From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web11.2742.1682495896139364855 for ; Wed, 26 Apr 2023 00:58:16 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=BiYfyG8W; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1682495896; x=1714031896; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=oj3RcYwvUfKprmFDyXsyykEXFzCnqmRViTErFNIM3eI=; b=BiYfyG8WKqWMwW8U9iGYQxlYHCSXafeKqYLWT9Bpj2rLKx/lmN0r+jfc rXCVG6CTZ74B1xWuRyXpQPFdj7vdJdMYE2uBZEOg9Zeg2xxMbJ7yVYk1Z Ec24v2siDtnrQ1l1gxRimXPjv0h7YrG/hyHE9UQUfmp52lToEpLQQmF/E fkuVqlePnkD8P6HA7zJp1UDGhHYxUe9cs68kd2nV9onn4cvHuoW4w+tlk VNWJIEo68AHI3aDkZMbAxcZKRPUW/SDtsLff1btJBI295T/z6MDkxNvPL KJcolqdLzaHG8cvBJbMznrDn4S0qQHCd3ospuQd08w8Lgz67DBzj5jKLG Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10691"; a="344487014" X-IronPort-AV: E=Sophos;i="5.99,227,1677571200"; d="scan'208";a="344487014" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Apr 2023 00:58:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10691"; a="696510321" X-IronPort-AV: E=Sophos;i="5.99,227,1677571200"; d="scan'208";a="696510321" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga007.fm.intel.com with ESMTP; 26 Apr 2023 00:58:15 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Wed, 26 Apr 2023 00:58:15 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Wed, 26 Apr 2023 00:58:15 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.100) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Wed, 26 Apr 2023 00:58:15 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NHguT5gvM7pHFf8PCJCD8O5WZqhy7hiTxpopRFlDrYGNJkNxFqAMFX0T5q5JUF34sOWG++9r9fNba7JDRFk1CmVwQYdVGvMl0UaBTw6zUH0qa4nNRntFaGESoLzuuQcw5U/GHo5L2bTeUIZNRxQ80G2WGk5zUEG1j0Mj/SomQ/ksyAkZZJ2IdiXq3jkvmwgGJp6EpcmepgPp5pdyT4/JynErdjNzNMl0FNKieCvvvHlaElhB3G5GlnEMeValb+NPaR2NiW0V8ED2ptUa29lyRzJ3UzgPOM/uuU97v6hdBZeHa+j7d+9QNhOSyJGMjYTyE1lQhhwnIxIl1bGySqzS3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R5F3E7Qy6x/hPSoVI2yxIhwdQ1FvTYqxKasN7aN0R9g=; b=m2UCczxh4MmaaTu+nKdor2LuEkdIF4GS0m3G1D48S4csrZCoSoWjLF+nHp/F6bXyJFkTMAqvcJ+uqCQsyDlDifcWVgmIWBO1WAn2q3JGejcOkw9baXuVehmLmBDwzIgL2XpOaUyASys3ERk5hlyYbpL2PGTX/7FdhFGqi00e/6BdKs8dCOXafExk/H0Z3YF4OIpP5XrS5OeWbGgAMCrULs3V0DhYjp4wCoKB4xvwT3PhWAf7iOSd8XywLqN7WJSSuRgNWaQE3ZvjAtJZSj9j++Jv9uSm5+QCQx/XSd1UAMaMxRiu4+LxXPtwcJmaU/arFDBTw1KwAPVRWoQxnGO6fg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by BL3PR11MB6364.namprd11.prod.outlook.com (2603:10b6:208:3b7::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34; Wed, 26 Apr 2023 07:58:13 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::ec31:3de5:4d88:f424]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::ec31:3de5:4d88:f424%7]) with mapi id 15.20.6340.021; Wed, 26 Apr 2023 07:58:12 +0000 From: "Min Xu" To: "Ni, Ray" , Gerd Hoffmann , "Tom Lendacky" CC: "Tan, Dun" , "devel@edk2.groups.io" , Ard Biesheuvel , "Yao, Jiewen" , "Justen, Jordan L" Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry Thread-Topic: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry Thread-Index: AQHZdyDH1m3v7mDMD06FwoKDJ6vG1689OrSQ Date: Wed, 26 Apr 2023 07:58:12 +0000 Message-ID: References: <20230421083628.1408-1-dun.tan@intel.com> <20230421083628.1408-4-dun.tan@intel.com> <123351a8-1f6b-07b1-6b73-6052bb84d704@amd.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR11MB5064:EE_|BL3PR11MB6364:EE_ x-ms-office365-filtering-correlation-id: 7798dfae-8303-49e2-eb56-08db462bfc03 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: X2hHnIWZ/iKPdacfU7P0w6ZIPEbTVGDTAtiDJwS5h3bTAR+C6lY1eTfT69L5vMO1kvs9WZzW5zxmK2vZvi0ewBDowFJb4F/gIxaROMPOnU7Vl+hvbcnFDojaeHjYXeXXk0kWYdIP8BFXfAFZXTtyZN5i9745YjkjOCcx+eiF14CBgcHLcuC5E6OLX0Gv/etR6g1Vk3N2OUB8basEVnp+DLTwB9o+xmNZh6DUjeUVEuan6Z6iwODvQmM5iPpESH8VDiWbihKlt8BL3S9cqGYaRbYu33wo42899znOBUMoV/qEHt2Bk6YEv00rbKvAZxrCO4DyH9QVzyMrtKo1fYIMy/BOopTnzAdJUHqpTPTFHlmnrUAxBT6JgDCfQ2jImv2FQYgfCoAcW9ONsDiEBMHCoXz6p+C6HXo8kc/T6rP7lV4q4SgwIG+h1hxkOJBhry8JGx0Jpr2zA/9cTJ/iT/5XI5pXd1kN2fIUa+jAm1JiZTcHo+6ZJXEuaNZ2pXCgV7KTDHlSq5hcRki3kftBXoVlJHbCxf8ctRSE1wytdkK2e1GGNDR1EtlppEn0l9ZDXjvUXxyhchVGlc8DcCBfnAKcGNQkNqniqpsV4R8bsvgNHvRe7jA1u8xVF3ToUglt829x x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(39860400002)(366004)(346002)(396003)(136003)(376002)(451199021)(33656002)(82960400001)(122000001)(52536014)(55016003)(316002)(8676002)(38070700005)(8936002)(5660300002)(38100700002)(66946007)(86362001)(41300700001)(2906002)(64756008)(66476007)(66446008)(66556008)(83380400001)(4326008)(76116006)(186003)(54906003)(9686003)(26005)(19627235002)(6506007)(107886003)(53546011)(7696005)(110136005)(478600001)(71200400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?LG1LwpxElaNk/OK6x2ZUxfSQNogJnVIb1pTYOckXSRZD0nCqI2YdchvVnUuB?= =?us-ascii?Q?zVoPdLMYdxSFjSq4sq4nAEpL1VnL3+OrupzD11FAChWUqMIb/CawUeW2JcXZ?= =?us-ascii?Q?nl02bRcUx1Myapi00vJGrzPu6e7N5fB2mYzT2BcWqsKlWvmfwhJMDHbYuHQB?= =?us-ascii?Q?/KpUDyw7ykyXQKnhYg9p0RLfY7FE2i1geYvDP3icWVsvGmE6Mat+RDg9Ye1I?= =?us-ascii?Q?eaaLViFpWvtks82TTU5O/ZFXdTYdJQ6YYNXMW0ujcx6w0NotKAsDvUe4HMsQ?= =?us-ascii?Q?T0CLSBtXtH2iyNU7z9pWLxHzF9Ge3DuEcBrYd1fsfZgmrx6DOFmiSu7vACv4?= =?us-ascii?Q?yBKWTQjX3PE3K7paHKm6+Q0fzrzmiMATk6S+Q9RwZwJQzPOFQly9LR9GO8W2?= =?us-ascii?Q?MesYfKfgyTTrABo82Z9ApJReM7/nhmHfI1ukEge36rLGg54EVROVquWn0p+b?= =?us-ascii?Q?lDYb3CrRBRuYYAySvV9sBUcrHY9DoB2zlEQOVJcNcOgMCoSPJwIe1xVL9lKN?= =?us-ascii?Q?lao2f/5K94t/BwO87+Myn7j6HmgSCVqOffUmKwq+glLV/Y1DA255IfWWeitu?= =?us-ascii?Q?8pvUU0nMByaFkc86h3Kuo6jGf+cS1W2J3AxOIZw3rMInwIWz/VE/gJ2ohvUm?= =?us-ascii?Q?P7/UAcN5djCO8UZWbFdR18LVoxYUurLYqf4I3jTnRaQ43vfYpRAvnq4Bu462?= =?us-ascii?Q?rCvI+0iX8+qLlr7zXY+dCbAVO1QhJda5Mm9daJLg0c4nYBtEuxCpGsoBGRhT?= =?us-ascii?Q?vOUK2kpxz8oXv3QMzYVc4babtv1YpHXR/FaozFjgkaf7AVmcLg1PZ1DbZ9fl?= =?us-ascii?Q?ahudUThGkN5QWw9B9EQQSvtzZKYpQSmCwEz9On/d++iz0sQOb/LBlA5o7uUL?= =?us-ascii?Q?G7d/49jXz88YUfHwY/PX8SN2mVyE9gSwc5POqYPqhAzKsyCPq7VOSTlLKPP7?= =?us-ascii?Q?ZYwjMvz9F56rys0gr9tcW8bKOimGdIN4+WdEMmjV5znLuV3UHhHucuh/Z/Fg?= =?us-ascii?Q?o+O3qtDu1z2BS1oXzUFAl4ScRcHaVpS/wnGvnasHpsjY7EG5xZHDUrEf3y5w?= =?us-ascii?Q?SLQb7FuTETsoo5ewDwt86kWUPojvImPACD9gOIGGFwvMscJu/Lcv87ZYYbMu?= =?us-ascii?Q?LK3Osk1efdFFqf79GZh8Q70rqkP8ivhCrql4QAleWlR313htfvF4suA3eoRX?= =?us-ascii?Q?I7xeChCM9JYH39o+CZl4LQYNehGKEgzDcSIXjUWmBxzTzI5aaBpETdHE9pqA?= =?us-ascii?Q?Y7HuOaty13nebFv8W6u6JSVUAgj7Za/7gtJediG1GWUfPbsNR3SgHJyymvRZ?= =?us-ascii?Q?UvRIGUWNpNThFN6qPDQUpplYilBx0avuc3pZAn/4algOEGcjPm+jyC/EQlVs?= =?us-ascii?Q?JK+mBpAc2n+rEizt1BH6Oj7u5yIexZX61r/aZXQP/hRsEkZ4YqygTi69CIpG?= =?us-ascii?Q?pqBv4G9RpJAe/bXjWrkbWckQoxLu8YOVo02Bysizt5iR2d9OOStiNIDrDJs4?= =?us-ascii?Q?rsQRbsHaeS8knchiM2PBj7FQ1QMgAbSUDwsmYUHFW+UBtM2oCjYvUQ52vM1z?= =?us-ascii?Q?59f+l59ZK63ukrQyKIR303dEgXoI9BOjC7wNbME4?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7798dfae-8303-49e2-eb56-08db462bfc03 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Apr 2023 07:58:12.8487 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: OFGJpHlQm7DWOCPetRWRfTnM6r5zrwJSanCUeKCfteb5K8R13nSuHUqp4f1uUW+B9OMK/tarlJ/SZ6gjkOG9kg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR11MB6364 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On April 25, 2023 10:51 AM, Ni Ray wrote: > > > > On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote: > > > On 4/21/23 03:36, Dun Tan wrote: > > > > Remove code that apply AddressEncMask to non-leaf entry when split > > > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it > > > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask > > > > bit in page table for a specific range. In AMD SEV feature, this > > > > AddressEncMask bit in page table is used to indicate if the memory > > > > is guest private memory or shared memory. But all memory used by > > > > page table are treated as encrypted regardless of encryption bit. > > > > So remove the EncMask bit for smm non-leaf page table entry > > > > doesn't impact AMD SEV feature. > > > > If page split happens in the AddressEncMask bit clear process, > > > > there will be some new non-leaf entries with AddressEncMask > > > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe > > > > module will use CpuPageTableLib to modify smm page table. So > > > > remove code to apply AddressEncMask for new non-leaf entries since > > > > CpuPageTableLib doesn't consume the EncMask PCD. > > > > > > I'm really not a fan of removing the encryption mask, because > > > technically it is correct to have it present in non-leaf entries. I > > > really think the pagetable library should be able to work correctly > > > with or without the encryption mask. > > > > Agree. We have a bunch of custom page page code in TDX and SEV > > support libraries. See here: > > > > - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c > > - Library/BaseMemEncryptTdxLib/MemoryEncryption.c > > - Library/PeilessStartupLib/X64/VirtualMemory.c > > > > I'd like to see those switched over to use the pagetable library, and > > that probably requires support for the tdx/sev specific page table bits= . >=20 > Gerd, > Changing all TDX/SEV code to use PageTableLib would be the best. > And we have evaluated TDX/SEV spec/code-logic and concluded that either > the C_bit (SEV) or Share_bit (TDX) is not required to set in the page tab= le non- > leaf entry. >=20 > +@Xu, Min M for confirmation from TDX part. Td guest creates the page table with Share_bit cleared. Only the leaf entri= es are set the share_bit if needed. Thanks Min