From: Laszlo Ersek <lersek@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>, edk2-devel@lists.01.org
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jordan Justen <jordan.l.justen@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>
Subject: Re: [PATCH v2 1/1] OvmfPkg/BaseMemEncryptSevLib: Enable protection for newly added page table
Date: Mon, 15 Jan 2018 21:28:27 +0100 [thread overview]
Message-ID: <fefcbf2e-fb7b-f117-9abf-25aa3902aad3@redhat.com> (raw)
In-Reply-To: <20180111195101.58548-1-brijesh.singh@amd.com>
On 01/11/18 20:51, Brijesh Singh wrote:
> Commit 2ac1730bf2a5 (MdeModulePkg/DxeIpl: Mark page table as read-only)
> sets the memory pages used for page table as read-only after paging is
> setup and sets CR0.WP to protect CPU modifying the read-only pages.
> The commit causes #PF when MemEncryptSevClearPageEncMask() or
> MemEncryptSevSetPageEncMask() tries to change the page-table attributes.
>
> This patch takes the similar approach as Commit 147fd35c3e38
> (UefiCpuPkg/CpuDxe: Enable protection for newly added page table).
> When page table protection is enabled, we disable it temporarily before
> changing the page table attributes.
>
> This patch makes use of the same approach as Commit 2ac1730bf2a5
> (MdeModulePkg/DxeIpl: Mark page table as read-only)) for allocating
> page table memory from reserved memory pool, which helps to reduce a
> potential "split" operation.
>
> The patch duplicates code from commit 147fd35c3e38. The code duplication
> will be removed after we implement page table manipulation library. See
> bugzilla https://bugzilla.tianocore.org/show_bug.cgi?id=847.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 378 ++++++++++++++++++++-
> .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 28 ++
> 2 files changed, 399 insertions(+), 7 deletions(-)
>
Sorry about the delay -- it was delivered to my mailbox late in the
evening on last Thursday, and on Friday I was out-of-office. Today there
has been some catching up with accumulated email...
Acked-by: Laszlo Ersek <lersek@redhat.com>
Pushed as commit b721aa749b86.
Thank you,
Laszlo
next prev parent reply other threads:[~2018-01-15 20:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-11 19:51 [PATCH v2 1/1] OvmfPkg/BaseMemEncryptSevLib: Enable protection for newly added page table Brijesh Singh
2018-01-15 20:28 ` Laszlo Ersek [this message]
2018-01-15 20:38 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fefcbf2e-fb7b-f117-9abf-25aa3902aad3@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox