From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (NAM04-BN8-obe.outbound.protection.outlook.com [40.107.100.87]) by mx.groups.io with SMTP id smtpd.web12.2162.1606943614825314993 for ; Wed, 02 Dec 2020 13:13:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=m9w4mUNG; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.100.87, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XVt8dcp1jyzcErLyECxYE+VeWcijWRFQ7pixbpqDRsfT0s+0HYg3uDiFaEwCNLZMI0u/JcQpgxFw1rJ0rPH56Hwhc+AwicX6pfVpAoGTmuh2taanb0qVfpjK+AmDtyvdvn4LHtQ3r6QW1hFL5imDsOyYqeVyw/3/y6Ze8WBD47fhpD1X/FURvJ6Zee33L3GAoweVZ1B4vLi8Ptga+fdmgFiB56CTFMuN5aFuyVnWhejF6SDGRQ6I6jRQ+ZF2hNLuyxT4bGg3Tzd1DdGblCMIec3GZy1W2e7anSYUb0mSm8mGngZ0Mr6bzuowyJy/goYSmh5G23stMH6W0Vd8tGolHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k8W4is9BTEYGXZDG/kXgxEAsh2H3a2uKvImsBbP35Bw=; b=lnz5537IgjE5evd9yYQuJ/+0LgMnO75FLIMQrM8LkRmxMTi3omalFuMfKD++4vNVKkjg3Jo5RqaZrdfEdK1pRW+IO4Srg4f94HgrtEVa9YE05au+zSQMzIJmhGspGRCxJzWgQbvxJ94dJ9Mh5T37tWODqmxjEKx3ePdJUAgiu/n+qsBxRJla/v8a7vXHon7yFNDmERKuUfolJfcem9y1cM6RIaGigVnkaWRYeCFub2c6PUzyojMXSmNDme03jck917gTmiHQTItyGZNgyDaYpU3/sixil12wl64BpIVq1r0g59WrtSw8nA29+8Mr18Utb+XkffUTgToWBs4vekptuA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k8W4is9BTEYGXZDG/kXgxEAsh2H3a2uKvImsBbP35Bw=; b=m9w4mUNGLWsRF2ZDrm0V6kinWwocNpX725rIc/GZKo0Btlh3jwsATECAfcDLINrKXo4tsj+krMmgNmFv3G8e7RdQZYPYkqsCR3tq+NvdOY319Gi0ouTelDgDo0LEeYwJBz2BncB2nVcbae0CGxjEk17bsrx/+3p0GiKyyL/lXhg= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN1PR12MB2447.namprd12.prod.outlook.com (2603:10b6:802:27::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Wed, 2 Dec 2020 21:13:33 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::d8f2:fde4:5e1d:afec%3]) with mapi id 15.20.3611.025; Wed, 2 Dec 2020 21:13:33 +0000 Date: Wed, 2 Dec 2020 21:13:24 +0000 From: Ashish Kalra To: Tom Lendacky Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com Subject: Re: [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Message-ID: <20201202211324.GA14672@ashkalra_ubuntu_server> References: <20201202072947.12668-1-Ashish.Kalra@amd.com> <83188ea4-630f-6a7e-e166-2d677df2e25e@amd.com> In-Reply-To: <83188ea4-630f-6a7e-e166-2d677df2e25e@amd.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR07CA0166.namprd07.prod.outlook.com (2603:10b6:3:ee::32) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by DM5PR07CA0166.namprd07.prod.outlook.com (2603:10b6:3:ee::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17 via Frontend Transport; Wed, 2 Dec 2020 21:13:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 7c2af281-90d7-43c3-3e26-08d897071fa0 X-MS-TrafficTypeDiagnostic: SN1PR12MB2447: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5236; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IRDb/ym4SUwHxyoJOix99e2fV4sNkqa+E8jS5AN4bXSh7AVXtEorjw4SvBhtGAYDwDBGywwKMRSLiWE4PsNDYh6T0S0t9Q4NyoOErxL6MfB0d9nJs7PxsXL3EDyGpP6sltUWcazazNJPnSZtG3zcLu73Os+H73KFBXBehDch9HweafYviu2f2rHe5T5nABdJbCUsoe5jYQ8udDXJueuIF2MoaFptna/lWfPCL3J3L2fJMxVRj1DFp7Mv1ZrB8A6jLO+004rvgSY188FGJD7e30l6jikkLi3TwS+b9v5D6k8xLtpDE2JkXTnAYG9kAhOUBNIKJYzvz0qrk4HrYEVT4g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(376002)(136003)(346002)(39860400002)(6636002)(66946007)(44832011)(55016002)(186003)(2906002)(83380400001)(33656002)(26005)(956004)(52116002)(6496006)(9686003)(66556008)(53546011)(8676002)(66476007)(86362001)(316002)(16526019)(478600001)(5660300002)(19627235002)(6666004)(1076003)(33716001)(4326008)(6862004)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?lXRE2PDd85jr8lfolqiahpT5jM4A3EtIQqS98SAdacD/KOqylpnmMIAnGkce?= =?us-ascii?Q?KsHBJBfbnVX95d94mNyATTnc7NxvELTNGmq7UlyquH97Ok4eiTAD5cv6oI31?= =?us-ascii?Q?2cg7hF4Am3tGX0D6Q2BDIQDCGcL07WpR2p5JVyjOfNQL8vNtnLM8WLTrFkdE?= =?us-ascii?Q?8XXjN3Ax9XzBvz67kkkphkkkZHeEfyVHTOWxOiFQrJrtowCdUoR9K1oA4l9q?= =?us-ascii?Q?ToQOVQXgeY5Ct45z4l0rl66yEO6gbxd7BUU9ggq+sH1+hQuGzhMYwcUUn0DG?= =?us-ascii?Q?8ZCjODY/GChnlEN/qh/K9aB4gN0gPQ+BRM3Ysd6ZdRkaEXwufKrcJO3oFiA/?= =?us-ascii?Q?fPvfirRhXLUH+9tBvDvsdnjKwUh+C7jV/JLoSyWwnQCnVPFfQ8rwEqOJw/mh?= =?us-ascii?Q?vc5ilmXhb2+9kWs88/l+pUm+DfXzZEFR6oWgudhZf9jAUwGdjfZcJm7F+VDb?= =?us-ascii?Q?DXzUGsVq/kJP+5+iZESOW1KejLNXKCpH0vMBZKmVsRDGVJMZ0Z2EpijmVMUv?= =?us-ascii?Q?xMbNaQEnT9mR6pndAZrjYYnUcTpGaighPnW0p9rUSpVi6tmm/WJQgNi7Cr4+?= =?us-ascii?Q?CyIBW6khrjgIwJYbHK72f4E87pLdH2uyUl9rDbhfesTaUd4zVOWWuB3Gc0jO?= =?us-ascii?Q?V+PXe73/LYKtFAfX8gSR9A/vJNwa1jTt8KFOVxCNrA79EYVbCv7xjg5tEYUS?= =?us-ascii?Q?II9pN3xkkOt6Ye1HJRLVhAXNq/HAm0qttyntALeg7eZE4Ru51IMQDicxBw44?= =?us-ascii?Q?PPlFsXqQALvrW1BwWpxhUl4i5n3vgzzZOeEssPlzqBO28rYXZWMRboYihWQV?= =?us-ascii?Q?x33FI4+wbXYEVUYDla1UJaGqlLel8J18r5ZuzBg8tpYAlvmvzd+AvS/k6Ec1?= =?us-ascii?Q?/wicKMRFJwkYzm0rAQYM4ViejdFol8A4IAUQiwknaUHQQVcrgAGYFf/6v30n?= =?us-ascii?Q?botU0zdQmpBemCgRBEWZn5M5fkCitsR6EYsvmJsXNboJycRPma87DreKiGqK?= =?us-ascii?Q?5ixF?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c2af281-90d7-43c3-3e26-08d897071fa0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2020 21:13:33.0332 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: LcQn5IrxNH3jOqhlPDSGzssDQl5DQYx94UA30UtF5Zd/w34l4iGOYH2HFN8OoYQG2jvR/+cjoU2HbVtQf3NygA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2447 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Dec 02, 2020 at 08:38:23AM -0600, Tom Lendacky wrote: > On 12/2/20 1:29 AM, Ashish Kalra wrote: > > From: Brijesh Singh > > > > By default all the SEV guest memory regions are considered encrypted, > > if a guest changes the encryption attribute of the page (e.g mark a > > page as decrypted) then notify hypervisor. Hypervisor will need to > > track the unencrypted pages. The information will be used during > > guest live migration, guest page migration and guest debugging. > > > > Invoke hypercall via the new hypercall library > > > > This hypercall is used to notify hypervisor when a page is marked as > > 'decrypted' (i.e C-bit removed). > > This will miss the SEC GHCB page that is mapped as unencrypted in > OvmfPkg/ResetVector/Ia32/PageTables64.asm. You'll need to remember to mark > that one specifically. I don't think there are any others. > Ok, thanks Tom, i will add this. Ashish > > > > > Cc: Jordan Justen > > Cc: Laszlo Ersek > > Cc: Ard Biesheuvel > > > > Signed-off-by: Brijesh Singh > > Signed-off-by: Ashish Kalra > > --- > > OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 1 + > > OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 ++++++++++++++++++ > > 2 files changed, 19 insertions(+) > > > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf > > index 7c44d09528..95ee707918 100644 > > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf > > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf > > @@ -46,6 +46,7 @@ > > DebugLib > > MemoryAllocationLib > > PcdLib > > + MemEncryptHypercallLib > > [FeaturePcd] > > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > > index 5e110c84ff..1e670b6200 100644 > > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > > @@ -14,6 +14,7 @@ > > #include > > #include > > #include > > +#include > > #include "VirtualMemory.h" > > @@ -589,6 +590,9 @@ SetMemoryEncDec ( > > UINT64 AddressEncMask; > > BOOLEAN IsWpEnabled; > > RETURN_STATUS Status; > > + UINTN Size; > > + BOOLEAN CBitChanged; > > + PHYSICAL_ADDRESS OrigPhysicalAddress; > > // > > // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings. > > @@ -640,6 +644,10 @@ SetMemoryEncDec ( > > Status = EFI_SUCCESS; > > + Size = Length; > > + CBitChanged = FALSE; > > + OrigPhysicalAddress = PhysicalAddress; > > + > > while (Length) > > { > > // > > @@ -699,6 +707,7 @@ SetMemoryEncDec ( > > )); > > PhysicalAddress += BIT30; > > Length -= BIT30; > > + CBitChanged = TRUE; > > } else { > > // > > // We must split the page > > @@ -753,6 +762,7 @@ SetMemoryEncDec ( > > SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); > > PhysicalAddress += BIT21; > > Length -= BIT21; > > + CBitChanged = TRUE; > > } else { > > // > > // We must split up this page into 4K pages > > @@ -795,6 +805,7 @@ SetMemoryEncDec ( > > SetOrClearCBit (&PageTableEntry->Uint64, Mode); > > PhysicalAddress += EFI_PAGE_SIZE; > > Length -= EFI_PAGE_SIZE; > > + CBitChanged = TRUE; > > } > > } > > } > > @@ -812,6 +823,13 @@ SetMemoryEncDec ( > > // > > CpuFlushTlb(); > > + // > > + // Notify Hypervisor on C-bit status > > + // > > + if (CBitChanged) { > > + SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode); > > + } > > + > > Done: > > // > > // Restore page table write protection, if any. > >