From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (NAM04-BN8-obe.outbound.protection.outlook.com [40.107.100.87])
 by mx.groups.io with SMTP id smtpd.web12.2162.1606943614825314993
 for <devel@edk2.groups.io>;
 Wed, 02 Dec 2020 13:13:35 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=m9w4mUNG;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.100.87, mailfrom: ashish.kalra@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=XVt8dcp1jyzcErLyECxYE+VeWcijWRFQ7pixbpqDRsfT0s+0HYg3uDiFaEwCNLZMI0u/JcQpgxFw1rJ0rPH56Hwhc+AwicX6pfVpAoGTmuh2taanb0qVfpjK+AmDtyvdvn4LHtQ3r6QW1hFL5imDsOyYqeVyw/3/y6Ze8WBD47fhpD1X/FURvJ6Zee33L3GAoweVZ1B4vLi8Ptga+fdmgFiB56CTFMuN5aFuyVnWhejF6SDGRQ6I6jRQ+ZF2hNLuyxT4bGg3Tzd1DdGblCMIec3GZy1W2e7anSYUb0mSm8mGngZ0Mr6bzuowyJy/goYSmh5G23stMH6W0Vd8tGolHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=k8W4is9BTEYGXZDG/kXgxEAsh2H3a2uKvImsBbP35Bw=;
 b=lnz5537IgjE5evd9yYQuJ/+0LgMnO75FLIMQrM8LkRmxMTi3omalFuMfKD++4vNVKkjg3Jo5RqaZrdfEdK1pRW+IO4Srg4f94HgrtEVa9YE05au+zSQMzIJmhGspGRCxJzWgQbvxJ94dJ9Mh5T37tWODqmxjEKx3ePdJUAgiu/n+qsBxRJla/v8a7vXHon7yFNDmERKuUfolJfcem9y1cM6RIaGigVnkaWRYeCFub2c6PUzyojMXSmNDme03jck917gTmiHQTItyGZNgyDaYpU3/sixil12wl64BpIVq1r0g59WrtSw8nA29+8Mr18Utb+XkffUTgToWBs4vekptuA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=k8W4is9BTEYGXZDG/kXgxEAsh2H3a2uKvImsBbP35Bw=;
 b=m9w4mUNGLWsRF2ZDrm0V6kinWwocNpX725rIc/GZKo0Btlh3jwsATECAfcDLINrKXo4tsj+krMmgNmFv3G8e7RdQZYPYkqsCR3tq+NvdOY319Gi0ouTelDgDo0LEeYwJBz2BncB2nVcbae0CGxjEk17bsrx/+3p0GiKyyL/lXhg=
Authentication-Results: amd.com; dkim=none (message not signed)
 header.d=none;amd.com; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23)
 by SN1PR12MB2447.namprd12.prod.outlook.com (2603:10b6:802:27::22) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Wed, 2 Dec
 2020 21:13:33 +0000
Received: from SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com
 ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Wed, 2 Dec 2020
 21:13:33 +0000
Date: Wed, 2 Dec 2020 21:13:24 +0000
From: Ashish Kalra <ashish.kalra@amd.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com,
	brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com,
	jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com,
	lersek@redhat.com, jordan.l.justen@intel.com,
	ard.biesheuvel@arm.com
Subject: Re: [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall
Message-ID: <20201202211324.GA14672@ashkalra_ubuntu_server>
References: <20201202072947.12668-1-Ashish.Kalra@amd.com>
 <83188ea4-630f-6a7e-e166-2d677df2e25e@amd.com>
In-Reply-To: <83188ea4-630f-6a7e-e166-2d677df2e25e@amd.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: DM5PR07CA0166.namprd07.prod.outlook.com
 (2603:10b6:3:ee::32) To SN6PR12MB2767.namprd12.prod.outlook.com
 (2603:10b6:805:75::23)
Return-Path: ashish.kalra@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from ashkalra_ubuntu_server (165.204.77.1) by DM5PR07CA0166.namprd07.prod.outlook.com (2603:10b6:3:ee::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Wed, 2 Dec 2020 21:13:31 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 7c2af281-90d7-43c3-3e26-08d897071fa0
X-MS-TrafficTypeDiagnostic: SN1PR12MB2447:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SN1PR12MB2447B90A321D2E2CF92B6CEE8EF30@SN1PR12MB2447.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:5236;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	IRDb/ym4SUwHxyoJOix99e2fV4sNkqa+E8jS5AN4bXSh7AVXtEorjw4SvBhtGAYDwDBGywwKMRSLiWE4PsNDYh6T0S0t9Q4NyoOErxL6MfB0d9nJs7PxsXL3EDyGpP6sltUWcazazNJPnSZtG3zcLu73Os+H73KFBXBehDch9HweafYviu2f2rHe5T5nABdJbCUsoe5jYQ8udDXJueuIF2MoaFptna/lWfPCL3J3L2fJMxVRj1DFp7Mv1ZrB8A6jLO+004rvgSY188FGJD7e30l6jikkLi3TwS+b9v5D6k8xLtpDE2JkXTnAYG9kAhOUBNIKJYzvz0qrk4HrYEVT4g==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(376002)(136003)(346002)(39860400002)(6636002)(66946007)(44832011)(55016002)(186003)(2906002)(83380400001)(33656002)(26005)(956004)(52116002)(6496006)(9686003)(66556008)(53546011)(8676002)(66476007)(86362001)(316002)(16526019)(478600001)(5660300002)(19627235002)(6666004)(1076003)(33716001)(4326008)(6862004)(8936002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
	=?us-ascii?Q?lXRE2PDd85jr8lfolqiahpT5jM4A3EtIQqS98SAdacD/KOqylpnmMIAnGkce?=
 =?us-ascii?Q?KsHBJBfbnVX95d94mNyATTnc7NxvELTNGmq7UlyquH97Ok4eiTAD5cv6oI31?=
 =?us-ascii?Q?2cg7hF4Am3tGX0D6Q2BDIQDCGcL07WpR2p5JVyjOfNQL8vNtnLM8WLTrFkdE?=
 =?us-ascii?Q?8XXjN3Ax9XzBvz67kkkphkkkZHeEfyVHTOWxOiFQrJrtowCdUoR9K1oA4l9q?=
 =?us-ascii?Q?ToQOVQXgeY5Ct45z4l0rl66yEO6gbxd7BUU9ggq+sH1+hQuGzhMYwcUUn0DG?=
 =?us-ascii?Q?8ZCjODY/GChnlEN/qh/K9aB4gN0gPQ+BRM3Ysd6ZdRkaEXwufKrcJO3oFiA/?=
 =?us-ascii?Q?fPvfirRhXLUH+9tBvDvsdnjKwUh+C7jV/JLoSyWwnQCnVPFfQ8rwEqOJw/mh?=
 =?us-ascii?Q?vc5ilmXhb2+9kWs88/l+pUm+DfXzZEFR6oWgudhZf9jAUwGdjfZcJm7F+VDb?=
 =?us-ascii?Q?DXzUGsVq/kJP+5+iZESOW1KejLNXKCpH0vMBZKmVsRDGVJMZ0Z2EpijmVMUv?=
 =?us-ascii?Q?xMbNaQEnT9mR6pndAZrjYYnUcTpGaighPnW0p9rUSpVi6tmm/WJQgNi7Cr4+?=
 =?us-ascii?Q?CyIBW6khrjgIwJYbHK72f4E87pLdH2uyUl9rDbhfesTaUd4zVOWWuB3Gc0jO?=
 =?us-ascii?Q?V+PXe73/LYKtFAfX8gSR9A/vJNwa1jTt8KFOVxCNrA79EYVbCv7xjg5tEYUS?=
 =?us-ascii?Q?II9pN3xkkOt6Ye1HJRLVhAXNq/HAm0qttyntALeg7eZE4Ru51IMQDicxBw44?=
 =?us-ascii?Q?PPlFsXqQALvrW1BwWpxhUl4i5n3vgzzZOeEssPlzqBO28rYXZWMRboYihWQV?=
 =?us-ascii?Q?x33FI4+wbXYEVUYDla1UJaGqlLel8J18r5ZuzBg8tpYAlvmvzd+AvS/k6Ec1?=
 =?us-ascii?Q?/wicKMRFJwkYzm0rAQYM4ViejdFol8A4IAUQiwknaUHQQVcrgAGYFf/6v30n?=
 =?us-ascii?Q?botU0zdQmpBemCgRBEWZn5M5fkCitsR6EYsvmJsXNboJycRPma87DreKiGqK?=
 =?us-ascii?Q?5ixF?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c2af281-90d7-43c3-3e26-08d897071fa0
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2020 21:13:33.0332
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: LcQn5IrxNH3jOqhlPDSGzssDQl5DQYx94UA30UtF5Zd/w34l4iGOYH2HFN8OoYQG2jvR/+cjoU2HbVtQf3NygA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2447
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Dec 02, 2020 at 08:38:23AM -0600, Tom Lendacky wrote:
> On 12/2/20 1:29 AM, Ashish Kalra wrote:
> > From: Brijesh Singh <brijesh.singh@amd.com>
> > 
> > By default all the SEV guest memory regions are considered encrypted,
> > if a guest changes the encryption attribute of the page (e.g mark a
> > page as decrypted) then notify hypervisor. Hypervisor will need to
> > track the unencrypted pages. The information will be used during
> > guest live migration, guest page migration and guest debugging.
> > 
> > Invoke hypercall via the new hypercall library
> > 
> > This hypercall is used to notify hypervisor when a page is marked as
> > 'decrypted' (i.e C-bit removed).
> 
> This will miss the SEC GHCB page that is mapped as unencrypted in
> OvmfPkg/ResetVector/Ia32/PageTables64.asm. You'll need to remember to mark
> that one specifically. I don't think there are any others.
> 

Ok, thanks Tom, i will add this.

Ashish

> 
> > 
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> > 
> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> > ---
> >   OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf |  1 +
> >   OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c      | 18 ++++++++++++++++++
> >   2 files changed, 19 insertions(+)
> > 
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > index 7c44d09528..95ee707918 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > @@ -46,6 +46,7 @@
> >     DebugLib
> >     MemoryAllocationLib
> >     PcdLib
> > +  MemEncryptHypercallLib
> >   [FeaturePcd]
> >     gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > index 5e110c84ff..1e670b6200 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > @@ -14,6 +14,7 @@
> >   #include <Library/CpuLib.h>
> >   #include <Register/Amd/Cpuid.h>
> >   #include <Register/Cpuid.h>
> > +#include <Library/MemEncryptHypercallLib.h>
> >   #include "VirtualMemory.h"
> > @@ -589,6 +590,9 @@ SetMemoryEncDec (
> >     UINT64                         AddressEncMask;
> >     BOOLEAN                        IsWpEnabled;
> >     RETURN_STATUS                  Status;
> > +  UINTN                          Size;
> > +  BOOLEAN                        CBitChanged;
> > +  PHYSICAL_ADDRESS               OrigPhysicalAddress;
> >     //
> >     // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
> > @@ -640,6 +644,10 @@ SetMemoryEncDec (
> >     Status = EFI_SUCCESS;
> > +  Size = Length;
> > +  CBitChanged = FALSE;
> > +  OrigPhysicalAddress = PhysicalAddress;
> > +
> >     while (Length)
> >     {
> >       //
> > @@ -699,6 +707,7 @@ SetMemoryEncDec (
> >             ));
> >           PhysicalAddress += BIT30;
> >           Length -= BIT30;
> > +        CBitChanged = TRUE;
> >         } else {
> >           //
> >           // We must split the page
> > @@ -753,6 +762,7 @@ SetMemoryEncDec (
> >             SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
> >             PhysicalAddress += BIT21;
> >             Length -= BIT21;
> > +          CBitChanged = TRUE;
> >           } else {
> >             //
> >             // We must split up this page into 4K pages
> > @@ -795,6 +805,7 @@ SetMemoryEncDec (
> >           SetOrClearCBit (&PageTableEntry->Uint64, Mode);
> >           PhysicalAddress += EFI_PAGE_SIZE;
> >           Length -= EFI_PAGE_SIZE;
> > +        CBitChanged = TRUE;
> >         }
> >       }
> >     }
> > @@ -812,6 +823,13 @@ SetMemoryEncDec (
> >     //
> >     CpuFlushTlb();
> > +  //
> > +  // Notify Hypervisor on C-bit status
> > +  //
> > +  if (CBitChanged) {
> > +    SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode);
> > +  }
> > +
> >   Done:
> >     //
> >     // Restore page table write protection, if any.
> >