From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: "Tan, Dun" <dun.tan@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Ni, Ray" <ray.ni@intel.com>
Subject: Re: [edk2-devel] [Patch V2 0/8] Create page table by CpuPageTableLib in DxeIpl
Date: Mon, 3 Apr 2023 12:14:01 -0500 [thread overview]
Message-ID: <3732444c-d63f-958d-f340-a63a162861ed@amd.com> (raw)
In-Reply-To: <9ecca246-63db-2cd1-212d-7801deb3b27c@amd.com>
On 4/3/23 09:24, Tom Lendacky wrote:
> On 3/31/23 09:35, Tom Lendacky wrote:
>> On 3/31/23 04:41, Tan, Dun wrote:
>>> Hi Tom,
>>>
>>> Reccentlly I sent this patch set to change DxeIpl code to use
>>> CpuPageTableLib to create page table. I have done some test on Intel
>>> CPU to make sure that the page table created by DxeIpl before the
>>> change is the same as the page table created by DxeIpl after the
>>> change. But there was a remaining case that I didn't cover. The case is
>>> that PcdPteMemoryEncryptionAddressOrMask, PcdGhcbBase and PcdGhcbSize
>>> are not zero(when memory encryption is enabled on AMD processors
>>> supporting the SEV feature).
>>> So could you please help do a test on AMD processor to make sure that
>>> the SEV feature still works good with this pacth set?
>>
>> Yes, I can test it.
>
> This is breaking the SEV-ES and SEV-SNP boots. I'll see if I can figure
> out what or where the breakage is, but this patchset can't be merged as is.
The following change to the patch series allows SEV-ES and SEV-SNP guests
to boot.
Thanks,
Tom
diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
index a9edf4de32..a3f16c7cf9 100644
--- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
+++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c
@@ -416,6 +416,7 @@ CreateIdentityMappingPageTables (
IA32_MAP_ATTRIBUTE MapAttribute;
IA32_MAP_ATTRIBUTE MapMask;
EFI_PHYSICAL_ADDRESS GhcbBase4K;
+ EFI_PHYSICAL_ADDRESS GhcbBaseEnd;
//
// Make sure AddressEncMask is contained to smallest supported address field
@@ -504,15 +505,21 @@ CreateIdentityMappingPageTables (
//
// The GHCB range consists of two pages per CPU, the GHCB and a
// per-CPU variable page. The GHCB page needs to be mapped as an
- // unencrypted page while the per-CPU variable page needs to be
- // mapped encrypted. These pages alternate in assignment.
+ // unencrypted page while the per-CPU variable page needs to remain
+ // mapped as an encrypted page.
+ //
+ // Loop through the GHCB range, remapping the GHCB page unencrypted
+ // and skipping over the per-CPU variable page.
//
ASSERT (Is64BitPageTable == TRUE);
- GhcbBase4K = ALIGN_VALUE (GhcbBase, SIZE_4KB);
- MapAttribute.Uint64 = GhcbBase4K;
- MapMask.Uint64 = 0;
- MapMask.Bits.PageTableBaseAddressLow = 1;
- CreateOrUpdatePageTable (&PageTable, PagingMode, GhcbBase4K, SIZE_4KB, &MapAttribute, &MapMask);
+ GhcbBase4K = ALIGN_VALUE (GhcbBase, SIZE_4KB);
+ GhcbBaseEnd = ALIGN_VALUE (GhcbBase + GhcbSize, SIZE_4KB);
+ for (; GhcbBase4K < GhcbBaseEnd; GhcbBase4K += (SIZE_4KB * 2)) {
+ MapAttribute.Uint64 = GhcbBase4K;
+ MapMask.Uint64 = 0;
+ MapMask.Bits.PageTableBaseAddressLow = 1;
+ CreateOrUpdatePageTable (&PageTable, PagingMode, GhcbBase4K, SIZE_4KB, &MapAttribute, &MapMask);
+ }
}
if (PcdGetBool (PcdSetNxForStack)) {
>
> Thanks,
> Tom
>
>>
>> Thanks,
>> Tom
>>
>>>
>>> Thanks,
>>> Dun
>>>
>>> -----Original Message-----
>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of duntan
>>> Sent: Friday, March 31, 2023 5:34 PM
>>> To: devel@edk2.groups.io
>>> Subject: [edk2-devel] [Patch V2 0/8] Create page table by
>>> CpuPageTableLib in DxeIpl
>>>
>>> In this V2 patch set:
>>> 1.Remove the unneeded patch for ArmVirtPkg 2.In this patch 'Create page
>>> table by CpuPageTableLib', change the input parameter name from
>>> Is32BitPageTable to Is64BitPageTable and add a line of
>>> "MapAttribute.Bits.Present = 0" before set a range to non-present.
>>> 3.In this patch 'Refinement to the code to set PageTable as RO', add a
>>> line of "MapAttribute.Bits.ReadWrite = 0" before set a range to ReadOnly.
>>>
>>> Dun Tan (8):
>>> EmulatorPkg: Add CpuPageTableLib required by DxeIpl in DSC
>>> IntelFsp2Pkg: Add CpuPageTableLib required by DxeIpl in DSC
>>> MdeModulePkg: Add CpuPageTableLib required by DxeIpl in DSC
>>> OvmfPkg: Add CpuPageTableLib required by DxeIpl in DSC file
>>> MdeModulePkg: Add UefiCpuPkg.dec to pass DependencyCheck
>>> MdeModulePkg/DxeIpl: Create page table by CpuPageTableLib
>>> MdeModulePkg/DxeIpl: Remove duplicated code to enable NX
>>> MdeModulePkg/DxeIpl: Refinement to the code to set PageTable as RO
>>>
>>> EmulatorPkg/EmulatorPkg.dsc | 3 ++-
>>> IntelFsp2Pkg/Tools/Tests/QemuFspPkg.dsc | 3 ++-
>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.h | 3 ++-
>>> MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 4 +++-
>>> MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 112
>>> ++++------------------------------------------------------------------------------------------------------------
>>> MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c | 5 +++--
>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c | 711
>>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h | 182
>>> ++++++++++----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>> MdeModulePkg/MdeModulePkg.ci.yaml | 5 +++--
>>> MdeModulePkg/MdeModulePkg.dsc | 3 ++-
>>> OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
>>> OvmfPkg/Bhyve/BhyveX64.dsc | 3 ++-
>>> OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +-
>>> OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
>>> OvmfPkg/OvmfPkgIa32.dsc | 3 ++-
>>> OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
>>> OvmfPkg/OvmfPkgX64.dsc | 2 +-
>>> OvmfPkg/OvmfXen.dsc | 2 +-
>>> 18 files changed, 200 insertions(+), 849 deletions(-)
>>>
>>> --
>>> 2.31.1.windows.1
>>>
>>>
>>>
>>>
>>>
>>>
next prev parent reply other threads:[~2023-04-03 17:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <17517763F19F09A0.27612@groups.io>
2023-03-31 9:41 ` [edk2-devel] [Patch V2 0/8] Create page table by CpuPageTableLib in DxeIpl duntan
2023-03-31 14:35 ` Lendacky, Thomas
2023-04-03 14:24 ` Lendacky, Thomas
2023-04-03 17:14 ` Lendacky, Thomas [this message]
2023-04-04 1:23 ` duntan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3732444c-d63f-958d-f340-a63a162861ed@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox