[svsm-devel] [EXTERNAL] Re: EDK2 CAA Page Fragmented Allocation
Jon Lange
jlange at microsoft.com
Wed May 21 18:37:03 CEST 2025
Adam wrote:
> If the guest accesses a GPA with the c-bit disabled, then KVM will rmpupdate that page to shared.
> If the guest then accesses the same GPA with the c-bit enabled, then KVM will rmpupdate it back to
> private, but it will be unaccepted and thus give the 0x404 error. I've seen this happen while investigating
> several different bugs.
This is a compelling theory. If the OVMF mapping of the CAA page does not set the C-bit, then this would result in exactly the behavior that we are seeing, because the OVMF access would cause the page to flip to shared, and the next SVSM access would cause the page to flip to private but unvalidated, leading to the 0x404 error. Gerd, can you check the OVMF mapping of the CAA page to ensure it has the C-bit set?
-Jon
More information about the Svsm-devel
mailing list