git.proxmox.com Git - mirror

author	Brijesh Singh <brijesh.singh@amd.com>
	Thu, 11 Jan 2018 19:51:01 +0000 (13:51 -0600)
committer	Laszlo Ersek <lersek@redhat.com>
	Mon, 15 Jan 2018 20:18:50 +0000 (21:18 +0100)
commit	b721aa749b86a6218118c0dc0eb91daa13abe761
tree	6e4d540312783ec2ef97b0a8b46e0b88efc9220b	tree
parent	84513df419968b4486c442f3fd646729aba2999a	commit \| diff

OvmfPkg/BaseMemEncryptSevLib: Enable protection for newly added page table

Commit 2ac1730bf2a5 (MdeModulePkg/DxeIpl: Mark page table as read-only)
sets the memory pages used for page table as read-only after paging is
setup and sets CR0.WP to protect CPU modifying the read-only pages.
The commit causes #PF when MemEncryptSevClearPageEncMask() or
MemEncryptSevSetPageEncMask() tries to change the page-table attributes.

This patch takes the similar approach as Commit 147fd35c3e38
(UefiCpuPkg/CpuDxe: Enable protection for newly added page table).
When page table protection is enabled, we disable it temporarily before
changing the page table attributes.

This patch makes use of the same approach as Commit 2ac1730bf2a5
(MdeModulePkg/DxeIpl: Mark page table as read-only)) for allocating
page table memory from reserved memory pool, which helps to reduce a
potential "split" operation.

The patch duplicates code from commit 147fd35c3e38. The code duplication
will be removed after we implement page table manipulation library. See
bugzilla https://bugzilla.tianocore.org/show_bug.cgi?id=847.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>

OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c		diff \| blob \| blame \| history
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.h		diff \| blob \| blame \| history