[edk2-devel] [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory attribute PPI to remap the stack NX
Ard Biesheuvel
ardb at kernel.org
Wed May 31 21:01:26 UTC 2023
On Wed, 31 May 2023 at 21:04, Tom Lendacky <thomas.lendacky at amd.com> wrote:
>
> On 5/30/23 20:29, Ni, Ray via groups.io wrote:
> > + at Abner Chang and @Tom Lendacky
> >
> >> -----Original Message-----
> >> From: Tan, Dun <dun.tan at intel.com>
> >> Sent: Tuesday, May 30, 2023 6:25 PM
> >> To: Ni, Ray <ray.ni at intel.com>; Ard Biesheuvel <ardb at kernel.org>;
> >> devel at edk2.groups.io
> >> Cc: Yao, Jiewen <jiewen.yao at intel.com>; Gerd Hoffmann
> >> <kraxel at redhat.com>; Taylor Beebe <t at taylorbeebe.com>; Oliver Smith-
> >> Denny <osd at smith-denny.com>; Bi, Dandan <dandan.bi at intel.com>; Gao,
> >> Liming <gaoliming at byosoft.com.cn>; Kinney, Michael D
> >> <michael.d.kinney at intel.com>; Leif Lindholm <quic_llindhol at quicinc.com>;
> >> Sunil V L <sunilvl at ventanamicro.com>; Warkentin, Andrei
> >> <andrei.warkentin at intel.com>
> >> Subject: RE: [RFC PATCH 09/10] MdeModulePkg/DxeIpl: Use memory
> >> attribute PPI to remap the stack NX
> >>
> >> Ray,
> >> I think using MemoryAttribute PPI also looks good for X64 DxeIpl.
> >> The only question that comes to my mind is the AMD sev feature. Since the
> >> MemoryAttribute can't handle the AMD sev feature requirements(remapping
> >> ghcb range from non-1:1 mapping to 1:1-mapping), we may need to find an
> >> appropriate place to remap the Ghcb range.
>
> I'm not sure I follow. How and where would the PPI be used? And what is
> meant by "remapping the ghcb range from non-1:1 mapping to 1:1 mapping?
>
The problem is that, for some reason, the x86 code that recreates the
page tables in permanent PEI memory is part of the DxeIpl, and
executes just before handing over to DXE core (as opposed to when
permanent PEI memory first becomes available.)
So we ended up with a highly bespoke API that creates a new set of
page tablles from scratch, with special handling of the DXE stack and
GHCB region, as they need special permissions in the page tables.
IMHO it would make more sense to
- create the new page tables as soon as PEI permanent memory becomes available
- map the GHCB region shared from a SEV specific PEIM
- map shadowed PEIMs RO as they are being dispatched
- map the PEI stack and DXE stack NX as they are allocated (or even
better, map all memory NX by default and convert to R-X as needed)
Most of these cases could make use of the new generic MemoryAttributes
PPI that I am proposing, but this requires some refactoring first to
move the pieces out of DxeIpl that are better done elsewhere.
The generic DxeIpl code that I am proposing only manages the
permissions of the DXE stack, which it allocates, and uses the PPI.
X64 should be able to reuse the same code once the above changes are
implemented.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105516): https://edk2.groups.io/g/devel/message/105516
Mute This Topic: https://groups.io/mt/99131196/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list