public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: devel@edk2.groups.io, Ard Biesheuvel <ardb+tianocore@kernel.org>,
	 Erdem Aktas <erdemaktas@google.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	 Laszlo Ersek <lersek@redhat.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	 Michael D Kinney <michael.d.kinney@intel.com>,
	Min Xu <min.m.xu@intel.com>,
	 Zhiguang Liu <zhiguang.liu@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
	 Michael Roth <michael.roth@amd.com>
Subject: Re: [edk2-devel] [PATCH v2 08/23] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support
Date: Tue, 27 Feb 2024 12:07:57 +0100	[thread overview]
Message-ID: <4g4v523e6hogit2ssmyp75ivq7slauddodmp2ahxauauskozp5@4jeg7j3iuagb> (raw)
In-Reply-To: <ab48db20bb4e10cf346d485447a4874f247f77a3.1708623001.git.thomas.lendacky@amd.com>

> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> @@ -23,6 +23,8 @@ STATIC BOOLEAN          mAddressEncMaskChecked = FALSE;
>  STATIC UINT64           mAddressEncMask;
>  STATIC PAGE_TABLE_POOL  *mPageTablePool = NULL;
>  
> +STATIC VOID  *mPscBuffer = NULL;
> +
>  typedef enum {
>    SetCBit,
>    ClearCBit

Oh.  Global variable in PEI code (both pre-existing and newly added).

This is problematic because in OVMF PEI is executed in-place and the
firmware volumes is measured by TPM PEIM.  Global variables modify
the PEI firmware volume and break the measurement.

A while back OVMF added EFI_HOB_PLATFORM_INFO (see
OvmfPkg/Include/Library/PlatformInitLib.h) to fix that.  Most fields
in that struct used to be global variables.

> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> @@ -17,6 +17,8 @@
>  #include "SnpPageStateChange.h"
>  #include "VirtualMemory.h"
>  
> +STATIC UINT8  mPscBufferPage[EFI_PAGE_SIZE];
> +

Same problem.

Given this is a pre-exising problem, affects SEV only and the rest of
the patch looks fine:
Acked-by: Gerd Hoffmann <kraxel@redhat.com>

But it should be cleaned up at some point.  BaseMemEncryptSevLib needs
an update anyway (use CpuPageTableLib, support 5-level paging).

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116026): https://edk2.groups.io/g/devel/message/116026
Mute This Topic: https://groups.io/mt/104512949/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



  reply	other threads:[~2024-02-27 11:08 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-22 17:29 [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 01/23] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
2024-02-27  9:46   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 02/23] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-02-23  0:16   ` Ni, Ray
2024-02-27 10:02     ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 03/23] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
2024-02-27 10:03   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 04/23] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Lendacky, Thomas via groups.io
2024-02-27 10:11   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 05/23] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
2024-02-27 10:12   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 06/23] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
2024-02-27 10:17   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 07/23] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
2024-02-27 10:18   ` Gerd Hoffmann
2024-02-27 15:52     ` Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 08/23] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-02-27 11:07   ` Gerd Hoffmann [this message]
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 09/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-02-27 11:19   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 10/23] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 11/23] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
2024-02-27 11:50   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 12/23] UefiCpuPkg/CcSvsmLib: Create the CcSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
2024-02-27 11:53   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 13/23] UefiPayloadPkg: Prepare UefiPayloadPkg to use the CcSvsmLib library Lendacky, Thomas via groups.io
2024-02-27 11:54   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 14/23] Ovmfpkg/CcSvsmLib: Create CcSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-02-28  8:40   ` Gerd Hoffmann
2024-02-28 15:51     ` Lendacky, Thomas via groups.io
2024-03-01 10:59       ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 15/23] UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-02-28  8:42   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 16/23] OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
2024-02-28  8:43   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 17/23] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-02-28  8:44   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 18/23] OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
2024-02-28  8:50   ` Gerd Hoffmann
2024-02-28 15:58     ` Lendacky, Thomas via groups.io
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 19/23] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-02-28  8:50   ` Gerd Hoffmann
2024-02-22 17:29 ` [edk2-devel] [PATCH v2 20/23] OvmfPkg/CcSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-02-28  8:52   ` Gerd Hoffmann
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 21/23] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 22/23] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
2024-02-28  8:54   ` Gerd Hoffmann
2024-02-22 17:30 ` [edk2-devel] [PATCH v2 23/23] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-02-28  6:14 ` [edk2-devel] [PATCH v2 00/23] Provide SEV-SNP support for running under an SVSM Yao, Jiewen
2024-02-28 16:19   ` Lendacky, Thomas via groups.io
2024-02-29 14:06     ` Yao, Jiewen
2024-02-29 14:36       ` Lendacky, Thomas via groups.io

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4g4v523e6hogit2ssmyp75ivq7slauddodmp2ahxauauskozp5@4jeg7j3iuagb \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox