From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id E9673740039 for ; Wed, 28 Feb 2024 04:51:14 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=VxsfCje7O6E/Pi5jNyL0Su6HGGyt11tde+1IyChAkPs=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1709095873; v=1; b=YsrzomyoaCuQnBw/hIgrlTGiMJ0LyJ7lBuxZRxWAPn8uz+9PDNdPgY8dXk+1yI3xQJnFq1E1 sMahWjw7/a3Z6J6Mi/+JwzBs7luLaVOnU4AHyMymZs98wgQPuCNX35D5pPuYiOdY0G4rt4U3n6l 5bCCDkXNbb4DrORlM1mJnJc4= X-Received: by 127.0.0.2 with SMTP id Y0v6YY7687511xjTV98ZrUTt; Tue, 27 Feb 2024 20:51:13 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.6483.1709095872688410337 for ; Tue, 27 Feb 2024 20:51:12 -0800 X-Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-224-zPSJmEmLN8ewq1seM0hJkw-1; Tue, 27 Feb 2024 23:51:08 -0500 X-MC-Unique: zPSJmEmLN8ewq1seM0hJkw-1 X-Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D3580381258D; Wed, 28 Feb 2024 04:51:07 +0000 (UTC) X-Received: from [10.39.192.46] (unknown [10.39.192.46]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ACCE8492BC6; Wed, 28 Feb 2024 04:51:05 +0000 (UTC) Message-ID: <92bec1c1-08d6-73a9-a2e8-d458e12a51c7@redhat.com> Date: Wed, 28 Feb 2024 05:51:04 +0100 MIME-Version: 1.0 Subject: Re: [edk2-devel] [PATCH 05/10] OvmfPkg/ResetVector: split SEV and non-CoCo workflows To: devel@edk2.groups.io, kraxel@redhat.com Cc: Tom Lendacky , Jiewen Yao , Oliver Steffen , Erdem Aktas , Michael Roth , Ard Biesheuvel , Min Xu References: <20240222115435.85794-1-kraxel@redhat.com> <20240222115435.85794-6-kraxel@redhat.com> From: "Laszlo Ersek" In-Reply-To: <20240222115435.85794-6-kraxel@redhat.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: HwIBi8TvO2iO29utxzT6Yachx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=Ysrzomyo; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 2/22/24 12:54, Gerd Hoffmann wrote: > Use separate control flows for SEV and non-CoCo cases. >=20 > SevClearPageEncMaskForGhcbPage and GetSevCBitMaskAbove31 will now only > be called when running in SEV mode, so the SEV check in these functions > is not needed any more. >=20 > No functional change. >=20 > Signed-off-by: Gerd Hoffmann > --- > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 16 ++-------------- > OvmfPkg/ResetVector/Ia32/PageTables64.asm | 17 ++++++++++++++--- > 2 files changed, 16 insertions(+), 17 deletions(-) >=20 > diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia= 32/AmdSev.asm > index 043c88a7abbe..ed94f1dc668f 100644 > --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > @@ -152,12 +152,8 @@ SevEsUnexpectedRespTerminate: > =20 > %ifdef ARCH_X64 > =20 > -; If SEV-ES is enabled then initialize and make the GHCB page shared > +; initialize and make the GHCB page shared (1) This comment update is unjustified, I suggest reverting it. (The SEV check is indeed superfluous below, but you -- correctly -- keep the SEV-ES check, and the comment here is about SEV-ES, not SEV. Because the check stays, the comment should stay too.) > SevClearPageEncMaskForGhcbPage: > - ; Check if SEV is enabled > - cmp byte[WORK_AREA_GUEST_TYPE], 1 > - jnz SevClearPageEncMaskForGhcbPageExit > - > ; Check if SEV-ES is enabled > mov ecx, 1 > bt [SEV_ES_WORK_AREA_STATUS_MSR], ecx > @@ -195,20 +191,12 @@ pageTableEntries4kLoop: > SevClearPageEncMaskForGhcbPageExit: > OneTimeCallRet SevClearPageEncMaskForGhcbPage > =20 > -; Check if SEV is enabled, and get the C-bit mask above 31. > +; Get the C-bit mask above 31. > ; Modified: EDX > ; > ; The value is returned in the EDX > GetSevCBitMaskAbove31: > - xor edx, edx > - > - ; Check if SEV is enabled > - cmp byte[WORK_AREA_GUEST_TYPE], 1 > - jnz GetSevCBitMaskAbove31Exit > - > mov edx, dword[SEV_ES_WORK_AREA_ENC_MASK + 4] > - > -GetSevCBitMaskAbove31Exit: > OneTimeCallRet GetSevCBitMaskAbove31 > =20 > %endif > diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVec= tor/Ia32/PageTables64.asm > index 166e80293c89..84a7b4efc019 100644 > --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm > +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm > @@ -118,15 +118,26 @@ SetCr3ForPageTables64: > =20 > ; Check whether the SEV is active and populate the SevEsWorkArea > OneTimeCall CheckSevFeatures > + cmp byte[WORK_AREA_GUEST_TYPE], 1 > + jz SevInit > =20 > + ; > + ; normal (non-CoCo) workflow > + ; > + ClearOvmfPageTables > + CreatePageTables4Level 0 > + jmp SetCr3 > + > +SevInit: > + ; > + ; SEV workflow > + ; > + ClearOvmfPageTables > ; If SEV is enabled, the C-bit position is always above 31. > ; The mask will be saved in the EDX and applied during the > ; the page table build below. > OneTimeCall GetSevCBitMaskAbove31 > - > - ClearOvmfPageTables > CreatePageTables4Level edx > - > ; Clear the C-bit from the GHCB page if the SEV-ES is enabled. > OneTimeCall SevClearPageEncMaskForGhcbPage > jmp SetCr3 Nice. The patch also sneakily reorders ClearOvmfPageTables against GetSevCBitMaskAbove31 -- but that's an improvement: this way we no longer depend on ClearOvmfPageTables not modifying EDX; instead, EDX directly passes from GetSevCBitMaskAbove31 to CreatePageTables4Level. With (1) undone: Reviewed-by: Laszlo Ersek -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116084): https://edk2.groups.io/g/devel/message/116084 Mute This Topic: https://groups.io/mt/104506794/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-