From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.40]) by mx.groups.io with SMTP id smtpd.web11.12792.1687871613445080721 for ; Tue, 27 Jun 2023 06:13:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=QsqsjB1s; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.40, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RKqohphhrHYVpJjRjfrUdRRZ+5tbUOasRqP6uFvkmMLFaaAsZn2gkRrUSy8+FXdcOxks/y9uEjLIQ9JLv6wvJusXPyFeWOYJw124dP5PbzB+JnDvVPCu9yebHjXrMIH6fZdR7Y3wC+nqvU+0NplvIkRT9jqVKX/FnJyK5FHWEj5ltMtzgunv+yPxG71z6SzH2qWrxcUtAjq06KiMQFAnJuI/K+THVx4reboNIsuPPsfL4OcEqeFL65vb2GeuZOMTwDvxHILu0Y3QBzfFMu27cjxZWIYk+fPhZBXmVo6h0HCgqW0eFogtEakyJATItyB6NIXd6xz8RzMehdGsOy4I3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+IFK4iRM2HdKv43/KvIeD/063Pzo6i0WVZ+T3uxOEbQ=; b=C+L0u3B9xIa3FBHOQVSy4c0D23KQCONUfHz2v0O4GGyOpMnt+EJkvfVhVamn0pEYcDB428olxPUCFBGcj5OnBdHMSghawTjqHCMfI2sg6JxwFHHHg7EkR68PSSHu1ayuZ12vko7XCgqq7AjP0PH4a5N3j7F1S/Hj2qanfDnzVoFd1G/5cEpP+e1Q+m2CCQVffIFC/u/pU4oCH9Xdspj25c6LWgfIpv5B9lo64KbhaLMQrZGhyw621wAB8kkTOGwWF3uC+/tH+gRnpP25uE/o8GO35U8CnbHjA2iat9GeeFULp2qLtsb6tqEVjGhzqpqe/t7R3nFxdlIGWXmEAPwRXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+IFK4iRM2HdKv43/KvIeD/063Pzo6i0WVZ+T3uxOEbQ=; b=QsqsjB1sGVEMEsUlgmEPA1VMLWSJsPdkZihZJ8AkkzvQ0e2a18oO/6Pi0gF7uqc0J2Wf2buO9sYHgp03nZKlNqiYM5wWEF8qS4g1wzlel0ZEYkXwPzuYiGo/noThx+zfDbwylDogU9gO+ioPbasVAdrBpfSoEKkl2F2S4qEfdpM= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by CH0PR12MB8488.namprd12.prod.outlook.com (2603:10b6:610:18d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Tue, 27 Jun 2023 13:13:31 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::1629:622f:93d0:f72f]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::1629:622f:93d0:f72f%7]) with mapi id 15.20.6521.023; Tue, 27 Jun 2023 13:13:31 +0000 Message-ID: <20db2795-b5b5-1da1-d4ca-67ec0d8dc037@amd.com> Date: Tue, 27 Jun 2023 08:13:28 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [Patch V7 01/14] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry To: Dun Tan , devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Ray Ni References: <20230627052340.1663-1-dun.tan@intel.com> <20230627052340.1663-2-dun.tan@intel.com> From: "Lendacky, Thomas" In-Reply-To: <20230627052340.1663-2-dun.tan@intel.com> X-ClientProxiedBy: SA1P222CA0142.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c2::24) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|CH0PR12MB8488:EE_ X-MS-Office365-Filtering-Correlation-Id: 9bdb4807-c073-4edd-dcb9-08db77104d9f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 97KsnD1eUlhuW7vbMwlhXfU/3wrezFP4aMoYeBzBJR6m0VVQtnoPKa6h6EkwLKw3s5lVS6a6jJ2c9K+tsZnFtIhb1nQhGxWj3IxfJfArUBRyXUJvK2kt35ygVcCofQP9W81wG5Vb81KE+1szdAgSJ7LdFlwr28lX08tf/bo1beL/3O/DZQnAxdrv/wmE6RrakSUcw5yADdgIp1hnDWtldnUAx8hNMkPGGoBkl+Cv8YCCLFEOXaYR9tFA6vFGlL0DVPOophrKLZzsQhYg6Ow2Na/GBqNiIXrLJ9Rq7n/e1xmINeUTCDW9iAXN/gjP5IU2mgHJTfZUWwMxYP54DIW3bN+qS/91kxJbQUHqahNmB51X5cXLg99VaBSN2mDLTa0Uri7wUh27XJH6xcRdOlj+//TtlLkNbSglnbTE5AY9L5AxjueqOEFVeNbuyu4NU/+90KVmzEJvmPt+j7FTlil+xkfFm/BVEQVXfvS12yI8doERc23+MRv+8+d2UkjnLGUOsM2on4csdhQpj8udWIsMqf5qzHMxD2fiJrXLxegMkS/Gp+KU0rpuNJsZBInciYAy7OJzYRDAtmTyQm1VDEjKt7pWgTfbhUpRsOYGJvaD+iSLQYC6SFFL1Xy1WmCucYBKPb34/VREaleaB0K8nwoFPQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(396003)(136003)(366004)(346002)(376002)(451199021)(5660300002)(4326008)(66556008)(66946007)(478600001)(316002)(36756003)(66476007)(31686004)(8676002)(8936002)(6512007)(2906002)(86362001)(19627235002)(54906003)(41300700001)(6486002)(31696002)(186003)(38100700002)(26005)(6506007)(53546011)(6666004)(83380400001)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?STJqNzR4RURrMjBzdXRQTks3ZDN3Q0dFRGczZ0s1b3BaeUc0UTJtOFJqMDFB?= =?utf-8?B?U0RaRFU4Qktla1N6NkJiTkZhQmlSMGpNMW9TNFVwditoRWdZTjJSUUIwTzlo?= =?utf-8?B?cmxIcUc5YkZzUTF0bWtaSHF1cSsyRnZocDU5ejZxbkxFNjBaT2t5cXZ0UCtw?= =?utf-8?B?S3EzR2t3aXpQNHVWUVNzZFEvelNaeWhpRjF3Zm1ESFRIUFMvdXB3Wm9RUmc3?= =?utf-8?B?RkxUSlFGaTY4TXhUQytLazNkZDJOOGN4YldxN3dtTDlId0MzYmVjb3JuU1I3?= =?utf-8?B?TXRsdGVucWdmQWoxU2k4MmlQZHc3U0NxYlFGMUVxYkJyakdNOWZoSUJ1VFBD?= =?utf-8?B?WExLS2F1ZE5iODR0bkcvK1laTVpLWXR4eS9CVXNZTGFyODV5bVRMSVJMNVFz?= =?utf-8?B?YXdwYURyYXdhV0Z5TzA1SXhacXd6a21jNU1QOGlaQXRsYnpIQzgvWHVEK0J2?= =?utf-8?B?SFdRWlppQ1Bid0J3K24zUFh4USs4R3FYSFpxUzRjMFgwQTQzNXdTNDhpejRa?= =?utf-8?B?Z0NGYXJSNENuRUNXZWR4NitwOU05bzlrTlZhR3FwWlZBNHU0TGNrQUkweDdP?= =?utf-8?B?WGJGMDlNNjkvR21aMWZtUTdiZ3BDbFhtdjVmTFd5VExVSkpWS3k0NVZoMk42?= =?utf-8?B?c3g1Nm5iUThTR0JyTGd4b1Q3dXE1bjFXaEFLVVh6UUp5VVdpU2JIa1ExYjRs?= =?utf-8?B?dDJaT3JKeEtmUytKUm1nbEhxb2pHeUhYMXY4ZDVLaHNFU1Q5MnhSUlp1UXdk?= =?utf-8?B?Y1JHdGdjSjRNR3p3a3hZNExNeHB4NVM2WDRjendSb2pmczdtejgzaW9GMFRN?= =?utf-8?B?ME04WmcrSldhdTZkMUtYVlJETGwxbXRlVVZuUmw0ek9Gd0I3Smh2dldXYzRz?= =?utf-8?B?OXhvRDB6Q2dlUVVjdmY0MmxrWGlsWGJjb21ETC9BNjh3WEt3YzRWZjRyN3BS?= =?utf-8?B?bHBqSUV1NmdsdEpvTWFBdU5zYmZVV1ZwNFBBbFZ5TjQ2YWNFT3lMOXlEdWkr?= =?utf-8?B?U0ozVWdKRDVoVnI3ZUxxbW1oV09VYWE0VkU3ZEVuZjJmZTR2MnZrWlp1OVBm?= =?utf-8?B?QWRIRnRKZzZFeWR2dzZ0bm16eWtMWHNFY1phTnIvRy8zREpQQTRmWHBmVjJT?= =?utf-8?B?YUxHNTBOejEvMHAyYXI5T1hONUNmL2RsakF1SHVTWmtmTFJjb3M3OWw4SVpM?= =?utf-8?B?UDJVdVNyaEd1QU9GUXg1TWZpUjRIM1ZjeGpKQjFCcXJVVkdJVzQvNzNtcHVH?= =?utf-8?B?Y1c4L2JqUGdGZlFNdFU4NmNXVWwrSjlHeVovOEZpRVFJM2xuZlBod25VVGlz?= =?utf-8?B?L1BibDFQc2hQSFlOVEltekE4N1ZLdGRzYWM3K2pObG1kV3ZGQXV3YWxGWk5h?= =?utf-8?B?MC9KMFlnT3ZOQ2xtbXAxS3RKa2c1R2dST0RPKy9NcTdsRjh4UWg4YTBvVDAx?= =?utf-8?B?YStWazdBNjNJVmZ4aUprWGJMcTFzOU8zaUdTc2swVGJFcFl0cjdxcUFvL1Bt?= =?utf-8?B?dDhUSGZKVEhDckFYZFFaYkVyOW5qa1pBOVNxUlJjU1IrWXNuWHBhSXkxQ0lN?= =?utf-8?B?UFNuWFRaaHE2T1Jjbm1oWDhtY3lySWx0cUJ6ZW9NUitRSC9sK0xiUEdRUThS?= =?utf-8?B?alFPNWFaYncxUENMMWNmNXhTT2FQRVlMTndBT2ZPcEFrUTZ1bFBSMGk3UFB1?= =?utf-8?B?QzdwTEQ1K1U3VWhxVUg5NDFja0J1SVFXTWZlNFFSS21RSnBZUFB1YXMvNy9u?= =?utf-8?B?c1FiZVBrMENsVTRMSFRPSW85ZTU5eW5hWlZtU2lqWHhzdm1aMG5rajY4dTRm?= =?utf-8?B?MnBqOFVDVEhhZlFTYjlXNjUzNnlPa2psTGVXUUhKSEFBU2YwejdBeDdEdmNp?= =?utf-8?B?NUZlbWRSb2hTV25LdUVaT1M3N0NuelZtWXZHN0xvUHZjdEhOYjN1ZE1xR0hU?= =?utf-8?B?MkJCVkVMeUpOT0Y1eVF2U3ZxS2FYa0VCZUZERHhZdXZMUVhYUGdUY1BPdU5Q?= =?utf-8?B?V1ducGYxa0lxWmVrcSt5RHdMQnpkQkVxckx6VjlZK3c1T1ZES1NLdzFUYkNr?= =?utf-8?B?Zm9tVHRBT2x4eWh0ZHlmMXlYcDBMQTF2SWkrdnZsSUNuek5KZUdtRUZNakRY?= =?utf-8?Q?6mw83/uEf5MAM0+eJ5DSb7axB?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9bdb4807-c073-4edd-dcb9-08db77104d9f X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2023 13:13:31.0896 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Wpmjq35KyRwi2KMdbRZB4udU4qGp9CdorSufSx8UW2yqnFZUGtshuxYG+yXFpSs1MpJWSbUs1TBUFp/EJGC+yA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB8488 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 6/27/23 00:23, Dun Tan wrote: > Remove code that apply AddressEncMask to non-leaf entry when split s/apply/applies the/ s/entry/entries/ s/split/splitting/ > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it s/smm page table by/SMM page table entries in/ s/In FvbServicesSmm driver, it/The FvbServicesSmm driver/ > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask s/clear/clear the/ > bit in page table for a specific range. In AMD SEV feature, this > AddressEncMask bit in page table is used to indicate if the memory > is guest private memory or shared memory. But all memory used by > page table are treated as encrypted regardless of encryption bit. But all memory accessed by the hardware page table walker is treated as encrypted, regardless of whether the encryption bit is present. > So remove the EncMask bit for smm non-leaf page table entry > doesn't impact AMD SEV feature. > If page split happens in the AddressEncMask bit clear process, > there will be some new non-leaf entries with AddressEncMask > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe > module will use CpuPageTableLib to modify smm page table. So > remove code to apply AddressEncMask for new non-leaf entries > since CpuPageTableLib doesn't consume the EncMask PCD. This last paragraph is a bit confusing to read, please rewrite it so it is easier to understand. > > Signed-off-by: Dun Tan > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Cc: Jordan Justen > Cc: Gerd Hoffmann > Cc: Tom Lendacky > Reviewed-by: Ray Ni I think it would be best to include comments in the code around the areas being changed explaining why the the encryption mask is not being set for non-leaf entries because of the way CpuPageTableLib works. With comments added: Reviewed-by: Tom Lendacky > --- > OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > index cf2441b551..372fc03fde 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > @@ -233,7 +233,7 @@ Split2MPageTo4K ( > // Fill in 2M page entry. > // > *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 | > - IA32_PG_P | IA32_PG_RW | AddressEncMask); > + IA32_PG_P | IA32_PG_RW); > } > > /** > @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly ( > PhysicalAddress += LevelSize[Level - 1]; > } > > - PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask | > + PageTable[Index] = (UINT64)(UINTN)NewPageTable | > IA32_PG_P | IA32_PG_RW; > PageTable = NewPageTable; > } > @@ -440,7 +440,7 @@ Split1GPageTo2M ( > // Fill in 1G page entry. > // > *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry | > - IA32_PG_P | IA32_PG_RW | AddressEncMask); > + IA32_PG_P | IA32_PG_RW); > > PhysicalAddress2M = PhysicalAddress; > for (IndexOfPageDirectoryEntries = 0; > @@ -616,7 +616,7 @@ InternalMemEncryptSevCreateIdentityMap1G ( > } > > SetMem (NewPageTable, EFI_PAGE_SIZE, 0); > - PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)NewPageTable | AddressEncMask; > + PageMapLevel4Entry->Uint64 = (UINT64)(UINTN)NewPageTable; > PageMapLevel4Entry->Bits.MustBeZero = 0; > PageMapLevel4Entry->Bits.ReadWrite = 1; > PageMapLevel4Entry->Bits.Present = 1;