From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118507+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 5FB3B740045
	for <rebecca@openfw.io>; Thu,  2 May 2024 11:50:58 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=0mnHElPmTUCzJKRouQ+qb0tcuBJxwqe8VYYu9od6s6E=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type;
 s=20240206; t=1714650657; v=1;
 b=gja3hPSspM9D1NxzGI2oSHT4UHSCug3EclfsGalUp3aXDWPESFJsdf+8QmBtgZSRh2B4+2uL
 S5tyWp0fd6E1j9ODai4xoExEkVZAjsdiBje8RH+I4x1qu9yhIXZDox/uMR3NRSapKwjReLik+Xk
 DBgpNEjGeKm9aeHpAbqrCNcFMCD2guDH2X3vpN2AMe1ahuIcHY7I7RMccSb4i64o/zt3sq20Qr0
 QA6yBhQ1C//w4zJuzX1RWa4N/6ZuCUUHA8w55zLFt0jrw8HblrJwiF6OuWQlIAWf95OWHJ7GdlJ
 FCY2Ax52uHiIK3+FTCOKb+yOQGd1snEh+BKBq8f2Z7yJg==
X-Received: by 127.0.0.2 with SMTP id SonlYY7687511xlqoV1ZW6Zm; Thu, 02 May 2024 04:50:57 -0700
X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
 by mx.groups.io with SMTP id smtpd.web11.11385.1714650651471338768
 for <devel@edk2.groups.io>;
 Thu, 02 May 2024 04:50:51 -0700
X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id D7BA461A2F
	for <devel@edk2.groups.io>; Thu,  2 May 2024 11:50:50 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7BE48C113CC
	for <devel@edk2.groups.io>; Thu,  2 May 2024 11:50:50 +0000 (UTC)
X-Received: by mail-lj1-f174.google.com with SMTP id 38308e7fff4ca-2db2f6cb312so122529131fa.2
        for <devel@edk2.groups.io>; Thu, 02 May 2024 04:50:50 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCXYIrzXIx07LmIrS0f7jMoHZwofqZgk13HwIL0FgF1osJ7yeZ6sZFA2huJEJgRXmAw9s9aq9lZ/WlBd1Ydfbrs3MGiXuw==
X-Gm-Message-State: 7edZChUu2xMKAHuR72vPHp8Wx7686176AA=
X-Google-Smtp-Source: AGHT+IFevUdw1ZS0FNUCewAwsrW5cqFQgdNzbbhpe9WjqqyIRadXlA8p2ov7IklApwSsGOPQmvM01szJrzomKW6E8kw=
X-Received: by 2002:a05:651c:2220:b0:2de:75de:5b0b with SMTP id
 y32-20020a05651c222000b002de75de5b0bmr4704062ljq.18.1714650648875; Thu, 02
 May 2024 04:50:48 -0700 (PDT)
MIME-Version: 1.0
References: <20240501190340.2238565-1-michael.roth@amd.com> <vejnn6nd4kpyigakdok7czhxtepivbhjzw3ozwbsbe5u6ngtqv@gupj5bsuyttd>
In-Reply-To: <vejnn6nd4kpyigakdok7czhxtepivbhjzw3ozwbsbe5u6ngtqv@gupj5bsuyttd>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Thu, 2 May 2024 13:50:37 +0200
X-Gmail-Original-Message-ID: <CAMj1kXH9bULSU8QwdADs+dbGTSeKVA3oELeSLkz1Z1QUL2+60A@mail.gmail.com>
Message-ID: <CAMj1kXH9bULSU8QwdADs+dbGTSeKVA3oELeSLkz1Z1QUL2+60A@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v4 0/3] OvmfPkg: Don't make APIC MMIO accesses with encryption bit set
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: Michael Roth <michael.roth@amd.com>, devel@edk2.groups.io, 
	Tom Lendacky <thomas.lendacky@amd.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Thu, 02 May 2024 04:50:51 -0700
Resent-From: ardb@kernel.org
Reply-To: devel@edk2.groups.io,ardb@kernel.org
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=gja3hPSs;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

On Thu, 2 May 2024 at 11:06, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Wed, May 01, 2024 at 02:03:37PM GMT, Michael Roth wrote:
> > For the most part, OVMF will clear the encryption bit for MMIO regions,
> > but there is currently one known exception during SEC when the APIC
> > base address is accessed via MMIO with the encryption bit set for
> > SEV-ES/SEV-SNP guests. In the case of SEV-SNP, this requires special
> > handling on the hypervisor side which may not be available in the
> > future[1], so make the necessary changes in the SEC-configured page
> > table to clear the encryption bit for 4K region containing the APIC
> > base address.
> >
> > Since CpuPageTableLib is used to handle the splitting, some additional
> > care must be taken to clear the C-bit in all non-leaf PTEs since the
> > library expects that to be the case. Add handling for that when setting
> > up the SEC page table.
> >
> > While here, drop special handling for the APIC base address in the
> > SEV-ES/SNP #VC handler.
>
> Series:
> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
>

Thanks, I've picked these up now.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118507): https://edk2.groups.io/g/devel/message/118507
Mute This Topic: https://groups.io/mt/105849106/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-