[rpms/edk2] f43: add 0020-OvmfPkg-PlatformDxe-proper-addr-masking.patch

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Gerd Hoffmann <kraxel@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/edk2] f43: add 0020-OvmfPkg-PlatformDxe-proper-addr-masking.patch
Date: Thu, 18 Jun 2026 15:32:19 GMT	[thread overview]
Message-ID: <178179673985.1.2323925210620605757.rpms-edk2-a49bd6665e94@fedoraproject.org> (raw)

A new commit has been pushed.

Repo   : rpms/edk2
Branch : f43
Commit : a49bd6665e94e7b6fc8dd6ccce3e73ade1e6f619
Author : Gerd Hoffmann <kraxel@redhat.com>
Date   : 2026-06-18T17:32:05+02:00
Stats  : +108/-0 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/edk2/c/a49bd6665e94e7b6fc8dd6ccce3e73ade1e6f619?branch=f43

Log:
add 0020-OvmfPkg-PlatformDxe-proper-addr-masking.patch

---
diff --git a/0020-OvmfPkg-PlatformDxe-proper-addr-masking.patch b/0020-OvmfPkg-PlatformDxe-proper-addr-masking.patch
new file mode 100644
index 0000000..4aab323
--- /dev/null
+++ b/0020-OvmfPkg-PlatformDxe-proper-addr-masking.patch
@@ -0,0 +1,107 @@
+From 02aeb9361078abf9571fb1daf04c97f2ec8fed0c Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 16 Jun 2026 14:08:35 +0200
+Subject: [PATCH 20/20] OvmfPkg/PlatformDxe: proper addr masking
+
+filter out high control bits (nx, cbit).
+---
+ OvmfPkg/PlatformDxe/PageFault.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/OvmfPkg/PlatformDxe/PageFault.c b/OvmfPkg/PlatformDxe/PageFault.c
+index ef24933d8644..8aad784dfa4f 100644
+--- a/OvmfPkg/PlatformDxe/PageFault.c
++++ b/OvmfPkg/PlatformDxe/PageFault.c
+@@ -31,7 +31,8 @@ STATIC UINTN                  mFixupRW;
+ UINT64 *
+ EFIAPI
+ PageFaultGetPd3 (
+-  UINT64  Page
++  UINT64  Page,
++  UINT64  *Msk
+   )
+ {
+   UINT64    Idx;
+@@ -44,25 +45,27 @@ PageFaultGetPd3 (
+   DEBUG ((DEBUG_VERBOSE, "%a: cr3 0x%lx\n", __func__, Pde));
+ 
+   if (Cr4.Bits.LA57) {
++    *Msk = 0x1fffffffffff000;
+     Idx = Page >> (12 + 4 * 9) & 0x1ff;
+-    Pde = *((UINT64 *)(Pde & ~0xfff) + Idx);
++    Pde = *((UINT64 *)(Pde & *Msk) + Idx);
+     DEBUG ((DEBUG_VERBOSE, "%a:  pd5 0x%lx\n", __func__, Pde));
+     if (!(Pde & 1)) {
+       return NULL; // not present
+     }
+   } else {
++    *Msk = 0xfffffffff000;
+     DEBUG ((DEBUG_VERBOSE, "%a:  no pd5\n", __func__));
+   }
+ 
+   Idx = Page >> (12 + 3 * 9) & 0x1ff;
+-  Pde = *((UINT64 *)(Pde & ~0xfff) + Idx);
++  Pde = *((UINT64 *)(Pde & *Msk) + Idx);
+   DEBUG ((DEBUG_VERBOSE, "%a:   pd4 0x%lx\n", __func__, Pde));
+   if (!(Pde & 1)) {
+     return NULL; // not present
+   }
+ 
+   Idx = Page >> (12 + 2 * 9) & 0x1ff;
+-  Pd3 = (UINT64 *)(Pde & ~0xfff) + Idx;
++  Pd3 = (UINT64 *)(Pde & *Msk) + Idx;
+   return Pd3;
+ }
+ 
+@@ -76,13 +79,14 @@ PageFaultGetPte (
+   UINT64  Page
+   )
+ {
++  UINT64  Msk;
+   UINT64  Idx;
+   UINT64  Pde;
+   UINT64  *Pd3;
+   UINT64  *Pd2;
+   UINT64  *Pte;
+ 
+-  Pd3 = PageFaultGetPd3 (Page);
++  Pd3 = PageFaultGetPd3 (Page, &Msk);
+   Pde = *Pd3;
+   DEBUG ((DEBUG_VERBOSE, "%a:    pd3 0x%lx (at %p)\n", __func__, Pde, Pd3));
+   if (!(Pde & 1)) {
+@@ -95,7 +99,7 @@ PageFaultGetPte (
+   }
+ 
+   Idx = Page >> (12 + 1 * 9) & 0x1ff;
+-  Pd2 = (UINT64 *)(Pde & ~0xfff) + Idx;
++  Pd2 = (UINT64 *)(Pde & Msk) + Idx;
+   Pde = *Pd2;
+   DEBUG ((DEBUG_VERBOSE, "%a:     pd2 0x%lx (at %p)\n", __func__, Pde, Pd2));
+   if (!(Pde & 1)) {
+@@ -108,7 +112,7 @@ PageFaultGetPte (
+   }
+ 
+   Idx = Page >> (12 + 0 * 9) & 0x1ff;
+-  Pte = (UINT64 *)(Pde & ~0xfff) + Idx;
++  Pte = (UINT64 *)(Pde & Msk) + Idx;
+   DEBUG ((DEBUG_VERBOSE, "%a:      pte 0x%lx (at %p)\n", __func__, *Pte, Pte));
+ 
+   return Pte;
+@@ -133,12 +137,13 @@ PageFaultFixMap (
+   CHAR8  *Reason
+   )
+ {
++  UINT64  Msk;
+   UINT64  Idx;
+   UINT64  *Pd3;
+ 
+   DEBUG ((DEBUG_INFO, "%a: global RW+NX fixup (%a)\n", __func__, Reason));
+ 
+-  Pd3 = PageFaultGetPd3 (0);
++  Pd3 = PageFaultGetPd3 (0, &Msk);
+   DEBUG ((DEBUG_VERBOSE, "%a:    pd3 at 0x%lx [global RW+NX fixup]\n", __func__, Pd3));
+ 
+   for (Idx = 0; Idx < 512; Idx++) {
+-- 
+2.54.0
+

diff --git a/edk2.spec b/edk2.spec
index c67b6ac..654d847 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -136,6 +136,7 @@ Patch0016: 0016-OvmfPkg-PlatformDxe-register-page-fault-handler-for-.patch
 Patch0017: 0017-OvmfPkg-PlatformDxe-add-check-for-1g-page-support.patch
 Patch0018: 0018-Revert-OvmfPkg-X86QemuLoadImageLib-flip-default-for-.patch
 Patch0019: 0019-CryptoPkg-TlsLib-downgrade-security-level-from-3-to-.patch
+Patch0020: 0020-OvmfPkg-PlatformDxe-proper-addr-masking.patch
 
 
 # needed by %prep

                 reply	other threads:[~2026-06-18 15:32 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178179673985.1.2323925210620605757.rpms-edk2-a49bd6665e94@fedoraproject.org \
    --to=kraxel@redhat.com \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox