From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.61]) by mx.groups.io with SMTP id smtpd.web10.5670.1606919908201428224 for ; Wed, 02 Dec 2020 06:38:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=CKEmJ7pU; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.61, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HcCcQzi9EVMlSOjvxnijiudSVrQrkPok4riV9ZgCtcDT8/qyIpHL/y43befxcty7ojfR48+8isQErkfppxz6dPjAa+BNchU3k90+Ho05xDiN3GNDLEhwm6BoFOOkvpBnIoMbHY7GMxsCXP7oANKySFdC6gIZgyws9+w/hxijurORlni7W0dXAjdUL8G8/uVvqyHbUdREkBI2WzHMqR4cZF8kr5K6JAoXsGUiiF6iCcky8Hh5ZOKb5x5Do/s1xBI1p/Tp54jAMPniaKzrV+kAIyRDkdvdLAetJ+1c80v/Wkb3u6b6PAiWCHmsDsD5bLwgIPGAVIyLAWNJr6HKUPzA+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FA1qPeUOojInlIiud3Ll3eaf4i0REWt13bJzupaLx50=; b=V+TQr1LSPjjzkZUDC4Hv1sEaB/JZAAwob/2ewJKvSoHjeDzXyvpY12xynZBq4djZisfqjS3iLp0JWm4nhIb4Tr05kYVgNLTfQ5d6JLcBn3mns0kZ88jEb+YdGMWOmcNkTq2ZkTjClWwtiAafbJwyMktguZJeHOAJdH2+hoA7dMFEggbwf5RlVKH58XbroSqa8FYcAxLAhk3mK7AtHryAhjSJX+7wamy6FFnfEqTKulsq4kQHQLQRpJSNMwRjcei60mc27/VMFOqI9ybf60sDVK9lFqvJHqE4KZPiDSQ1M5GedNj2Q0zWu+v5wVZAjacwsq3OrTWUMnq1l6P07wOhNQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FA1qPeUOojInlIiud3Ll3eaf4i0REWt13bJzupaLx50=; b=CKEmJ7pUatK5fbfIAz76TairuBNTaC7chkOAHXNtjoZTNAGrh/UAapBTBz2MV0h5mPSd/ZJz7StN9pmeyR8bivSx0u1QHE0rgSLPcVHNi/8OaVLPjcXv6XkVv//XCwnHE0a9Y9/Dqzn6dyHATKRYkuaataEPU2K88Ava+6Skja4= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1772.namprd12.prod.outlook.com (2603:10b6:3:107::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.25; Wed, 2 Dec 2020 14:38:26 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3632.019; Wed, 2 Dec 2020 14:38:26 +0000 Subject: Re: [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall To: Ashish Kalra , devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com, jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com References: <20201202072947.12668-1-Ashish.Kalra@amd.com> From: "Lendacky, Thomas" Message-ID: <83188ea4-630f-6a7e-e166-2d677df2e25e@amd.com> Date: Wed, 2 Dec 2020 08:38:23 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <20201202072947.12668-1-Ashish.Kalra@amd.com> X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SN4PR0501CA0051.namprd05.prod.outlook.com (2603:10b6:803:41::28) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0501CA0051.namprd05.prod.outlook.com (2603:10b6:803:41::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.5 via Frontend Transport; Wed, 2 Dec 2020 14:38:24 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a06dc90e-4531-4b87-b3a3-08d896cfed49 X-MS-TrafficTypeDiagnostic: DM5PR12MB1772: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2+PnxqQ3gBenxyQRi58yAp9fnkp25pQ1aPkXpGw7Gg8EJksITxASEp0tC61UKTmMHt2i4XY1RrmDJcV08HvzrUvc65BQFdPRKVb363kb9/1iWSecWo3EtT1N+tbOyGc/EDB5V0qcyJV6j6mEUd6xTS+Ye1QiCs1MmLONaYwkVGlsWSkxi9fr2eWwcYCa0x3E70n9pX9Xl4E+WOgmP7TjmsOMbtp+JaLJTK2qPE3sNUNp8zu6KMXjkMUUPWj0N8NknptTzdQgjzf8jian7cAeTCXhFVH543VtOz19gkdGlszU/O/uKi5vFdzu/YV6Y3amIM9ZhQZkp6ADz9BB6mmKpiLCGuDaGvcykL//tm4gu/4Vk7qumex88Q71sq3DveuwbACDZr8+wcIgXW/abEOJXexdDXHWvkMAYkybf33DkRM= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(346002)(396003)(376002)(136003)(39860400002)(31696002)(8936002)(26005)(6512007)(478600001)(53546011)(6506007)(5660300002)(19627235002)(956004)(2906002)(36756003)(31686004)(86362001)(2616005)(316002)(8676002)(6486002)(16526019)(186003)(83380400001)(52116002)(66946007)(66476007)(66556008)(4326008)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?REdiOWxJVUJvZm00R3VjNlZFNjVTK0hIc3JnSHd6VkpVZThIMytsY2dxeHFl?= =?utf-8?B?RzdHL2RGMXRkVFBSUk4rODBRQWZCb0tYNEtEMHQvZ2dyMVZ4bVhZWEl4TFU3?= =?utf-8?B?VTArc01yZzRTL29rdjFDMFl6bitMWnlDUlAwb2NBRjgwWDlNcmFha05MaHlr?= =?utf-8?B?aElzVWlUQWdLR2ZJdEFzcVBJaG16V0Zidm5hc200Y0ttbTdHNjc3bE5ZT0Zl?= =?utf-8?B?dzJhOHBCaDVRMEt5NE1TbEtuNUZrOER6aFBINURxKzJEcTQ3TjZtOHl5S1c0?= =?utf-8?B?RFgvVW5qYjQ2RVM5UEhBWjJraGt6UThiRGZYT0VqcEhaN2hONVRnK0NVNEl0?= =?utf-8?B?L0labm1XLzRuVFpOa3FNdU9ZNFBGcGZGYVVvT1BrdUxFU29uMjNkcVB1TTNi?= =?utf-8?B?elo1dlkxKzZYYXlzMjJwaGxqY1NJZDJMbWpZYmFEdStZOVhEVkZKZ3Nzbzlm?= =?utf-8?B?ell2aHYxZEJHa2YrUEs1SHdLZmlNZFhvdTNTM2V4Uys5bjNKc3VTK3plcVpz?= =?utf-8?B?RkN4K1N4aklRYjNHQzhrUHRlWEJpbmJNbGdmbnZZalVEdGxZTUd1N3dBN2tt?= =?utf-8?B?RCtNRkFYdDJMMU9JQ0gyb1NiV2lUeisvY0wwWVBYVG5FWkZmQlVmM0pybnNa?= =?utf-8?B?K2Y0UVVtTndvSEkybklCbEF3R0h6MmFVNko4eENvK2tSb2hBaWJuSWphVkY0?= =?utf-8?B?Q1ExQzFYQkZnb0lSMlhCMm1hY1RndHI1VWp6MldmWDRCOXVsaUJtSEFwYlF0?= =?utf-8?B?Mjh6dFdJRWtjT3JIMzRQRjZWUUFiVkRoQi8rWTA2akJSWWZ2dllkS3laazF5?= =?utf-8?B?cERJQklSbVNiNlV3VFRjL09YVGN3T0gzcmxrbHp0U3VRbVRxejRYN2JxSi95?= =?utf-8?B?bDVGM2pkeHpWYlJqYVVUZlZGZFJTeDZodG5IY3YrVVREdHlRbHMrOUhKemMr?= =?utf-8?B?WHB0ZVdkMmFLeTNvM2d6WTkwZVM1bnJzak16VG40amczQ0UzT1Zjb01DZjZn?= =?utf-8?B?YlpWSEJPNDhNRkJNZEZOTFlYQkdDWEpqN2FEUlpzYndTcDdTTWZpODIwWGZQ?= =?utf-8?B?VW9FWGErMTY1K2h0Zkh5bVdLN3VjeVpXdWlvYzB3aUJmQndZMm83am1lRzFI?= =?utf-8?B?SnY3eWE0K09TSWxiNlVuRTB1blZHQnA3Sm1CdlZsNnZwLytESU40U2YxVEYw?= =?utf-8?B?Q2dEQi9LbzdHQnI1OVZTRnQxYU1FaUcrZStFZ3VsdEI4dy85emU0OU1oaWJN?= =?utf-8?B?aUROV3BIby9HUnVLcS9GbEprMS9pamMwZVdRcGUyNTRvQ0d0eCtwZjJHMWdD?= =?utf-8?Q?Hb/qiBm1kFD307xyyKCVHE+fBNguzBFBE5?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a06dc90e-4531-4b87-b3a3-08d896cfed49 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2020 14:38:25.9640 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: isqxbXQ6NJy54nN86tAScxM2jXJzhmNr77oYIbi9xmjbmAvvXbXRf4GOeGGALyPKLMN2ZSMHzabzBc83Kg1qFw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1772 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 12/2/20 1:29 AM, Ashish Kalra wrote: > From: Brijesh Singh > > By default all the SEV guest memory regions are considered encrypted, > if a guest changes the encryption attribute of the page (e.g mark a > page as decrypted) then notify hypervisor. Hypervisor will need to > track the unencrypted pages. The information will be used during > guest live migration, guest page migration and guest debugging. > > Invoke hypercall via the new hypercall library > > This hypercall is used to notify hypervisor when a page is marked as > 'decrypted' (i.e C-bit removed). This will miss the SEC GHCB page that is mapped as unencrypted in OvmfPkg/ResetVector/Ia32/PageTables64.asm. You'll need to remember to mark that one specifically. I don't think there are any others. Thanks, Tom > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > > Signed-off-by: Brijesh Singh > Signed-off-by: Ashish Kalra > --- > OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 1 + > OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 ++++++++++++++++++ > 2 files changed, 19 insertions(+) > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf > index 7c44d09528..95ee707918 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf > @@ -46,6 +46,7 @@ > DebugLib > MemoryAllocationLib > PcdLib > + MemEncryptHypercallLib > > [FeaturePcd] > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > index 5e110c84ff..1e670b6200 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c > @@ -14,6 +14,7 @@ > #include > #include > #include > +#include > > #include "VirtualMemory.h" > > @@ -589,6 +590,9 @@ SetMemoryEncDec ( > UINT64 AddressEncMask; > BOOLEAN IsWpEnabled; > RETURN_STATUS Status; > + UINTN Size; > + BOOLEAN CBitChanged; > + PHYSICAL_ADDRESS OrigPhysicalAddress; > > // > // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings. > @@ -640,6 +644,10 @@ SetMemoryEncDec ( > > Status = EFI_SUCCESS; > > + Size = Length; > + CBitChanged = FALSE; > + OrigPhysicalAddress = PhysicalAddress; > + > while (Length) > { > // > @@ -699,6 +707,7 @@ SetMemoryEncDec ( > )); > PhysicalAddress += BIT30; > Length -= BIT30; > + CBitChanged = TRUE; > } else { > // > // We must split the page > @@ -753,6 +762,7 @@ SetMemoryEncDec ( > SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); > PhysicalAddress += BIT21; > Length -= BIT21; > + CBitChanged = TRUE; > } else { > // > // We must split up this page into 4K pages > @@ -795,6 +805,7 @@ SetMemoryEncDec ( > SetOrClearCBit (&PageTableEntry->Uint64, Mode); > PhysicalAddress += EFI_PAGE_SIZE; > Length -= EFI_PAGE_SIZE; > + CBitChanged = TRUE; > } > } > } > @@ -812,6 +823,13 @@ SetMemoryEncDec ( > // > CpuFlushTlb(); > > + // > + // Notify Hypervisor on C-bit status > + // > + if (CBitChanged) { > + SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode); > + } > + > Done: > // > // Restore page table write protection, if any. >