From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.74]) by mx.groups.io with SMTP id smtpd.web11.758.1650295640134844892 for ; Mon, 18 Apr 2022 08:27:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Y5ktJs0S; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.74, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O9HFasx91NvfKHFTwllFVFjp2crrYmGpX6L55LjJXF34lonlDkKkLK0nr9EwLwBa6msxrsBn2BxEqC2HGfmes9Reh15xGMJac3EB/2e1wEaq/H4r+aRokEy85AtaW/JlZFUfoQ1mPqtZn8ahzWHNUvWZVx8TMhb4JtDU+sTEaiy2LgNfF1Bkj/GXeoj6JICsNf3vD1FjmfPdHoxE3rU7bkYfstuwte8ZiYaGMwRnNHHsO9nrY5KL2dDiHltBbGJXe9qNigvkBuehdOgn0OfA0p4oRTYmpZIx6oCi3z5FcjThnq8PpFHlOOpEJw4eaWmIXh033YKnqoF5yxlJb+1sXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/6l3r/AQI1JfMZ1t6N+T7SqirjnjluaqjM49ww49Csw=; b=VEm13YMMj3cAC5AR69Uluwt656vSuaNR0bIG8oG/a9yo9AGrVoA4lmBgT20P2+txdZ8zMadDgQwYaJ3bwHh7Uchm9MIAOEn1LtYMxv24ZXZRt1sCqcM7HwCdY0Wwul2gSV/IebGKXRw+t2okwgU7RY/twwzQFVugrq7N6L2LefWvq9AiUnwnZSGySe+jx1mvFHfrA3l2WJLF1dfouIoh5dh1EO2S+Vm6POdhrPb+ApZ92BAxSTa2/XwoNWj0oRzjD3Pbu7eyu7VeL/Ln55xULdNLLiJ81pDFUFo8OqDR/Ic+ttVA/I/F+JQc2ojHPuLqBIW0OR/i+IFf+5W1HC00fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/6l3r/AQI1JfMZ1t6N+T7SqirjnjluaqjM49ww49Csw=; b=Y5ktJs0SZZwvFKucQT4slzwmWo1UXFw6V32daf2BMqVM5cwTvNIQ9jcDcoTyA7O2MhdqOMGsiqBnFO9QxqCnzOQFFzbLASDmH3txoBq4l9kZ5ihDdVCZGX5UxdErTDiuF4KvamDtqPDjWyve5kRADDDvejIRfXGB9e3+EH3yPbQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM5PR12MB1385.namprd12.prod.outlook.com (2603:10b6:3:6e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.20; Mon, 18 Apr 2022 15:27:17 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::781d:15d6:8f63:a4e7%5]) with mapi id 15.20.5164.025; Mon, 18 Apr 2022 15:27:17 +0000 Message-ID: <5cabaafd-94c0-2347-ae71-2a8a7c2f610b@amd.com> Date: Mon, 18 Apr 2022 10:27:14 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH V3 0/7] Introduce CcProbe in MdePkg To: Min Xu , devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , James Bottomley , Jiewen Yao , Gerd Hoffmann , Brijesh Singh , Erdem Aktas References: From: "Lendacky, Thomas" In-Reply-To: X-ClientProxiedBy: BL1PR13CA0098.namprd13.prod.outlook.com (2603:10b6:208:2b9::13) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 71f43c22-3bc5-4c7d-dfb3-08da214fec50 X-MS-TrafficTypeDiagnostic: DM5PR12MB1385:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 8DIdRLbeE7c6EZ7IMWG5cQzA5xUnKY0rceA0pW5EEQD7oeiukBVGj+RgFPyQKKNt3RiCk+edxYrkNPTWtKiXwdiBi3iKiJrBdheSUMfH5F283u+w5omRipzu826WhP7eQbZDH2mOwnG9GQRoyzHB1GkSaqwDybK3o7P5ehwh/dGiy9V6BNpzXQoy/Ok5mCEZWn8aZI28onebSaSdlGj4QiB6Y002FUJdMt3JTh5W4+BzONVegOlR+Ra/Tnn98GdZkk6fmYrN3vcCsnar1+srFy3S7eLWTsJPdzHZp3cmJZyIxieYeKpclSqWvhdeXv2hnpeXOwo9gxdh3xiFvrav/cucVC7wZ4rwWykgJAyoblJRx6D6GodAUHA2Fdh2861T0GvOEm8J8Z92HbzLWWj2XmOgiR3n4TupiEcQAhsTHEzZzFQRKZqVz+EOVAuS4bMARjSWOD22gD7N53EMwipvso31BbjM0fGJNUHwkf6wM49HPjK7Gae3DuK1oJf4gIULd0v2qTh3KtnJTewjGBpds3E7y7tndrHM8WiyPL4kXmuYI96VdnSMjx032W1a+XoCkFwMRG30lQuJW/Pgq0rOs4tr5gNUz1C2QeGJ4APr0DLEpvWPMY7aXT2D4Woat1bmqwX9OlSsywOgOejCMnZjD+evv6ciTlH98sHgQMtHkEheqTwqAF7VJ7S6nzbnhtc3lRKEu8JQa2UN+trXdQANlE++JqRNjr6rsFz6PaUmIkkAUBBYXZK7qwpkh4QcbokdyKRW6C/RVJG088AuXTLhkoQdPuIpS00duIPkfp4ckNlPVXaunKGPARfT3eL1ai7n X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(6029001)(4636009)(366004)(38100700002)(508600001)(86362001)(2906002)(6486002)(966005)(31686004)(66476007)(66556008)(66946007)(4326008)(8676002)(31696002)(54906003)(5660300002)(8936002)(316002)(19627235002)(26005)(6512007)(6506007)(83380400001)(186003)(53546011)(36756003)(2616005)(6666004)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZW5jam8xY240RU1OV0paS21aNyt1d01naExzQ2xGMG5ZTmcvcUNjRHVwM2Ez?= =?utf-8?B?ZnpKUnY5TkUwRUZiNWdhanEwM0NYZjIwQ3hkSUxGdjJWQWc4eG5DaWNaVWdk?= =?utf-8?B?ZzNQVE5ReXZpeFNwVG1EdUlsTU03TzJ1dGx0QWVZRFRhMVkxN3pyUFlsUkpR?= =?utf-8?B?Tm5keTBvT3ZBS1BVdVFwWUpGWGVoaGN4ZUtGb3Q2SUpCRXdUbEdldnJXZzlS?= =?utf-8?B?SXE3a2o5WWhhc0JER0c0WFJIWDNUTlBBbnA2S0xNMWMxTkliU0NQK1dJWGZh?= =?utf-8?B?WHlteDF2akxwdTFXNWlJTHhBbTliakgrZldYWmdhd0lNSzVSZWN3eG40UHlB?= =?utf-8?B?Qjc1NmFGbngxN3BGMUlzeFVuY3Jic3RlcjY1WjZYYUhJeDVERFlUTkVET0Nw?= =?utf-8?B?Zmlrc0ZPRFg0VFVBS0pqTVNaTFBwa2pJM1VvZW9KRzZyZGpVOGwrN0JKcFdj?= =?utf-8?B?d0xUblh4YjBJZDZKZk5Ock9kYkM0VlY3c1RKT3NpMkFFSzYydmcrcHJpbTJu?= =?utf-8?B?ZngzQXlQTjhiU2xrTXZxMnZzbFlJaTlhOHk1bDhQSjZ5aDE4Y002SXpVekFJ?= =?utf-8?B?V2hnaTNiL0kyamFEdVExWlk1ZHQxMElTWnNFZDB6TGhUM1RSQmJ0aUN6S1FF?= =?utf-8?B?dWdQdzdjbmc2T3ExVHJzZXcwN0xJVDJRU3Q1MHRlRk04NU9BMUF4dy8zekEr?= =?utf-8?B?Ry9ZR0xVTjY2eXJ6VDJqSVhiK1ZzNWpDQVJLcktzWW5PTFpjWjlXc1NSa1Mr?= =?utf-8?B?Z3dQYVdvWWdDeEtZOG9uVTlNUkh2UkJRVzlpbUdSaVp0RjR5Z3IyNUhWT3pQ?= =?utf-8?B?ZldEU3FxMk00djJiNFBISCs2d2tNeWtuR0UvNmFwNitKOXNTL3VrWTliLzNU?= =?utf-8?B?bjN1ZzlFRUhlaWZ4dzZ0YytyT1VxNTlTYVdPNlNoN0lnWE01dkhoS0hlY2tC?= =?utf-8?B?bjl3R1pCUllPUWhtN3Z5NlVuUTUvZExFeDJtcFVOQzkvTllJSk5RVkUzcmhl?= =?utf-8?B?a2FiTHZKTlRza1Rqa0ZZYnV4Z1h2bUdsOEN1UVREMGRldUhVSmhCMUZkVisv?= =?utf-8?B?YUpXZnhHZk9JTjlQVXdYUStEdTJxS282Y1RNV213WGlCczZEcThXTmZUT0FB?= =?utf-8?B?c3hmZC9ONU0rVWZBY09JR2E3dm5OcmRrZ3BjQ0JEelVNcmswRElyUzluRThB?= =?utf-8?B?anF1OU9QZVlOSlZHb3QzaXBMQ1BKcjRwMEdRYi9uQ0VHdTlDSmVSWkhpQjVZ?= =?utf-8?B?elVJWWdCK1d4ZmZwTVBBTG5FVzdOcVdlbkYvcWlJN2E4QVN4WUYyZWgvOVB0?= =?utf-8?B?S3VOMjNUZ1lqc3IrYzZNWmhEVkxnMGkxbGlWcytNR29sOHhSU3duNkZhZm84?= =?utf-8?B?MXZiV2hmNGgxaDhlMUxWa3VjUGhkakVlR0w1MG05eGRBWHZpclRzSXFMckhK?= =?utf-8?B?R2ZPL2IyUnlhUkJleW9IdHNiODV5dUNURGgvTTZtc0JpRHpvRVN4QXJSNzlr?= =?utf-8?B?WXByZ05YUnpQZE1TVHZ4MEZoTFVyc2NRK1FjazV1TG80aTk1NmxydkY0V2h4?= =?utf-8?B?eTRSNTRNOE1PelVNSmd0NXlUOWJxa25mWHFFc1VuNndFSEVlNGdINmRrWW5t?= =?utf-8?B?bUxBVHVUQ3JmMGhmN0N3dndNNDNWeWVKMlNJVkJlSk5WbDdQSU41S0l6YSta?= =?utf-8?B?Z1RDbzZhTmpxUGRBQTBNS3JGM01CMXVqYzRmMGI0cWw4ZWlwSFM2M2svU1RK?= =?utf-8?B?RzRJbFJLOEttL0w5UzI5eW1hWldiZEV3THg2KzdVbWFDMUxXRFQyOUhJbHZl?= =?utf-8?B?KzFEY3owMVFEU2VoM0NGNWdzYndFeVF1dVoxaWJLMFU0NEd1N1FiVkRab244?= =?utf-8?B?MnlHaThFQmRmb3RrNlpvbG13TnRXaktDaHlPN0txeHFnVzlocDU1cVdTN0Fu?= =?utf-8?B?R0dsNXdaMXFXTktUTlFsbXFHVVdzZEFuNUlIZHBaV1JiSmVMT00rbTNyQ0RR?= =?utf-8?B?UnFBVVo5cTlqT1NlR3cwM2gyMWdrRHBUZHFralJ6VXhaekxJOExNeTlJQTkz?= =?utf-8?B?Z3lzTG5aSThKY3RlSXoyOFdOVzR3UFh4anhtdFVrQVlTVHBHcFUwemgxVlZI?= =?utf-8?B?VThKWFVlVS9TbXRJZmkwc0R2QzllNWh1QXdab2ZYZFNRUjdPR0M1TUdHRk1M?= =?utf-8?B?UFAzdk8zbUhBY3R2MUhybUlTTmIzeXUxTko4R1pDUGYyQ1F6NjRJeHF6Z2tL?= =?utf-8?B?UUFtdHhac3d4Wmw1MTRuaDVVL0ZlQ3p3ZnZvTy9yekJ4WitpRWYzMkUxTG1K?= =?utf-8?B?a2h1ZlRlL0JDclk1TUNsWjYwSjNOUTJLc0FMdWtyUWFrVjRNbnRTQT09?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 71f43c22-3bc5-4c7d-dfb3-08da214fec50 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2022 15:27:17.8764 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Jd/JlBN5VgxLc0OKspwnvehGZXptmVSAgrMWTI71jHGldQIG7B4jda9JBGoQxVIIE3cn3W+fhH+rUOhq8Yqo9w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1385 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/16/22 22:01, Min Xu wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902 > > Bad IO performance in SEC phase is observed after TDX features was > introduced. (after commit b6b2de884864 - "MdePkg: Support mmio for > Tdx guest in BaseIoLibIntrinsic"). > > This is because IsTdxGuest() will be called in each MMIO operation. > It is trying to cache the result of the probe in the efi data segment. > However, that doesn't work in SEC, because the data segment is read only > (so the write seems to succeed but a read will always return the > original value), leading to us calling TdIsEnabled() check for every > mmio we do, which is causing the slowdown because it's very expensive. > > CcProbe is introduced in this patch-set. It is called in > BaseIoLibIntrinsicSev instead of IsTdxGuest. There are 2 versions of > the CcProbeLib. Null instance of CcProbe always returns > CCGuestTypeNonEncrypted. Its OvmfPkg version checks the Ovmf work area > and returns the CC guest type. > > In this patch-set another issue is fixed with CcProbe as well. If the > working guest is SEV and in the beginning of SecMain.c TdIsEnabled() > was called. At this point, exception handling is not established and > a CPUID instruction will generate a #VC and cause the booting SEV guest > to crash. Patch #7 is to fix this broken. > > Code is at: https://github.com/mxu9/edk2/tree/cc_probe.v3 > > v3 changes: > - Fix the broken issue in SEV guest at SecMain.c. Please refer to > Patch #7. > > v2 changes: > - Rename TdProbe to CcProbe to make the lib work for Confidential > Computing guests. > - Rename the GUEST_TYPE to CC_GUEST_TYPE and move it from > WorkArea.h@OvmfPkg to ConfidentialComputingGuestAttr.h@MdePkg. > This is because CcProbeLib is designed to return the CC Guest > type and the lib is located at MdePkg. > - Rename the CC_GUEST_TYPE's fields name to Camel style. See the > commit message in patch #1. > > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Gerd Hoffmann > Cc: Brijesh Singh > Cc: Erdem Aktas > Cc: Tom Lendacky > Signed-off-by: Min Xu After working around the PCI library issue (for which Min will be submitting a patch), this series boots successfully for SEV, SEV-ES and SEV-SNP when built as X64. I documented the issue that SEV has with Ia32X64 in patch 5/7 and I'll have to decide what to do there. So... Reviewed-by: Tom Lendacky > > Min Xu (7): > MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h > OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE > MdePkg: Add CcProbeLib > OvmfPkg: Add CcProbeLib > OvmfPkg: Add CcProbeLib in *.dsc > MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev > OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled > > .../Include/ConfidentialComputingGuestAttr.h | 11 ++++++- > MdePkg/Include/Library/CcProbeLib.h | 26 ++++++++++++++++ > .../BaseIoLibIntrinsicSev.inf | 1 + > .../BaseIoLibIntrinsic/IoLibInternalTdx.c | 13 ++------ > .../Library/CcProbeLibNull/CcProbeLibNull.c | 26 ++++++++++++++++ > .../Library/CcProbeLibNull/CcProbeLibNull.inf | 21 +++++++++++++ > MdePkg/MdePkg.dec | 5 +++ > MdePkg/MdePkg.dsc | 1 + > OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + > OvmfPkg/Bhyve/BhyveX64.dsc | 1 + > OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + > OvmfPkg/Include/WorkArea.h | 9 +----- > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + > OvmfPkg/IntelTdx/Sec/SecMain.c | 6 ++-- > OvmfPkg/IntelTdx/Sec/SecMain.inf | 1 + > .../PeiMemEncryptSevLibInternal.c | 2 +- > .../SecMemEncryptSevLibInternal.c | 2 +- > OvmfPkg/Library/CcProbeLib/CcProbeLib.c | 31 +++++++++++++++++++ > OvmfPkg/Library/CcProbeLib/CcProbeLib.inf | 25 +++++++++++++++ > OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c | 2 +- > OvmfPkg/Microvm/MicrovmX64.dsc | 1 + > OvmfPkg/OvmfPkgIa32.dsc | 1 + > OvmfPkg/OvmfPkgIa32X64.dsc | 1 + > OvmfPkg/OvmfPkgX64.dsc | 1 + > OvmfPkg/OvmfXen.dsc | 1 + > OvmfPkg/Sec/AmdSev.c | 2 +- > OvmfPkg/Sec/SecMain.c | 5 +-- > OvmfPkg/Sec/SecMain.inf | 1 + > 28 files changed, 170 insertions(+), 29 deletions(-) > create mode 100644 MdePkg/Include/Library/CcProbeLib.h > create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c > create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf > create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.c > create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf >