From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.3937.1617259438601337400 for ; Wed, 31 Mar 2021 23:43:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=RG8jV5b6; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) IronPort-SDR: MfwUZd9e7GQVW0+K1vd/gEWISI5w2mdMPo/EGtn0rLiGjc4iu00rcr36KU9KnkBBMDfiMNxGHb ZjZdGOc8agbg== X-IronPort-AV: E=McAfee;i="6000,8403,9940"; a="188909699" X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="188909699" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Mar 2021 23:43:57 -0700 IronPort-SDR: fCfMJmUw8EY6Njwfa6XjLIVKnLX8KJimJL5dCrV8iqnKbPnAokh4xO7s1E982GyGUB4XBKFpqn LhqKQEJDUIIw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,296,1610438400"; d="scan'208";a="446097989" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga002.fm.intel.com with ESMTP; 31 Mar 2021 23:43:57 -0700 Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 31 Mar 2021 23:43:57 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Wed, 31 Mar 2021 23:43:57 -0700 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.48) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Wed, 31 Mar 2021 23:43:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IkYNr74VfOLs/PUzp2dHLgHLqgY7o6keIF2fCFVqYJ/MijeC6Z0MsgHiGPBA/NtiaZs1WEGggINmTPfn4ekRM+VW9pezH3PwmrC4OWjtdCrmTG1LBLMkldzHQoTQGYQXWCUN21F7ET8APfIYMfgd+g4pWKyOyLo0KxRlB8cBHIFiO1wZUM7z6kg4JVF+5SuFSXwFF3exBGG2RBT2PBsoNYY26EIFAch7ceIciRNJ/RmlkO8ehaiDe+xYN0icNbVTjnLqmdb0brAQ51PsaimmWS/sqK8vTR5B1aF0AyEdoU8jRXCWvGEio/6crxBiQHeeWnKmJ/aVZK1Gkl5NtOMtFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l1pP6OBOECufxY/83PEad3yA1poVN5q/vIxXpOV5ODo=; b=V9m1waqPFxt25PVZASgEjvxqvc3qBZg1I2rl0MEzvq67fA21vR53kTdijMznjM3CbVyQryF82qqdTSek+Kxz3W0/PhHnhIHjX2FPLAI6uS3JPD+9U227eElUPsFmSiO/mDWAYWXUXDiutVh1FYTByY7ldyBE6MTwRjeE3R7L8MXhD1zRDzuSEGAqbz0l5bLcwibpoQ2/SK/mKL3oKD+wH/zbq+5fiVm2MWPITcjK66PitS7kBr1D8B06vAe0Ma0n/QLOQrTJk/APUuJfd5LQCBNTKaCY46TSYL6txNCCbqiYTKt4u2/tslYsUIj1JwOi7fvFDTDfdnp607IJEIIorg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l1pP6OBOECufxY/83PEad3yA1poVN5q/vIxXpOV5ODo=; b=RG8jV5b6SXsIFROoTnqmt9ezzu315TuLEAh/G+ZAxralTF0/kLlewu8URDIk4KcOPBSkxMvewKkovyFLd5mFe5kHOHJe8l4xLHfOhY9SBYVqYzvlVfKaLY+ck8t9yPP1B4VWfNTvdadHm1N2UVJKiS23lRNM6Cb/gDHQr1CbCns= Received: from BY5PR11MB4166.namprd11.prod.outlook.com (2603:10b6:a03:191::25) by BYAPR11MB3655.namprd11.prod.outlook.com (2603:10b6:a03:f6::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.26; Thu, 1 Apr 2021 06:43:55 +0000 Received: from BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132]) by BY5PR11MB4166.namprd11.prod.outlook.com ([fe80::5983:f233:56d6:8132%4]) with mapi id 15.20.3977.033; Thu, 1 Apr 2021 06:43:54 +0000 From: "Yao, Jiewen" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Xu, Min M" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Laszlo Ersek Subject: Re: [RFC PATCH 16/19] OvmfPkg/MemEncryptSevLib: Add support to validate > 4GB memory in PEI phase Thread-Topic: [RFC PATCH 16/19] OvmfPkg/MemEncryptSevLib: Add support to validate > 4GB memory in PEI phase Thread-Index: AQHXIML0BSk499WxmEO04jlmjAoYIaqfQq5Q Date: Thu, 1 Apr 2021 06:43:54 +0000 Message-ID: References: <20210324153215.17971-1-brijesh.singh@amd.com> <20210324153215.17971-17-brijesh.singh@amd.com> In-Reply-To: <20210324153215.17971-17-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.139.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 537e8a7a-4b7c-45d7-6342-08d8f4d98501 x-ms-traffictypediagnostic: BYAPR11MB3655: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: LILhc5fAvHNxB5D2d+as5MZWVxZtFdkn3Suqam5sG8u2wbxJ89ZsuYT4apFVTaxGjkzCN5NC/ODCBwu6g7PEn0D98ejVQMSeCr2eppvPKumcPeIR+4vam5mjBrpfZLAqOMR1DJuP1F0KhFQt0/mAqdXgnqa8wuFJHbswTmWl4X64IaX0WVnUwER5hEsPzSdlnnIlYvVzUuzr9TcAEKzGoziSSoJzM/UBfNa2bCDpgv318KMaypCxO1M0Z8HjX9a0FJFpHzcXbGT0BNuN/F6eXYYe0laQAtOXqQA3Wc7QB3vxC7FxUwUb2sImz0epL2vCh1t6vE3n3RAr6YpVdzPJbHUQOFn69s321IjGie0qWtyXA1n5LzTGO04yYJxf2Ti7FdGsqZ/3nQ8eIIXlobWGBcP7nax47YfzlQpl5FSBCENuUt2lvIyyV/fdfIFDdX+HeMD511RTjIq/Oa5N37jeTt1aSUV1zjgvPv+FOKTaFNNL1JhYsJrkSRR8CxrD3PceqKCzD+cj/FkdCrD/VDH3m2MRG2wwexEZJBBsLppZK6fHLbcdP1xIYLMDDJaJI0Dvfb87US6+ERsoeyXlcJ7DxE7HOd6h9CcQTdCA5lPmGVh52FUqb8LN4BNmvKVqg/B83U0UeoYmNfwZ/sxF3BAs9rNS+zFP6fG2w1zGijMtprhwR8aqQ04FIOlpgRnRBfh2U6JPLTavqwOAJNK9dW7KkXT5z29+15VMzWUI0rlaayg= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR11MB4166.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(136003)(376002)(396003)(346002)(39860400002)(54906003)(186003)(76116006)(9686003)(478600001)(64756008)(15650500001)(86362001)(6506007)(66556008)(53546011)(7696005)(66476007)(52536014)(8936002)(55016002)(66446008)(19627235002)(110136005)(5660300002)(66946007)(4326008)(26005)(38100700001)(33656002)(71200400001)(8676002)(83380400001)(966005)(316002)(2906002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?2aGvO+mbeV1Bn4PXo5mU/g28eUiNBBm2tHpqx3bJVjfyvuw9xTftJh1Y2MdV?= =?us-ascii?Q?7yu/WzsJNuX1Ww0vE+L3T/uGJ6VnH7Rb4rwfWSsCngC63vouJZZ+s8ywyvme?= =?us-ascii?Q?SCZucoQdkSxWTfhD4YYiZRAyrIYWut3D0sGSd+0yr4ZXw7B48Ry+S6qZdW0c?= =?us-ascii?Q?u8kR3RL+L55HmzdqssL3oCADCc/ZXZODLp/2eSEGKgIDKxSfQ45oq5/5w3iW?= =?us-ascii?Q?vRykiAFGO2Zpg+/T+gbSvkQvToOuw8gcTY8TLCX3+oAUbq7rKVeiIyGokInr?= =?us-ascii?Q?a6Gvwb7JBbLaod01/6BPL1TmB1sTVreXCVDdjP4pzDxbDHMOR7vFDEq7yaWK?= =?us-ascii?Q?Dr/7bRpgbOSviL6GktFjLht5zJKzzILiexFvTJkVHl8NFv60r/sJyFfTnMVN?= =?us-ascii?Q?/SLlrxmtaDQky5go4lAg6EVf878fYL4e4Ro41fW4dwAzl7R5785/xNLBA/m4?= =?us-ascii?Q?LIbtMRg7qX/SwqKEx84jifC9w/26HSxhpyLXzIeKpQCh3iuMzM8vTAsFAYJA?= =?us-ascii?Q?QISnlIlURt4O4CDgatYKJUK56ajAZ+/IcjuFxGKjGxTlKzJOBnvnv7EItwCt?= =?us-ascii?Q?yyjy6lrwVbgA/BCSPFDLjrfNoH+oCxM0lmCdXPxWae6i6GSO6bZHHfU/a9tf?= =?us-ascii?Q?xBH23OogK4kxwwdy0gFVQJDDoMtVn6oEmfZxw7M3uWl+UxaPs0eloY5mnoAj?= =?us-ascii?Q?uXRf+QM/FvS2Rb64oKa7ZOoDbZwSeresT3ABhQuMTVlUy0TchepSDE9TJguS?= =?us-ascii?Q?zf/A6WmKmOub2Hsjd6A5SgSTKM+MYPX0jaOlaeXRtogCqNcjMqGXUaJZFtUP?= =?us-ascii?Q?MXP1DYJinN8Ywo5J5Lv9SYcwjU2FEfFxXWGKnExvmht+XROVA8xVlow3quOA?= =?us-ascii?Q?xo2Ia25H6ETS2PyRleheu0Kuc1eaR02pXX0KLFqbQnFiELs11fiUbToAePhc?= =?us-ascii?Q?t9Ais5nBlCKMTswPAiP1Yc1/NpQGWufJ/G9uUivEB+l/REoFj6jhGk0augrT?= =?us-ascii?Q?NejrmAZ8wCJmhdu4qY/841tZ1l2vL5Q/HJ2uTALsRNDzoEu3l/tOUloUxgyR?= =?us-ascii?Q?r31pY9Av0nIqEcnmi/4YOWYTE9YQzwFbvTjbI3P+COEwmYixxQpaXqT3S0zp?= =?us-ascii?Q?/eofWVTeAupp8QeLcaCcYiAaTsNiUJIY6XY6deuqbscl5NMu3/p+Yp7pLbZy?= =?us-ascii?Q?u6oETys3GMCUyMs1Z30/rKksQ7E6ntQUPrP7LQF6qbySP/bNJmiFIganaVrf?= =?us-ascii?Q?W7C5yYSdfGrFfKxH/uLx0551mRuRHArYWIDnsHuKUV/9zzSVVg6MAawpjMSL?= =?us-ascii?Q?cU+AW8Dt+imaWmxlUaS1bHyv?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4166.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 537e8a7a-4b7c-45d7-6342-08d8f4d98501 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2021 06:43:54.8437 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: shTUDjuBUR0IJfFMlUwDWPfD/AzFWd3a1tEUNs/+1JY/Zy9/p11po4WMsQvUsJPbliCflaBMPoXaJ+erNl63bQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB3655 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I recommend to use SIZE_1GB to indicate size, instead of BIT30, for readabi= lity. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D if (Length <=3D BIT30) { Length =3D 0; } else { Length -=3D BIT30; } PhysicalAddress +=3D BIT30; =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Also=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D if (Length <=3D BIT30) { Length =3D 0; =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Can be: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D if (Length <=3D BIT30) { break; =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Thank you > -----Original Message----- > From: Brijesh Singh > Sent: Wednesday, March 24, 2021 11:32 PM > To: devel@edk2.groups.io > Cc: Brijesh Singh ; James Bottomley > ; Xu, Min M ; Yao, Jiewen > ; Tom Lendacky ; Justen, > Jordan L ; Ard Biesheuvel > ; Laszlo Ersek > Subject: [RFC PATCH 16/19] OvmfPkg/MemEncryptSevLib: Add support to > validate > 4GB memory in PEI phase >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 >=20 > The initial page built during the SEC phase is used by the > MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The > page validation process requires using the PVALIDATE instruction; the > instruction accepts a virtual address of the memory region that needs > to be validated. If hardware encounters a page table walk failure > (due to page-not-present) then it raises #GP. >=20 > The initial page table built in SEC phase address up to 4GB. Add an > internal function to extend the page table to cover > 4GB. The function > builds 1GB entries in the page table for access > 4GB. This will provide > the support to call PVALIDATE instruction for the virtual address > > 4GB in PEI phase. >=20 > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Laszlo Ersek > Signed-off-by: Brijesh Singh > --- > OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 115 > ++++++++++++++++++++ > OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | > 16 +++ > OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h | 19 > ++++ > 3 files changed, 150 insertions(+) >=20 > diff --git > a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > index d3455e812b..33d9bafe9f 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > @@ -536,6 +536,121 @@ EnableReadOnlyPageWriteProtect ( > AsmWriteCr0 (AsmReadCr0() | BIT16); > } >=20 > +RETURN_STATUS > +EFIAPI > +InternalMemEncryptSevCreateIdentityMap1G ( > + IN PHYSICAL_ADDRESS Cr3BaseAddress, > + IN PHYSICAL_ADDRESS PhysicalAddress, > + IN UINTN Length > + ) > +{ > + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; > + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; > + UINT64 PgTableMask; > + UINT64 AddressEncMask; > + BOOLEAN IsWpEnabled; > + RETURN_STATUS Status; > + > + // > + // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warn= ings. > + // > + PageMapLevel4Entry =3D NULL; > + > + DEBUG (( > + DEBUG_VERBOSE, > + "%a:%a: Cr3Base=3D0x%Lx Physical=3D0x%Lx Length=3D0x%Lx\n", > + gEfiCallerBaseName, > + __FUNCTION__, > + Cr3BaseAddress, > + PhysicalAddress, > + (UINT64)Length > + )); > + > + if (Length =3D=3D 0) { > + return RETURN_INVALID_PARAMETER; > + } > + > + // > + // Check if we have a valid memory encryption mask > + // > + AddressEncMask =3D InternalGetMemEncryptionAddressMask (); > + if (!AddressEncMask) { > + return RETURN_ACCESS_DENIED; > + } > + > + PgTableMask =3D AddressEncMask | EFI_PAGE_MASK; > + > + > + // > + // Make sure that the page table is changeable. > + // > + IsWpEnabled =3D IsReadOnlyPageWriteProtected (); > + if (IsWpEnabled) { > + DisableReadOnlyPageWriteProtect (); > + } > + > + Status =3D EFI_SUCCESS; > + > + while (Length) > + { > + // > + // If Cr3BaseAddress is not specified then read the current CR3 > + // > + if (Cr3BaseAddress =3D=3D 0) { > + Cr3BaseAddress =3D AsmReadCr3(); > + } > + > + PageMapLevel4Entry =3D (VOID*) (Cr3BaseAddress & ~PgTableMask); > + PageMapLevel4Entry +=3D PML4_OFFSET(PhysicalAddress); > + if (!PageMapLevel4Entry->Bits.Present) { > + DEBUG (( > + DEBUG_ERROR, > + "%a:%a: bad PML4 for Physical=3D0x%Lx\n", > + gEfiCallerBaseName, > + __FUNCTION__, > + PhysicalAddress > + )); > + Status =3D RETURN_NO_MAPPING; > + goto Done; > + } > + > + PageDirectory1GEntry =3D (VOID *)( > + (PageMapLevel4Entry->Bits.PageTableBaseAddr= ess << > + 12) & ~PgTableMask > + ); > + PageDirectory1GEntry +=3D PDP_OFFSET(PhysicalAddress); > + if (!PageDirectory1GEntry->Bits.Present) { > + PageDirectory1GEntry->Bits.Present =3D 1; > + PageDirectory1GEntry->Bits.MustBe1 =3D 1; > + PageDirectory1GEntry->Bits.MustBeZero =3D 0; > + PageDirectory1GEntry->Bits.ReadWrite =3D 1; > + PageDirectory1GEntry->Uint64 |=3D (UINT64)PhysicalAddress | > AddressEncMask; > + } > + > + if (Length <=3D BIT30) { > + Length =3D 0; > + } else { > + Length -=3D BIT30; > + } > + > + PhysicalAddress +=3D BIT30; > + } > + > + // > + // Flush TLB > + // > + CpuFlushTlb(); > + > +Done: > + // > + // Restore page table write protection, if any. > + // > + if (IsWpEnabled) { > + EnableReadOnlyPageWriteProtect (); > + } > + > + return Status; > +} >=20 > /** > This function either sets or clears memory encryption bit for the memo= ry > diff --git > a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > index ce8a05bb1f..41bf301efe 100644 > --- > a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > +++ > b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c > @@ -16,6 +16,7 @@ >=20 > #include "../SnpPageStateChange.h" > #include "SnpPageStateTrack.h" > +#include "VirtualMemory.h" >=20 > STATIC SNP_VALIDATED_RANGE *mRootNode; >=20 > @@ -62,9 +63,24 @@ SevSnpValidateSystemRam ( > { > UINTN EndAddress; > SNP_VALIDATED_RANGE *Range; > + EFI_STATUS Status; >=20 > EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); >=20 > + // > + // The page table used in PEI can address up to 4GB memory. If we are = asked > to validate > + // a range above the 4GB, then create an identity mapping so that the > PVALIDATE instruction > + // can execute correctly. If the page table entry is not present then = PVALIDATE > will > + // cause the #GP. > + // > + if (BaseAddress >=3D SIZE_4GB) { > + Status =3D InternalMemEncryptSevCreateIdentityMap1G (0, BaseAddress, > + EFI_PAGES_TO_SIZE (NumPages)); > + if (EFI_ERROR (Status)) { > + ASSERT (FALSE); > + } > + } > + > // > // If the Root is NULL then its the first call. Lets initialize the Li= st before > // we process the request. > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h > b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h > index 996f94f07e..829dc96a1d 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h > @@ -267,4 +267,23 @@ InternalMemEncryptSevGetAddressRangeState ( > IN UINTN Length > ); >=20 > +/** > + Create 1GB identity mapping for the specified virtual address range. > + > + @param[in] Cr3BaseAddress Cr3 Base Address (if zero then use > + current CR3) > + @param[in] VirtualAddress Virtual address to check > + @param[in] Length Length of virtual address range > + > + @retval RETURN_INVALID_PARAMETER Number of pages is zero. > + > +**/ > +RETURN_STATUS > +EFIAPI > +InternalMemEncryptSevCreateIdentityMap1G ( > + IN PHYSICAL_ADDRESS Cr3BaseAddress, > + IN PHYSICAL_ADDRESS PhysicalAddress, > + IN UINTN Length > + ); > + > #endif > -- > 2.17.1