From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.83]) by mx.groups.io with SMTP id smtpd.web11.11351.1618399108390798060 for ; Wed, 14 Apr 2021 04:18:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=bSIHnQ3X; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.83, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qr7Q7p53zm8OeS4eACQHcq0wdGlF/0HFmkCEMTS+c8JzTZosC3PFeflDHIFsWZHyfaTtSA4wOhxPRjRbGlDH637rtnUH3eehoObnucrUUmYV02x6Cvw69jiDaA33X9bI13DAYIIbCqtYn2Xib7qoS0NrGjYtZJ3106H0FLVijvXVm67P8VQbKXiZRP3MNi80Ze9nZG2MqnYrSQVeiYt3wor6H3ymuG04SC6A1UwcSmkHqdCUE99rLITAnObwpZD0Cx05Z/retybGnsYtlTJ17EGdv38WBlc+Pvlqxb5Bwaq3PpX9UAnjZTlfxfHq7JXU4/0yLoYywkClj+N4IA/Ljw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BhIjpuw0taVRof4KEPbwT/ND04LgvhWYHY4FY9E8wVs=; b=LtwhNq3pUIqHbrgwuNFJ8rmAgzn9LNS6WaH8OwOcHvZLrVhuUU9IguB+CSQ5r7Z2rMyWIWS1VggPTMUH1tbl2cHXr2MBNaxcUEA/elxq9S1tTkX1+VztGoc5WxLu8nKSqqhzGBZObgqTfX+nLT9Nsho5awWXSf0RKTHnojdJFJpWk0ITK00WtRthgC4u/+JA5Qhh9BYkc5UMvOeNsWQVRL0TpNk6Vsz4wjC4UXvDdvnEJedrr33Adl5GBahdjJbO+R5xCQyj6tsSZfesiHjYIS1oxVX+kSFR2s6Nessd8ItzMlHpNJmRxYwlDnIF+4fwvkEhjDn+0Mh/GdGJc43Jyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BhIjpuw0taVRof4KEPbwT/ND04LgvhWYHY4FY9E8wVs=; b=bSIHnQ3XtwWrD4RwsM6TE6O6vNwM6mpwLoXdsJTW0n2CKsCZJ50CpvUBMUEGyqkAejXWq2y3iVIXXqVdUQUoBlhyVkogsXojH+GBalel8G/J4aDUrnC20rDlhw7UOGvDJtFymBF60XmJTE664DSLlQfhPwH2fncjleOMBYsnbEQ= Authentication-Results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4384.namprd12.prod.outlook.com (2603:10b6:806:9f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16; Wed, 14 Apr 2021 11:18:27 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4020.023; Wed, 14 Apr 2021 11:18:27 +0000 Cc: brijesh.singh@amd.com, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel Subject: Re: [edk2-devel] [RFC PATCH 00/19] Add AMD Secure Nested Paging (SEV-SNP) support To: Laszlo Ersek , devel@edk2.groups.io References: <20210324153215.17971-1-brijesh.singh@amd.com> <34a50603-32b9-1476-04a5-8476dd810fe4@redhat.com> <213ce382-0b04-16f4-dd77-f9bb2cc32698@amd.com> <2cb456d3-c407-ff00-c274-af30d4385749@amd.com> <867ca68c-0a55-7466-43c2-cf6845fb8d75@redhat.com> <8002d119-f772-3f8c-ee07-7973ef97428d@redhat.com> From: "Brijesh Singh" Message-ID: <0e793ebd-4037-d19d-9421-31272944133f@amd.com> Date: Wed, 14 Apr 2021 06:18:23 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.9.1 In-Reply-To: <8002d119-f772-3f8c-ee07-7973ef97428d@redhat.com> X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: SA0PR11CA0036.namprd11.prod.outlook.com (2603:10b6:806:d0::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SA0PR11CA0036.namprd11.prod.outlook.com (2603:10b6:806:d0::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.16 via Frontend Transport; Wed, 14 Apr 2021 11:18:26 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: da592571-e825-40d7-6fcb-08d8ff370641 X-MS-TrafficTypeDiagnostic: SA0PR12MB4384: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CGVlA55lT2K8LsYip6M2ekRfiKVAFi8rRs2/d38dJYWT0O/MFvv5oJTYu502GtlV6scdIJg+LjO3xRzUtIsF/F1OUemPfztLXvzVeDwG3L3+P8iikHovBWfB10D0pb071nus6v+AFbkWmBUyyTDRYmnHGSvJrOxnn5VZsPEpZLG1KJXHKewz5m3trbIT1ScSR4HLWbliUGQQh1Sba33n7iG3ghmuYIrsbMvofPBECG0yHtRM5S+lU7jTc1IHTJuUAeheIxMn2YlS13flt+ACUqZMIrrSyP/9NLhlzcHr5AAF+E37k5UPFQPL3CtLaiyRhCP+F5NO8YjITjKZ7DEkTN1tTl+seXVIFSAqYZximbaqJnW3fi0GzLwPlH+iosd3GKrXL1kqYn5xBV2yiINf91yfSMUds0p5+SuTTc1eJ7VlUkmvyZTXVdsFLimdvPa0VOC1w+Z9/xNxECICz74edc1yg+dsRb+QPfZixwu2skEKRt3r7JVsnkEEG32SLyr3KFH+HHqiOH4kYR/Ncec42p8BMnrOEK1zN8EgsLAGjEs1UasuD55zkO8MtFUVyIwqZUSZ9GFR1gptK3DPjbXJLG1w3+MkVkt3B3/axt5afZUAjkhhL+RPFJmNICHyXAfCx9WA9A4+eg/JVA3999W7CJ+wCryV1XQz0WnnbjTG1lofABlXv70Nw4BrrOVuNPSLKCvttsFrUY4I1z3uhfJ6CE0Su3CfrSVmDAEH21IaDhU= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(136003)(396003)(39860400002)(366004)(54906003)(4326008)(83380400001)(2906002)(6506007)(6666004)(31686004)(8676002)(8936002)(38100700002)(38350700002)(316002)(6512007)(36756003)(5660300002)(31696002)(52116002)(478600001)(16526019)(66476007)(66946007)(26005)(66556008)(186003)(956004)(2616005)(44832011)(6486002)(86362001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?MDBOZDU3Sm1PVVphZWd4bU9JVFBNSW5mZ3ZvdmNWYnRsR1kwK05GRUdheW51?= =?utf-8?B?N2I5akkyUFg3NkF5clVMSmR1emNYTm9MRmlBS3dCTkdJSnNWK0JBWUVJRHR1?= =?utf-8?B?elB5bjJhMjJEUWxLSVQ4aEtrTGFRRUZHR1JCRnRuN2p3QUVweWJpbDBqaTJD?= =?utf-8?B?Mm9temVtQStjRTNoY2kxT3owVTF4WU1QVjlRQjhuT0xhTk82dXNWRGd6Ymkz?= =?utf-8?B?TStEdXRpbTRGcXhxSzdLRmNJcXBpeDJ2eU0zczJzU0FnSnYxWmg4Vm1meVc0?= =?utf-8?B?NjhyOGRUTWM1bktadlpUNFpLVFFqNlp1M0U2VXlYcTBVdTN5cXZOYWlUUWNt?= =?utf-8?B?TmNPblp1YkFVcU9URTZ1UU9XK3pJeERjelQ3bVpDQVpCbVB1cVRMaDJDWFE0?= =?utf-8?B?dWZJa1NmU05QMjNmTXpqUGVGaGZkOGw3cmpHNHU2RGJoU2xCbHNFektQVUNM?= =?utf-8?B?bG5OdnlSQ1RiWkdJN0E3eUlJSGZ5OGU1cFN2VGRVek1Uc1JTamZJWmNzNkQy?= =?utf-8?B?ejdjTXd0cHhreWxwUlpTUzh4KzE1czlzSXdYdGpSdnYvb1Q1dEZKUm40RHln?= =?utf-8?B?MytpT0tsa0oxdXJPZExVcjhPMkNlWkxJbTloYWFrZ2QwNDZwZU5wL2JHajAz?= =?utf-8?B?d0NTaCtOS09CeUV5cnFScVhsaGxOamhLbC9RYk1UVEJzQnMwZ2pDamlCTHFK?= =?utf-8?B?WEMraFUxaHk0M3g3Z2Q4U2RZcHhmMS9PY09JUzFCZVh5akFJenNDNllQYm9J?= =?utf-8?B?by9lQWY5d2FRTm9VdXNlOGNNazlHODZJTzEzaW5Cb2lBbjBwNUFHTU01MVQ5?= =?utf-8?B?NUNKQTZpdjdoTU5SZ3N2Y3lDWnI1Q00yNmtLbkZDTUpWK0h1cTlpNVVGbnB6?= =?utf-8?B?MSttVmExZVN3VVBKY1hKSlZPdzZ2cVoybVJ2Tm41Si9XTS9kQWZjUEp6bFJU?= =?utf-8?B?ckRhZ1ZGeFlYVDdkYzUvQ0lLN3lWVkhJbUVzdGtsTU5YUm1mdHZXZzVUT3lw?= =?utf-8?B?VE12dTBYSlR1WHlQL2hGc1JXdFhFUHdHUUN4SVVOZ2kzc1Y1ZXR2WHJXaVIr?= =?utf-8?B?c3R1ZkJTL205MHdiMXJXNHlOVlVCQm02dnZ6d1B3K3pJVVlxMVkydGgzU1Jj?= =?utf-8?B?MmsyWDBLRFlFNUd3YVlWWkRSelkwKzZIbkJFZ1BjdlgwOW1OaUVqZGhKa3FL?= =?utf-8?B?L1lGRlBjSC9aWkZVMTQ5blplT0ZJb2FoOFpHcXBHcXZPY3hzWWZVRVg3VHBP?= =?utf-8?B?VW1rV3BwbnJLNTgxK29ZN2R4bzdreUFpako5S25xb2ZjOFdnSVpMVkc3RTBu?= =?utf-8?B?elRXQVZHd3Y1KzhEbDZLZnlrSzBrOFJEUUNhRUlIZWRXbmVaQjZDZEQycXhB?= =?utf-8?B?dENSNlJaRW5KUXVvbUNKY1JORDdxNng5NEZYZDloVlByZHUrL05qckJHNjNp?= =?utf-8?B?Ynk3dnBRTW8va0dPb3lkdHZRa2JqaVVHT2ViT3d1clFLVjlWN1d0eFFUM1Mw?= =?utf-8?B?cjZYZHJkSGhnTmVHRFp2WXJNbmFtMVAzL2NiNkJ6ZExCcEwxZS9PNjF1QXkv?= =?utf-8?B?bm4yRGpmWHBOQzZaTjJYcVpJZGxZdVVyT3JYS0pyeXR4ak1IQWVCa3RyS21W?= =?utf-8?B?VlYxVzRXY1I5UGUxTmNGWG5uMEFUTkF6Z0tEb0Y1cUE1cFBiOVd1V2pNMWRh?= =?utf-8?B?OWg3UFVLclh1TXpZdk92bk00UWJsU2NxOWZ5MFIycW9NYjBzSTNZeDJMc2U0?= =?utf-8?Q?WydB+MvZoQSq08dL77dQQ+aKckC/IuoMpSAm9Fu?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: da592571-e825-40d7-6fcb-08d8ff370641 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Apr 2021 11:18:26.8919 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: NwPdCzq8gLVfwZqElRrON5FaYpr/kAw0KUWcvOUNT87DlidcX9SG5Ny23P0t5LJL0S+9GMvxZNEV8syIwISRhg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4384 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US >> Since I had the data structures available in PEI >> phase for the tracking the page state hence made those available to >> DXE to verify that we are called to invalidate the SYSTEM_RAM and not >> MMIO. IMO, we should either extend the >> MemEncryptSev{Set,Clear}PageEncMask() to pass either a new flag to >> hint where its system RAM or non-RAM. Thoughts ? > I think I'd prefer a new function in the lib class, one that's dedicated > to clearing the C bit on MMIO without attempting invalidation. It's a > special-case function, and the dedicated name helps with two things: > > - no need to mess with existing call sites except in AmdSevDxe, > - the new function is easier to grep for. > > BTW, there would be at least one other approach for this, I think -- the > PEI instance of the library could consult the HOB list, and the DXE > instance of the library could consult the GCD memory space map, to > decide whether the page being C-bit-flipped is MMIO or not. But that's a > lot of complexity (and likely some performance hit too), when in fact we > know at the call sites whether the area being encrypted/decrypted is > MMIO or RAM. Sound good to me, will introduce new function for the MMIO in v2. > Note also that (IIUC) in AmdSevDxe, we only *decrypt*, so we only need > *one* new function, "MemEncryptSevClearMmioPageEncMask" or similar. > > BTW, in the "MemEncryptSevLib.h" header, the documentation of the > MemEncryptSev{Set,Clear}PageEncMask function declarations should be > updated -- the leading comments should explain that, in case SEV-SNP is > found active, then page (in)validation will occur too (as appropriate). Noted.