK_64;
61 mAddressEncMaskChecked = TRUE;
62
63 return mAddressEncMask;
64 }
65
66 /**
67 Initialize a buffer pool for page table use only.
68
69 To reduce the potential split operation on page table, the pages reserved for
70 page table should be allocated in the times of PAGE_TABLE_POOL_UNIT_PAGES and
71 at the boundary of PAGE_TABLE_POOL_ALIGNMENT. So the page pool is always
72 initialized with number of pages greater than or equal to the given
73 PoolPages.
74
75 Once the pages in the pool are used up, this method should be called again to
76 reserve at least another PAGE_TABLE_POOL_UNIT_PAGES. Usually this won't
77 happen often in practice.
78
79 @param[in] PoolPages The least page number of the pool to be created.
80
81 @retval TRUE The pool is initialized successfully.
82 @retval FALSE The memory is out of resource.
83 **/
84 STATIC
85 BOOLEAN
86 InitializePageTablePool (
87 IN UINTN PoolPages
88 )
89 {
90 VOID *Buffer;
91
92 //
93 // Always reserve at least PAGE_TABLE_POOL_UNIT_PAGES, including one page for
94 // header.
95 //
96 PoolPages += 1; // Add one page for header.
97 PoolPages = ((PoolPages - 1) / PAGE_TABLE_POOL_UNIT_PAGES + 1) *
98 PAGE_TABLE_POOL_UNIT_PAGES;
99 Buffer = AllocateAlignedPages (PoolPages, PAGE_TABLE_POOL_ALIGNMENT);
100 if (Buffer == NULL) {
101 DEBUG ((DEBUG_ERROR, "ERROR: Out of aligned pages\r\n"));
102 return FALSE;
103 }
104
105 //
106 // Link all pools into a list for easier track later.
107 //
108 if (mPageTablePool == NULL) {
109 mPageTablePool = Buffer;
110 mPageTablePool->NextPool = mPageTablePool;
111 } else {
112 ((PAGE_TABLE_POOL *)Buffer)->NextPool = mPageTablePool->NextPool;
113 mPageTablePool->NextPool = Buffer;
114 mPageTablePool = Buffer;
115 }
116
117 //
118 // Reserve one page for pool header.
119 //
120 mPageTablePool->FreePages = PoolPages - 1;
121 mPageTablePool->Offset = EFI_PAGES_TO_SIZE (1);
122
123 return TRUE;
124 }
125
126 /**
127 This API provides a way to allocate memory for page table.
128
129 This API can be called more than once to allocate memory for page tables.
130
131 Allocates the number of 4KB pages and returns a pointer to the allocated
132 buffer. The buffer returned is aligned on a 4KB boundary.
133
134 If Pages is 0, then NULL is returned.
135 If there is not enough memory remaining to satisfy the request, then NULL is
136 returned.
137
138 @param Pages The number of 4 KB pages to allocate.
139
140 @return A pointer to the allocated buffer or NULL if allocation fails.
141
142 **/
143 STATIC
144 VOID *
145 EFIAPI
146 AllocatePageTableMemory (
147 IN UINTN Pages
148 )
149 {
150 VOID *Buffer;
151
152 if (Pages == 0) {
153 return NULL;
154 }
155
156 //
157 // Renew the pool if necessary.
158 //
159 if (mPageTablePool == NULL ||
160 Pages > mPageTablePool->FreePages) {
161 if (!InitializePageTablePool (Pages)) {
162 return NULL;
163 }
164 }
165
166 Buffer = (UINT8 *)mPageTablePool + mPageTablePool->Offset;
167
168 mPageTablePool->Offset += EFI_PAGES_TO_SIZE (Pages);
169 mPageTablePool->FreePages -= Pages;
170
171 DEBUG ((
172 DEBUG_VERBOSE,
173 "%a:%a: Buffer=0x%Lx Pages=%ld\n",
174 gEfiCallerBaseName,
175 __FUNCTION__,
176 Buffer,
177 Pages
178 ));
179
180 return Buffer;
181 }
182
183
184 /**
185 Split 2M page to 4K.
186
187 @param[in] PhysicalAddress Start physical address the 2M page
188 covered.
189 @param[in, out] PageEntry2M Pointer to 2M page entry.
190 @param[in] StackBase Stack base address.
191 @param[in] StackSize Stack size.
192
193 **/
194 STATIC
195 VOID
196 Split2MPageTo4K (
197 IN PHYSICAL_ADDRESS PhysicalAddress,
198 IN OUT UINT64 *PageEntry2M,
199 IN PHYSICAL_ADDRESS StackBase,
200 IN UINTN StackSize
201 )
202 {
203 PHYSICAL_ADDRESS PhysicalAddress4K;
204 UINTN IndexOfPageTableEntries;
205 PAGE_TABLE_4K_ENTRY *PageTableEntry, *PageTableEntry1;
206 UINT64 AddressEncMask;
207
208 PageTableEntry = AllocatePageTableMemory(1);
209
210 PageTableEntry1 = PageTableEntry;
211
212 AddressEncMask = GetMemEncryptionAddressMask ();
213
214 ASSERT (PageTableEntry != NULL);
215 ASSERT (*PageEntry2M & AddressEncMask);
216
217 PhysicalAddress4K = PhysicalAddress;
218 for (IndexOfPageTableEntries = 0;
219 IndexOfPageTableEntries < 512;
220 (IndexOfPageTableEntries++,
221 PageTableEntry++,
222 PhysicalAddress4K += SIZE_4KB)) {
223 //
224 // Fill in the Page Table entries
225 //
226 PageTableEntry->Uint64 = (UINT64) PhysicalAddress4K | AddressEncMask;
227 PageTableEntry->Bits.ReadWrite = 1;
228 PageTableEntry->Bits.Present = 1;
229 if ((PhysicalAddress4K >= StackBase) &&
230 (PhysicalAddress4K < StackBase + StackSize)) {
231 //
232 // Set Nx bit for stack.
233 //
234 PageTableEntry->Bits.Nx = 1;
235 }
236 }
237
238 //
239 // Fill in 2M page entry.
240 //
241 *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
242 IA32_PG_P | IA32_PG_RW | AddressEncMask);
243 }
244
245 /**
246 Set one page of page table pool memory to be read-only.
247
248 @param[in] PageTableBase Base address of page table (CR3).
249 @param[in] Address Start address of a page to be set as read-only.
250 @param[in] Level4Paging Level 4 paging flag.
251
252 **/
253 STATIC
254 VOID
255 SetPageTablePoolReadOnly (
256 IN UINTN PageTableBase,
257 IN EFI_PHYSICAL_ADDRESS Address,
258 IN BOOLEAN Level4Paging
259 )
260 {
261 UINTN Index;
262 UINTN EntryIndex;
263 UINT64 AddressEncMask;
264 EFI_PHYSICAL_ADDRESS PhysicalAddress;
265 UINT64 *PageTable;
266 UINT64 *NewPageTable;
267 UINT64 PageAttr;
268 UINT64 LevelSize[5];
269 UINT64 LevelMask[5];
270 UINTN LevelShift[5];
271 UINTN Level;
272 UINT64 PoolUnitSize;
273
274 ASSERT (PageTableBase != 0);
275
276 //
277 // Since the page table is always from page table pool, which is always
278 // located at the boundary of PcdPageTablePoolAlignment, we just need to
279 // set the whole pool unit to be read-only.
280 //
281 Address = Address & PAGE_TABLE_POOL_ALIGN_MASK;
282
283 LevelShift[1] = PAGING_L1_ADDRESS_SHIFT;
284 LevelShift[2] = PAGING_L2_ADDRESS_SHIFT;
285 LevelShift[3] = PAGING_L3_ADDRESS_SHIFT;
286 LevelShift[4] = PAGING_L4_ADDRESS_SHIFT;
287
288 LevelMask[1] = PAGING_4K_ADDRESS_MASK_64;
289 LevelMask[2] = PAGING_2M_ADDRESS_MASK_64;
290 LevelMask[3] = PAGING_1G_ADDRESS_MASK_64;
291 LevelMask[4] = PAGING_1G_ADDRESS_MASK_64;
292
293 LevelSize[1] = SIZE_4KB;
294 LevelSize[2] = SIZE_2MB;
295 LevelSize[3] = SIZE_1GB;
296 LevelSize[4] = SIZE_512GB;
297
298 AddressEncMask = GetMemEncryptionAddressMask() &
299 PAGING_1G_ADDRESS_MASK_64;
300 PageTable = (UINT64 *)(UINTN)PageTableBase;
301 PoolUnitSize = PAGE_TABLE_POOL_UNIT_SIZE;
302
303 for (Level = (Level4Paging) ? 4 : 3; Level > 0; --Level) {
304 Index = ((UINTN)RShiftU64 (Address, LevelShift[Level]));
305 Index &= PAGING_PAE_INDEX_MASK;
306
307 PageAttr = PageTable[Index];
308 if ((PageAttr & IA32_PG_PS) == 0) {
309 //
310 // Go to next level of table.
311 //
312 PageTable = (UINT64 *)(UINTN)(PageAttr & ~AddressEncMask &
313 PAGING_4K_ADDRESS_MASK_64);
314 continue;
315 }
316
317 if (PoolUnitSize >= LevelSize[Level]) {
318 //
319 // Clear R/W bit if current page granularity is not larger than pool unit
320 // size.
321 //
322 if ((PageAttr & IA32_PG_RW) != 0) {
323 while (PoolUnitSize > 0) {
324 //
325 // PAGE_TABLE_POOL_UNIT_SIZE and PAGE_TABLE_POOL_ALIGNMENT are fit in
326 // one page (2MB). Then we don't need to update attributes for pages
327 // crossing page directory. ASSERT below is for that purpose.
328 //
329 ASSERT (Index < EFI_PAGE_SIZE/sizeof (UINT64));
330
331 PageTable[Index] &= ~(UINT64)IA32_PG_RW;
332 PoolUnitSize -= LevelSize[Level];
333
334 ++Index;
335 }
336 }
337
338 break;
339
340 } else {
341 //
342 // The smaller granularity of page must be needed.
343 //
344 ASSERT (Level > 1);
345
346 NewPageTable = AllocatePageTableMemory (1);
347 ASSERT (NewPageTable != NULL);
348
349 PhysicalAddress = PageAttr & LevelMask[Level];
350 for (EntryIndex = 0;
351 EntryIndex < EFI_PAGE_SIZE/sizeof (UINT64);
352 ++EntryIndex) {
353 NewPageTable[EntryIndex] = PhysicalAddress | AddressEncMask |
354 IA32_PG_P | IA32_PG_RW;
355 if (Level > 2) {
356 NewPageTable[EntryIndex] |= IA32_PG_PS;
357 }
358 PhysicalAddress += LevelSize[Level - 1];
359 }
360
361 PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
362 IA32_PG_P | IA32_PG_RW;
363 PageTable = NewPageTable;
364 }
365 }
366 }
367
368 /**
369 Prevent the memory pages used for page table from been overwritten.
370
371 @param[in] PageTableBase Base address of page table (CR3).
372 @param[in] Level4Paging Level 4 paging flag.
373
374 **/
375 STATIC
376 VOID
377 EnablePageTableProtection (
378 IN UINTN PageTableBase,
379 IN BOOLEAN Level4Paging
380 )
381 {
382 PAGE_TABLE_POOL *HeadPool;
383 PAGE_TABLE_POOL *Pool;
384 UINT64 PoolSize;
385 EFI_PHYSICAL_ADDRESS Address;
386
387 if (mPageTablePool == NULL) {
388 return;
389 }
390
391 //
392 // SetPageTablePoolReadOnly might update mPageTablePool. It's safer to
393 // remember original one in advance.
394 //
395 HeadPool = mPageTablePool;
396 Pool = HeadPool;
397 do {
398 Address = (EFI_PHYSICAL_ADDRESS)(UINTN)Pool;
399 PoolSize = Pool->Offset + EFI_PAGES_TO_SIZE (Pool->FreePages);
400
401 //
402 // The size of one pool must be multiple of PAGE_TABLE_POOL_UNIT_SIZE,
403 // which is one of page size of the processor (2MB by default). Let's apply
404 // the protection to them one by one.
405 //
406 while (PoolSize > 0) {
407 SetPageTablePoolReadOnly(PageTableBase, Address, Level4Paging);
408 Address += PAGE_TABLE_POOL_UNIT_SIZE;
409 PoolSize -= PAGE_TABLE_POOL_UNIT_SIZE;
410 }
411
412 Pool = Pool->NextPool;
413 } while (Pool != HeadPool);
414
415 }
416
417
418 /**
419 Split 1G page to 2M.
420
421 @param[in] PhysicalAddress Start physical address the 1G page
422 covered.
423 @param[in, out] PageEntry1G Pointer to 1G page entry.
424 @param[in] StackBase Stack base address.
425 @param[in] StackSize Stack size.
426
427 **/
428 STATIC
429 VOID
430 Split1GPageTo2M (
431 IN PHYSICAL_ADDRESS PhysicalAddress,
432 IN OUT UINT64 *PageEntry1G,
433 IN PHYSICAL_ADDRESS StackBase,
434 IN UINTN StackSize
435 )
436 {
437 PHYSICAL_ADDRESS PhysicalAddress2M;
438 UINTN IndexOfPageDirectoryEntries;
439 PAGE_TABLE_ENTRY *PageDirectoryEntry;
440 UINT64 AddressEncMask;
441
442 PageDirectoryEntry = AllocatePageTableMemory(1);
443
444 AddressEncMask = GetMemEncryptionAddressMask ();
445 ASSERT (PageDirectoryEntry != NULL);
446 ASSERT (*PageEntry1G & GetMemEncryptionAddressMask ());
447 //
448 // Fill in 1G page entry.
449 //
450 *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
451 IA32_PG_P | IA32_PG_RW | AddressEncMask);
452
453 PhysicalAddress2M = PhysicalAddress;
454 for (IndexOfPageDirectoryEntries = 0;
455 IndexOfPageDirectoryEntries < 512;
456 (IndexOfPageDirectoryEntries++,
457 PageDirectoryEntry++,
458 PhysicalAddress2M += SIZE_2MB)) {
459 if ((PhysicalAddress2M < StackBase + StackSize) &&
460 ((PhysicalAddress2M + SIZE_2MB) > StackBase)) {
461 //
462 // Need to split this 2M page that covers stack range.
463 //
464 Split2MPageTo4K (
465 PhysicalAddress2M,
466 (UINT64 *)PageDirectoryEntry,
467 StackBase,
468 StackSize
469 );
470 } else {
471 //
472 // Fill in the Page Directory entries
473 //
474 PageDirectoryEntry->Uint64 = (UINT64) PhysicalAddress2M | AddressEncMask;
475 PageDirectoryEntry->Bits.ReadWrite = 1;
476 PageDirectoryEntry->Bits.Present = 1;
477 PageDirectoryEntry->Bits.MustBe1 = 1;
478 }
479 }
480 }
481
482
483 /**
484 Set or Clear the memory encryption bit
485
486 @param[in] PagetablePoint Page table entry pointer (PTE).
487 @param[in] Mode Set or Clear encryption bit
488
489 **/
490 STATIC VOID
491 SetOrClearCBit(
492 IN OUT UINT64* PageTablePointer,
493 IN MAP_RANGE_MODE Mode
494 )
495 {
496 UINT64 AddressEncMask;
497
498 AddressEncMask = GetMemEncryptionAddressMask ();
499
500 if (Mode == SetCBit) {
501 *PageTablePointer |= AddressEncMask;
502 } else {
503 *PageTablePointer &= ~AddressEncMask;
504 }
505
506 }
507
508 /**
509 Check the WP status in CR0 register. This bit is used to lock or unlock write
510 access to pages marked as read-only.
511
512 @retval TRUE Write protection is enabled.
513 @retval FALSE Write protection is disabled.
