On Wed, 31 May 2023 at 21:04, Tom Lendacky <thomas.lenda...@amd.com> wrote: > > On 5/30/23 20:29, Ni, Ray via groups.io wrote: > > +@Abner Chang and @Tom Lendacky > > > >> -----Original Message----- > >> From: Tan, Dun <dun....@intel.com> > >> Sent: Tuesday, May 30, 2023 6:25 PM > >> To: Ni, Ray <ray...@intel.com>; Ard Biesheuvel <a...@kernel.org>; > >> devel@edk2.groups.io > >> Cc: Yao, Jiewen <jiewen....@intel.com>; Gerd Hoffmann > >> <kra...@redhat.com>; Taylor Beebe <t...@taylorbeebe.com>; Oliver Smith- > >> Denny <o...@smith-denny.com>; Bi, Dandan <dandan...@intel.com>; Gao, > >> Liming <gaolim...@byosoft.com.cn>; Kinney, Michael D > >> <michael.d.kin...@intel.com>; Leif Lindholm <quic_llind...@quicinc.com>; > >> Sunil V L <suni...@ventanamicro.com>; Warkentin, Andrei > >> <andrei.warken...@intel.com> > >> Subject: RE: [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory > >> attribute PPI to remap the stack NX > >> > >> Ray, > >> I think using MemoryAttribute PPI also looks good for X64 DxeIpl. > >> The only question that comes to my mind is the AMD sev feature. Since the > >> MemoryAttribute can't handle the AMD sev feature requirements(remapping > >> ghcb range from non-1:1 mapping to 1:1-mapping), we may need to find an > >> appropriate place to remap the Ghcb range. > > I'm not sure I follow. How and where would the PPI be used? And what is > meant by "remapping the ghcb range from non-1:1 mapping to 1:1 mapping? >
The problem is that, for some reason, the x86 code that recreates the page tables in permanent PEI memory is part of the DxeIpl, and executes just before handing over to DXE core (as opposed to when permanent PEI memory first becomes available.) So we ended up with a highly bespoke API that creates a new set of page tablles from scratch, with special handling of the DXE stack and GHCB region, as they need special permissions in the page tables. IMHO it would make more sense to - create the new page tables as soon as PEI permanent memory becomes available - map the GHCB region shared from a SEV specific PEIM - map shadowed PEIMs RO as they are being dispatched - map the PEI stack and DXE stack NX as they are allocated (or even better, map all memory NX by default and convert to R-X as needed) Most of these cases could make use of the new generic MemoryAttributes PPI that I am proposing, but this requires some refactoring first to move the pieces out of DxeIpl that are better done elsewhere. The generic DxeIpl code that I am proposing only manages the permissions of the DXE stack, which it allocates, and uses the PPI. X64 should be able to reuse the same code once the above changes are implemented. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#105516): https://edk2.groups.io/g/devel/message/105516 Mute This Topic: https://groups.io/mt/99131196/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
