From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 475B22035D311 for ; Mon, 15 Jan 2018 12:23:12 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 526E381A; Mon, 15 Jan 2018 20:28:30 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-207.rdu2.redhat.com [10.10.120.207]) by smtp.corp.redhat.com (Postfix) with ESMTP id 25C1360C99; Mon, 15 Jan 2018 20:28:27 +0000 (UTC) To: Brijesh Singh , edk2-devel@lists.01.org Cc: Tom Lendacky , Ard Biesheuvel , Jordan Justen , Jiewen Yao References: <20180111195101.58548-1-brijesh.singh@amd.com> From: Laszlo Ersek Message-ID: Date: Mon, 15 Jan 2018 21:28:27 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <20180111195101.58548-1-brijesh.singh@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Mon, 15 Jan 2018 20:28:30 +0000 (UTC) Subject: Re: [PATCH v2 1/1] OvmfPkg/BaseMemEncryptSevLib: Enable protection for newly added page table X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jan 2018 20:23:13 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 01/11/18 20:51, Brijesh Singh wrote: > Commit 2ac1730bf2a5 (MdeModulePkg/DxeIpl: Mark page table as read-only) > sets the memory pages used for page table as read-only after paging is > setup and sets CR0.WP to protect CPU modifying the read-only pages. > The commit causes #PF when MemEncryptSevClearPageEncMask() or > MemEncryptSevSetPageEncMask() tries to change the page-table attributes. > > This patch takes the similar approach as Commit 147fd35c3e38 > (UefiCpuPkg/CpuDxe: Enable protection for newly added page table). > When page table protection is enabled, we disable it temporarily before > changing the page table attributes. > > This patch makes use of the same approach as Commit 2ac1730bf2a5 > (MdeModulePkg/DxeIpl: Mark page table as read-only)) for allocating > page table memory from reserved memory pool, which helps to reduce a > potential "split" operation. > > The patch duplicates code from commit 147fd35c3e38. The code duplication > will be removed after we implement page table manipulation library. See > bugzilla https://bugzilla.tianocore.org/show_bug.cgi?id=847. > > Cc: Jian J Wang > Cc: Jiewen Yao > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Brijesh Singh > --- > .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 378 ++++++++++++++++++++- > .../BaseMemEncryptSevLib/X64/VirtualMemory.h | 28 ++ > 2 files changed, 399 insertions(+), 7 deletions(-) > Sorry about the delay -- it was delivered to my mailbox late in the evening on last Thursday, and on Friday I was out-of-office. Today there has been some catching up with accumulated email... Acked-by: Laszlo Ersek Pushed as commit b721aa749b86. Thank you, Laszlo