514 **/
515 STATIC
516 BOOLEAN
517 IsReadOnlyPageWriteProtected (
518 VOID
519 )
520 {
521 return ((AsmReadCr0 () & BIT16) != 0);
522 }
523
524
525 /**
526 Disable Write Protect on pages marked as read-only.
527 **/
528 STATIC
529 VOID
530 DisableReadOnlyPageWriteProtect (
531 VOID
532 )
533 {
534 AsmWriteCr0 (AsmReadCr0() & ~BIT16);
535 }
536
537 /**
538 Enable Write Protect on pages marked as read-only.
539 **/
540 VOID
541 EnableReadOnlyPageWriteProtect (
542 VOID
543 )
544 {
545 AsmWriteCr0 (AsmReadCr0() | BIT16);
546 }
547
548
549 /**
550 This function either sets or clears memory encryption bit for the memory
551 region specified by PhysicalAddress and Length from the current page table
552 context.
553
554 The function iterates through the PhysicalAddress one page at a time, and set
555 or clears the memory encryption mask in the page table. If it encounters
556 that a given physical address range is part of large page then it attempts to
557 change the attribute at one go (based on size), otherwise it splits the
558 large pages into smaller (e.g 2M page into 4K pages) and then try to set or
559 clear the encryption bit on the smallest page size.
560
561 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
562 current CR3)
563 @param[in] PhysicalAddress The physical address that is the start
564 address of a memory region.
565 @param[in] Length The length of memory region
566 @param[in] Mode Set or Clear mode
567 @param[in] CacheFlush Flush the caches before applying the
568 encryption mask
569
570 @retval RETURN_SUCCESS The attributes were cleared for the
571 memory region.
572 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
573 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
574 is not supported
575 **/
576
577 STATIC
578 RETURN_STATUS
579 EFIAPI
580 SetMemoryEncDec (
581 IN PHYSICAL_ADDRESS Cr3BaseAddress,
582 IN PHYSICAL_ADDRESS PhysicalAddress,
583 IN UINTN Length,
584 IN MAP_RANGE_MODE Mode,
585 IN BOOLEAN CacheFlush
586 )
587 {
588 PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry;
589 PAGE_MAP_AND_DIRECTORY_POINTER *PageUpperDirectoryPointerEntry;
590 PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;
591 PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry;
592 PAGE_TABLE_ENTRY *PageDirectory2MEntry;
593 PAGE_TABLE_4K_ENTRY *PageTableEntry;
594 UINT64 PgTableMask;
595 UINT64 AddressEncMask;
596 BOOLEAN IsWpEnabled;
597 RETURN_STATUS Status;
598
599 DEBUG ((
600 DEBUG_VERBOSE,
601 "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u\n",
602 gEfiCallerBaseName,
603 __FUNCTION__,
604 Cr3BaseAddress,
605 PhysicalAddress,
606 (UINT64)Length,
607 (Mode == SetCBit) ? "Encrypt" : "Decrypt",
608 (UINT32)CacheFlush
609 ));
610
611 //
612 // Check if we have a valid memory encryption mask
613 //
614 AddressEncMask = GetMemEncryptionAddressMask ();
615 if (!AddressEncMask) {
616 return RETURN_ACCESS_DENIED;
617 }
618
619 PgTableMask = AddressEncMask | EFI_PAGE_MASK;
620
621 if (Length == 0) {
622 return RETURN_INVALID_PARAMETER;
623 }
624
625 //
626 // We are going to change the memory encryption attribute from C=0 -> C=1 or
627 // vice versa Flush the caches to ensure that data is written into memory
628 // with correct C-bit
629 //
630 if (CacheFlush) {
631 WriteBackInvalidateDataCacheRange((VOID*) (UINTN)PhysicalAddress, Length);
632 }
633
634 //
635 // Make sure that the page table is changeable.
636 //
637 IsWpEnabled = IsReadOnlyPageWriteProtected ();
638 if (IsWpEnabled) {
639 DisableReadOnlyPageWriteProtect ();
640 }
641
642 Status = EFI_SUCCESS;
643
644 while (Length)
645 {
646 //
647 // If Cr3BaseAddress is not specified then read the current CR3
648 //
649 if (Cr3BaseAddress == 0) {
650 Cr3BaseAddress = AsmReadCr3();
651 }
652
653 PageMapLevel4Entry = (VOID*) (Cr3BaseAddress & ~PgTableMask);
654 PageMapLevel4Entry += PML4_OFFSET(PhysicalAddress);
655 if (!PageMapLevel4Entry->Bits.Present) {
656 DEBUG ((
657 DEBUG_ERROR,
658 "%a:%a: bad PML4 for Physical=0x%Lx\n",
659 gEfiCallerBaseName,
660 __FUNCTION__,
661 PhysicalAddress
662 ));
663 Status = RETURN_NO_MAPPING;
664 goto Done;
665 }
666
667 PageDirectory1GEntry = (VOID *)(
668 (PageMapLevel4Entry->Bits.PageTableBaseAddress <<
669 12) & ~PgTableMask
670 );
671 PageDirectory1GEntry += PDP_OFFSET(PhysicalAddress);
672 if (!PageDirectory1GEntry->Bits.Present) {
673 DEBUG ((
674 DEBUG_ERROR,
675 "%a:%a: bad PDPE for Physical=0x%Lx\n",
676 gEfiCallerBaseName,
677 __FUNCTION__,
678 PhysicalAddress
679 ));
680 Status = RETURN_NO_MAPPING;
681 goto Done;
682 }
683
684 //
685 // If the MustBe1 bit is not 1, it's not actually a 1GB entry
686 //
687 if (PageDirectory1GEntry->Bits.MustBe1) {
688 //
689 // Valid 1GB page
690 // If we have at least 1GB to go, we can just update this entry
691 //
692 if (!(PhysicalAddress & (BIT30 - 1)) && Length >= BIT30) {
693 SetOrClearCBit(&PageDirectory1GEntry->Uint64, Mode);
694 DEBUG ((
695 DEBUG_VERBOSE,
696 "%a:%a: updated 1GB entry for Physical=0x%Lx\n",
697 gEfiCallerBaseName,
698 __FUNCTION__,
699 PhysicalAddress
700 ));
701 PhysicalAddress += BIT30;
702 Length -= BIT30;
703 } else {
704 //
705 // We must split the page
706 //
707 DEBUG ((
708 DEBUG_VERBOSE,
709 "%a:%a: splitting 1GB page for Physical=0x%Lx\n",
710 gEfiCallerBaseName,
711 __FUNCTION__,
712 PhysicalAddress
713 ));
714 Split1GPageTo2M (
715 (UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30,
716 (UINT64 *)PageDirectory1GEntry,
717 0,
718 0
719 );
720 continue;
721 }
722 } else {
723 //
724 // Actually a PDP
725 //
726 PageUpperDirectoryPointerEntry =
727 (PAGE_MAP_AND_DIRECTORY_POINTER *)PageDirectory1GEntry;
728 PageDirectory2MEntry =
729 (VOID *)(
730 (PageUpperDirectoryPointerEntry->Bits.PageTableBaseAddress <<
731 12) & ~PgTableMask
732 );
733 PageDirectory2MEntry += PDE_OFFSET(PhysicalAddress);
734 if (!PageDirectory2MEntry->Bits.Present) {
735 DEBUG ((
736 DEBUG_ERROR,
737 "%a:%a: bad PDE for Physical=0x%Lx\n",
738 gEfiCallerBaseName,
739 __FUNCTION__,
740 PhysicalAddress
741 ));
742 Status = RETURN_NO_MAPPING;
743 goto Done;
744 }
745 //
746 // If the MustBe1 bit is not a 1, it's not a 2MB entry
747 //
748 if (PageDirectory2MEntry->Bits.MustBe1) {
749 //
750 // Valid 2MB page
751 // If we have at least 2MB left to go, we can just update this entry
752 //
753 if (!(PhysicalAddress & (BIT21-1)) && Length >= BIT21) {
754 SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
755 PhysicalAddress += BIT21;
756 Length -= BIT21;
757 } else {
758 //
759 // We must split up this page into 4K pages
760 //
761 DEBUG ((
762 DEBUG_VERBOSE,
763 "%a:%a: splitting 2MB page for Physical=0x%Lx\n",
764 gEfiCallerBaseName,
765 __FUNCTION__,
766 PhysicalAddress
767 ));
768 Split2MPageTo4K (
769 (UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21,
770 (UINT64 *)PageDirectory2MEntry,
771 0,
772 0
773 );
774 continue;
775 }
776 } else {
777 PageDirectoryPointerEntry =
778 (PAGE_MAP_AND_DIRECTORY_POINTER *)PageDirectory2MEntry;
779 PageTableEntry =
780 (VOID *)(
781 (PageDirectoryPointerEntry->Bits.PageTableBaseAddress <<
782 12) & ~PgTableMask
783 );
784 PageTableEntry += PTE_OFFSET(PhysicalAddress);
785 if (!PageTableEntry->Bits.Present) {
786 DEBUG ((
787 DEBUG_ERROR,
788 "%a:%a: bad PTE for Physical=0x%Lx\n",
789 gEfiCallerBaseName,
790 __FUNCTION__,
791 PhysicalAddress
792 ));
793 Status = RETURN_NO_MAPPING;
794 goto Done;
795 }
796 SetOrClearCBit (&PageTableEntry->Uint64, Mode);
797 PhysicalAddress += EFI_PAGE_SIZE;
798 Length -= EFI_PAGE_SIZE;
799 }
800 }
801 }
802
803 //
804 // Protect the page table by marking the memory used for page table to be
805 // read-only.
806 //
807 if (IsWpEnabled) {
808 EnablePageTableProtection ((UINTN)PageMapLevel4Entry, TRUE);
809 }
810
811 //
812 // Flush TLB
813 //
814 CpuFlushTlb();
815
816 Done:
817 //
818 // Restore page table write protection, if any.
819 //
820 if (IsWpEnabled) {
821 EnableReadOnlyPageWriteProtect ();
822 }
823
824 return Status;
825 }
826
827 /**
828 This function clears memory encryption bit for the memory region specified by
829 PhysicalAddress and Length from the current page table context.
830
831 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
832 current CR3)
833 @param[in] PhysicalAddress The physical address that is the start
834 address of a memory region.
835 @param[in] Length The length of memory region
836 @param[in] Flush Flush the caches before applying the
837 encryption mask
838
839 @retval RETURN_SUCCESS The attributes were cleared for the
840 memory region.
841 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
842 @retval RETURN_UNSUPPORTED Clearing the memory encyrption attribute
843 is not supported
844 **/
845 RETURN_STATUS
846 EFIAPI
847 InternalMemEncryptSevSetMemoryDecrypted (
848 IN PHYSICAL_ADDRESS Cr3BaseAddress,
849 IN PHYSICAL_ADDRESS PhysicalAddress,
850 IN UINTN Length,
851 IN BOOLEAN Flush
852 )
853 {
854
855 return SetMemoryEncDec (
856 Cr3BaseAddress,
857 PhysicalAddress,
858 Length,
859 ClearCBit,
860 Flush
861 );
862 }
863
864 /**
865 This function sets memory encryption bit for the memory region specified by
866 PhysicalAddress and Length from the current page table context.
867
868 @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use
869 current CR3)
870 @param[in] PhysicalAddress The physical address that is the start
871 address of a memory region.
872 @param[in] Length The length of memory region
873 @param[in] Flush Flush the caches before applying the
874 encryption mask
875
876 @retval RETURN_SUCCESS The attributes were set for the memory
877 region.
878 @retval RETURN_INVALID_PARAMETER Number of pages is zero.
879 @retval RETURN_UNSUPPORTED Setting the memory encyrption attribute
880 is not supported
881 **/
882 RETURN_STATUS
883 EFIAPI
884 InternalMemEncryptSevSetMemoryEncrypted (
885 IN PHYSICAL_ADDRESS Cr3BaseAddress,
886 IN PHYSICAL_ADDRESS PhysicalAddress,
887 IN UINTN Length,
888 IN BOOLEAN Flush
889 )
890 {
891 return SetMemoryEncDec (
892 Cr3BaseAddress,
893 PhysicalAddress,
894 Length,
895 SetCBit,
896 Flush
897 );
898 }
EFI Development Kit II mirror for PVE