[svsm-devel] [EXTERNAL] Re: EDK2 CAA Page Fragmented Allocation

Gerd Hoffmann kraxel at redhat.com
Wed May 21 13:20:39 CEST 2025 

On Tue, May 20, 2025 at 04:17:26PM +0000, Jon Lange wrote:
> The error you are seeing indicates that the page being read has not
> been PVALIDATEd.  Unfortunately, the #VC exception won't tell you
> which GPA is failing, so you'll have to do some debugging to figure
> out which access is causing a problem.  Because the exception occurs
> on a MOVS instruction, you can't even be sure whether the page
> validation error is occurring on the source address or the destination
> address, though it's rather unlikely that the validation error is
> occurring on a page owned by the SVSM itself.

It's the source address.  Patched in a few dummy mov instructions
before movs to see whenever rdi or rsi access faults.

Address is the CAA page.  Owned by the linux kernel.  svsm maps it at
0xffffff0000002000 aka SVSM_PERCPU_CAA_BASE

> I cannot guess why the GPA is not validated in this case.  The calling
> area address is established by the SVSM when the CPU is created, so
> this specific SVSM call cannot be specifying a bad address (because it
> is not specifying an address at all) - unless this SVSM call is the
> REMAP_CAA call.

Linux remaps the CAA twice via REMAP_CAA, but this 404 fault happens
long after the remap completed.

> I don't know whether it's possible that Linux is issuing a PVALIDATE
> request to the SVSM (remember that all PVALIDATE operations must be
> performed by the SVSM) to revoke page validation on this page.

Linux flips an page range to SHARED state, most likely for IO bounce
buffers.  The CAA page is not included in that page range.

The linux kernel can do svsm protocols just fine, only when uefi runtime
does the same thing with the same physical CAA page things break.

> I also don't know whether it's possible that the specific flow you're
> looking at involves the VMM deciding to remove the physical page
> associated with the CAA's GPA and to replace it later - this would
> result in a non-validated page being present in the address space.

There is no trace of any explicit PVALIDATE calls.  So I'm wondering
what conditions might cause the VMM do actions like that?

One possibly relevant detail is that the linux kernel and the uefi
runtime use different mappings and different virtual addresses to
access the caa page.

thanks & take care,
  Gerd

More information about the Svsm-devel mailing list