tdx: use a limited R+X page table for booting APs #2019
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
discussed offline, but doesn't quite handle the vtl2 mem alloc case. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Discussed this with @chris-oo as an alternative solution to #1563 and #1564, implemented in a way which does not require further kernel changes
With the implementation of mailbox boot, the TDX reset vector jumped to a wakeup function in the kernel that is not always guaranteed to be mapped. As a temporary stopgap for this issue, Chris had increased the size of the identity mapped page table created in the loader, such that the lower GPAs where the kernel would place the wakeup vector would always be mapped.
We had deemed this lack of guaranteed mapping to be a spec compliance issue on the kernel side, i.e. we believed the upstream kernel should place it's wakeup code within the mailbox page. However, with the most recent ACPI spec, the upstream kernel is retroactively spec compliant by placing it's wakeup vector in the <1MB GPA range.
As the upstream kernel is now spec compliant, changes on upstream are less likely. Instead, we need to change the temporary stopgap into something productizable.
Changes
This PR updates the paravisor loader code, such that it creates a read-only page table which identity maps the lower 4GB of GPA space, where the OHCL kernel guarantees the wakeup vector to be.
The shim is updated to load this page table into the cr3 of the AP startup context.