From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web12.8577.1639380789413788274
 for <devel@edk2.groups.io>;
 Sun, 12 Dec 2021 23:33:10 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.com header.s=intel header.b=B9//ILMR;
 spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1639380789; x=1670916789;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=2fSO45B7ZMCc4aNs7eJQWb/VLXgNMhhXnlmaJaGjZso=;
  b=B9//ILMR/OlCbRuv3mWuisuiQAr3ufeurBYLHASNzgxBqnV5U+R+f1kf
   bAm1+jBo8LzxRfs5ACLDfKQjI10wYJR5K85okbykNqzLjksLZW+9+E0s1
   PpByTWCy61yoKpx2RZO4rfQcEW0f80Gukvteqz80G7HumPRgE/mKqNLH1
   upInLTKDFVTG8yu6VgMsiAKIP4PCpMdihipzHoZk5yrJHCuSjvYnKWcOK
   uCseiglrxPrvvPcAvwnidE9pAgZ7sPABjj3/rsgbU/KDA560ek73Af+D6
   uULsLPTAoH9P5Q0GYrj72BsUYSpGFh4sWdIsSYcIqy2mF+ZeWa6UwVatq
   w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10196"; a="225539169"
X-IronPort-AV: E=Sophos;i="5.88,201,1635231600"; 
   d="scan'208";a="225539169"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2021 23:33:08 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.88,201,1635231600"; 
   d="scan'208";a="752094096"
Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81])
  by fmsmga006.fm.intel.com with ESMTP; 12 Dec 2021 23:33:08 -0800
Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.20; Sun, 12 Dec 2021 23:33:08 -0800
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
 fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.20 via Frontend Transport; Sun, 12 Dec 2021 23:33:08 -0800
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.100)
 by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2308.20; Sun, 12 Dec 2021 23:33:08 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=RZJS/bzv8GuCC5DUxK4lYVFP4gTmKR9mnfnxHkdEA1Q0ALtZvP0Zv1YCbLpmBJOuCXw0z1MFfkikdd59NElot+MSIot7CFuCteLNnutcTG7wqX+hZtM9dlfbKxq1j7m0+1/EGcq3jkGvlQF6zpmKiaFfOp80MQQWj9gvTxI7bX71Zr8i1I3P6YF4rl98yhvzLpjUlBaSO7W0a6v2aALgCxvJbgpXk4k5vkpA/StEkwyJOT+u7z5vOz0dS6ho33ZnzXWj12noWCMq5rXkGXP+dgCeDY6mBkp5SSZDhE4XuNlNOjugo44fIQLcgofsHNVfn0sdHzYsshAuiKNCHXULvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=xMz08Jsri2b7tbZF0oFQK3EnygqF61fpV4U91SUaSn4=;
 b=SPxnl01Yl4HKBipQQl3RpUYdEyRNYjHoAd20xK/36Jusjs28/efgGSgJYWmLIzK2iB6HN1GZNJfia6t08n2b12hO0HJVDiiZr8HS2bOHaENOg5AfIRwuUU6tWmwcGKmwxpRUeAx/jm7ZeGv8aoLWjV4ZzORhenR7CDg/3wlison3DdVigRWHdGgBbyk9vqRbnbexkQL8vzN2AD45rNfH4HZuNEnbKyLzZTAI2OVdtFLhQAoxYKS32jgNDifC/FQa1NaRF/7im1O+CO6vaRP11/XP45EzNnNwKDLz+NVV1n2Rpv8TEjNQ/psvIZLV5rxzEpZA600asulAdiB3Lk+/VA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xMz08Jsri2b7tbZF0oFQK3EnygqF61fpV4U91SUaSn4=;
 b=h6MQvTm16KkafvFID2Rq/Je65rpq0tFdkRwSAHHqlrjSx3C3cwSLKgQQwKN1ipcmgjZRrWJYAJMdtRxElEMHumyAoVu37QhcZQqqAM6thPILifRR4MBCFXhntV7UXphRLfF/IaKrV0+2JLAoVgznl6T4b9maJ4C3Hxd3LtQ19ZQ=
Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15)
 by PH0PR11MB5206.namprd11.prod.outlook.com (2603:10b6:510:3f::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.11; Mon, 13 Dec
 2021 07:33:06 +0000
Received: from PH0PR11MB5064.namprd11.prod.outlook.com
 ([fe80::fd42:b334:5030:af8d]) by PH0PR11MB5064.namprd11.prod.outlook.com
 ([fe80::fd42:b334:5030:af8d%6]) with mapi id 15.20.4778.017; Mon, 13 Dec 2021
 07:33:06 +0000
From: "Min Xu" <min.m.xu@intel.com>
To: "kraxel@redhat.com" <kraxel@redhat.com>
CC: "devel@edk2.groups.io" <devel@edk2.groups.io>, Ard Biesheuvel
	<ardb+tianocore@kernel.org>, "Justen, Jordan L" <jordan.l.justen@intel.com>,
	Brijesh Singh <brijesh.singh@amd.com>, "Aktas, Erdem"
	<erdemaktas@google.com>, James Bottomley <jejb@linux.ibm.com>, "Yao, Jiewen"
	<jiewen.yao@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [edk2-devel] [PATCH V3 29/29] OvmfPkg: Update IoMmuDxe to support TDX
Thread-Topic: [edk2-devel] [PATCH V3 29/29] OvmfPkg: Update IoMmuDxe to
 support TDX
Thread-Index: AQHXzyMLbKH6YDbpZEmdvUhOqN07DavxZ2AAgD6H6VCAAEvGgIAADMrw
Date: Mon, 13 Dec 2021 07:33:06 +0000
Message-ID: <PH0PR11MB50644B1B4F1C2D6074482658C5749@PH0PR11MB5064.namprd11.prod.outlook.com>
References: <cover.1635769996.git.min.m.xu@intel.com>
 <c40a4335fc00ddb61485ecfb5a26ab0ed5be8559.1635769996.git.min.m.xu@intel.com>
 <20211103071714.23p72ezydujhwfvy@sirius.home.kraxel.org>
 <PH0PR11MB5064855557B479E27BDBADF3C5749@PH0PR11MB5064.namprd11.prod.outlook.com>
 <20211213064259.zrru4bz2khxof532@sirius.home.kraxel.org>
In-Reply-To: <20211213064259.zrru4bz2khxof532@sirius.home.kraxel.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.6.200.16
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3943f053-5541-497d-50da-08d9be0acdff
x-ms-traffictypediagnostic: PH0PR11MB5206:EE_
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-microsoft-antispam-prvs: <PH0PR11MB5206C2B552DC076A715457F8C5749@PH0PR11MB5206.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UKiY657rsPUeu4RO4YqKf+91JQDt55x6E3QzbWszmd+8eD6Frenl2kSOxfy3dIZsgb8+Ic3Ulu407/0ASOyRyD/loHF5cBpwBT/FPLADw7NMI41XLMUTQJYrPwfLDNb/OIUXT6jY2Qjkromff0vigOZKUh4S9FLRMs0cmyvzTUzYIeOW+dBVwtD3jtoaUb1j7l0d45tTb8//+sANGPPVOJEOc/NkvgpZR8bM3IU2aT4uDx105j0azBmeRTQIYLGEeeA6HInSBBATD04IV5YWtTNKqUJxofoa9cepVK7Gd5v5v6iIQEIH4blLFBTNzvQJDVPf+rTrfYiuprS+IrImiPV+ljczG2MKK6RqJ8Jenq9s6pS0hwI0usJJJ0Jaw4gVMKZxvX2eiUxkJv0l6b5TCAIgEbjYXpa46BDH5sXBtfElsufwpUhcH7r5hW/mbOoyQRlKzD/5gR0WnFNDmlW5fPtUEK/nxriw8v16ZJDOyb+Jm4kuv+BTah5BkhrpXI3iPDmQjdteiF9UhqCDuTOGagnK4UySYNTaB2yO48irO7A/RZDaPjxCKquP+fRIq/ESUi39tCQm+fHKGT8gzDmWBRPcSxC2rykP6LjwGWQTww6brVOdMJ9wSeFyPXnKUtHjT7uzFYQ1zSeArkW6UjTVztwCUoE6hSEiFikvTaq9rdKqyIiR2sCKX8jcLWb46bX1VTl3mKD4nHps4Lcf6racgw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(366004)(8936002)(5660300002)(8676002)(122000001)(71200400001)(38100700002)(186003)(38070700005)(86362001)(19627235002)(82960400001)(54906003)(66446008)(66556008)(66476007)(64756008)(6916009)(6506007)(66946007)(4326008)(316002)(55016003)(26005)(7696005)(52536014)(76116006)(9686003)(2906002)(33656002)(508600001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?tpnK8TYNXRsh5CFxXt8M7L4K7HCb84BbSJUjhjAnamXPTNvEvO1WDHbnhkfQ?=
 =?us-ascii?Q?jlbD8eu5BdkU6wDR8zmVVIOnQRrc3xAToxbxqU62vfzAWL+i2qYmswZIaD+m?=
 =?us-ascii?Q?ISUd7QvZokElAvW8JHQtLNPQkhWUjkoX5wTJesvo07qWEDIqDgqPm3UodXlr?=
 =?us-ascii?Q?7iZaKdclMJ4ivUS6B51BiRPKx+KY0nF3j7OgBQDxCoURQAn3sgt6QGfT9tpr?=
 =?us-ascii?Q?cX3Ly9GMOzoicjiUCFjnf325xuzC/arIQ3/+FT62lU0UVkShEvDxchkOqVN0?=
 =?us-ascii?Q?och+R8FMFni2UIOCekSeZlgb01Rz1KeiQ1d8ykgUpdS5TZFE3TeIPiVGv5M5?=
 =?us-ascii?Q?N0dL7O3GhnWFCRPTGML9ju83U/LOWIsp32Ni48G7vtriQh2MmR4DXOdaApyB?=
 =?us-ascii?Q?Ao6R8vaXbqEKxMFdX9B94NGOxbdUXXJvQcBWp+xQCvufSw0mOctnvOE5DOGa?=
 =?us-ascii?Q?i6R6VZx2KsujsJTfOlm/6tUDAJrVVoMlxJixH3vV8Kte0ImUsqnDNaN218c/?=
 =?us-ascii?Q?nsbncuvcoY4rl8Fy0Z134NYf6F1spggFySRc6vrP2uw52i3avSR1QSsy17f8?=
 =?us-ascii?Q?gzuIg+OxUGwttWckraAw6audaMPZRv2jDJXq1rz3NDExScXi5uMZuGUO88WX?=
 =?us-ascii?Q?EzQdoZ4+64UxMJ8+NF3TA5gkl7BkLiK9ObFD5+EksV53Z1Pylgi3ixtNn61B?=
 =?us-ascii?Q?Wm5VqmKIQ/GZeafDQK9oU9y3IHwCJqqPfuewabRaVwOeoObEDHvGNfpDi9RJ?=
 =?us-ascii?Q?9tbdtHKGiS8QjKLU9C1SlaSzrXjps4bjUQXVIz59T9W1udK2DuniQLGasfSS?=
 =?us-ascii?Q?7uK/Yd4jBz1C072WmzPDX4DVstzFh/KqpOdcos9LwM3f9KrmA7k/4qpDHepO?=
 =?us-ascii?Q?qknj243DhprpOUrKCcvmvMFLU9r+p00i2aDqbk7rhRb+epXdXtRnBSHNloka?=
 =?us-ascii?Q?qjbpQkHClStUALd2cSIngObSKX1w1l3IC239QHeb+fDxi2m5vnZI2cVRFLIe?=
 =?us-ascii?Q?al/sscu0BOYB1UsSVQycjErhiFZTuuBPaqwWr6AUoBzY0JJEVsSSUVRC/fPi?=
 =?us-ascii?Q?lHGqj31zLz0a1bF0r342WXULp+I++6ZBBcuK/LEHW52WduZM5o/hQRkN0AsJ?=
 =?us-ascii?Q?BqH0SHf4UxbxhjLr1vpTYMYgULvKnN8IVRKqEesseKF+wP+0of1EEYN2nrov?=
 =?us-ascii?Q?F5VkUyl98iAE5zfswstvonSsVq87BQgid1Ja8eKPHbH0YIS/c+S/wq7+DaVY?=
 =?us-ascii?Q?ssdaL78UoyJHRGtfdR7nq7oh/pUUzdsNQKjuLYZMblt+ZKsMw8/CHZ9Q0mN3?=
 =?us-ascii?Q?LdDHa29E8T5+nkT0waXdA7N/1tWAWIqKT2Q120JVaU+7eTxwZ1ZeIfJfi56B?=
 =?us-ascii?Q?EXd0EefEJ5PMh5N3krP8oYVsTF/HZxO0rX601ienz7duglsUpeyPxFz0gAcY?=
 =?us-ascii?Q?SEDX9jyZAAzjFFECcXF7MDkB3+ulL1JnGRytanUeE4ygM3SwWO/kHtYfM/7q?=
 =?us-ascii?Q?ODf948UZIc5wPMlF8UYNUf5ceQHZTaAWgN1iv0D66jAo4iGlezWu7vHg4lce?=
 =?us-ascii?Q?zkGGryxF5dSO+OmMrv8nbYJctaiJ8TAW3ge1zHPmZOfWfPad3qvjOsmEcZLY?=
 =?us-ascii?Q?OQ=3D=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3943f053-5541-497d-50da-08d9be0acdff
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2021 07:33:06.2965
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6stY/yncvF0xbFcIrCXzTEMoH/fmm0O4AKMvGrON7EBpIw2BVKsle3dkSqg0SjRyYeLDZHzBUXjjhe0mVSQ1eQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5206
Return-Path: min.m.xu@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,=20
> > > > +  if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr=
)))
> {
> > > > +    //
> > > > +    // Clear the memory encryption mask on the plaintext buffer.
> > > > +    //
> > > > +    Status =3D MemEncryptSevClearPageEncMask (
> > > > +               0,
> > > > +               MapInfo->PlainTextAddress,
> > > > +               MapInfo->NumberOfPages
> > > > +               );
> > > > +  } else if (CC_GUEST_IS_TDX (PcdGet64
> > > (PcdConfidentialComputingGuestAttr))) {
> > > > +    //
> > > > +    // Set the memory shared bit.
> > > > +    //
> > > > +    Status =3D MemEncryptTdxSetPageSharedBit (
> > > > +               0,
> > > > +               MapInfo->PlainTextAddress,
> > > > +               MapInfo->NumberOfPages
> > > > +               );
> > >
> > > Again, this looks very simliar and like a great opportunity to share =
code.
> > >
> > MemEncryptSevClearPageEncMask () is implemented in MemEncryptSevLib.
> > MemEncryptTdxSetPageSharedBit () is implemented in MemEncryptTdxlib.
> >
> > Yes, we have considered to merge these 2 EncryptLib into one lib (for
> > example: MemoryEncryptCcLib). But after investigation and some PoC, we
> > find it will make the code complicated and hard to maintain. (many
> > if-else checking in the code)
>=20
> > 1. From the naming perspective (in SEV/TDX documentation), SEV's bit is=
 Enc
> bit, but TDX's bit is shared bit.
> > 2. In SEV's SetMemoryEncDec () it handles differently for the different=
 version
> of SEV (for example,  Sev-Snp). I am not sure if there will be more speci=
fic
> process will be added in the future.
> > 3. In TDX's SetMemorySharedOrPrivate, currently it is simple and clean.=
 But
> there maybe some new features added in the future.
>=20
> > I am thinking if it is a better choice that every vendor takes their re=
sponsibility
> to maintain their own lib/code?
>=20
> Well, I still think there is opportunity to share code, specifically the =
page table
> handling.  Have a generic page table walker which is able to set and clea=
r bits for
> a given memory range.  Then the sev/tdx specific code can just call that =
instead
> of both having their own, duplicated page table walking logic.
>=20
> Maybe the page table walking should even be a MdeModulePkg Library, i.e.
> move the code for page table walking (and huge page splitting) in
> MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c to a library so it can b=
e
> reused elsewhere without duplicating the code,

Thanks for the suggestion. I will carefully think about it and figure out i=
f it is feasible. (A Poc as the first step )

Thanks
Min