From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 21F2DAC12D7 for ; Wed, 24 Apr 2024 14:50:39 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=9PaEKSPWbK4OASF7Wz/00evEuCXlA0mVvR0Jp3kwJrM=; c=relaxed/simple; d=groups.io; h=Received-SPF:Date:From:To:CC:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20240206; t=1713970238; v=1; b=VsX5iHPUA0M9V0v4xC6m2GD5m3ComlcHcznrnWUFEXr2YtRczGpGAlAr4zCoSuG/2LfyMhTW muIvcuihg3ShcPtu0CSHgsCWEb1+Y0pNZxFqkBbtd1ZXHcLwAdtjU0mzpxa5XkEqEY4LTb+sLoC il7NzRZz9yKrcBJQEAVrmzD2wE1KxaF/9OhrKnDvRPoEFkgQhj6pXDSa2hLs7bGP202T9tQBzhK stKI14LXIop3hMs2VquEkc9p1i2vDwTCnJSEOFoKSdfano8XQisIunaZBdL/BF2DFIzYuYV2NGG /Y5VRJ3Nx8uvN/lhutDrmMjo0O1pulq4k1RsBqccogghg== X-Received: by 127.0.0.2 with SMTP id W0MBYY7687511xhYoXMDk84Z; Wed, 24 Apr 2024 07:50:38 -0700 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.47]) by mx.groups.io with SMTP id smtpd.web10.18591.1713970237937532601 for ; Wed, 24 Apr 2024 07:50:38 -0700 X-Received: from BN7PR02CA0007.namprd02.prod.outlook.com (2603:10b6:408:20::20) by CY8PR12MB8216.namprd12.prod.outlook.com (2603:10b6:930:78::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.44; Wed, 24 Apr 2024 14:50:35 +0000 X-Received: from BN2PEPF000044A4.namprd02.prod.outlook.com (2603:10b6:408:20:cafe::66) by BN7PR02CA0007.outlook.office365.com (2603:10b6:408:20::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.35 via Frontend Transport; Wed, 24 Apr 2024 14:50:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044A4.mail.protection.outlook.com (10.167.243.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7519.19 via Frontend Transport; Wed, 24 Apr 2024 14:50:35 +0000 X-Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 24 Apr 2024 09:50:34 -0500 Date: Wed, 24 Apr 2024 09:50:10 -0500 From: "Roth, Michael via groups.io" To: Gerd Hoffmann CC: , Tom Lendacky , "Ard Biesheuvel" , Erdem Aktas , Jiewen Yao , Min Xu , Jianyong Wu , Anatol Belski Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set Message-ID: <20240424145010.zgi2rtgfky6chly4@amd.com> References: <20240423205958.1791780-1-michael.roth@amd.com> MIME-Version: 1.0 In-Reply-To: X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044A4:EE_|CY8PR12MB8216:EE_ X-MS-Office365-Filtering-Correlation-Id: d459cda3-3ef8-4fb0-4e59-08dc646de608 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?axBnHET3Uwz6AFrSbpzxNAGbUxxnSIzAx2nEa6r0Rl97hbT3XXMx3hIIMC4L?= =?us-ascii?Q?1bhYIX6QzTlDbjR6P7KiUAN3pZdBClw0/g6ssuBMeKL8aMyKlYhFJNcmgdeF?= =?us-ascii?Q?Xg4LwuAYi1MeFhu5rZXayxE4FpNkKH+PTINHlMtaNEvToDgIO0w4xxPXTurN?= =?us-ascii?Q?UYeDmOWqUvRKsOu3O502PX6oRVppeEs8HYa8BA1N/nqR3akarieFxWIdaTZh?= =?us-ascii?Q?U3kkkn7LiuEMYrODlTtFVs2JsjLZmGtiMpzoHY+K9ePmM3GcyEFQEAV9xkYY?= =?us-ascii?Q?S5Q2YAHVJUNXg9nuRYzfy7URT7CEc3mXmhYo46EVJTDJfwuK8mDsKlsu/0gV?= =?us-ascii?Q?aXC9Ph3ehdOD6GQUxCdJAfQx3GJgRuXsz3eJa4u3upHxVLPEA5F3AWyoQU18?= =?us-ascii?Q?ltPeIf3n4bSWazOqi9jmPJzWb49f6XBDpLu0uZSLr/i3mj1nDAjBDU8vhCtP?= =?us-ascii?Q?4zaluPn0jJ7JUWI1PZUe2zgX8FEiA4i5kfxqp61z6lixTR79oZAc4sb42G2C?= =?us-ascii?Q?gfEGuukd84T7TkHyA+6a/56IVSjFqi/s90xSVnjJCYu8k3mCRusWtKIuOAT9?= =?us-ascii?Q?UeLjsnZrVDN50W/kB0ih1Nki6YTBobWJhBK6fXT1v6sBbaYpnE3VLw7ZgvCs?= =?us-ascii?Q?pZUHj3osXvF6+ZeCbZrvHkpCGi6owgw2HIj7ieGnZSXGfN1CwkcvOsyQr+c/?= =?us-ascii?Q?9CBQhqMbwatt5j9TJiF20l2J19laqalQoLuZ3LjfDlAOs0AG1X7BsIjhK2rL?= =?us-ascii?Q?sCQ0iE9PRQnl7Az7ANnKz/pTb7SO3GAr/6T/oQPd0XbXMYZLrpLN3tjIxEvi?= =?us-ascii?Q?YWqQ4yPiHXd2iyHRTtmB28FXyvBeQJXzOZeLf2KtwSILvhYKdz+a4zjz1xpg?= =?us-ascii?Q?bcQjt/QLvR0WX51bjTBCgLQWtEEqRftEaXc8js0YHLrvzAs4ow4gNI84aHIz?= =?us-ascii?Q?blLhBywiHuWhe5ixfet31JbCzL9uJFWXN5GhEBStXR+0p5IEbOhJbrk+K5v1?= =?us-ascii?Q?jvNBjfBSj4eyHxipW37GRVkUK3khjiQK/oeKREAurq0WPTIor7I4Z53YH3wX?= =?us-ascii?Q?ZzRc/tz+6OesthnEAIG0KoUXP4xqVRlMj6O0U6jo9XVs6wMFlPYP2SdqaNdN?= =?us-ascii?Q?JykJQkTLuXffecQBlw44s/88UCRxaaxRFGnOiAo5m4Yop46Dcqj6EY6/2bsf?= =?us-ascii?Q?9b/v4FPtK75GhYswIGM4knR5M5Zj3ivuaJmYYFsDZ6vqHIS+2JtMEZX8j2v1?= =?us-ascii?Q?4D160ZSxZaJnWp694PYzplyDH65oVmVFKW05a6ZxQPHtxu8FO7UTaBgQs2B+?= =?us-ascii?Q?qLRJrF6mvI+enyJBlnh4eRYLrxGoSYhYkellzDWNH4ciGGxdeSeCGVTRduSo?= =?us-ascii?Q?lV/MKhJmZVK1Pt7Onq87Q4NQN6+2?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2024 14:50:35.2815 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d459cda3-3ef8-4fb0-4e59-08dc646de608 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044A4.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB8216 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 24 Apr 2024 07:50:38 -0700 Resent-From: Michael.Roth@amd.com Reply-To: devel@edk2.groups.io,Michael.Roth@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: qJBryJIZygwJDojuzrs17lv9x7686176AA= Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=VsX5iHPU; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On Wed, Apr 24, 2024 at 01:54:01PM +0200, Gerd Hoffmann wrote: > On Tue, Apr 23, 2024 at 03:59:58PM -0500, Michael Roth wrote: > > For the most part, OVMF will clear the encryption bit for MMIO regions, > > but there is currently one known exception during SEC when the APIC > > base address is accessed via MMIO with the encryption bit set for > > SEV-ES/SEV-SNP guests. > > what exactly accesses the lapic that early? This looks to be for InitializeDebugAgent() to set up a timer to handle the debug console. > > > +/** > > + Map known MMIO regions unencrypted if SEV-ES is active. > > + > > + During early booting, page table entries default to having the encryption bit > > + set for SEV-ES/SEV-SNP guests. In cases where there is MMIO to an address, the > > + encryption bit should be cleared. Clear it here for any known MMIO accesses > > + during SEC, which is currently just the APIC base address. > > + > > +**/ > > +VOID > > +SecMapApicBaseUnencrypted ( > > + VOID > > + ) > > +{ > > + PAGE_MAP_AND_DIRECTORY_POINTER *Level4Entry; > > + PAGE_MAP_AND_DIRECTORY_POINTER *Level3Entry; > > + PAGE_MAP_AND_DIRECTORY_POINTER *Level2Entry; > > + PAGE_TABLE_4K_ENTRY *Level1Entry; > > + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; > > + PHYSICAL_ADDRESS Cr3; > > + UINT64 ApicAddress; > > + UINT64 PgTableMask; > > + UINT32 Level1Page; > > + UINT64 Level1Address; > > + UINT64 Level1Flags; > > + UINTN PteIndex; > > + > > + if (!SevEsIsEnabled ()) { > > + return; > > + } > > That is incompatible with 5-level paging. The current reset vector will > never turn on 5-level paging in case SEV is active because we have more > incompatibilities elsewhere (BaseMemEncryptSevLib IIRC). But still, > it's moving things into the wrong direction ... Tom had mentioned this eventuality and we discussed it to an extent. AIUI once we make that switch then most of this function could be replaced with a call into the library to handle the splitting, and similar re-work would need to be done for handling splitting the area for the GHCB page which is also currently done with direct page table manipulation. So while it does sort of move in the wrong direction, I don't think it would significantly complicate things as far as making that transition. > > Ideally CpuPageTableLib should be used for this. What's the outlook for moving CpuPageTableLib before the next OVMF release? My concern is that once SNP KVM support goes upstream (which is currently looking to be within kernel 6.10 timeframe), SNP guest support in OVMF will be completely broken without a fix like this for APIC MMIO accesses. One thing to maybe get ahead of is the fact that splitting pages with 5-level paging will require having 2 pages reserved for GHCB instead of the 1 we have currently, and 2 pages reserved for APIC range instead of the 1 proposed by this patch (since we'd need to not only split a 2MB PTE to 4KB, but the upper 1GB PTE to 2MB). Do we know enough about what that sort of allocation/reserve logic would look to start modifying PcdOvmfSecPageTablesBase, PcdOvmfSecGhcbPageTableBase, and PcdOvmfSecApicPageTableBase to start preping for such a change? If so we could maybe take steps toward that to ease the transition. But either way if the move to CpuPageTableLib is a ways out then I think we need a fix before then. -Mike > > take care, > Gerd > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118217): https://edk2.groups.io/g/devel/message/118217 Mute This Topic: https://groups.io/mt/105698125/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-