From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=helo; client-ip=104.47.42.52; helo=nam03-by2-obe.outbound.protection.outlook.com; envelope-from=brijesh.singh@amd.com; receiver=edk2-devel@lists.01.org Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0052.outbound.protection.outlook.com [104.47.42.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A4FAC223522BD for ; Tue, 27 Feb 2018 12:31:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=LoqvIRfGoACmjQaa1cu7J/zRwK4ldazHiosggXaVAdg=; b=0ulEv7V2Qxe8Z6/uvu5HVaygNtHVln1vgzevw7yW53+iNX3tDxj/40Q0e9/LHnkuth2pVvJCNkQ5SUrfG/Qc5HMLDGLJPVFmYyzazDo1xxUmndaT16eeMh9NyjSF133Rn062PfD6PPf7opsmqZgdEhDHyJRAwwdcVjmv0ky31m8= Received: from wsp100528wss.amd.com (165.204.77.1) by SN1PR12MB0160.namprd12.prod.outlook.com (2a01:111:e400:5144::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Tue, 27 Feb 2018 20:37:13 +0000 Cc: brijesh.singh@amd.com, Tom Lendacky , Jordan Justen , Ard Biesheuvel , Michael Kinney , Paolo Bonzini To: Laszlo Ersek , edk2-devel@lists.01.org References: <20180221165212.6643-1-brijesh.singh@amd.com> <20180221165212.6643-3-brijesh.singh@amd.com> <6a0cd77f-13d8-b8dd-8ad2-931347e72a7c@redhat.com> <8138d8c3-678f-fd42-c663-1ae5c2e539b9@amd.com> From: Brijesh Singh Message-ID: <0d4dcddc-d417-e4b9-961d-73fed7647cbe@amd.com> Date: Tue, 27 Feb 2018 14:37:09 -0600 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM3PR12CA0075.namprd12.prod.outlook.com (2603:10b6:0:57::19) To SN1PR12MB0160.namprd12.prod.outlook.com (2a01:111:e400:5144::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e613a01a-74cd-47ac-7606-08d57e21e373 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:SN1PR12MB0160; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 3:FlKnWGfLM7hV3we8b8dfgLACE3dB/L+HlosllBgdjNJRn179PyVhGl+gp8IZAekpn8/HH1yRehk6A2m/qLZMizdkNXbnBwH2/BoYmtVoUNKaIumjatXCfj7z/1I7TV3DPj3egUteKpm8veUgRkNhImI7oKBM7DX7XLzsReSuGLSzsouL3bq5w2wg8CQB95DQJH+umuSTH5GTrJGXYiUtgakeBCyCjJpNgpTv0JSkdmj470MgGEDapdiu3KqV9M9E; 25:0YL28C6QgQyIyW4sZq5tXBD0V0wJsEfyef0f6APEk2yGb1+JTnt7vJAQHJZ4Kr4B800cT3mlS7yg84KhRmWBHE4tV1XX6OTrXvFYlAsBONyBWjEFcfN8UDwZAv+Yro80rhjmBGxsxSqxcDvEOB6VHjuuTehXm4eeRD8XNQdKO2lAxZglhOASHMoFG4yaP3cBxqE5yNuaZkm79rrjBjRUvJs0DNPJDQtlI824lolkfcK9RTuLDph+unH9SVW5XYpXvzORcBC+HrAJczXeDAM2RXAj4bmw5DKHD3/12vdzdppyKOC8Fw7ulKSHEp90LYMHqLCM6DKuCC/xhCyVABCPTw==; 31:dpIAphd6yG4YKYpu29nmh0i/xq4mRRjkhxBhKeX98tFxrz1TIBZCrbOu++FFPO+uKjbKfPvjC7ggdrZDzfBs0E9BNh2KtAoQXWVKjCBqY/dbCuIuEG+J7IdXoWZV/yYeg3CEpi5gLUdOcR78unK1bg1H80FjEvUXPBqc1JIEkJHJ5qx1kbfE6SwCwT4X/KhzX2Hx59Inb6zoPfkk5wrermgCEsG+umdpBQ7ea2K/RtU= X-MS-TrafficTypeDiagnostic: SN1PR12MB0160: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:iEra4W2naZJKRjvka9M2h8KqSyz1Rh3gcPee0DwhqKsYWHyI9AhhjpYYCYzf4xIt0lZ2LHYz28P9QEvw7M4skL5lTP4GgT0fmg343CTxN69BkLShqsg/AJDZkmtEq90RwQDQpL+1yABKzYwNUIkvgmTfx5HKat032YUD53U2Y90DoubCup+Jr+BD17daG397SN+m9Or+siAwZ24bfeuqIkXw3BWvooEXSJ5moXpl6yKOGk5dowTM/iw0+FnmTuUl9hzFZaEsSksy7WDU1dRjB0y+JTlZbmaJw8/SXqSpYflh9sPCTHsXCZica3ZTX/oo/9LxX2rQxhgE49qED/0YHLvI9UVKJS+eQzxsdq4K1WEyMlQOhoN+BNaeZxhEuXHnC0vliPfXG4AjnBaPiqX/DsA83AWcSBrxQ0Mx5nz1Jzed3FH5K1L7M4HciDeVVuAR4qUXo1Wz6KMPc+4UL8Rr4hpstIbOYf4ZFYD/iuerBdOH2RKqSPxLxXNmdaGoT4JO; 4:2ePy23/m3m8J/g+UpPJCK8vsASr5nVAPNT7i03obuRxW3laPsBEpLYLuZ21yHtbQrq7wxkR5gQRpv8271zodzWEIZp5T2+y2O1iiiTAX40PJWtcoXgIQHzoppHYSJGVQEuRq4Ldu5VpEjG+9h+D23jhJ9/QoQ5FBWGRLofig6OF2wU5De0ze86eh3/1/LZZT2XgUHpWMmlFv2YmtVAqboeL0cFkIIoBdtggRMEpD53AbQUcHbs+7yZsN0J02MjEXHLGN9tBVd4h5924Mw4K7cA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(3002001)(3231220)(944501204)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041288)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(6072148)(201708071742011); SRVR:SN1PR12MB0160; BCL:0; PCL:0; RULEID:; SRVR:SN1PR12MB0160; X-Forefront-PRVS: 05961EBAFC X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(396003)(376002)(39380400002)(366004)(39860400002)(199004)(189003)(40764003)(106356001)(53546011)(53936002)(23676004)(2486003)(52146003)(81166006)(5660300001)(8676002)(6116002)(31696002)(2906002)(47776003)(305945005)(93886005)(6486002)(25786009)(86362001)(4326008)(7736002)(65806001)(65956001)(66066001)(26005)(478600001)(3846002)(2950100002)(6346003)(68736007)(36756003)(6666003)(31686004)(16526019)(64126003)(229853002)(50466002)(97736004)(7696005)(52116002)(81156014)(76176011)(58126008)(59450400001)(386003)(186003)(230700001)(105586002)(8936002)(54906003)(65826007)(6246003)(316002)(53416004)(213903007); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0160; H:wsp100528wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTYwOzIzOmJWUUpZV1NjWnBkTTR1dWU1YUhRSVUzcGxx?= =?utf-8?B?OEhhMzEvSTJHNnhXNmFESXdiS2VTVnFOUm5nMDgzR1BqQUxVaERTc1FQRXJK?= =?utf-8?B?VjV5dHMyb0NNMHJ3b1o2Qm9FSk1qUVNtdnZMbmp3TTd2dlNuUnZaWU5XZ2Jj?= =?utf-8?B?clJwbVR4OVRuaTB4OW16Z2FrdnhYaWtXMGlqNklhbmJ1NExBbnIzSWZ0eFhy?= =?utf-8?B?eVZRQXM2ZlpqQlZrczl3bEZraU1TVXVqR1BzbmtNMGorQ3duYlpEQmRVa2JQ?= =?utf-8?B?a1BZWE1jU3BwY0JoNTEyN00velRYcU9LTUZMbVZwRUFRMmtIVnU5K2VXeWZE?= =?utf-8?B?azBGL3AvRm5ud2V6Y0E2K0l3bFpBVmw5U082Z3V2RzBZNHkzNDRSc0htUmlE?= =?utf-8?B?eE5IMGQ2TktBU2hLYW4rYWxrRGJDYWIzc2ZhdzNuUkVud1IxeEVSWklranZS?= =?utf-8?B?ZXhablJmSStkekFEaEhhV2k3OFNJWmF4OVcxYmQ0UWZLMDV0dWtMRkNvZVlS?= =?utf-8?B?TTJCN2pJZDZMMXVvSGp4UmNDMElRUEJKWTJvNjhZRjlyNlFpNVJBR0grejRQ?= =?utf-8?B?QXJGYVgrV2NGUTh3SXlhUVJjWk93VVJEQnhvdlpidzVxeXRYd1FKamJWUTcy?= =?utf-8?B?bGI5Y3pRaWhFMWVYcng0aTNwTVdrRFNYS3p4YXdlYXE1S0VMRHFkNjl2SGJv?= =?utf-8?B?amJWRk85Z1djL0tIaEhtbk90T2ovYmNZenAvWEZqT3ZUVk8yeFBQSHE0cThE?= =?utf-8?B?MGNyM1dyYUplWFZHVElaOHVGeE1vYkt1RGo1M1Frd05vMzhvTmU4WEkwQzRR?= =?utf-8?B?K3cyRVM2NldmNzBNQlpZaEUzSDJMTjVQZy92bUFMSGpyVFJuNEJORU1BVFlr?= =?utf-8?B?RDA4ZURTbDFLa2dOQ2NSYWZaVnZmUitHbEhPMHc1WWZTTExpVnZPWGxPU2pj?= =?utf-8?B?T0sySE5LcmI4aTU1WExGeDF5QlkvZlRpUzZPMnEwa01OQm5QTFN6VDVmeDVL?= =?utf-8?B?N2hZeTh0MDVsUisyWGdjZWUraW1EQ1RSSStOaWxtK0dkU01WZzlPKzBVRXo4?= =?utf-8?B?c21zZDBCNlJzVXpxQUt6bEcvaFc5cDh2aUFjcElEWGk3Um9meWJsSnp5NDZv?= =?utf-8?B?R0xtcnNwaGUrODd1RTY5cTZta0dDR1hFK2NOSm04aEV6TVY5SHpNZUduVy9o?= =?utf-8?B?TU91Y2pmQzEzRVQvTitvNzVJaFQxYlYzdzlSdTdVQ2FBQmhxUlIvU20rV3JX?= =?utf-8?B?NEtMSFBmRFNXMldYbEV5alJBaFdyTCtaTTlRSmV1RHVvSklnWUR1N0pUT3dH?= =?utf-8?B?NTlXQ3B3d1c2YWhtb0ZPSllwSWpleDI3ZS9vcENISXdTWHZ1ajVFdWRvU3Ro?= =?utf-8?B?cEFRcjhxK2J6aFdGSGlZV3grc1ZRZFBaQmtXUjRuUm5oZ1ZPY2pPSm9EZXpJ?= =?utf-8?B?N0QvWFZiVkxCb3E0R0x4b0JuUzJHeC9pUWROc2RTMkZ6QzNKcGthbVhvRkhl?= =?utf-8?B?a1dqelg3VHNicmFhNDd5czJQa1ZkU3ZyZ01Idy9TMHV6dWxQNE05WGdGME45?= =?utf-8?B?VGRlZnA1ZldIUDFXN2QrREs1Mm5Md1o5Q2QxWnFvWDF3b2tkd1JBaTh2VnJC?= =?utf-8?B?d0tjRFJINGx4MVVCNng2OFZJa01KbE9nNnhIWk4xaTdNelJLU2NDQVB1RmVr?= =?utf-8?B?cXlkR3NiVGp3RXh0KzhBZmhoc3FVSTdqUEJsUFJpTGNnS3Z2b21VaTBLQ3FM?= =?utf-8?B?NFJnU05KSXZWeHFLWlRUTnJjZGVWNENXcVY2QjFCL1diWmROcFFrOEFqNDFp?= =?utf-8?B?dzMvVGNGVEN4TGNvNU96S2FZQ1VxRmQ2OGRUOVphWnU3RjlNd2hmMzZiWWVO?= =?utf-8?B?eFhxV2hVdFQ0NE0zQVZIMHFIeDNhdTAvNFlPeGJpVFA5WDc3cEJrN2ljR1Zz?= =?utf-8?B?QXFWUDMzM2VnPT0=?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 6:aOn4af5Rd9MhlhEPbnph99qZTw2/EiMc84peGDLSY1mQdbUtayFTdBA++apMtg0WJa49GT/KwKFHzDLtU3j/G1BhT+tJW3NGvZaRWUcsP2nVb8u0tt/D2OB9G01zgEdpmEq9709q2aVG5q6N7yKBzGnHgCKDRFMDS984ysZvMPDnVfZwpa2jiuRwvhZ7xiSmPtVi35AnKTdRu/29++H0Fm2A8GZDKBgWuazzOAHWN2U0/urp9ky3RA0ZQQ1ezqSVoSzZmVNzK2QRyIT/eUAjl/LXutbq7aVutX6kovit4E7lsK3M29HW73z9cRfHFJlM6QAWMfzfiA26sQRGaf5LNhFCxic34HQg3y+Yq1jBEMc=; 5:OFYPdCj2+5yM4yPUEcJySKe7c2+Nj41QSQwuyp5Ah3dgnOSTDnDQXc6o9ygxOtMZBz690nTZVIiCkJFCnc6lafHgyn06Orsu+fMvL6eykANZI8D1w5qa3j8UxTA08XVsvLay/h+j0Tk455Y+ohkp6bGTDrxQtiP495q/0tBt4nw=; 24:MZXSrjHxEvb09IwNH2T3OoqCWNFyseFsIydJkO3/jRTlp4uQgspV/+OwpdO815F6E08oMppPX36PsTM89dWkb5LFYOLQIMQUvyx0ecMWnbE=; 7:Tx74dfglDYWw+pI5BDqUn+fV8WUryGGySD2WKMa39a4kFyST9MbHcrpeFxnPIzVaojLN6EhPtI6+XtYwv0cfWG2Y+SibocJiAWX4WlAqTE+2j/A4puu9/1R5b3mw2GDFZE4cOgLTGx9mW2W/p60ktJEkYSQdomwkUZefclkCZPbWrwLYisZntxsCJsB9QWAtmAWkmJ4PlEqtsuFgWdQ5+oYFPI7MROvHV/jaqwcHfIG2Ys0oPIg9CBIQLrpb7XsX SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:ly8tTMtTDxu62ZST5WVz9Z1yP8zfUeLTiDydsglBtJdUlXASgIXHKcRWcVpy+Owmlp+Suhqe5/urN66NpKcxEHY7Zl80EBeaF0wbe2LjifEqaD6/NAMHamk/U0dpF9zJdKtNWCpSmXeokqWLameCVqcGJ/7qnQAN3sV1gbO5o3D2S+KeaJ4m2m8BoHbfuYq4NxNmtqZC90cskh0CptitXNmPCiXLXP5WNAJ/AquJo2+002F+MjkAQE+Xxl1pYzl3 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2018 20:37:13.9996 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e613a01a-74cd-47ac-7606-08d57e21e373 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0160 Subject: Re: [PATCH 2/2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Clear C-bit when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 20:31:13 -0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Hi Laszlo, On 2/27/18 11:17 AM, Laszlo Ersek wrote: > Hi Brijesh, > > you provided a lot of information (and it seems like your analysis was > advancing in parallel with your email -- I too do that sometimes :) ), > so it's not easy for me to write a concise response. > > * Regarding the C-bit that covers the relocated save state area (esp. > considering that the area is not page aligned and/or contains executable > code): > > I think (a) adding any code (under OvmfPkg, or under the core) that sets > the C-bit "correctly", and in turn, (b) lacking any code in edk2 that > actually *exercises* the "correct" C-bit setting, is counter-productive. > Unless the C-bit is actively exercised, we're just adding *dead* code, > which is a bad thing -- it's very easy to regress (without anyone > noticing), and it leads to developer confusion. > > On the other hand, I wouldn't want your analysis to be lost (remember: I > asked for the explanation because I didn't understand the behavior). So > I'm thinking your analysis should be captured in both a commit message, > and a large comment *somewhere*. Possibly near the code (wherever it may > end up, AmdSevDxe or SmmCpuFeaturesLib) where you manage the C-bit for > the *initial* save state map. > > I mean, wherever you manage the C-bit for the initial save state map > (which is required), you can also make a large comment on the *future* > location and behavior. > > IMO it's OK if we don't guarantee the guest with functional access into > the relocated save state map -- there is no actual code relying on that! > -- as long as we document this gap. > > Does this suggestion make sense to you? I am good with this approach. I will add my analysis detail in commit message and also put the similar thing in AmdSevDxe. In future if EDKII makes use to SmmSavedArea after the SMBASE relocation then we can revisit it. > > * Regarding mapping all the NonExistent and MMIO GCD entries in the SMM > page table as plaintext: I think we should really be on par with > AmdSevDxe here. This is code that *will* be exercised, and if we cut > corners here, next time we add another MMIO range or device that needs > to be accessed from SMM too (for whatever reason), we'll go crazy otherwise. Sounds good, I will make the necessary changes and send the update patch. thanks for your help. > > * In general, regarding how and when SmmCpuFeaturesLib APIs are hooked > into PiSmmCpuDxeSmm: please ask questions -- and ask them to Mike :) > OVMF's instance of this lib class is Paolo's work (thanks again for > that!), so I always defer to Mike and Paolo whenever this lib class and > instance come up. SmmCpuFeaturesInitializeProcessor() looked suitable to > me, for implementing the previous bullet, but it's really just my > "shopping" for a good pre-existent hook point. If we need something > better, let's discuss it with Mike. > > I'm sorry if the above is a bit too vague; please post some new patches, > even if only RFCs :) I think your explanation is very clear to me and I am in agreement. Let me work on patches. > > Thanks! > Laszlo