From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.822.1650344817848904965 for ; Mon, 18 Apr 2022 22:06:58 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=f09+YPse; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650344817; x=1681880817; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=WZuVxc2UZ9TNe9PfHkY8FotF9wlJz44ckTKp1MkuO6o=; b=f09+YPse2Kc+YJ7hgQhoCES2b/yV/u4i71/gl4MCb+TCKbLv0vgHDtDw DjAZk0A73WlORS9GqyBr0S2pahMDEHn+Q1goD9kwUaRK0X9kt4WxpFcM5 Rd70AWieuZqQbs2lFVDd47HjzuVpwAN3gmIvqdyEWXVUyP32I9xqXTmBQ /PIwBMcZo2mbLilHB2d9wPlyakMAmcHqCwrDe593UWx6DMf77ub544GvW k0Js2oEdocOxw4BqTJXG0BHdw2rBwAMum6G4YytIhVHrbicxFUOoyt14D EdRYw0NuLFMu+o5N+4SUH/kINZSxXRtYiyrSjyIvh8TZStrSi8HmcYpmJ w==; X-IronPort-AV: E=McAfee;i="6400,9594,10321"; a="350125222" X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="350125222" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2022 22:06:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,271,1643702400"; d="scan'208";a="592645757" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orsmga001.jf.intel.com with ESMTP; 18 Apr 2022 22:06:57 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 18 Apr 2022 22:06:56 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 18 Apr 2022 22:06:56 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.172) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Mon, 18 Apr 2022 22:06:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dX4cQInikQmT8eHYerPggJwolxKq1MEEegUP4WKjUoShIpnmZk1cd4LJuxpADQxs1oZIkQqRlAuR7b/5qb7M0qg3/l4awlY7rX/uGbZXnRgsA4bQcPhHN6yQ/6NvSTk7PIQ8tMKytYTvMp6r7pPIFmDMhFPjamvmuBamvisCT4m/H3jA+x4wX5lcPsxDmRN05O4TNEZTUq7Kb6S0NCZyUsl8gkjrnEPU1TQfEWFKG88ZV4j92diAZT/PZTi2FemLsY8qAyqccOFxLRnj/y1YmNb3mPzkhopks7Y4zZ3UKX0cmwAyW08bvH2F6POELl+gz1EZe3RSZmvu7V9F2AmuOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WZuVxc2UZ9TNe9PfHkY8FotF9wlJz44ckTKp1MkuO6o=; b=FPvZTZDIV7G2PEFnn8bsgjM12w6PJOaZ+Yp1y2Vc6bJvd0Z7sI28iEvrwn9zi6EgJFGnbIhN7++m5htkWJOVJHNZJDW4M93cO0mAdNrFq9ONVfWM/03uthdtouv3w1wsEed6yoUXpIS1IxlPVoWAZvQjGLb+AqZogyNtsDrJleMsxDxRzZ7wSxCPF1ELi/kQslqFpZzbHN+oPgCDzKZZfAtf6MondfPsFwRNkgrS56GuD9OWIdFBmHJaVqRRrypNssj0x2SLsSf2DdOvg76yJYZ15U0sMmLF5Bxv//AYvTiFvwjm0t8YFCHEg0i/aH/BhT6fDuspI3r3EIZzmMxWqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by BN6PR11MB1313.namprd11.prod.outlook.com (2603:10b6:404:48::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5164.18; Tue, 19 Apr 2022 05:06:37 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::198e:ea23:c83b:b93a]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::198e:ea23:c83b:b93a%4]) with mapi id 15.20.5164.025; Tue, 19 Apr 2022 05:06:37 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Yao, Jiewen" , "Xu, Min M" CC: Brijesh Singh , "Aktas, Erdem" , James Bottomley , Tom Lendacky Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver Thread-Topic: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver Thread-Index: AQHYU5EF52tkA5TcwEGoABwxC84FI6z2fNawgAAKJwCAAAIdkIAABGCAgAASSICAAAgCgIAAAZKggAABCqA= Date: Tue, 19 Apr 2022 05:06:37 +0000 Message-ID: References: <20220419015828.899-1-min.m.xu@intel.com> <16E732CAB3014272.17418@groups.io> In-Reply-To: <16E732CAB3014272.17418@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: aeae9472-1a10-4638-b21f-08da21c261a8 x-ms-traffictypediagnostic: BN6PR11MB1313:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: sXq9cFDgXLU1Q31uO8/OBekk7UPi2ZCdIcqWPvBz5gfaugR8V/Ei1dpsy9Dx8KxM6xojixj1nKwkaQdL3vwjAZqOCHXA5Ey+RtnzwJIfJT4zDEd6PqrMtam1oKR/RWsJ+0MWC02/UQ42xE/OjPlzDyf48mt6C43AwUr/5Db552od4pXUAs/N9ujXcKthPhrTwmba8hYRR27EHou3gUuRHvnn3FSaJn6IuqeChPwodKgjgjNExuQFl1UpHRQO+tj5ov0zeiCsM4csB102ZGKtQjBy+9KooBPFC4mhX5PzPsJqV2+WCXOrTcuLrmumRA4pyOItCwYCOWGroSVKynzMm70NGMXKUBGD47PhBYK2y4yFpOWrf7eOLb6BHPu209O4Xje2adi1mb4UALFtkiWtILeke0r9vQ1cFfJYErd0kk20nvqG+V6l+Xsr4Vo3VDyR9/Qe7p2uZnBsHqcI6rTHeSlGtR78GpKqGem5Lilhl5FAPNoTNT+UP2gbUgbVqfr/T6m7fhBVV0qYnMBHACUzsjvfVPX/Gij4fc1n9W1koFFXQj994wnY/etY++iz1mKF9XK5Re3CfLuiEm4W80IcewSjsvdr+8cFxhgwG1wefh3cQhDwQz4gwpfJxF1S0a4qVgXvVubmJ5jQ1sw5MA/UY4LUJrrv/Sygef1DnvtTAv36Tx3Rvhs01cUUaJ5P4ZM4GebHOscUFv75Pfg0LWT1hcDTOM26Hc0HqIRQDOg8iuMB8dYsol/f4qzGgtVDt7uvbwbvQ9Mued+PoLouI2djFm1aVAybv1/t0a2IQ4oiB0Visvp/98nOTughoxGoMLRWfNAFUQdVEVvwCwEw98EuuAB1o/e7k8ejEsnx/Akui0UnFFrjIpg3qAvFWx+2XZfN x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(76116006)(508600001)(4326008)(5660300002)(71200400001)(66556008)(83380400001)(38100700002)(38070700005)(66476007)(186003)(64756008)(19627235002)(8676002)(966005)(66446008)(66946007)(2906002)(9686003)(86362001)(7696005)(26005)(6506007)(55016003)(82960400001)(122000001)(52536014)(53546011)(54906003)(110136005)(8936002)(33656002)(316002)(6636002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?hO0XsgnEneSgOXcMl0e7iquZkpZcJkFjiKswCgLOQVFqO7sZSDqG+6DlKgwQ?= =?us-ascii?Q?Wvm2EcMFr5p2I5rLsFaM+Dfn/D3fqG4nxpsg7eOgFcXyYeq//XsoruWWaNtC?= =?us-ascii?Q?lKu/cW8q3WJhIEOkPt1dTtT7Fa4CFUsIvgcnUtt2C3i3jywdOCH+yni4Jozb?= =?us-ascii?Q?1EXGtzqp6VQO3ZNAPIhThAPqEbzRsuB04RWj2lv0aVmtmvMaRCVT81m5B9OK?= =?us-ascii?Q?/YDsktmwN8sQds9kvTAtzF+BxPIr4oI84yxVyJq2xRkWY1YkwZyT9vD+3ku2?= =?us-ascii?Q?rjAoiHV1mrR3+2cA6urznLG77zzxxs3PXXl1R/GRZdJJsey//3lamwLsfvx9?= =?us-ascii?Q?Qol3EbmMyLrw1PAyUL0hlLhytQaYLa5phcbPabATgfNPQeuLPojfTk/xPyKk?= =?us-ascii?Q?CDL2RMsTYBop8aPDtwqxrAoJmtU9RziADGlO2UG7hAeRBrXmFwETS2IFEQYo?= =?us-ascii?Q?apvqA2L45ep9B+u66B4tf0WdyftYAAizVuPvxao95e8VEGy7JE1Fw0GPIoaK?= =?us-ascii?Q?raFgcwSFeu2+vbjUPLyT6pu0RiMpC/KbOrNA1rrs2UXP1Wv2V1ksknOnTgIm?= =?us-ascii?Q?ji0oM+TMZUWt4uoXfD957vI7DoaZXqYgkDuM+TuobDMp/xrqcjgjTcnd3bDP?= =?us-ascii?Q?sZh6UtfetV/VFwXv6mBbyor/nqCVQlY5K8jR32v20fQRhU+A0vKNAeuv6NpW?= =?us-ascii?Q?M+m24cOYq4cneiLqGp7l9JWlYIJuRzDZSr714kP/CSiut0TYR2zGfr0BvOZi?= =?us-ascii?Q?ac3cizRJI0TuQ2/EhsUv55bX97TAjzumOw7hwjDM08XAILt0wvocDRpkqliV?