Re: [edk2-devel] [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX

["Ard Biesheuvel" <ardb@kernel.org>]

On Wed, 31 May 2023 at 21:04, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
> On 5/30/23 20:29, Ni, Ray via groups.io wrote:
> > +@Abner Chang and @Tom Lendacky
> >
> >> -----Original Message-----
> >> From: Tan, Dun <dun.tan@intel.com>
> >> Sent: Tuesday, May 30, 2023 6:25 PM
> >> To: Ni, Ray <ray.ni@intel.com>; Ard Biesheuvel <ardb@kernel.org>;
> >> devel@edk2.groups.io
> >> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Gerd Hoffmann
> >> <kraxel@redhat.com>; Taylor Beebe <t@taylorbeebe.com>; Oliver Smith-
> >> Denny <osd@smith-denny.com>; Bi, Dandan <dandan.bi@intel.com>; Gao,
> >> Liming <gaoliming@byosoft.com.cn>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Leif Lindholm <quic_llindhol@quicinc.com>;
> >> Sunil V L <sunilvl@ventanamicro.com>; Warkentin, Andrei
> >> <andrei.warkentin@intel.com>
> >> Subject: RE: [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory
> >> attribute PPI to remap the stack NX
> >>
> >> Ray,
> >> I think using MemoryAttribute PPI also looks good for X64 DxeIpl.
> >> The only question that comes to my mind is the AMD sev feature. Since the
> >> MemoryAttribute can't handle the AMD sev feature requirements(remapping
> >> ghcb range from non-1:1 mapping to 1:1-mapping), we may need to find an
> >> appropriate place to remap the Ghcb range.
>
> I'm not sure I follow. How and where would the PPI be used? And what is
> meant by "remapping the ghcb range from non-1:1 mapping to 1:1 mapping?
>

The problem is that, for some reason, the x86 code that recreates the
page tables in permanent PEI memory is part of the DxeIpl, and
executes just before handing over to DXE core (as opposed to when
permanent PEI memory first becomes available.)

So we ended up with a highly bespoke API that creates a new set of
page tablles from scratch, with special handling of the DXE stack and
GHCB region, as they need special permissions in the page tables.

IMHO it would make more sense to
- create the new page tables as soon as PEI permanent memory becomes available
- map the GHCB region shared from a SEV specific PEIM
- map shadowed PEIMs RO as they are being dispatched
- map the PEI stack and DXE stack NX as they are allocated (or even
better, map all memory NX by default and convert to R-X as needed)

Most of these cases could make use of the new generic MemoryAttributes
PPI that I am proposing, but this requires some refactoring first to
move the pieces out of DxeIpl that are better done elsewhere.

The generic DxeIpl code that I am proposing only manages the
permissions of the DXE stack, which it allocates, and uses the PPI.
X64 should be able to reuse the same code once the above changes are
implemented.