From nobody Fri Dec 19 19:00:37 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+100850+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100850+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1678270140; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ccAZKFpiLZpRrmUAW440NXeZNuV5DLwrSNpOfEVxvRzuKcJnfIgPVZmOYHNmvg9dp08s1Sc09PS0lBuGDMKPa8VG1e9pbWHph85ZiHdkGU6+qdFiMEWvooi3hYZQhgBslj2N1pj8DQ9AIlPANEhbeOBQLpXUdqF9WPBhY+rWMuc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1678270140;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=0LWRCn913M7vCoolX+xGuNwYWV09mC1JSnh5L3+sQaE=;
	b=DFHyVYzxc6G4sR4DyJVpEkcQl7LQHb2d3XuVwrepv85HHin+nS9oSrVzFMPOEBAW4KmfeUFscykpvEpvJkIP5QuwrGlbLjeXX55JfyBL2Q6L7/EUF6AC4367mO9aW14bXB1oPjZCFj4RQciP65D7qNV07ubk8mf4oKVxwGaVAYI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100850+1787277+3901457@groups.io;
	dmarc=fail header.from=<dun.tan@intel.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 167827014045213.379680091516775;
 Wed, 8 Mar 2023 02:09:00 -0800 (PST)
Return-Path: <bounce+27952+100850+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id eXbJYY1788612x5PEusah09K;
 Wed, 08 Mar 2023 02:09:00 -0800
X-Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by mx.groups.io with SMTP id smtpd.web10.3470.1678270139326397803
 for <devel@edk2.groups.io>;
 Wed, 08 Mar 2023 02:08:59 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10642"; a="338442648"
X-IronPort-AV: E=Sophos;i="5.98,243,1673942400";
   d="scan'208";a="338442648"
X-Received: from fmsmga004.fm.intel.com ([10.253.24.48])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 08 Mar 2023 02:08:58 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10642"; a="745862628"
X-IronPort-AV: E=Sophos;i="5.98,243,1673942400";
   d="scan'208";a="745862628"
X-Received: from shwdeopenlab702.ccr.corp.intel.com ([10.239.55.92])
  by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 08 Mar 2023 02:08:56 -0800
From: "duntan" <dun.tan@intel.com>
To: devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [Patch V2 03/14] UefiCpuPkg/CpuPageTableLib: Fix the
 non-1:1 mapping issue
Date: Wed,  8 Mar 2023 18:07:47 +0800
Message-Id: <20230308100758.669-4-dun.tan@intel.com>
In-Reply-To: <20230308100758.669-1-dun.tan@intel.com>
References: <20230308100758.669-1-dun.tan@intel.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dun.tan@intel.com
X-Gm-Message-State: SZxnmHZYQYBckHnvREFmtdOAx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1678270140;
 bh=8gc36UbmNAzu+UWnr5aI10rFon6PYgCWF0nQFCTpoNY=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=Iu1lqvMJ9uPq3hdB3bENzZxgDGQeSzGUVLWdGOVhsgeQWJqRIlpwmmDZFMH+ewjtQgo
 fPndZLhAzINeM02YoP5ynnOIQwQuPEiBDqM46VZyN2N5UIbq4geib7szR/Bz3oS8iVUEd
 rV8Ws0IQyKbql734dXVY8yoqzyGSXNG5Fko=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1678270142426100004
Content-Type: text/plain; charset="utf-8"

In previous code logic, when splitting a leaf parent entry to
smaller granularity child page table, if the parent entry
Attribute&Mask(without PageTableBaseAddress field) is equal to the
input attribute&mask(without PageTableBaseAddress field), the split
process won't happen. This may lead to failure in non-1:1 mapping.

For example, there is a page table in which [0, 1G] is mapped(Lv4[0]
,Lv3[0,0], a non-leaf level4 entry and a leaf level3 entry). And we
want to remap [0, 2M] linear address range to [1G, 1G + 2M] with the
same attibute. The expected behaviour should be: split Lv3[0,0]
entry into 512 level2 entries and remap the first level2 entry to
cover [0, 2M]. But the split won't happen in previous code since
PageTableBaseAddress of input Attribute is not checked.

So, when checking if a leaf parent entry needs to be splitted, we
should also check if PageTableBaseAddress calculated by parent entry
is equal to the value caculated by input attribute.

Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
---
 UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c | 27 ++++++++++++++++=
+----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c b/UefiCpu=
Pkg/Library/CpuPageTableLib/CpuPageTableMap.c
index 4c9d70fa0a..ee27238edb 100644
--- a/UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c
+++ b/UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableMap.c
@@ -258,6 +258,7 @@ PageTableLibMapInLevel (
   UINTN               BitStart;
   UINTN               Index;
   IA32_PAGING_ENTRY   *PagingEntry;
+  UINTN               PagingEntryIndex;
   IA32_PAGING_ENTRY   *CurrentPagingEntry;
   UINT64              RegionLength;
   UINT64              SubLength;
@@ -288,6 +289,13 @@ PageTableLibMapInLevel (
   LocalParentAttribute.Uint64 =3D ParentAttribute->Uint64;
   ParentAttribute             =3D &LocalParentAttribute;
=20
+  //
+  // RegionLength: 256T (1 << 48) 512G (1 << 39), 1G (1 << 30), 2M (1 << 2=
1) or 4K (1 << 12).
+  //
+  BitStart         =3D 12 + (Level - 1) * 9;
+  PagingEntryIndex =3D (UINTN)BitFieldRead64 (LinearAddress + Offset, BitS=
tart, BitStart + 9 - 1);
+  RegionLength     =3D REGION_LENGTH (Level);
+
   //
   // ParentPagingEntry ONLY is deferenced for checking Present and MustBeO=
ne bits
   // when Modify is FALSE.
@@ -325,8 +333,11 @@ PageTableLibMapInLevel (
     // the actual attributes of grand-parents when determing the memory ty=
pe.
     //
     PleBAttribute.Uint64 =3D PageTableLibGetPleBMapAttribute (&ParentPagin=
gEntry->PleB, ParentAttribute);
-    if ((IA32_MAP_ATTRIBUTE_ATTRIBUTES (&PleBAttribute) & IA32_MAP_ATTRIBU=
TE_ATTRIBUTES (Mask))
-        =3D=3D (IA32_MAP_ATTRIBUTE_ATTRIBUTES (Attribute) & IA32_MAP_ATTRI=
BUTE_ATTRIBUTES (Mask)))
+    if ((((IA32_MAP_ATTRIBUTE_ATTRIBUTES (&PleBAttribute) & IA32_MAP_ATTRI=
BUTE_ATTRIBUTES (Mask))
+          =3D=3D (IA32_MAP_ATTRIBUTE_ATTRIBUTES (Attribute) & IA32_MAP_ATT=
RIBUTE_ATTRIBUTES (Mask)))) &&
+        (  (Mask->Bits.PageTableBaseAddress =3D=3D 0)
+        || ((IA32_MAP_ATTRIBUTE_PAGE_TABLE_BASE_ADDRESS (&PleBAttribute) +=
 PagingEntryIndex * RegionLength)
+            =3D=3D (IA32_MAP_ATTRIBUTE_PAGE_TABLE_BASE_ADDRESS (Attribute)=
 + Offset))))
     {
       //
       // This function is called when the memory length is less than the r=
egion length of the parent level.
@@ -353,8 +364,7 @@ PageTableLibMapInLevel (
       //
       PageTableLibSetPnle (&ParentPagingEntry->Pnle, &NopAttribute, &AllOn=
eMask);
=20
-      RegionLength =3D REGION_LENGTH (Level);
-      PagingEntry  =3D (IA32_PAGING_ENTRY *)(UINTN)IA32_PNLE_PAGE_TABLE_BA=
SE_ADDRESS (&ParentPagingEntry->Pnle);
+      PagingEntry =3D (IA32_PAGING_ENTRY *)(UINTN)IA32_PNLE_PAGE_TABLE_BAS=
E_ADDRESS (&ParentPagingEntry->Pnle);
       for (SubOffset =3D 0, Index =3D 0; Index < 512; Index++) {
         PagingEntry[Index].Uint64 =3D OneOfPagingEntry.Uint64 + SubOffset;
         SubOffset                +=3D RegionLength;
@@ -425,14 +435,11 @@ PageTableLibMapInLevel (
   }
=20
   //
-  // RegionLength: 256T (1 << 48) 512G (1 << 39), 1G (1 << 30), 2M (1 << 2=
1) or 4K (1 << 12).
   // RegionStart:  points to the linear address that's aligned on RegionLe=
ngth and lower than (LinearAddress + Offset).
   //
-  BitStart     =3D 12 + (Level - 1) * 9;
-  Index        =3D (UINTN)BitFieldRead64 (LinearAddress + Offset, BitStart=
, BitStart + 9 - 1);
-  RegionLength =3D LShiftU64 (1, BitStart);
-  RegionMask   =3D RegionLength - 1;
-  RegionStart  =3D (LinearAddress + Offset) & ~RegionMask;
+  Index       =3D PagingEntryIndex;
+  RegionMask  =3D RegionLength - 1;
+  RegionStart =3D (LinearAddress + Offset) & ~RegionMask;
=20
   ParentAttribute->Uint64 =3D PageTableLibGetPnleMapAttribute (&ParentPagi=
ngEntry->Pnle, ParentAttribute);
=20
--=20
2.31.1.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100850): https://edk2.groups.io/g/devel/message/100850
Mute This Topic: https://groups.io/mt/97469471/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-