= =?us-ascii?Q?q2ySo7gwAwrC10A9sp41sNw2zOn2wEVjzQbflW0LHm9rsiw8hJLqGJL9IVfc?= =?us-ascii?Q?GkHEYvAEITwRp0BsCi+uaRO/Z+L9yRmzbEcumEzn2OEOGHyE0Ul7YsQVhjKD?= =?us-ascii?Q?6drnEdiggYIrtwzCeU5Ibyzml+2kMDSCTTJQF5/HuV+JyStzzAU+g+5EX5dF?= =?us-ascii?Q?xEqIrkE1p2GyU04ndersr3IH7nGSeG1DhkIsentvpby2fBI0wxbWniBmxwNC?= =?us-ascii?Q?S8xPjSl0lVdrT4WcTqQJpNOpQq5LghK1N1S/TwBa+jaXzyJAQMfjMRUJYSkB?= =?us-ascii?Q?hkCcgZrXp7rjTkzdoibOaKvXKIJzGRl3T9CFJoVp6p6YSKdEB7Ydv8/aaNyF?= =?us-ascii?Q?Jjot4iuPPxQTqlp3Tvkqv9+dYMkwjLIQpyn73RIl77HmaoCm2XFSzoCPINt+?= =?us-ascii?Q?KMmANfVKpZcRforWO2OXqd7k5IYTuBlOijGfn7S/+dAzq8/xcfFqIUmj76IU?= =?us-ascii?Q?CZ+k7NeMmC1ZFCh5DfsUJP8EdGyXkEqXmkmpmjNCMQ15YHMYVAAPeHaf5cF7?= =?us-ascii?Q?C5pEmDnWWCvN3ZcVIJaEGvN+MwCd6ukN78ZOqT1YTflBZN5V1RxdOKU714Da?= =?us-ascii?Q?TWOf0OIe/stUpHLbjF+C2KCgpbpLz1BaFMTdI6SG3GRtkvTKrAliKL4aMfvc?= =?us-ascii?Q?ZtJ+XgYkKDGPyg2hIIuk0YSpkQZ104RXe/9QVKocHisnNnf7SgcRLpQT6q95?= =?us-ascii?Q?7rSMG0vdMrpWp6Q/z70AC7EXNXnPL5pPaFcrcRBuPe8n8zOuM48a8BKcdtP+?= =?us-ascii?Q?rxof9hd7+yMq+Vbxyl+9ezyCS13/pXbt3SoOYhWJiWXMvljX7hsEznZevlRs?= =?us-ascii?Q?djDkpeFTYaMUTVW6fShLlzqwT+iZu1/aR5eC+hMQII/EnzXM49XJMczUzpW1?= =?us-ascii?Q?GHLUnzA0MQ=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: aeae9472-1a10-4638-b21f-08da21c261a8 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2022 05:06:37.0914 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: C9AODG00F10eUmuuc5v+GqF7irYMhsUjdgZ/iIKneDjeQ595uMXCXXhvv1ujGDzO0VP/QZpeB634f97sNZjk7w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1313 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable OK. Let me describe what I think. PCI Express BAR need to be initialized by someone in the platform. This initialization may require CFG8. That is understandable. A good design is that: After the PCIE BAR is initialized, it can be accesse= d. Requires additional step (such as clear C-bit) means the PCIE BAR is not fu= lly initialized originally. I don't think it is a good idea. So far, the problem is TdxDxe, but what if a PEI driver also wants to use a= ccess PCIE space? It may run into same problem. I think the best way is to clear C-bit in PciExBarInitialization(), as SEV = specific step to finish initialization. https://github.com/tianocore/edk2/b= lob/master/OvmfPkg/Library/PlatformInitLib/Platform.c#L261 As such, no matter how many drivers want to use PCIE, they can. Splitting PCIE bar programming and C bit clearing is a big problem. In this= window, no one can actually touch the PCIE bar, although it seems being in= itialized... Thank you Yao Jiewen > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Yao, Jiewe= n > Sent: Tuesday, April 19, 2022 12:47 PM > To: Xu, Min M ; devel@edk2.groups.io > Cc: Brijesh Singh ; Aktas, Erdem > ; James Bottomley ; Tom > Lendacky > Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver >=20 > Can SEV clear the C-bit in SEC phase? >=20 > I think that is right way to ensure PCI Express can always be accessed by= anyone. >=20 >=20 > > -----Original Message----- > > From: Xu, Min M > > Sent: Tuesday, April 19, 2022 12:39 PM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: Brijesh Singh ; Aktas, Erdem > > ; James Bottomley ; Tom > > Lendacky > > Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driver > > > > In AmdSevDxe's entry point it clears the C-bit from PcdPciExpressBaseAd= dress > > and other memory spaces if needed. Please see > > > https://github.com/tianocore/edk2/blob/master/OvmfPkg/AmdSevDxe/AmdSev > > Dxe.c#L81-L95. After that OVMF can use PCI express. > > > > This broken is caused by the call sequence of TdxDxe driver and AmdSevD= xe > > driver. Currently TdxDxe driver is loaded before AmdSevDxe, so in SEV-E= S guest > > the C-bit of PcdPciExpressBaseAddress hasn't been cleared. In this situ= ation > the > > access to PciExpressBaseAddress trigger exceptions (lib constructor in = TdxDxe). > > > > There are 2 options to fix this issue. > > 1. Adjust the load sequence of AmdSevDxe and TdxDxe (Load AmdSevDxe > before > > TdxDxe) > > 2. Make TdxDxe to import BasePciLibCf8.inf instead of DxePciLibI440FxQ3= 5.inf > > (just like AmdSevDxe) > > > > Tom and I tested above 2 options in SEV and TDX and all work. > > > > > -----Original Message----- > > > From: Yao, Jiewen > > > Sent: Tuesday, April 19, 2022 12:16 PM > > > To: Xu, Min M ; devel@edk2.groups.io > > > Cc: Brijesh Singh ; Aktas, Erdem > > > ; James Bottomley ; Tom > > > Lendacky > > > Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe driv= er > > > > > > Do you mean, with SEV introduced, OVMF cannot use PCI express any mor= e? > > > > > > Thank you > > > Yao Jiewen > > > > > > > > > > -----Original Message----- > > > > From: Xu, Min M > > > > Sent: Tuesday, April 19, 2022 11:05 AM > > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > > Cc: Brijesh Singh ; Aktas, Erdem > > > > ; James Bottomley ; > Tom > > > > Lendacky > > > > Subject: RE: [edk2-devel] [PATCH] OvmfPkg: Set PciLib for TdxDxe > > > > driver > > > > > > > > On April 19, 2022 10:54 AM, Yao Jiewen wrote: > > > > > > > > > > Why does TdxDxe call TdxMailbox in an SEV platform? > > > > > Or why does TdxMailbox call SynchronizationLib in an SEV platform= ? > > > > > > > > > TdxDxe will not call TdxMailbox/SynchronizationLib in SEV platform. > > > > The problem is in the lib constructor. When TdxDxe driver is loaded= , > > > > before its entry point is called, the lib constructors will be call= ed even in a > > > SEV platform. > > > > > > > > > > There are many places we can do CcProbe to stop action. Why we ne= ed > > > > > do it in DSC? > > > > So we cannot stop the lib constructor with CcProbe in this case. > > > > > > > > Thanks > > > > Min >=20 >=20 >=20 >=20