From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.50])
 by mx.groups.io with SMTP id smtpd.web12.5449.1625057680349008772
 for <devel@edk2.groups.io>;
 Wed, 30 Jun 2021 05:54:40 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=JEAg3Z9N;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.50, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=RFuSm4+B7AUkBe3jhBIpfb+dBzmMXi3wFVYVJ/MFHXxu1+WUb6P7VoiEhvewk6pNCIvK46Kti5PWJg0cZGuzm8gW8kST/6hq+vX+tXUm8cjGoSn+5nwhZX7oE39UT9bB1fV5VuyR+Al0xKeDb4NHdycHS++S4FmXGgNVfpIhDZGhNYhN9z7IGtGXYeVSfR/mrmt/YgWVrIBb5+TqwfSEFQ/LeZRHM7X1Mcl58JFmiHgnoGTkbyqAlQ0q5YOerkckClC2sf7yGhmqZJEb4MT/bJNstKgwcJ94UGC1BfmTaSwImkfI0ISainACe6VXfCu4bkvjk4soypeRzyNW8vNr9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=a+xem6I8wVE9lFVXOhZPkFdzZ1K5q1JQN1L3V/Xariw=;
 b=gaOZPvhf/CnQJgfiE15Xuo/D+On/7BtHcHGJRLexr9CxpMGO6f51FScKjeZQKSTrotfsuK9/LVP7867nFLgLL6M4HT4otP4ZTkoWNSKbuvZCGLjQfdrpbQC1FpJhb0g3tDgTinhDFINjyGnJNj/L9JdUanrZBQsB8obS8zejYj5blX4tnCTt64wjTTbaNkb1iUArmrJXio1ky9rFy1Ddd3aqA2ZgBCbtzim325MED0cMhFnNN9mDuQBE1AieSj3q5kLhbJhyg27J8kbBrcgiIRS+K23suEJ3BXFqcKH4JL8H+SLvP8cdXx/yy2CfbIOT+7do4jtZ7Hado2XD+Bc1Hw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=a+xem6I8wVE9lFVXOhZPkFdzZ1K5q1JQN1L3V/Xariw=;
 b=JEAg3Z9NI4U2z9S4mleLG1GrLlaQaCKYFOLSfDXdGkgcL5TlOqCahC51tVYZFP38KE6fDWnnqQcRIibm1yd6ue4DiSX+IWrjEidB03fvIPLpcVkDbCOL+a+garOwZ8cRogyvTOiIkaOAUdqrxffYCdAPJMhhEH0HuPZRHi9nkdU=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by
 DM5PR1201MB0172.namprd12.prod.outlook.com (2603:10b6:4:51::8) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4287.21; Wed, 30 Jun 2021 12:54:38 +0000
Received: from DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021
 12:54:38 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [RFC PATCH v5 24/28] OvmfPkg/MemEncryptSevLib: change the page state in the RMP table
Date: Wed, 30 Jun 2021 07:53:17 -0500
Message-ID: <20210630125321.30278-25-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com>
References: <20210630125321.30278-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com
 (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com
 (2603:10b6:5:42::18)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:37 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 33ce01f8-424b-4252-2c59-08d93bc63808
X-MS-TrafficTypeDiagnostic: DM5PR1201MB0172:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM5PR1201MB0172F35053FDA9BF2A771C49E5019@DM5PR1201MB0172.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	Lu1+VGDw3gOLZsDbxOmCdIfEjWzSMpiOrMclXPV4N2MVZFVFuVW3XJK8mJNYyNJO5OPpmNDAV0vQnrIbR2bV3zbfwkRq/BVFGY+RAKm7PYzIbouMoBaFG1TiAfHypXVhzP8CrYFBHXs+Or7yhEVpZa8fThy9cFtfdtpkAclXTriqO/6a3At7PSRJCtYTKO1CD98N9hWf2zPXqobjp1KwDpijXrBWLvNUZ6gkdnm+2zj37Csaf3dE8YVhSs3mHptqLCmz1w9mQ0LWwIDw/4pK1WekQQ6Le6HAfH3dGmfRAyZJ3ZAO120ipJzfuAEGBllF5J357vY6WqTVPGN0ZeK99oMXNapTdV2DRCYsfjhqKvCNsHSkuGXUVp9LN2HkRoZkqkkvAOWIMXKTvBTucaazAT7XKZXsgdvHCrh84yYjY3zJGcGMk33/ykDrC/MNe8v2eyzlD4U0sbliY9Kw1CmnbvcDhRGouWddYrNVp67qWq0j/tFS1n1KrsLHvtW3jUKPxrjElPW4le7QVUh/bPp5h1FEyP1pxFCv6u5uFNyt+ZkLShKzcwcCxiFUVFqsn+Gx08X3LqmCsBLHEgSuimDmdMT+1p+0QzrBaXza13wTjVAUeD1jvd6SdefbGbSI/ggRghdr6Ac7Z8UvZBH2Jb1UdWnCiYnUMkE6FB4UL4MluK1ae60jNChtCFHy3HFeDuakhAV75hNRUVXM3fdsJBs2vZ3hiI9rmMAD6m4HZyvOCkqP/f6/usOGw/Su6EEOqWlTbrDZbu0aVwUIbV1FrUeZ3QHmfQpTau7MCVlC8alAvDqaL5JIc42FBh25O4u7+Qy7
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(366004)(39860400002)(136003)(346002)(396003)(19627235002)(7416002)(36756003)(5660300002)(8676002)(8936002)(54906003)(38100700002)(44832011)(2906002)(38350700002)(4326008)(83380400001)(7696005)(6486002)(1076003)(2616005)(956004)(66946007)(186003)(966005)(26005)(478600001)(52116002)(6666004)(316002)(66476007)(66556008)(16526019)(86362001)(6916009);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?pW3uDUkfiXR35K1lAbhtgmUQXBdX+uI1u0diTsJ8joLnR40NYYQIT43aGgP9?=
 =?us-ascii?Q?rv4SQRel/4Yv0gWw47bkO6CUum2IVdkoIZiCpv0ae+ypl7g4bebYGWtn5/Si?=
 =?us-ascii?Q?s851nrv39vmI5CMDk5mTPnDThDXm2+5rde5mOP6YAGHWJ6Jpnvk4W6bVDkPs?=
 =?us-ascii?Q?J6dk1JeqPj4n43Cfcgri5f6x3rL0nTm0VRO53FseQ6V+gubado7rMlVAdvDV?=
 =?us-ascii?Q?PO/iOCK/xO4EuigUweg+1aMBq8EaJGHT0ZtaT+QzOvkN+BZbNtf24UnXHsAQ?=
 =?us-ascii?Q?wnqW5fUSWyPMBKwY/LEpSfW7Uucd81o+eEbuu0uvk5TVtj3XbTa8+Etk2hf4?=
 =?us-ascii?Q?qvH6F8yqI0lkR0Y3SWkGh1bMX/I6VEIWmWe/9784g8xx/jo4Ad4lVyowNnOa?=
 =?us-ascii?Q?v9Wm+w7aZeKWn+XiWvKgleQ6UU+it/sBQE65SOnztDNj/BDaSwLa2AOi+JYC?=
 =?us-ascii?Q?9JVpJ1weNlY75R5+6yinVg16ZT+u/mrBmwy6vqsaWqbV7NUO12D/m8ioUwqt?=
 =?us-ascii?Q?c5g0glGpad5HVdOC7/Dg4Dvn0UKBgjGiPxNH+hSgISgonm0L0KI9WiP08V/A?=
 =?us-ascii?Q?H8zpRS98iTPGK+qJT62OfLpnc8w26h0HqmxVMiIGFyEKKhvP/PzPKAxptkAR?=
 =?us-ascii?Q?lUgE3YHpetXkBZBL3QokLR2+B1NUlW/uT4MLvAZ5XKbY1qhBTloS0NmmadxJ?=
 =?us-ascii?Q?7FyNZmKnKt9nqxuUY58s+fhx3zvZ4bhHnf6/a9h923un3Xd0B93LMcXlFWDI?=
 =?us-ascii?Q?A3h1xvmpH5asyn8GcRpnpaWOL+ZQzFFzLuozYJ5ec0BGn2XwB0q+pPfyUo6/?=
 =?us-ascii?Q?e71l7reXJJU7ANf8DbmzfC2Hwieo4mO+EjmEk+4oj86IqXtJfQjaQIbD9EdY?=
 =?us-ascii?Q?mUaCnT/IyzpxUXpk7REMyJ9pOllR1Tfq5HgxmIBfYf8V9XuUI3FNIAODfX8q?=
 =?us-ascii?Q?h+Y//y7/v6njPGE7vvlJ/bX6uNRosv0IlG35X6pr3QG15vqTCSqfN9bd2ReA?=
 =?us-ascii?Q?fGu6TJPa3Um2OAj/4e21GRtJ/1b74SU8T+ZmaPp//gHNs6/OfnPKmq6YXIrL?=
 =?us-ascii?Q?fnHa6eMt4RmHzlxaQkRbGs+ED+rTAwsCepFRsNPSMR29pE/D5M+kWCnWj/hI?=
 =?us-ascii?Q?a/sAx0UNUQF/xOOjL49zsF7WFKh9RlQYHi1CRF6hkhiZqscDYzbTjYMMmwtg?=
 =?us-ascii?Q?m9oOCDlW1+bOItUBDY94/QZkjucunbp18fnDcI5KDzqjLZ1/sXf2hNSIm+MQ?=
 =?us-ascii?Q?pjKS5DYE4xseiigZI3mI8RmYbBVExaVL/G8A1GNPaPOIiTUh1BkClcSJfj6h?=
 =?us-ascii?Q?5PztNAPNrMHt8BDFvtd5KrRI?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 33ce01f8-424b-4252-2c59-08d93bc63808
X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:38.0428
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: C/TXN7n/03z821vE8DjVFkHWRhGW7VOXEAu9KR68wrkclUth487DVHN2DAd50HbbxD4FhzwaWaMAMIPniwZ7qQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0172
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or
clear the memory encryption attribute in the page table. When SEV-SNP
is active, we also need to change the page state in the RMP table so that
it is in sync with the memory encryption attribute change.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 .../X64/PeiDxeVirtualMemory.c                 | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c=
 b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index f146f6d61cc5..56db1e4b6ecf 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -17,6 +17,7 @@
 #include <Register/Cpuid.h>
=20
 #include "VirtualMemory.h"
+#include "SnpPageStateChange.h"
=20
 STATIC BOOLEAN mAddressEncMaskChecked =3D FALSE;
 STATIC UINT64  mAddressEncMask;
@@ -695,10 +696,12 @@ SetMemoryEncDec (
   PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry;
   PAGE_TABLE_1G_ENTRY            *PageDirectory1GEntry;
   PAGE_TABLE_ENTRY               *PageDirectory2MEntry;
+  PHYSICAL_ADDRESS               OrigPhysicalAddress;
   PAGE_TABLE_4K_ENTRY            *PageTableEntry;
   UINT64                         PgTableMask;
   UINT64                         AddressEncMask;
   BOOLEAN                        IsWpEnabled;
+  UINTN                          OrigLength;
   RETURN_STATUS                  Status;
=20
   //
@@ -751,6 +754,22 @@ SetMemoryEncDec (
=20
   Status =3D EFI_SUCCESS;
=20
+  //
+  // To maintain the security gurantees we must set the page to shared in =
the RMP
+  // table before clearing the memory encryption mask from the current pag=
e table.
+  //
+  // The InternalSetPageState() is used for setting the page state in the =
RMP table.
+  //
+  if ((Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) {
+    InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev=
SnpPageShared, FALSE);
+  }
+
+  //
+  // Save the specified length and physical address (we need it later).
+  //
+  OrigLength =3D Length;
+  OrigPhysicalAddress =3D PhysicalAddress;
+
   while (Length !=3D 0)
   {
     //
@@ -923,6 +942,21 @@ SetMemoryEncDec (
   //
   CpuFlushTlb();
=20
+  //
+  // SEV-SNP requires that all the private pages (i.e pages mapped encrypt=
ed) must be
+  // added in the RMP table before the access.
+  //
+  // The InternalSetPageState() is used for setting the page state in the =
RMP table.
+  //
+  if ((Mode =3D=3D SetCBit) && MemEncryptSevSnpIsEnabled ()) {
+    InternalSetPageState (
+      OrigPhysicalAddress,
+      EFI_SIZE_TO_PAGES (OrigLength),
+      SevSnpPagePrivate,
+      FALSE
+      );
+  }
+
 Done:
   //
   // Restore page table write protection, if any.
--=20
2.17.1