From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.71114.1682391073555799109 for ; Mon, 24 Apr 2023 19:51:13 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Hqdf+hMT; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: ray.ni@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682391073; x=1713927073; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=8HU1OqZ/1FzN1Y2eV8ju17nt+H/8aK9C5tf+r4Id+kw=; b=Hqdf+hMTsKk+72gxjRdJZMCrFKtR83dp8sFvUHehXf88foT8Ta+0zjuf 1GDLtdc8czGH+R/RIyFrdJ+kNR7TXLyYA2RY/ql2qpTsGjFT4e+qdvUrU FkuJYXCLdbELEoF73IOYIfLipOyD/qGEGnwE3fCo6pjU4vs+yRAO8a5Kc XB14Ud7I2WP4BdEt0Dr40eRggeT6aamDtX9cYRUGHug3yZZ9JEwMpopRu sAAqhgTJunvaVxTfPuvSQwk6uJckmKZ9947ZauYiNN20SXkfwmkSK/Ds7 82O1DiI18yQ0DnUojK3IYxXGXNsdy237Z9nZKw/84mUY+v8sa3Q3P2jFc w==; X-IronPort-AV: E=McAfee;i="6600,9927,10690"; a="335531007" X-IronPort-AV: E=Sophos;i="5.99,224,1677571200"; d="scan'208";a="335531007" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Apr 2023 19:51:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10690"; a="939582251" X-IronPort-AV: E=Sophos;i="5.99,224,1677571200"; d="scan'208";a="939582251" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga006.fm.intel.com with ESMTP; 24 Apr 2023 19:51:10 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 24 Apr 2023 19:51:06 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Mon, 24 Apr 2023 19:51:06 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.174) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Mon, 24 Apr 2023 19:51:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eOGmhfNRcex8trT/vrqVRkGPZDUxcJVK9FOLOFHepY7g0W7QeOgFzAhbvdNkgCxkDKz+EE2ATgNcuIEtkNybQknxL0isn7bhZpX09F4HSMXTXh5C5sfsPIhCFK+Kma9KaTERDUx5Z+4Rkb/TyT0Z7ik4TwDeTl4aVbjL4/TpeLFMAxmzU8gHJiadnSGAivA6RdUVo/QhVkcP361Whkzgki7SmFdhiEHSVt25a8Nwk/SjJLN4PUbMQNj9NqjKlz/t+zETQ08J9EPgIV46ZuxQAJOzYr7zvI5V287SaYMCo9uAov5IUWZJv72RD0aV260yhQceniL5bknCQ8geC+GsfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EWpfPGB2uV+jtDFfYLTjcwXwj4kj+/elrn0rtGNSFok=; b=TlTdQohTHFha7jxa/ciHf8FLOuAyDIClOFCPy7Pkto/PX3s0OWxoU//vY/n0s1DfeXxDyQO44rmDFLLeVrWe315x8Qt3buTJRL2r7cbh7SOYxFzY5ct06thn7DTITuRDh9dUlhva9yvD74D0I5Q/dGR4LbgvpB/Eenhge8i8F2tTKp/V0CgIS+UYhHKIC7cPQqtZPxxxRJy2RNaD1bKEZS23zhk/zHj9sl/H1bLn7Y0fgFqyNJ/bEF4lNMrjwkiJXpfa7S/Pda/sEh8NpduqxDBglYnSdbW8X+I2JdnumXZzQHDVB4tp6WyDZsgFqMxlGyIsIcOG/XMiemZJb8071g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MN6PR11MB8244.namprd11.prod.outlook.com (2603:10b6:208:470::14) by CO1PR11MB4866.namprd11.prod.outlook.com (2603:10b6:303:91::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34; Tue, 25 Apr 2023 02:51:04 +0000 Received: from MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::892b:b8e6:bab7:635d]) by MN6PR11MB8244.namprd11.prod.outlook.com ([fe80::892b:b8e6:bab7:635d%5]) with mapi id 15.20.6319.033; Tue, 25 Apr 2023 02:51:04 +0000 From: "Ni, Ray" To: Gerd Hoffmann , Tom Lendacky , "Xu, Min M" CC: "Tan, Dun" , "devel@edk2.groups.io" , Ard Biesheuvel , "Yao, Jiewen" , "Justen, Jordan L" Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry Thread-Topic: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry Thread-Index: AQHZdCx0cA42COPFjE+36eDX2D/QNa810j8AgARrCwCAARrK8A== Date: Tue, 25 Apr 2023 02:51:04 +0000 Message-ID: References: <20230421083628.1408-1-dun.tan@intel.com> <20230421083628.1408-4-dun.tan@intel.com> <123351a8-1f6b-07b1-6b73-6052bb84d704@amd.com> In-Reply-To: Accept-Language: en-US X-Mentions: min.m.xu@intel.com X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MN6PR11MB8244:EE_|CO1PR11MB4866:EE_ x-ms-office365-filtering-correlation-id: 9e2009c9-368e-4ccc-c01a-08db4537e96c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 8jP27pmoElGQRmLUGB3oFWZ5C4tJWO6jaPUJo1ujyaxs457YDZqCE3FgQFiu9opXuGl0Xrx/80oacTdFoawMWJexxMxzPQtSVEBxXxY7x6oh7/q5WxDpulJaajHgbj/e01Cba5/ycerfLghMx4giaEeXwys0O3FsEBqSxnnqgngOoA3tRfODPjIkBfHmLk+JOfELoYbqsAYOm3h3U9IEk9TMwixL7wWLrrWO61bg+6CLdBxIt1bQvsmTg1QISa4HN708ORGhyHJUcx4udWv9RQbTTsvmfrGHGRFZqY+UHtTNHTcWkGdWvGNqAZLYCAXGWi55UBF+7dgpIgyfmc3njy00LLtS807cRtOZ+5CiugAiC3jCLxJjuA4FsZ80EM2q8kTX3dGKXCd2PDL79diZw2EbmaaBXaj6nHeOnEbgvfB/3xYqKgKAFCWJNjO1UeLamhaY0YRwCefN9VBdzsSCtL5vtISdRCgUx0b4fz0LZfMNOddcUHrHBWyXcDATCF311vwThHZZtsrJIM9YfWGwvFNdjaFJDwihah0Ye7r0w5GskqvMvqPsKNoqz58NUD/ilOQ5YzH8SQ90Ud7ETJyBBa5a48P5oJARkk2cJgt5bDk2yRZb8+G7IiJ63jY7OO+B x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN6PR11MB8244.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(136003)(376002)(366004)(346002)(396003)(39860400002)(451199021)(19627235002)(110136005)(6636002)(54906003)(38070700005)(33656002)(86362001)(478600001)(38100700002)(41300700001)(122000001)(8936002)(8676002)(2906002)(4326008)(64756008)(66446008)(66476007)(55016003)(66556008)(316002)(82960400001)(52536014)(76116006)(66946007)(5660300002)(107886003)(186003)(6506007)(26005)(9686003)(53546011)(83380400001)(7696005)(71200400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?VH+ASPv+h/gYBJV2Wa3tRNuOvFeIemotwXdmvsU1XEabhZcaa1YxqAZ41Kft?= =?us-ascii?Q?BRpI5a3+74tTPU1qqa25laSzUdYF9kbqPmvpJQyDidxxEGdvVBbSyC9r4B43?= =?us-ascii?Q?4e6btwrbH/BXxmuwl0QUuwVW0jeIiy9bpZSDeScEiBEcNjAsCfpvyUaNR/jW?= =?us-ascii?Q?ZJ66Zecj5RPPR1xsDqvuzr5Vv1WCysk321V4SbxLrL2yAJUzekEXMPK5M2rZ?= =?us-ascii?Q?bxgazeMgorikCQRbtLJRC8DqxKMWRZhg6H2xRuC4/FYFal43ijJiGveSVNEe?= =?us-ascii?Q?TK56eCM+d56LfmAlkPOnkzRaFBDN997hFaolvpQ2TiSjd4BzBbZdwFhYKDs2?= =?us-ascii?Q?WDvovAhU0amVCkRW8/g0GCJ+BcbLKKcMrET0b97/7G1FLf2zEGna2BNf8Z6I?= =?us-ascii?Q?iOYS/GpiacpQTTs9At7f+C8Rblf9nucpzY2kS/wYSMF5SQHz+1kKfXmRxsAc?= =?us-ascii?Q?d/nAqZyJ0BIOOYYlFvf2dVh9+Snthx4dXX4ChzpTaVMPCRDi9Bhlph7z2kV+?= =?us-ascii?Q?+x0uugg28W73uABJ6gRMEO/T2qJltP8KYxUhQIdOv27ZTj2WphocdN8GLJ1E?= =?us-ascii?Q?b930Iq2vScq1AisyTQqZupZEuQ1jk6XEFYSNMF77pBS2cP7Fhj5u9/szKLlI?= =?us-ascii?Q?uOEBZ59OAyCe7tTCE4cPvX1yAboJZwyAJoeO1HXK9Ou1Cbq783ZcWC2occ99?= =?us-ascii?Q?8q2uGxGnY1tBlELNrCU66RT+7XtAR1XAgUlgM+n6ituv/BJGCaPh5W8tSQHk?= =?us-ascii?Q?OVpeasf18Cn08Lh20wOqyH1nFPATdd0aLv8EuqgiR9fSKGMvgE3UhdGQOs5e?= =?us-ascii?Q?EXgSkaSg1sNXRga33gIGXYQZbHjbHRWCnNTtP3+SMt96Fw+KyL0PuW8egPem?= =?us-ascii?Q?iVuXOoZSLvFeyCf4nBdzfemsMomB/UARDEFnRo5iEQGbYE0j5ugLW3ndxGOZ?= =?us-ascii?Q?Clby+vGDXjSXolLSH5YPVZ0JP1qsTbRvhype+GVIRhXdOJJbY3cVwRN9Z9eJ?= =?us-ascii?Q?nnuu7HElysTojWX52qcss8pQ/ga4J5SnA9a8wGCfZH9n68s1+TyMG3741L0y?= =?us-ascii?Q?VqIrw1wti+dq9W4sUimAY8wZ4YSH3yL+XR42AbmKgsaxyAO0e301cs4ycL2n?= =?us-ascii?Q?dk0R3Lq+Zx69XNxCErdpe7Sk68GjKRRxhGl8O7W7Dfa5SHGwj0gi8tvqSy9u?= =?us-ascii?Q?0xwqDJarQzkbWh5gs3/VqJBA0QxFR/Fq+wgWbh2Kb2SZEsnv6Ns9yEjnXVbH?= =?us-ascii?Q?3n6h25cwBDaJgElZ9iXqul++dLWyMe/loH2/GPuqs1hkmbO6W7Ukqnx1oIqp?= =?us-ascii?Q?I+ZE0mKRCmpT+QfSzKp0c8cksm69XjBvxG8PPEwu15Ielr+NnYSlpqfUaR1x?= =?us-ascii?Q?hloDgxI2cSDOTSRO8wcUWW5dNGoqxQNzDiHWBuutqwQXO0LUZpPlQ933mQ1d?= =?us-ascii?Q?GzhM68k6TanrzQaPyOLip52X7MIe5n5vMJvgo1fmB72RJhjjYMiJ+8MwcaKe?= =?us-ascii?Q?dGi5wATIovs4bVj/q9I2zF7UheQ4Bs4CIeq/JKyx+iXw7cTleHe3RW3VniB/?= =?us-ascii?Q?tGj4tSfUvKIxEeTChyM=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN6PR11MB8244.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9e2009c9-368e-4ccc-c01a-08db4537e96c X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2023 02:51:04.4388 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +QrZiPMfno1xA86GjNhrbKOZZyZt6QE8w86COC9sZHFXQCmT/iqDN3OsiJpXOWkpyrfaHR+SLEv1Dj3Hvll8tw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4866 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable > -----Original Message----- > From: Gerd Hoffmann > Sent: Monday, April 24, 2023 5:55 PM > To: Tom Lendacky > Cc: Tan, Dun ; devel@edk2.groups.io; Ard Biesheuvel > ; Yao, Jiewen ; Justen, > Jordan L ; Ni, Ray > Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply > AddressEncMask to non-leaf entry >=20 > On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote: > > On 4/21/23 03:36, Dun Tan wrote: > > > Remove code that apply AddressEncMask to non-leaf entry when split > > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it > > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask > > > bit in page table for a specific range. In AMD SEV feature, this > > > AddressEncMask bit in page table is used to indicate if the memory > > > is guest private memory or shared memory. But all memory used by > > > page table are treated as encrypted regardless of encryption bit. > > > So remove the EncMask bit for smm non-leaf page table entry > > > doesn't impact AMD SEV feature. > > > If page split happens in the AddressEncMask bit clear process, > > > there will be some new non-leaf entries with AddressEncMask > > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe > > > module will use CpuPageTableLib to modify smm page table. So > > > remove code to apply AddressEncMask for new non-leaf entries > > > since CpuPageTableLib doesn't consume the EncMask PCD. > > > > I'm really not a fan of removing the encryption mask, because technical= ly it > > is correct to have it present in non-leaf entries. I really think the > > pagetable library should be able to work correctly with or without the > > encryption mask. >=20 > Agree. We have a bunch of custom page page code in TDX and SEV support > libraries. See here: >=20 > - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > - Library/BaseMemEncryptTdxLib/MemoryEncryption.c > - Library/PeilessStartupLib/X64/VirtualMemory.c >=20 > I'd like to see those switched over to use the pagetable library, and > that probably requires support for the tdx/sev specific page table bits. Gerd, Changing all TDX/SEV code to use PageTableLib would be the best. And we have evaluated TDX/SEV spec/code-logic and concluded that either the C_bit (SEV) or Share_bit (TDX) is not required to set in the pag= e table non-leaf entry. +@Xu, Min M for confirmation from TDX part. I don't want PageTableLib to be aware of the EncMask bit because if the gue= st page table is compliant to spec to not have EncMask bit set in non-leaf ent= ry, PageTableLib can well support the SEV/TDX scenario. >=20 > take care, > Gerd