[PATCH V3 0/7] Introduce CcProbe in MdePkg

[PATCH V3 0/7] Introduce CcProbe in MdePkg

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

Bad IO performance in SEC phase is observed after TDX features was
introduced. (after commit b6b2de884864 - "MdePkg: Support mmio for
Tdx guest in BaseIoLibIntrinsic").

This is because IsTdxGuest() will be called in each MMIO operation.
It is trying to cache the result of the probe in the efi data segment.
However, that doesn't work in SEC, because the data segment is read only
(so the write seems to succeed but a read will always return the
original value), leading to us calling TdIsEnabled() check for every
mmio we do, which is causing the slowdown because it's very expensive.

CcProbe is introduced in this patch-set. It is called in
BaseIoLibIntrinsicSev instead of IsTdxGuest. There are 2 versions of
the CcProbeLib. Null instance of CcProbe always returns
CCGuestTypeNonEncrypted. Its OvmfPkg version checks the Ovmf work area
and returns the CC guest type.

In this patch-set another issue is fixed with CcProbe as well. If the
working guest is SEV and in the beginning of SecMain.c TdIsEnabled()
was called. At this point, exception handling is not established and
a CPUID instruction will generate a #VC and cause the booting SEV guest
to crash. Patch #7 is to fix this broken.

Code is at: https://github.com/mxu9/edk2/tree/cc_probe.v3

v3 changes:
 - Fix the broken issue in SEV guest at SecMain.c. Please refer to
   Patch #7.

v2 changes:
 - Rename TdProbe to CcProbe to make the lib work for Confidential
   Computing guests.
 - Rename the GUEST_TYPE to CC_GUEST_TYPE and move it from
   WorkArea.h@OvmfPkg to ConfidentialComputingGuestAttr.h@MdePkg.
   This is because CcProbeLib is designed to return the CC Guest
   type and the lib is located at MdePkg.
 - Rename the CC_GUEST_TYPE's fields name to Camel style. See the
   commit message in patch #1.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min Xu (7):
  MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h
  OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE
  MdePkg: Add CcProbeLib
  OvmfPkg: Add CcProbeLib
  OvmfPkg: Add CcProbeLib in *.dsc
  MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev
  OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled

 .../Include/ConfidentialComputingGuestAttr.h  | 11 ++++++-
 MdePkg/Include/Library/CcProbeLib.h           | 26 ++++++++++++++++
 .../BaseIoLibIntrinsicSev.inf                 |  1 +
 .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 13 ++------
 .../Library/CcProbeLibNull/CcProbeLibNull.c   | 26 ++++++++++++++++
 .../Library/CcProbeLibNull/CcProbeLibNull.inf | 21 +++++++++++++
 MdePkg/MdePkg.dec                             |  5 +++
 MdePkg/MdePkg.dsc                             |  1 +
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |  1 +
 OvmfPkg/Bhyve/BhyveX64.dsc                    |  1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
 OvmfPkg/Include/WorkArea.h                    |  9 +-----
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
 OvmfPkg/IntelTdx/Sec/SecMain.c                |  6 ++--
 OvmfPkg/IntelTdx/Sec/SecMain.inf              |  1 +
 .../PeiMemEncryptSevLibInternal.c             |  2 +-
 .../SecMemEncryptSevLibInternal.c             |  2 +-
 OvmfPkg/Library/CcProbeLib/CcProbeLib.c       | 31 +++++++++++++++++++
 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf     | 25 +++++++++++++++
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  2 +-
 OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
 OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
 OvmfPkg/OvmfPkgX64.dsc                        |  1 +
 OvmfPkg/OvmfXen.dsc                           |  1 +
 OvmfPkg/Sec/AmdSev.c                          |  2 +-
 OvmfPkg/Sec/SecMain.c                         |  5 +--
 OvmfPkg/Sec/SecMain.inf                       |  1 +
 28 files changed, 170 insertions(+), 29 deletions(-)
 create mode 100644 MdePkg/Include/Library/CcProbeLib.h
 create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c
 create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
 create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.c
 create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf

-- 
2.29.2.windows.2

[PATCH V3 1/7] MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

The confidential computing guest type (GUEST_TYPE) was defined in
OvmfPkg/Include/WorkArea.h. Now it is to be moved to
MdePkg/Include/ConfidentialComputingGuestAttr.h and renamed as
CC_GUEST_TYPE.

There are 2 reasons for this change.
1. CC_GUEST_TYPE is a generic definition and will be used in CcProbeLib
   which is defined in MdePkg.
2. Based on the latest edk2 coding style:
 - First character should be upper case
 - Must contain lower case characters
 - No white space characters
 - Global variable name must start with a 'g'

As the first step CC_GUEST_TYPE is defined in this patch. In the
next patch GUEST_TYPE will be deleted. This is to make sure the
bisect work correctly.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 MdePkg/Include/ConfidentialComputingGuestAttr.h | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/ConfidentialComputingGuestAttr.h b/MdePkg/Include/ConfidentialComputingGuestAttr.h
index dd2541c6dcdf..9e9424a01559 100644
--- a/MdePkg/Include/ConfidentialComputingGuestAttr.h
+++ b/MdePkg/Include/ConfidentialComputingGuestAttr.h
@@ -1,5 +1,5 @@
 /** @file
-Definitions for Confidential Computing Attribute
+Definitions for Confidential Computing Guest Attributes
 
 Copyright (c) 2021 AMD Inc. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -9,6 +9,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #ifndef CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
 #define CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
 
+//
+// Confidential computing guest type
+//
+typedef enum {
+  CCGuestTypeNonEncrypted = 0,
+  CCGuestTypeAmdSev,
+  CCGuestTypeIntelTdx,
+} CC_GUEST_TYPE;
+
 typedef enum {
   /* The guest is running with memory encryption disabled. */
   CCAttrNotEncrypted = 0,
-- 
2.29.2.windows.2

[PATCH V3 2/7] OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

Replace GUEST_TYPE with CC_GUEST_TYPE which is defined in
MdePkg/Include/ConfidentialComputingGuestAttr.h.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Include/WorkArea.h                               | 9 +--------
 .../BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c   | 2 +-
 .../BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c   | 2 +-
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c              | 2 +-
 OvmfPkg/Sec/AmdSev.c                                     | 2 +-
 5 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h
index b67edd14e79f..bf56fc4a6f65 100644
--- a/OvmfPkg/Include/WorkArea.h
+++ b/OvmfPkg/Include/WorkArea.h
@@ -10,14 +10,7 @@
 #ifndef __OVMF_WORK_AREA_H__
 #define __OVMF_WORK_AREA_H__
 
-//
-// Guest type for the work area
-//
-typedef enum {
-  GUEST_TYPE_NON_ENCRYPTED,
-  GUEST_TYPE_AMD_SEV,
-  GUEST_TYPE_INTEL_TDX,
-} GUEST_TYPE;
+#include <ConfidentialComputingGuestAttr.h>
 
 //
 // Confidential computing work area header definition. Any change
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index 3f8f91a5da12..fb9d3cbd3645 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -36,7 +36,7 @@ GetSevEsWorkArea (
   //
   // If its not SEV guest then SevEsWorkArea is not valid.
   //
-  if ((WorkArea == NULL) || (WorkArea->Header.GuestType != GUEST_TYPE_AMD_SEV)) {
+  if ((WorkArea == NULL) || (WorkArea->Header.GuestType != CCGuestTypeAmdSev)) {
     return NULL;
   }
 
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
index 80aceba01bcf..238e29e2a175 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
@@ -36,7 +36,7 @@ GetSevEsWorkArea (
   //
   // If its not SEV guest then SevEsWorkArea is not valid.
   //
-  if ((WorkArea == NULL) || (WorkArea->Header.GuestType != GUEST_TYPE_AMD_SEV)) {
+  if ((WorkArea == NULL) || (WorkArea->Header.GuestType != CCGuestTypeAmdSev)) {
     return NULL;
   }
 
diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c
index b8230613dcea..1b8133bf5ad6 100644
--- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c
+++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c
@@ -35,7 +35,7 @@ QemuFwCfgIsTdxGuest (
   CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER  *CcWorkAreaHeader;
 
   CcWorkAreaHeader = (CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
-  return (CcWorkAreaHeader != NULL && CcWorkAreaHeader->GuestType == GUEST_TYPE_INTEL_TDX);
+  return (CcWorkAreaHeader != NULL && CcWorkAreaHeader->GuestType == CCGuestTypeIntelTdx);
 }
 
 /**
diff --git a/OvmfPkg/Sec/AmdSev.c b/OvmfPkg/Sec/AmdSev.c
index d8fd35650d7d..0da6b36020fc 100644
--- a/OvmfPkg/Sec/AmdSev.c
+++ b/OvmfPkg/Sec/AmdSev.c
@@ -251,7 +251,7 @@ IsSevGuest (
 
   WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
 
-  return ((WorkArea != NULL) && (WorkArea->Header.GuestType == GUEST_TYPE_AMD_SEV));
+  return ((WorkArea != NULL) && (WorkArea->Header.GuestType == CCGuestTypeAmdSev));
 }
 
 /**
-- 
2.29.2.windows.2

[PATCH V3 3/7] MdePkg: Add CcProbeLib

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

CcProbeLib is used to probe the Confidential Computing guest type.
This library is designed to run on SEC / PEI / DXE phases. A null
instance of the library always returns CCGuestTypeNonEncrypted.
A platform specific CcProbeLib will be implemented, for example,
in OvmfPkg.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 MdePkg/Include/Library/CcProbeLib.h           | 26 +++++++++++++++++++
 .../Library/CcProbeLibNull/CcProbeLibNull.c   | 26 +++++++++++++++++++
 .../Library/CcProbeLibNull/CcProbeLibNull.inf | 21 +++++++++++++++
 MdePkg/MdePkg.dec                             |  5 ++++
 MdePkg/MdePkg.dsc                             |  1 +
 5 files changed, 79 insertions(+)
 create mode 100644 MdePkg/Include/Library/CcProbeLib.h
 create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c
 create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf

diff --git a/MdePkg/Include/Library/CcProbeLib.h b/MdePkg/Include/Library/CcProbeLib.h
new file mode 100644
index 000000000000..2857dddfb2d3
--- /dev/null
+++ b/MdePkg/Include/Library/CcProbeLib.h
@@ -0,0 +1,26 @@
+/** @file
+
+Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef CC_PROBE_LIB_H_
+#define CC_PROBE_LIB_H_
+
+#include <ConfidentialComputingGuestAttr.h>
+
+/**
+  Probe the ConfidentialComputing Guest type. See defition of
+  CC_GUEST_TYPE in <ConfidentialComputingGuestAttr.h>.
+
+  @return The guest type
+
+**/
+UINT8
+EFIAPI
+CcProbe (
+  VOID
+  );
+
+#endif
diff --git a/MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c b/MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c
new file mode 100644
index 000000000000..152d900eb099
--- /dev/null
+++ b/MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c
@@ -0,0 +1,26 @@
+/** @file
+
+  Null stub of CcProbeLib
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/CcProbeLib.h>
+
+/**
+  Probe the ConfidentialComputing Guest type. See defition of
+  CC_GUEST_TYPE in <ConfidentialComputingGuestAttr.h>.
+
+  @return The guest type
+
+**/
+UINT8
+EFIAPI
+CcProbe (
+  VOID
+  )
+{
+  return CCGuestTypeNonEncrypted;
+}
diff --git a/MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf b/MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
new file mode 100644
index 000000000000..f37c25f73439
--- /dev/null
+++ b/MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
@@ -0,0 +1,21 @@
+## @file
+# CcProbeLib null instance.
+#
+#  Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = CcProbeLibNull
+  FILE_GUID                      = B15D67FE-0DAC-4316-8E26-8A6b85E43782
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = CcProbeLib
+
+[Sources]
+  CcProbeLibNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 1934c9840423..faeb28c80cbd 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -267,6 +267,11 @@
   #
   RegisterFilterLib|Include/Library/RegisterFilterLib.h
 
+  ##  @libraryclass  This library provides interfances to probe ConfidentialComputing guest type.
+  #
+  #
+  CcProbeLib|Include/Library/CcProbeLib.h
+
 [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
   ##  @libraryclass  Provides services to generate random number.
   #
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index d6a7af412be7..c8d282882ec1 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -130,6 +130,7 @@
   MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf
 
   MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf
+  MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
 
 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
   #
-- 
2.29.2.windows.2

[PATCH V3 4/7] OvmfPkg: Add CcProbeLib

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

This is the OvmfPkg specific CcProbeLib. It checks the Ovmf WorkArea
(PcdOvmfWorkAreaBase) to return the guest type.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/Library/CcProbeLib/CcProbeLib.c   | 31 +++++++++++++++++++++++
 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf | 25 ++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.c
 create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf

diff --git a/OvmfPkg/Library/CcProbeLib/CcProbeLib.c b/OvmfPkg/Library/CcProbeLib/CcProbeLib.c
new file mode 100644
index 000000000000..b4babcb423f7
--- /dev/null
+++ b/OvmfPkg/Library/CcProbeLib/CcProbeLib.c
@@ -0,0 +1,31 @@
+/** @file
+
+  CcProbeLib is used to probe the Confidential computing guest type.
+
+  Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/CcProbeLib.h>
+#include <WorkArea.h>
+
+/**
+  Probe the ConfidentialComputing Guest type. See defition of
+  CC_GUEST_TYPE in <ConfidentialComputingGuestAttr.h>.
+
+  @return The guest type
+
+**/
+UINT8
+EFIAPI
+CcProbe (
+  VOID
+  )
+{
+  OVMF_WORK_AREA  *WorkArea;
+
+  WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+
+  return WorkArea != NULL ? WorkArea->Header.GuestType : CCGuestTypeNonEncrypted;
+}
diff --git a/OvmfPkg/Library/CcProbeLib/CcProbeLib.inf b/OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
new file mode 100644
index 000000000000..5300c9ba2644
--- /dev/null
+++ b/OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
@@ -0,0 +1,25 @@
+## @file
+# CcProbeLib is used to probe Confidential Computing guest type.
+#
+#  Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = CcProbeLib
+  FILE_GUID                      = 05184ec9-abb0-4491-8584-e388639a7c48
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = CcProbeLib
+
+[Sources]
+  CcProbeLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+
+[Pcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
-- 
2.29.2.windows.2

[PATCH V3 5/7] OvmfPkg: Add CcProbeLib in *.dsc

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

CcProbeLib is imported in BaseIoLibIntrinsicSev.
OvmfPkg/Library/CcProbeLib is the OvmfPkg version which checks
OvmfWorkArea to return the Cc guest type. It is included
in OvmfPkgX64.dsc and IntelTdx/IntelTdxX64.dsc.

Other .dsc include the MdePkg/Library/CcProbeLibNull because Cc guest
is not supported in those projects.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/AmdSev/AmdSevX64.dsc     | 1 +
 OvmfPkg/Bhyve/BhyveX64.dsc       | 1 +
 OvmfPkg/CloudHv/CloudHvX64.dsc   | 1 +
 OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
 OvmfPkg/Microvm/MicrovmX64.dsc   | 1 +
 OvmfPkg/OvmfPkgIa32.dsc          | 1 +
 OvmfPkg/OvmfPkgIa32X64.dsc       | 1 +
 OvmfPkg/OvmfPkgX64.dsc           | 1 +
 OvmfPkg/OvmfXen.dsc              | 1 +
 9 files changed, 9 insertions(+)

diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index fcdc3efab204..1c088f25fa4b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -149,6 +149,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index e1b6b8e15f36..a8fa4d38ab60 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -146,6 +146,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 20f3bc340807..d1c85f60c768 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -158,6 +158,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 245155d41b30..73a6c30096a8 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -135,6 +135,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 59580ccd4691..c9c843e116a9 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -156,6 +156,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index e4218b01f0fc..9e4ecd21fb17 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -154,6 +154,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a80cdaacb8bc..75fb8095eec2 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -158,6 +158,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index fb2899f8a1be..2e534d0d2478 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -165,6 +165,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 7bd594c6e263..8d420cf54371 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -147,6 +147,7 @@
   PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
   PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
   PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
+  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
   IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
   OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
   SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
-- 
2.29.2.windows.2

[PATCH V3 6/7] MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

Bad IO performance in SEC phase is observed after TDX features was
introduced. (after commit b6b2de884864 - "MdePkg: Support mmio for
Tdx guest in BaseIoLibIntrinsic").

This is because IsTdxGuest() will be called in each MMIO operation.
It is trying to cache the result of the probe in the efi data segment.
However, that doesn't work in SEC, because the data segment is read only
(so the write seems to succeed but a read will always return the
original value), leading to us calling TdIsEnabled() check for every
mmio we do, which is causing the slowdown because it's very expensive.

This patch is to call CcProbe instead of TdIsEnabled in IsTdxGuest.
Null instance of CcProbe always returns CCGuestTypeNonEncrypted. Its
OvmfPkg version returns the guest type in Ovmf work area.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 .../BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf    |  1 +
 .../Library/BaseIoLibIntrinsic/IoLibInternalTdx.c   | 13 ++-----------
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
index 7fe1c60f046e..e1b8298ac451 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
+++ b/MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
@@ -55,6 +55,7 @@
   DebugLib
   BaseLib
   RegisterFilterLib
+  CcProbeLib
 
 [LibraryClasses.X64]
   TdxLib
diff --git a/MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c b/MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
index 1e539dbfbbad..8af6fc35c591 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
+++ b/MdePkg/Library/BaseIoLibIntrinsic/IoLibInternalTdx.c
@@ -10,6 +10,7 @@
 #include <Include/IndustryStandard/Tdx.h>
 #include <Library/TdxLib.h>
 #include <Register/Intel/Cpuid.h>
+#include <Library/CcProbeLib.h>
 #include "IoLibTdx.h"
 
 // Size of TDVMCALL Access, including IO and MMIO
@@ -22,9 +23,6 @@
 #define TDVMCALL_ACCESS_READ   0
 #define TDVMCALL_ACCESS_WRITE  1
 
-BOOLEAN  mTdxEnabled = FALSE;
-BOOLEAN  mTdxProbed  = FALSE;
-
 /**
   Check if it is Tdx guest.
 
@@ -38,14 +36,7 @@ IsTdxGuest (
   VOID
   )
 {
-  if (mTdxProbed) {
-    return mTdxEnabled;
-  }
-
-  mTdxEnabled = TdIsEnabled ();
-  mTdxProbed  = TRUE;
-
-  return mTdxEnabled;
+  return CcProbe () == CCGuestTypeIntelTdx;
 }
 
 /**
-- 
2.29.2.windows.2

[PATCH V3 7/7] OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled

[Min Xu]

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902

TdIsEnabled() uses the CPUID instruction. At this point, exception
handling is not established and a CPUID instruction will generate
a #VC and cause the booting guest to crash.

CcProbe() checks Ovmf work area to return the guest type. So call
of CcProbe() instead of TdIsEnabled() to fix the above issue.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/IntelTdx/Sec/SecMain.c   | 6 +++---
 OvmfPkg/IntelTdx/Sec/SecMain.inf | 1 +
 OvmfPkg/Sec/SecMain.c            | 5 +++--
 OvmfPkg/Sec/SecMain.inf          | 1 +
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 26d56be335e1..160e56071103 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -25,7 +25,7 @@
 #include <Library/CpuExceptionHandlerLib.h>
 #include <IndustryStandard/Tdx.h>
 #include <Library/PlatformInitLib.h>
-
+#include <Library/CcProbeLib.h>
 #include <Library/PeilessStartupLib.h>
 
 #define SEC_IDT_ENTRY_COUNT  34
@@ -61,7 +61,7 @@ SecCoreStartupWithStack (
   UINT32                Index;
   volatile UINT8        *Table;
 
-  if (TdIsEnabled ()) {
+  if (CcProbe () == CCGuestTypeIntelTdx) {
     //
     // For Td guests, the memory map info is in TdHobLib. It should be processed
     // first so that the memory is accepted. Otherwise access to the unaccepted
@@ -119,7 +119,7 @@ SecCoreStartupWithStack (
   //
   AsmWriteIdtr (&IdtDescriptor);
 
-  if (TdIsEnabled ()) {
+  if (CcProbe () == CCGuestTypeIntelTdx) {
     //
     // InitializeCpuExceptionHandlers () should be called in Td guests so that
     // #VE exceptions can be handled correctly.
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.inf b/OvmfPkg/IntelTdx/Sec/SecMain.inf
index df2e749c3505..9cf1249d02e5 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.inf
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.inf
@@ -49,6 +49,7 @@
   CpuExceptionHandlerLib
   PeilessStartupLib
   PlatformInitLib
+  CcProbeLib
 
 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index ca9717a7b526..25da91b37577 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -28,6 +28,7 @@
 #include <Library/CpuExceptionHandlerLib.h>
 #include <Ppi/TemporaryRamSupport.h>
 #include <Library/PlatformInitLib.h>
+#include <Library/CcProbeLib.h>
 #include "AmdSev.h"
 
 #define SEC_IDT_ENTRY_COUNT  34
@@ -738,7 +739,7 @@ SecCoreStartupWithStack (
   volatile UINT8        *Table;
 
  #if defined (TDX_GUEST_SUPPORTED)
-  if (TdIsEnabled ()) {
+  if (CcProbe () == CCGuestTypeIntelTdx) {
     //
     // For Td guests, the memory map info is in TdHobLib. It should be processed
     // first so that the memory is accepted. Otherwise access to the unaccepted
@@ -828,7 +829,7 @@ SecCoreStartupWithStack (
   }
 
  #if defined (TDX_GUEST_SUPPORTED)
-  if (TdIsEnabled ()) {
+  if (CcProbe () == CCGuestTypeIntelTdx) {
     //
     // InitializeCpuExceptionHandlers () should be called in Td guests so that
     // #VE exceptions can be handled correctly.
diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf
index 4b5b089ccd69..27100595aeca 100644
--- a/OvmfPkg/Sec/SecMain.inf
+++ b/OvmfPkg/Sec/SecMain.inf
@@ -54,6 +54,7 @@
   LocalApicLib
   MemEncryptSevLib
   CpuExceptionHandlerLib
+  CcProbeLib
 
 [Ppis]
   gEfiTemporaryRamSupportPpiGuid                # PPI ALWAYS_PRODUCED
-- 
2.29.2.windows.2

Re: [PATCH V3 0/7] Introduce CcProbe in MdePkg

[Yao, Jiewen]

Series reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Sunday, April 17, 2022 11:01 AM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <gaoliming@byosoft.com.cn>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; James Bottomley <jejb@linux.ibm.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Gerd Hoffmann <kraxel@redhat.com>;
> Brijesh Singh <brijesh.singh@amd.com>; Aktas, Erdem
> <erdemaktas@google.com>; Tom Lendacky <thomas.lendacky@amd.com>
> Subject: [PATCH V3 0/7] Introduce CcProbe in MdePkg
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902
> 
> Bad IO performance in SEC phase is observed after TDX features was
> introduced. (after commit b6b2de884864 - "MdePkg: Support mmio for
> Tdx guest in BaseIoLibIntrinsic").
> 
> This is because IsTdxGuest() will be called in each MMIO operation.
> It is trying to cache the result of the probe in the efi data segment.
> However, that doesn't work in SEC, because the data segment is read only
> (so the write seems to succeed but a read will always return the
> original value), leading to us calling TdIsEnabled() check for every
> mmio we do, which is causing the slowdown because it's very expensive.
> 
> CcProbe is introduced in this patch-set. It is called in
> BaseIoLibIntrinsicSev instead of IsTdxGuest. There are 2 versions of
> the CcProbeLib. Null instance of CcProbe always returns
> CCGuestTypeNonEncrypted. Its OvmfPkg version checks the Ovmf work area
> and returns the CC guest type.
> 
> In this patch-set another issue is fixed with CcProbe as well. If the
> working guest is SEV and in the beginning of SecMain.c TdIsEnabled()
> was called. At this point, exception handling is not established and
> a CPUID instruction will generate a #VC and cause the booting SEV guest
> to crash. Patch #7 is to fix this broken.
> 
> Code is at: https://github.com/mxu9/edk2/tree/cc_probe.v3
> 
> v3 changes:
>  - Fix the broken issue in SEV guest at SecMain.c. Please refer to
>    Patch #7.
> 
> v2 changes:
>  - Rename TdProbe to CcProbe to make the lib work for Confidential
>    Computing guests.
>  - Rename the GUEST_TYPE to CC_GUEST_TYPE and move it from
>    WorkArea.h@OvmfPkg to ConfidentialComputingGuestAttr.h@MdePkg.
>    This is because CcProbeLib is designed to return the CC Guest
>    type and the lib is located at MdePkg.
>  - Rename the CC_GUEST_TYPE's fields name to Camel style. See the
>    commit message in patch #1.
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> 
> Min Xu (7):
>   MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h
>   OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE
>   MdePkg: Add CcProbeLib
>   OvmfPkg: Add CcProbeLib
>   OvmfPkg: Add CcProbeLib in *.dsc
>   MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev
>   OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled
> 
>  .../Include/ConfidentialComputingGuestAttr.h  | 11 ++++++-
>  MdePkg/Include/Library/CcProbeLib.h           | 26 ++++++++++++++++
>  .../BaseIoLibIntrinsicSev.inf                 |  1 +
>  .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 13 ++------
>  .../Library/CcProbeLibNull/CcProbeLibNull.c   | 26 ++++++++++++++++
>  .../Library/CcProbeLibNull/CcProbeLibNull.inf | 21 +++++++++++++
>  MdePkg/MdePkg.dec                             |  5 +++
>  MdePkg/MdePkg.dsc                             |  1 +
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |  1 +
>  OvmfPkg/Bhyve/BhyveX64.dsc                    |  1 +
>  OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
>  OvmfPkg/Include/WorkArea.h                    |  9 +-----
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
>  OvmfPkg/IntelTdx/Sec/SecMain.c                |  6 ++--
>  OvmfPkg/IntelTdx/Sec/SecMain.inf              |  1 +
>  .../PeiMemEncryptSevLibInternal.c             |  2 +-
>  .../SecMemEncryptSevLibInternal.c             |  2 +-
>  OvmfPkg/Library/CcProbeLib/CcProbeLib.c       | 31 +++++++++++++++++++
>  OvmfPkg/Library/CcProbeLib/CcProbeLib.inf     | 25 +++++++++++++++
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  2 +-
>  OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
>  OvmfPkg/OvmfPkgX64.dsc                        |  1 +
>  OvmfPkg/OvmfXen.dsc                           |  1 +
>  OvmfPkg/Sec/AmdSev.c                          |  2 +-
>  OvmfPkg/Sec/SecMain.c                         |  5 +--
>  OvmfPkg/Sec/SecMain.inf                       |  1 +
>  28 files changed, 170 insertions(+), 29 deletions(-)
>  create mode 100644 MdePkg/Include/Library/CcProbeLib.h
>  create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c
>  create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>  create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.c
>  create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
> 
> --
> 2.29.2.windows.2

回复: [PATCH V3 0/7] Introduce CcProbe in MdePkg

[gaoliming]

Min:
  The change in MdePkg is good to me. Reviewed-by: Liming Gao
<gaoliming@byosoft.com.cn>

Thanks
Liming
> -----邮件原件-----
> 发件人: Min Xu <min.m.xu@intel.com>
> 发送时间: 2022年4月17日 11:01
> 收件人: devel@edk2.groups.io
> 抄送: Min Xu <min.m.xu@intel.com>; Michael D Kinney
> <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> Zhiguang Liu <zhiguang.liu@intel.com>; James Bottomley
> <jejb@linux.ibm.com>; Jiewen Yao <jiewen.yao@intel.com>; Gerd Hoffmann
> <kraxel@redhat.com>; Brijesh Singh <brijesh.singh@amd.com>; Erdem Aktas
> <erdemaktas@google.com>; Tom Lendacky <thomas.lendacky@amd.com>
> 主题: [PATCH V3 0/7] Introduce CcProbe in MdePkg
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902
> 
> Bad IO performance in SEC phase is observed after TDX features was
> introduced. (after commit b6b2de884864 - "MdePkg: Support mmio for
> Tdx guest in BaseIoLibIntrinsic").
> 
> This is because IsTdxGuest() will be called in each MMIO operation.
> It is trying to cache the result of the probe in the efi data segment.
> However, that doesn't work in SEC, because the data segment is read only
> (so the write seems to succeed but a read will always return the
> original value), leading to us calling TdIsEnabled() check for every
> mmio we do, which is causing the slowdown because it's very expensive.
> 
> CcProbe is introduced in this patch-set. It is called in
> BaseIoLibIntrinsicSev instead of IsTdxGuest. There are 2 versions of
> the CcProbeLib. Null instance of CcProbe always returns
> CCGuestTypeNonEncrypted. Its OvmfPkg version checks the Ovmf work area
> and returns the CC guest type.
> 
> In this patch-set another issue is fixed with CcProbe as well. If the
> working guest is SEV and in the beginning of SecMain.c TdIsEnabled()
> was called. At this point, exception handling is not established and
> a CPUID instruction will generate a #VC and cause the booting SEV guest
> to crash. Patch #7 is to fix this broken.
> 
> Code is at: https://github.com/mxu9/edk2/tree/cc_probe.v3
> 
> v3 changes:
>  - Fix the broken issue in SEV guest at SecMain.c. Please refer to
>    Patch #7.
> 
> v2 changes:
>  - Rename TdProbe to CcProbe to make the lib work for Confidential
>    Computing guests.
>  - Rename the GUEST_TYPE to CC_GUEST_TYPE and move it from
>    WorkArea.h@OvmfPkg to ConfidentialComputingGuestAttr.h@MdePkg.
>    This is because CcProbeLib is designed to return the CC Guest
>    type and the lib is located at MdePkg.
>  - Rename the CC_GUEST_TYPE's fields name to Camel style. See the
>    commit message in patch #1.
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> 
> Min Xu (7):
>   MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h
>   OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE
>   MdePkg: Add CcProbeLib
>   OvmfPkg: Add CcProbeLib
>   OvmfPkg: Add CcProbeLib in *.dsc
>   MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev
>   OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled
> 
>  .../Include/ConfidentialComputingGuestAttr.h  | 11 ++++++-
>  MdePkg/Include/Library/CcProbeLib.h           | 26
> ++++++++++++++++
>  .../BaseIoLibIntrinsicSev.inf                 |  1 +
>  .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 13 ++------
>  .../Library/CcProbeLibNull/CcProbeLibNull.c   | 26 ++++++++++++++++
>  .../Library/CcProbeLibNull/CcProbeLibNull.inf | 21 +++++++++++++
>  MdePkg/MdePkg.dec                             |  5 +++
>  MdePkg/MdePkg.dsc                             |  1 +
>  OvmfPkg/AmdSev/AmdSevX64.dsc                  |  1 +
>  OvmfPkg/Bhyve/BhyveX64.dsc                    |  1 +
>  OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
>  OvmfPkg/Include/WorkArea.h                    |  9 +-----
>  OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
>  OvmfPkg/IntelTdx/Sec/SecMain.c                |  6 ++--
>  OvmfPkg/IntelTdx/Sec/SecMain.inf              |  1 +
>  .../PeiMemEncryptSevLibInternal.c             |  2 +-
>  .../SecMemEncryptSevLibInternal.c             |  2 +-
>  OvmfPkg/Library/CcProbeLib/CcProbeLib.c       | 31
> +++++++++++++++++++
>  OvmfPkg/Library/CcProbeLib/CcProbeLib.inf     | 25 +++++++++++++++
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  2 +-
>  OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
>  OvmfPkg/OvmfPkgX64.dsc                        |  1 +
>  OvmfPkg/OvmfXen.dsc                           |  1 +
>  OvmfPkg/Sec/AmdSev.c                          |  2 +-
>  OvmfPkg/Sec/SecMain.c                         |  5 +--
>  OvmfPkg/Sec/SecMain.inf                       |  1 +
>  28 files changed, 170 insertions(+), 29 deletions(-)
>  create mode 100644 MdePkg/Include/Library/CcProbeLib.h
>  create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c
>  create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>  create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.c
>  create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
> 
> --
> 2.29.2.windows.2

Re: [PATCH V3 1/7] MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h

[Lendacky, Thomas]

On 4/16/22 22:01, Min Xu wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902
> 
> The confidential computing guest type (GUEST_TYPE) was defined in
> OvmfPkg/Include/WorkArea.h. Now it is to be moved to
> MdePkg/Include/ConfidentialComputingGuestAttr.h and renamed as
> CC_GUEST_TYPE.
> 
> There are 2 reasons for this change.
> 1. CC_GUEST_TYPE is a generic definition and will be used in CcProbeLib
>     which is defined in MdePkg.
> 2. Based on the latest edk2 coding style:
>   - First character should be upper case
>   - Must contain lower case characters
>   - No white space characters
>   - Global variable name must start with a 'g'
> 
> As the first step CC_GUEST_TYPE is defined in this patch. In the
> next patch GUEST_TYPE will be deleted. This is to make sure the
> bisect work correctly.
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>   MdePkg/Include/ConfidentialComputingGuestAttr.h | 11 ++++++++++-
>   1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Include/ConfidentialComputingGuestAttr.h b/MdePkg/Include/ConfidentialComputingGuestAttr.h
> index dd2541c6dcdf..9e9424a01559 100644
> --- a/MdePkg/Include/ConfidentialComputingGuestAttr.h
> +++ b/MdePkg/Include/ConfidentialComputingGuestAttr.h
> @@ -1,5 +1,5 @@
>   /** @file
> -Definitions for Confidential Computing Attribute
> +Definitions for Confidential Computing Guest Attributes
>   
>   Copyright (c) 2021 AMD Inc. All rights reserved.<BR>
>   SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -9,6 +9,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>   #ifndef CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
>   #define CONFIDENTIAL_COMPUTING_GUEST_ATTR_H_
>   
> +//
> +// Confidential computing guest type
> +//
> +typedef enum {
> +  CCGuestTypeNonEncrypted = 0,
> +  CCGuestTypeAmdSev,
> +  CCGuestTypeIntelTdx,
> +} CC_GUEST_TYPE;

Should these be CcGuest... ? The precedent seems to be use lowercase even 
when the the acronym is uppercase, e.g. PCI => Pci, GHCB => Ghcb, SMBIOS 
=> SmBios, NVME => Nvme, etc.

Thanks,
Tom

> +
>   typedef enum {
>     /* The guest is running with memory encryption disabled. */
>     CCAttrNotEncrypted = 0,

Re: [PATCH V3 1/7] MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h

[Min Xu]

On April 18, 2022 9:48 PM, Tom Lendacky wrote:
> > +//
> > +// Confidential computing guest type
> > +//
> > +typedef enum {
> > +  CCGuestTypeNonEncrypted = 0,
> > +  CCGuestTypeAmdSev,
> > +  CCGuestTypeIntelTdx,
> > +} CC_GUEST_TYPE;
> 
> Should these be CcGuest... ? The precedent seems to be use lowercase even
> when the the acronym is uppercase, e.g. PCI => Pci, GHCB => Ghcb, SMBIOS =>
> SmBios, NVME => Nvme, etc.
> 
Thanks for reminder. It will be updated in the next version.

Thanks
Min

Re: [PATCH V3 5/7] OvmfPkg: Add CcProbeLib in *.dsc

[Lendacky, Thomas]

On 4/16/22 22:01, Min Xu wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902
> 
> CcProbeLib is imported in BaseIoLibIntrinsicSev.
> OvmfPkg/Library/CcProbeLib is the OvmfPkg version which checks
> OvmfWorkArea to return the Cc guest type. It is included
> in OvmfPkgX64.dsc and IntelTdx/IntelTdxX64.dsc.

SEV support (as opposed to SEV-ES and SEV-SNP) builds and runs with
OvmfPkgIa32X64.dsc, so that needs updating. It also builds with
OvmfPkgIa32.dsc, but is not expected to run successfully in only the
32-bit variant - and since there is no work area in the fdf file that
can stay as the NULL library.

However, when testing the Ia32X64 variant, I found that commits:

63c50d3ff285 ("OvmfPkg/ResetVector: cache the SEV status MSR value in workarea")
f1d1c337e7c0 ("OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea")

actually broke the Ia32X64 variant running under SEV, so we (AMD)
will need to fix that - unless we just say that now SEV requires
the X64-only build since both SEV-ES and SEV-SNP require that.

Thanks,
Tom

> 
> Other .dsc include the MdePkg/Library/CcProbeLibNull because Cc guest
> is not supported in those projects.
> 
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>   OvmfPkg/AmdSev/AmdSevX64.dsc     | 1 +
>   OvmfPkg/Bhyve/BhyveX64.dsc       | 1 +
>   OvmfPkg/CloudHv/CloudHvX64.dsc   | 1 +
>   OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
>   OvmfPkg/Microvm/MicrovmX64.dsc   | 1 +
>   OvmfPkg/OvmfPkgIa32.dsc          | 1 +
>   OvmfPkg/OvmfPkgIa32X64.dsc       | 1 +
>   OvmfPkg/OvmfPkgX64.dsc           | 1 +
>   OvmfPkg/OvmfXen.dsc              | 1 +
>   9 files changed, 9 insertions(+)
> 
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index fcdc3efab204..1c088f25fa4b 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -149,6 +149,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
> index e1b6b8e15f36..a8fa4d38ab60 100644
> --- a/OvmfPkg/Bhyve/BhyveX64.dsc
> +++ b/OvmfPkg/Bhyve/BhyveX64.dsc
> @@ -146,6 +146,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
> index 20f3bc340807..d1c85f60c768 100644
> --- a/OvmfPkg/CloudHv/CloudHvX64.dsc
> +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
> @@ -158,6 +158,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> index 245155d41b30..73a6c30096a8 100644
> --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
> @@ -135,6 +135,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
> index 59580ccd4691..c9c843e116a9 100644
> --- a/OvmfPkg/Microvm/MicrovmX64.dsc
> +++ b/OvmfPkg/Microvm/MicrovmX64.dsc
> @@ -156,6 +156,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index e4218b01f0fc..9e4ecd21fb17 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -154,6 +154,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index a80cdaacb8bc..75fb8095eec2 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -158,6 +158,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index fb2899f8a1be..2e534d0d2478 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -165,6 +165,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf
> diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
> index 7bd594c6e263..8d420cf54371 100644
> --- a/OvmfPkg/OvmfXen.dsc
> +++ b/OvmfPkg/OvmfXen.dsc
> @@ -147,6 +147,7 @@
>     PciCapLib|OvmfPkg/Library/BasePciCapLib/BasePciCapLib.inf
>     PciCapPciSegmentLib|OvmfPkg/Library/BasePciCapPciSegmentLib/BasePciCapPciSegmentLib.inf
>     PciCapPciIoLib|OvmfPkg/Library/UefiPciCapPciIoLib/UefiPciCapPciIoLib.inf
> +  CcProbeLib|MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>     IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
>     OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf
>     SerialPortLib|PcAtChipsetPkg/Library/SerialIoLib/SerialIoLib.inf

Re: [PATCH V3 0/7] Introduce CcProbe in MdePkg

[Lendacky, Thomas]

On 4/16/22 22:01, Min Xu wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3902
> 
> Bad IO performance in SEC phase is observed after TDX features was
> introduced. (after commit b6b2de884864 - "MdePkg: Support mmio for
> Tdx guest in BaseIoLibIntrinsic").
> 
> This is because IsTdxGuest() will be called in each MMIO operation.
> It is trying to cache the result of the probe in the efi data segment.
> However, that doesn't work in SEC, because the data segment is read only
> (so the write seems to succeed but a read will always return the
> original value), leading to us calling TdIsEnabled() check for every
> mmio we do, which is causing the slowdown because it's very expensive.
> 
> CcProbe is introduced in this patch-set. It is called in
> BaseIoLibIntrinsicSev instead of IsTdxGuest. There are 2 versions of
> the CcProbeLib. Null instance of CcProbe always returns
> CCGuestTypeNonEncrypted. Its OvmfPkg version checks the Ovmf work area
> and returns the CC guest type.
> 
> In this patch-set another issue is fixed with CcProbe as well. If the
> working guest is SEV and in the beginning of SecMain.c TdIsEnabled()
> was called. At this point, exception handling is not established and
> a CPUID instruction will generate a #VC and cause the booting SEV guest
> to crash. Patch #7 is to fix this broken.
> 
> Code is at: https://github.com/mxu9/edk2/tree/cc_probe.v3
> 
> v3 changes:
>   - Fix the broken issue in SEV guest at SecMain.c. Please refer to
>     Patch #7.
> 
> v2 changes:
>   - Rename TdProbe to CcProbe to make the lib work for Confidential
>     Computing guests.
>   - Rename the GUEST_TYPE to CC_GUEST_TYPE and move it from
>     WorkArea.h@OvmfPkg to ConfidentialComputingGuestAttr.h@MdePkg.
>     This is because CcProbeLib is designed to return the CC Guest
>     type and the lib is located at MdePkg.
>   - Rename the CC_GUEST_TYPE's fields name to Camel style. See the
>     commit message in patch #1.
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>

After working around the PCI library issue (for which Min will be 
submitting a patch), this series boots successfully for SEV, SEV-ES and 
SEV-SNP when built as X64. I documented the issue that SEV has with 
Ia32X64 in patch 5/7 and I'll have to decide what to do there. So...

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> 
> Min Xu (7):
>    MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h
>    OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE
>    MdePkg: Add CcProbeLib
>    OvmfPkg: Add CcProbeLib
>    OvmfPkg: Add CcProbeLib in *.dsc
>    MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev
>    OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled
> 
>   .../Include/ConfidentialComputingGuestAttr.h  | 11 ++++++-
>   MdePkg/Include/Library/CcProbeLib.h           | 26 ++++++++++++++++
>   .../BaseIoLibIntrinsicSev.inf                 |  1 +
>   .../BaseIoLibIntrinsic/IoLibInternalTdx.c     | 13 ++------
>   .../Library/CcProbeLibNull/CcProbeLibNull.c   | 26 ++++++++++++++++
>   .../Library/CcProbeLibNull/CcProbeLibNull.inf | 21 +++++++++++++
>   MdePkg/MdePkg.dec                             |  5 +++
>   MdePkg/MdePkg.dsc                             |  1 +
>   OvmfPkg/AmdSev/AmdSevX64.dsc                  |  1 +
>   OvmfPkg/Bhyve/BhyveX64.dsc                    |  1 +
>   OvmfPkg/CloudHv/CloudHvX64.dsc                |  1 +
>   OvmfPkg/Include/WorkArea.h                    |  9 +-----
>   OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  1 +
>   OvmfPkg/IntelTdx/Sec/SecMain.c                |  6 ++--
>   OvmfPkg/IntelTdx/Sec/SecMain.inf              |  1 +
>   .../PeiMemEncryptSevLibInternal.c             |  2 +-
>   .../SecMemEncryptSevLibInternal.c             |  2 +-
>   OvmfPkg/Library/CcProbeLib/CcProbeLib.c       | 31 +++++++++++++++++++
>   OvmfPkg/Library/CcProbeLib/CcProbeLib.inf     | 25 +++++++++++++++
>   OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPei.c   |  2 +-
>   OvmfPkg/Microvm/MicrovmX64.dsc                |  1 +
>   OvmfPkg/OvmfPkgIa32.dsc                       |  1 +
>   OvmfPkg/OvmfPkgIa32X64.dsc                    |  1 +
>   OvmfPkg/OvmfPkgX64.dsc                        |  1 +
>   OvmfPkg/OvmfXen.dsc                           |  1 +
>   OvmfPkg/Sec/AmdSev.c                          |  2 +-
>   OvmfPkg/Sec/SecMain.c                         |  5 +--
>   OvmfPkg/Sec/SecMain.inf                       |  1 +
>   28 files changed, 170 insertions(+), 29 deletions(-)
>   create mode 100644 MdePkg/Include/Library/CcProbeLib.h
>   create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.c
>   create mode 100644 MdePkg/Library/CcProbeLibNull/CcProbeLibNull.inf
>   create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.c
>   create mode 100644 OvmfPkg/Library/CcProbeLib/CcProbeLib.inf
> 

Re: [edk2-devel] [PATCH V3 0/7] Introduce CcProbe in MdePkg

[Min Xu]

On April 18, 2022 11:27 PM, Lendacky, Thomas wrote:
> After working around the PCI library issue (for which Min will be submitting a
> patch), this series boots successfully for SEV, SEV-ES and SEV-SNP when built
> as X64. I documented the issue that SEV has with
> Ia32X64 in patch 5/7 and I'll have to decide what to do there. So...
>
Thanks Tom. The PCI library issue workaround will be in a separate patch-set. It will be sent out soon.

Min

Re: [PATCH V3 1/7] MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h

[Gerd Hoffmann]

  Hi,

> As the first step CC_GUEST_TYPE is defined in this patch. In the
> next patch GUEST_TYPE will be deleted. This is to make sure the
> bisect work correctly.

Hmm, what exactly went wrong?  Splitting into two patches looks
pointless.  If the change is too big for an all-in-one patch typical
bisectable splitting would be:

  (1) add CC_GUEST_TYPE
  (2) multiple patches switching code from GUEST_TYPE to CC_GUEST_TYPE
      (for example one patch per Pkg).
  (3) remove GUEST_TYPE

> +//
> +// Confidential computing guest type
> +//
> +typedef enum {
> +  CCGuestTypeNonEncrypted = 0,
> +  CCGuestTypeAmdSev,
> +  CCGuestTypeIntelTdx,
> +} CC_GUEST_TYPE;

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd