From: Tom Lendacky Date: Wed, 12 Aug 2020 20:21:42 +0000 (-0500) Subject: OvmfPkg: Move the GHCB allocations into reserved memory X-Git-Tag: edk2-stable202008~55 X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=commitdiff_plain;h=3b49d0a5982070f0b86ecedf168dbcebbb6c0f47 OvmfPkg: Move the GHCB allocations into reserved memory BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 After having transitioned from UEFI to the OS, the OS will need to boot the APs. For an SEV-ES guest, the APs will have been parked by UEFI using GHCB pages allocated by UEFI. The hypervisor will write to the GHCB SW_EXITINFO2 field of the GHCB when the AP is booted. As a result, the GHCB pages must be marked reserved so that the OS does not attempt to use them and experience memory corruption because of the hypervisor write. Change the GHCB allocation from the default boot services memory to reserved memory. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky Regression-tested-by: Laszlo Ersek --- diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a2b38c5912..4a515a4847 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -51,9 +51,11 @@ AmdSevEsInitialize ( // // Allocate GHCB and per-CPU variable pages. + // Since the pages must survive across the UEFI to OS transition + // make them reserved. // GhcbPageCount = mMaxCpuCount * 2; - GhcbBase = AllocatePages (GhcbPageCount); + GhcbBase = AllocateReservedPages (GhcbPageCount); ASSERT (GhcbBase != NULL); GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN) GhcbBase;