BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
The SEV support will clear the C-bit from non-RAM areas. The early GDT
lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT
will be read as un-encrypted even though it is encrypted. This will result
in a failure to be able to handle the exception.
Move the GDT into RAM so it can be accessed without error when running as
an SEV-ES guest.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
PHYSICAL_ADDRESS GhcbBasePa;\r
UINTN GhcbPageCount, PageCount;\r
RETURN_STATUS PcdStatus, DecryptStatus;\r
PHYSICAL_ADDRESS GhcbBasePa;\r
UINTN GhcbPageCount, PageCount;\r
RETURN_STATUS PcdStatus, DecryptStatus;\r
+ IA32_DESCRIPTOR Gdtr;\r
+ VOID *Gdt;\r
\r
if (!MemEncryptSevEsIsEnabled ()) {\r
return;\r
\r
if (!MemEncryptSevEsIsEnabled ()) {\r
return;\r
(UINT64)GhcbPageCount, GhcbBase));\r
\r
AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);\r
(UINT64)GhcbPageCount, GhcbBase));\r
\r
AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);\r
+\r
+ //\r
+ // The SEV support will clear the C-bit from non-RAM areas. The early GDT\r
+ // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT\r
+ // will be read as un-encrypted even though it was created before the C-bit\r
+ // was cleared (encrypted). This will result in a failure to be able to\r
+ // handle the exception.\r
+ //\r
+ AsmReadGdtr (&Gdtr);\r
+\r
+ Gdt = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN) Gdtr.Limit + 1));\r
+ ASSERT (Gdt != NULL);\r
+\r
+ CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1);\r
+ Gdtr.Base = (UINTN) Gdt;\r
+ AsmWriteGdtr (&Gdtr);\r