From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.45]) by mx.groups.io with SMTP id smtpd.web09.6510.1632480498508518228 for ; Fri, 24 Sep 2021 03:48:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=0doSmvZ6; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.45, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DNxRE8t43mnFtv71V6Vyt/QWgR8RmkirajX68GGEcSYOcZc/tQUdVj4ozFrfMAlgI56ozlZvF0/BI5DpNyg+Lcm+dUIOyDsMHhLnL5j4BqjFXQIVhqxY+LoW5tLnwlLZRut+j16anRqUxY3JsCulZlpHrz0xdhLYXupEgNTCZJFeqfneNpvAeYHm5kWe02Tjpdw4Nw+o2l3cUDle6BDZDSfYv6Z0zZa80s9OTvwIyiomReG/PGtOwq2RdHtEcL2ftaVLMWCPDdFIMb602efFGt8BBKWDoKjt0YgwAgoYBvl9dICW/vcrYwDn7whOopvsrfs4T6kD4WysMJ8OUewJdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Tz5wWM1M78hlsbX2ORD6mGJbL6igZjORKb/xwX/rMZo=; b=YhzlHObVfUGQCLhysEr+7O0hvOyXzLOU7GIgQC2N3FZdnte+gpBgiwpBNDkpn1c7NVBMGmz9v5MdZIfdtkLs5tz0myILiTxV3biSgGuTw5V2l2ZOI5N1ZOEftr709E8UhWcMYRJnzzIk1SmW3dZkpm87e+TCEp6w5STMcyOaKuWAcm/uXT8NOZc0YZCTLLzd4mqVNOVc/BDEDMZuaVJ8ANc4UXBqHEMJSEUjKHCJGKMy2Hoqz4wN9kfQ67jOE5Y3w4fl9gJKu6GC+gTzvvpTVB4ABRY5dEnto3mdEy00/rBcKGgeRQ7WHrFW2jMgYnwkFdZOEgjMzbEFDM33P9Ta0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tz5wWM1M78hlsbX2ORD6mGJbL6igZjORKb/xwX/rMZo=; b=0doSmvZ6tIgYCmlHeqNnugwaOUkEXWDMobVS6Z9oXITQ9dwdzypu2HR0Y+eWaCCZjvT4jj/ApjoSGa8C9FqXexUxxYfycXl6yLN3m3GPF9hlB3P6kWfYBb6pB6eFMM3gZVsRmffNVP3YOOZuNcdqCXDaXdbfMwMbzeDBvE5QB3I= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (52.135.103.22) by SN6PR12MB4669.namprd12.prod.outlook.com (52.132.115.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.15; Fri, 24 Sep 2021 10:48:16 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4523.022; Fri, 24 Sep 2021 10:48:16 +0000 Subject: Re: [PATCH v8 17/32] OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase To: Gerd Hoffmann Cc: devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth References: <20210920184604.31590-1-brijesh.singh@amd.com> <20210920184604.31590-18-brijesh.singh@amd.com> <20210922082118.76k7lhni6wzxxofd@sirius.home.kraxel.org> From: "Brijesh Singh" Message-ID: <3dc231bb-e924-1057-06b5-e32d0a88f702@amd.com> Date: Fri, 24 Sep 2021 05:48:14 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 In-Reply-To: <20210922082118.76k7lhni6wzxxofd@sirius.home.kraxel.org> X-ClientProxiedBy: SN6PR2101CA0030.namprd21.prod.outlook.com (2603:10b6:805:106::40) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN6PR2101CA0030.namprd21.prod.outlook.com (2603:10b6:805:106::40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4566.5 via Frontend Transport; Fri, 24 Sep 2021 10:48:15 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 017ed9cd-a9ec-45a0-557b-08d97f48d084 X-MS-TrafficTypeDiagnostic: SN6PR12MB4669: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: eVtXACOFR26SxXCZBa4dTsp5lVF7NhPrUbuZvu5hZLdqgThIP0H6qOwuwsnKWpo00HeLtDgn5M2zf6fmkXoZHPzSjID2CdOjk7VFjAVPp0JmmuSh+VSYYlS3JTd5MN2E7NAszqsahsnniFds74DEMyFf5xRNIjjce9lmstUDyeWthX0gOUIRQO0XJfTSXALqKN45Qet53jy0ysZ5w/2gAl4e0VsgsT0FHIo90yVkmp5jFdsAbxBCDk+yY2qdIVdJzhs570KhALpg6gICfkSjEBgSCby+ZQ+rSlnQ0QZKdEYjUuu/vXY7RpCNDD+84dr7XbugflAztKviuoPsN5waNHdQ1q+8hZj3bjk09VitP8M9DTlFDiVlRKq/nwopTqyyigAG+TSzl846NuF3MzITAYtMJbXzVlTbymakwqlonBy2Tsj7Ziqw84PEb7cGPf1yaTn6FvnpU/p2xKVgIFkxITEA43Kx+h912Ffbk5X+hsc004cLYUkmWhtkjL7usEx6EdFoEuz5+qPDvSIWD7YVOd1lvHOAsniH9oAZZYP8OiwCnnNuKylCMg6sw+WyBdZeDORYvMUo4lKFOa3QlI0ME/9ip3Eg7fQbT/76tHwxx0No9FESLubWIyJBMr1dwHoIx76lTt7QiNUAfVEAXTOcb1KVNVsKJUfVbhv7ny1q1Tc2l6qlflhu3g/rGgxBDRWcePK6gtALG8LEOYBrCXBOooBGdbM3DJM4xlZoz9hVx1OYFdc4ID4cRdL4L0c9mfSwwHJV0wT8anTqGkEiGgJVfCAk+rH2Fl+an62GTQDTeIPuul26xteVFWbBsdT+t3IkrSQYiW+QDqYjip6pGEwvABoXKLpSAmJmW7AjSmupMik= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(5660300002)(54906003)(4326008)(66476007)(8936002)(2906002)(44832011)(31686004)(83380400001)(6486002)(66556008)(316002)(8676002)(6512007)(66946007)(186003)(38100700002)(86362001)(6506007)(38350700002)(53546011)(26005)(45080400002)(36756003)(956004)(2616005)(6916009)(966005)(508600001)(31696002)(52116002)(15650500001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?LzNBaXJneitQM1dJckQ0YU5GNVgzRXpoTVVnSzJzWkNFSjRSdjJCdEpxcGVM?= =?utf-8?B?ZFRna0JjTXZweURTeFVPN3lZRmhKWjFPUFo5WkdlVUFkMWtSVXdsRDZrcU1G?= =?utf-8?B?RnRFaXNIT3hma0dweEowQkRVNFYzMGZTYlQ1dlBsU0NnN0JBOWMyV0VjSXZX?= =?utf-8?B?ZVNtQy9lTlpoV2Y2TW1pdERIRDF6TG5kUWVtUGwxOUs5SktWWm1aVEhIclVR?= =?utf-8?B?TnNYUHdreHdNdWcxS3VoOWk1cEhMVnc2Q0dKYThRaEdyUHlkd0E1bk43dWFG?= =?utf-8?B?bDJmOHdYMWFFaCtKS254Z2pOdU94QngycEFtVzhoUC9wUDNPejZOcFVsbzU1?= =?utf-8?B?OVF6MkVFcGo3aE41WkJyQkVpY1JlMm5PaWtXNTlvbkhXQVVHRktoektTVktG?= =?utf-8?B?WTkybWh3a0dwTGVhSUtOYU03WFpsUUZZVWdhNmZCczhqME1aR1F6ejBmR1hH?= =?utf-8?B?dVEyajduKzdFeXlvQnZPVVgzSzhlWHBlVUhJanJidVVBd0VEd3E3ZDM0NkN2?= =?utf-8?B?YzlTVXRnaW8vYjRUem92NkJuRlhrT0RvbGlYVmNvcVl3UXBXL1Uwa0l2Tlhx?= =?utf-8?B?a1hrNnJKNW5Fb1dWZkJ3cU9zNCtISmNHN25OcmhNOEhWMjNtNTNOalg1S2Zs?= =?utf-8?B?WDNsTlZMVkcrZ3Z1aVprTUxHOW1hdllxdmZVWjh4bFFjSlRyc0FrbldQRWlE?= =?utf-8?B?VGpGZENUa2xqK25LakcrMC84eXhsYytHenJzWURKMHlISWlUcU05MGMwdUsw?= =?utf-8?B?U1V5ZXBUd3BhbTJWbmhYQUNxT1E2aTlKck5Hd2h4SjAzWnZCVkhGN3hHalZ5?= =?utf-8?B?c1EwcVlIZWdiUVhhQ0JiY0hpK3FwN09LZ21XaWIwcDJsZVNtTUlXdW5yY1pL?= =?utf-8?B?NHNqY0lVT3pqNFVqWHdzZ0VSUUJDVFJHRGNwTnliN2NWM1U3N3RacmwxZGcx?= =?utf-8?B?cVhRc2Zkb3pzQXpOSkt2aFZiMlNPOXh2MzdoYWM1RTRoNU5FRWdFUGcwejd6?= =?utf-8?B?RUpiaDBhSjl4WElKZkR2Q0lpNVhZTngvUU9IY3Bsb2YzTTM0N1E2aklobkhh?= =?utf-8?B?OU5KYWlqaWFMUGlrcHhKVjRiR2dQNytmNjlRTDZCVFRnbEpWZzYrdndEYnBB?= =?utf-8?B?dGNmNWtzRXNSbE5TV3l2L1dTR1J4ZEo1dnJncnVxZERLRGpqbFBaTm1YdUNF?= =?utf-8?B?cmI5UnZUbmV6OXhTVXBWbGFVVnFQOW1BSmRYVk5vUWhCdUNWYnRCVnplRHVZ?= =?utf-8?B?RW1QQk1JeDdWYjlYT2Fpb3YxZ2xFVDY2dERsTmJjNndTZFBzY1dzQ1hJVjNp?= =?utf-8?B?ek1yNjdWV2E5czJzTk1SMC9nMVFBOEhKUGR1NVBnLzlXY0NTeG5jbXBlTHd4?= =?utf-8?B?TFJPRGViRVByVGZDeEZRUnNFMnJ2TC96SG4wUWl4QVpoTGFLVXlaOTAwU0tq?= =?utf-8?B?U1VSWU03Y3dGeFQ5T01wRHVoZjllMGZyeDVjVWJDR1BrMVVDSWtEL2R1bzc5?= =?utf-8?B?S3hWb3RPd3cxUDBLQkJyd29ZbXAxSkdBN1ZiUzNtckJXNVYzRFhPenVLSVZM?= =?utf-8?B?N0lxZlRwOEJQNmRBWlh6RFJZVUdLU1M3UUxhQkhBbWgwMmUrbEpjU1prdG1F?= =?utf-8?B?bEw5VmJWbExUSGxnaUE2UmdtQktaL013WW1NSyswZW5nYUhrTWUxUnRYMndw?= =?utf-8?B?UkVJQXlwdDV0Qm5iQkFjdjZtUm4xOW9ZVkFpQk9QdDFUcXZMM1ppdXcwKzVk?= =?utf-8?Q?XMYCBpH98Rf7WDUv+JwvYoNhGPuH+hY4KRsf5+G?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 017ed9cd-a9ec-45a0-557b-08d97f48d084 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Sep 2021 10:48:16.4531 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cn6hqElTyRrDORF/gY+cNblIR7R8y+8Ztg5RZgB6EeI/X60J86h0JwpozMjlyikuRg3jDh+/Bk2YM4lA5TrUnQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4669 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 9/22/21 3:21 AM, Gerd Hoffmann wrote: > On Mon, Sep 20, 2021 at 01:45:49PM -0500, Brijesh Singh wrote: >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cbrijesh.singh%40amd.com%7Cdb7ae27f87684e0252d008d97da1f85f%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637678956888503398%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Cm1E%2BJSrQ%2B%2BCjv5ZqC%2BXNqVGbzwZ32PFGDTZtoL8e84%3D&reserved=0 >> >> The initial page built during the SEC phase is used by the >> MemEncryptSevSnpValidateSystemRam() for the system RAM validation. The >> page validation process requires using the PVALIDATE instruction; the >> instruction accepts a virtual address of the memory region that needs >> to be validated. If hardware encounters a page table walk failure (due >> to page-not-present) then it raises #GP. >> >> The initial page table built in SEC phase address up to 4GB. Add an >> internal function to extend the page table to cover > 4GB. The function >> builds 1GB entries in the page table for access > 4GB. This will provide >> the support to call PVALIDATE instruction for the virtual address > >> 4GB in PEI phase. > Hmm, well, playing with page tables like that in sev-specific code > instead of having memory core handle this properly is quite hackish. > > What is the long-term plan with this? I assume once support for lazy > acceptance/validation is merged we can simply delete this? Yes, this is just an interim problem. Once we move to lazy validation then this will be removed. > > Assuming this is only a temporary solution I think we can tolerate the > hacks. > > take care, > Gerd >