Re: [PATCH v9 30/32] OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map

Brijesh Singh

On 10/14/21 10:26 PM, Gerd Hoffmann wrote:
On Thu, Oct 14, 2021 at 05:11:22PM -0500, Brijesh Singh wrote:
On 10/14/21 1:58 AM, Gerd Hoffmann wrote:
On Wed, Oct 13, 2021 at 11:57:11AM -0500, Brijesh Singh wrote:
When SEV-SNP is active, the CPUID and Secrets memory range contains the
information that is used during the VM boot. The content need to be persist
across the kexec boot. Mark the memory range as Reserved in the EFI map
so that guest OS or firmware does not use the range as a system RAM.
Why is this needed? Isn't the complete firmware memory tagged as
reserved anyway?
PlatformPei detects all the guest memory and marks it as a SYSTEM_RAM
unless its an MMIO or added as reserved in e820 map file. Since the
Secrets and CPUID pages are part of system RAM so we need to explicitly
exclude these region.
secret and cpuid are in memfd which in turn is part of the firmware
image mapping which is reserved in the e820 map:

kraxel@rhel8 ~# dmesg | grep -i e820
[ ... some lines snipped ... ]
[ 0.000000] BIOS-e820: [mem 0x000000007ff7c000-0x000000007fffffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000ffc00000-0x00000000ffffffff] reserved <= here
[ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000027fffffff] usable

I think they should be covered already ...
The MEMFD range is outside of the firmware image map,  MEMFD begins with
0x800000 [1] and in my boots I don't see it reserved in e820. Here is
the snippet.

[    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009ffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000007fffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000000800000-0x0000000000807fff]
[    0.000000] BIOS-e820: [mem 0x0000000000808000-0x000000000080afff] usable
[    0.000000] BIOS-e820: [mem 0x000000000080b000-0x000000000080bfff]
[    0.000000] BIOS-e820: [mem 0x000000000080c000-0x000000000080ffff] usable
[    0.000000] BIOS-e820: [mem 0x0000000000810000-0x00000000008fffff]
[    0.000000] BIOS-e820: [mem 0x0000000000900000-0x000000007f4eefff] usable
[    0.000000] BIOS-e820: [mem 0x000000007f4ef000-0x000000007f76efff]
[    0.000000] BIOS-e820: [mem 0x000000007f76f000-0x000000007f77efff]
ACPI data
[    0.000000] BIOS-e820: [mem 0x000000007f77f000-0x000000007f7fefff]
[    0.000000] BIOS-e820: [mem 0x000000007f7ff000-0x000000007fcfbfff] usable
[    0.000000] BIOS-e820: [mem 0x000000007fcfc000-0x000000007fd7ffff]
[    0.000000] BIOS-e820: [mem 0x000000007fd80000-0x000000007fffffff]
[    0.000000] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff]
[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000017fffffff] usable


Join to automatically receive all group messages.