From: "duntan" <dun.tan@intel.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Jiewen Yao <jiewen.yao@intel.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>, Ray Ni <ray.ni@intel.com>
Subject: [Patch V8 01/14] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Date: Thu, 29 Jun 2023 18:08:47 +0800 [thread overview]
Message-ID: <20230629100847.1132-2-dun.tan@intel.com> (raw)
In-Reply-To: <20230629100847.1132-1-dun.tan@intel.com>
Remove code that sets AddressEncMask for non-leaf entries when
modifing smm page table by MemEncryptSevLib. In FvbServicesSmm
driver, it calls MemEncryptSevClearMmioPageEncMask to clear
AddressEncMask bit in page table for a specific range. In AMD
SEV feature, this AddressEncMask bit in page table is used to
indicate if the memory is guest private memory or shared memory.
But all memory accessed by the hardware page table walker is
treated as encrypted, regardless of whether the encryption bit
is present. So remove the code to set the EncMask bit for smm
non-leaf entries doesn't impact AMD SEV feature.
The reason encryption mask should not be set for non-leaf
entries is because CpuPageTableLib doesn't consume encryption
mask PCD. In PiSmmCpuDxeSmm module, it will use CpuPageTableLib
to modify smm page table in next patch. The encryption mask is
overlapped with the PageTableBaseAddress field of non-leaf page
table entries. If the encryption mask is set for smm non-leaf
page table entries, issue happens when CpuPageTableLib code
use the non-leaf entry PageTableBaseAddress field with the
encryption mask set to find the next level page table.
Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index cf2441b551..dee3fb8914 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -232,8 +232,14 @@ Split2MPageTo4K (
//
// Fill in 2M page entry.
//
+ // AddressEncMask is not set for non-leaf entries since CpuPageTableLib doesn't consume
+ // encryption mask PCD. The encryption mask is overlapped with the PageTableBaseAddress
+ // field of non-leaf page table entries. If encryption mask is set for non-leaf entries,
+ // issue happens when CpuPageTableLib code use the non-leaf entry PageTableBaseAddress
+ // field with the encryption mask set to find the next level page table.
+ //
*PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
- IA32_PG_P | IA32_PG_RW | AddressEncMask);
+ IA32_PG_P | IA32_PG_RW);
}
/**
@@ -352,7 +358,10 @@ SetPageTablePoolReadOnly (
PhysicalAddress += LevelSize[Level - 1];
}
- PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
+ //
+ // AddressEncMask is not set for non-leaf entries because of the way CpuPageTableLib works
+ //
+ PageTable[Index] = (UINT64)(UINTN)NewPageTable |
IA32_PG_P | IA32_PG_RW;
PageTable = NewPageTable;
}
@@ -439,8 +448,10 @@ Split1GPageTo2M (
//
// Fill in 1G page entry.
//
+ // AddressEncMask is not set for non-leaf entries because of the way CpuPageTableLib works
+ //
*PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
- IA32_PG_P | IA32_PG_RW | AddressEncMask);
+ IA32_PG_P | IA32_PG_RW);
PhysicalAddress2M = PhysicalAddress;
for (IndexOfPageDirectoryEntries = 0;
@@ -616,7 +627,11 @@ InternalMemEncryptSevCreateIdentityMap1G (
}
SetMem (NewPageTable, EFI_PAGE_SIZE, 0);
- PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)NewPageTable | AddressEncMask;
+
+ //
+ // AddressEncMask is not set for non-leaf entries because of the way CpuPageTableLib works
+ //
+ PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)NewPageTable;
PageMapLevel4Entry->Bits.MustBeZero = 0;
PageMapLevel4Entry->Bits.ReadWrite = 1;
PageMapLevel4Entry->Bits.Present = 1;
--
2.31.1.windows.1
next prev parent reply other threads:[~2023-06-29 10:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-29 10:08 [Patch V8 00/14] Subject: [Patch V8 00/14] Use CpuPageTableLib to create and update smm page table duntan
2023-06-29 10:08 ` duntan [this message]
2023-09-21 9:05 ` [edk2-devel] " Ard Biesheuvel
2023-09-21 10:09 ` duntan
2023-09-21 11:42 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230629100847.1132-2-dun.tan@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox