On 2/20/24 03:06, Gerd Hoffmann wrote:
When running in SEV mode do not uninstall the #vc handler in
CheckSevFeatures. Keep it active and uninstall it later in
SevClearPageEncMaskForGhcbPage.
This allows using the cpuid instruction in SetCr3ForPageTables64,
which is needed to check for la57 & 1G page support.
Signed-off-by: Gerd Hoffmann
I think a comment should be added above where the #VC handler is
established to document that the #VC handler is removed at the end of this
function if SEV is not active or that it remains installed to support
CPUID calls, e.g. to check for 5-level paging support, and is removed
later in SevClearPageEncMaskForGhcbPage().
With that,
Reviewed-by: Tom Lendacky
---
OvmfPkg/ResetVector/Ia32/AmdSev.asm | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 043c88a7abbe..02f287f1d934 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -158,6 +158,11 @@ SevClearPageEncMaskForGhcbPage:
cmp byte[WORK_AREA_GUEST_TYPE], 1
jnz SevClearPageEncMaskForGhcbPageExit
+; Clear exception handlers and stack
+mov eax, ADDR_OF(IdtrClear)
+lidt [cs:eax]
+mov esp, 0
+
; Check if SEV-ES is enabled
mov ecx, 1
bt[SEV_ES_WORK_AREA_STATUS_MSR], ecx
@@ -332,7 +337,6 @@ NoSevEsVcHlt:
NoSevPass:
xor eax, eax
-SevExit:
;
; Clear exception handlers and stack
;
@@ -342,6 +346,7 @@ SevExit:
pop eax
mov esp, 0
+SevExit:
OneTimeCallRet CheckSevFeatures
; Start of #VC exception handling routines
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115678): https://edk2.groups.io/g/devel/message/115678
Mute This Topic: https://groups.io/mt/104464311/21656
Mute #vc:https://edk2.groups.io/g/devel/mutehashtag/vc
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
