temp remap at GPA 0 to let pvalidate succeed

romank-msft · romank-msft · commit 1648e446930b · 2025-05-26T08:40:22.000-07:00
diff --git a/openhcl/openhcl_boot/src/arch/x86_64/snp.rs b/openhcl/openhcl_boot/src/arch/x86_64/snp.rs
@@ -510,24 +510,11 @@ impl Ghcb {
         Self::set_register(HvX64RegisterName::GuestOsId, guest_os_id.into_bits().into())
             .expect("failed to set guest OS ID");
 
-        Self::set_register(
-            HvX64RegisterName::SevGhcbGpa,
-            ((ghcb_access::page_number() << X64_PAGE_SHIFT) | 0x1).into(),
-        )
-        .expect("GHCB: Failed to set GHCB GPA");
-
         // SAFETY: Always safe to read the GHCB MSR, no concurrency issues.
         GHCB_PREVIOUS.replace(unsafe { read_msr(X86X_AMD_MSR_GHCB) });
     }
 
     pub fn uninitialize() {
-        // Needed so that the hypervisor unmaps the overlay page.
-        Self::set_register(
-            HvX64RegisterName::SevGhcbGpa,
-            ((ghcb_access::page_number() << X64_PAGE_SHIFT) | 0x0).into(),
-        )
-        .expect("GHCB: Failed to unset GHCB GPA");
-
         // Unregister from issuing Hyper-V hypercalls.
         let guest_os_id = hvdef::hypercall::HvGuestOsMicrosoft::new();
         Self::set_register(HvX64RegisterName::GuestOsId, guest_os_id.into_bits().into())
@@ -542,6 +529,30 @@ impl Ghcb {
                 == guest_os_id.into()
         );
 
+        // Tell the hypervisor that the GHCB page is at GPA 0 now.
+        // That'll make it to unmap the overlay page and let the `pvalidate`
+        // below to succeed.
+        //
+        // Soon after this, the GHCB page will be mapped by the kernel at the
+        // GPA of its chhosing. The temporarily mapping at GPA 0 poses no
+        // security risk as that page does not contain any sensitive data
+        // in the IGVM file.
+        //
+        // Once support for unpamming the GHCB page from the latest SEV-ES
+        // specification is added, this will be removed in favor of the standard
+        // unmap operation.
+        let resp = Self::ghcb_call(GhcbCall {
+            extra_data: 0,
+            page_number: 0,
+            info: GhcbInfo::REGISTER_REQUEST,
+        });
+        assert!(
+            resp.info() == GhcbInfo::REGISTER_RESPONSE.0
+                && resp.extra_data() == 0
+                && resp.pfn() == 0,
+            "GhcbInfo::REGISTER_RESPONSE returned msr value {resp:x?}"
+        );
+
         // Map the GHCB page in the guest as confidential and accept it again
         // to return to the original state.
 
