From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.4275.1632298887225302347 for ; Wed, 22 Sep 2021 01:21:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=aAGXx+wA; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632298885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=VYh+daHczTbTVjH7CcDJFNBnXUWb7G2ZvsUu2Focz3o=; b=aAGXx+wAHGe4AVCtyiobgRDf0Z9Jf5h667p/p9KRfsJNzwZYJTFrFonyR4MnOr/4Xam8EF 6/b5tZ2h2WRYkKqzYxJIsCOedMe6CObDfvRMrDUvFX5PrqLNZ4ogUNUXl6DeZJi8BrNCB+ Cy7ROdP7pye9gBOwBVZlDdtW0a630Kk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-556-dl8s3aF7PR2TUOQiwYEVug-1; Wed, 22 Sep 2021 04:21:22 -0400 X-MC-Unique: dl8s3aF7PR2TUOQiwYEVug-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5995BCC622; Wed, 22 Sep 2021 08:21:20 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.193.134]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 072411865D; Wed, 22 Sep 2021 08:21:20 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 4A6A61800923; Wed, 22 Sep 2021 10:21:18 +0200 (CEST) Date: Wed, 22 Sep 2021 10:21:18 +0200 From: "Gerd Hoffmann" To: Brijesh Singh Cc: devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth Subject: Re: [PATCH v8 17/32] OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase Message-ID: <20210922082118.76k7lhni6wzxxofd@sirius.home.kraxel.org> References: <20210920184604.31590-1-brijesh.singh@amd.com> <20210920184604.31590-18-brijesh.singh@amd.com> MIME-Version: 1.0 In-Reply-To: <20210920184604.31590-18-brijesh.singh@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Sep 20, 2021 at 01:45:49PM -0500, Brijesh Singh wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 > > The initial page built during the SEC phase is used by the > MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The > page validation process requires using the PVALIDATE instruction; the > instruction accepts a virtual address of the memory region that needs > to be validated. If hardware encounters a page table walk failure (due > to page-not-present) then it raises #GP. > > The initial page table built in SEC phase address up to 4GB. Add an > internal function to extend the page table to cover > 4GB. The function > builds 1GB entries in the page table for access > 4GB. This will provide > the support to call PVALIDATE instruction for the virtual address > > 4GB in PEI phase. Hmm, well, playing with page tables like that in sev-specific code instead of having memory core handle this properly is quite hackish. What is the long-term plan with this? I assume once support for lazy acceptance/validation is merged we can simply delete this? Assuming this is only a temporary solution I think we can tolerate the hacks. take care, Gerd