From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web10.62753.1638849034626742450 for ; Mon, 06 Dec 2021 19:50:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=S3Fn7Lbm; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: min.m.xu@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10190"; a="261550563" X-IronPort-AV: E=Sophos;i="5.87,293,1631602800"; d="scan'208";a="261550563" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Dec 2021 19:50:33 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,293,1631602800"; d="scan'208";a="611508354" Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by orsmga004.jf.intel.com with ESMTP; 06 Dec 2021 19:50:33 -0800 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Mon, 6 Dec 2021 19:50:32 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Mon, 6 Dec 2021 19:50:32 -0800 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.169) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Mon, 6 Dec 2021 19:50:32 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GzW9kICom7AWI/4uqg6zqBr+9ZD/UuoIhs8mpFHLVwkvgSsRkoogT4AM50GCUz5lzqe/xgkMmWyzcOZWcARjhcRw6pcNIjr1neLcEjIKzi5j5Qg+0qQsCh2BBZ1vGcDYcb4fti24UDoKobKxlDWeqjMTOhEDnHsEhjxpbdTP5Vb9UidkUKP6gIg9+RkY7mzsKZi3fmqDfpF6/igvnTXEkxmt8MY8pKNA1p8AVjdggvWSrVvvD6cGN+fiHMLRpo+zMSEhbQmOC4M3q+Ovnf9Z5XX0nd5LeP960iIaftE69gGJ8W9JFsAz8iCdUVUpFrAuUFRi4ZtJ+eiG0a1ivytBhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RcdUA2TRtW8cQvrY0580nK3nPdyI39ZHpyV0R92REuQ=; b=LMbjARa237dRKHtP8u5wlAiEST7r40qPxRoChMsFxNlaCvxPsF8WTyX7rw8gxj4RmMhVmPpVsb9ohkOzo13TKqspP5fhRYQ0jvP2WTeg6jiRxnZDdYQgRe5hIF3I6xj4uX8fpW+MGc7JQmYnfUWLHKPJFzE4a+ZRLScIzrHBFmAhBXynrSXAuRtWyjWHEGoQ7sCK9Ur9+Gp475RfacjwChTIAj8NsHIkpTMHZOD3CTkqtfenUUpVcKlxHubBf1Lyd7uGnskG4zr+7F5OgELmld+y+QVUhuxMKXjHUUaYZ0nxgiLeprl2+g6R3kmpfeMiXWBxMpyb/IzU0y7k9R0/RQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RcdUA2TRtW8cQvrY0580nK3nPdyI39ZHpyV0R92REuQ=; b=S3Fn7Lbm5wUA/zxUfB46OQGEYfdQY0rjoPn3kDd0/O2zV/62j3hoIrOVJxrXplCTCa4xu2C5FZIj8II1adz4SGoStLOAZ796WIL/i/nwQQ1FVCth7uRUxjtzgtrs1WhBw8k4XH6UfIMF4eD8J0h3x2aebzeL9vAc+fkqe2Gzt9Y= Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH0PR11MB4775.namprd11.prod.outlook.com (2603:10b6:510:34::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.11; Tue, 7 Dec 2021 03:50:31 +0000 Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::fd42:b334:5030:af8d%6]) with mapi id 15.20.4755.022; Tue, 7 Dec 2021 03:50:31 +0000 From: "Min Xu" To: "Ni, Ray" , "devel@edk2.groups.io" , "kraxel@redhat.com" CC: Brijesh Singh , Erdem Aktas , James Bottomley , "Yao, Jiewen" , Tom Lendacky , "Dong, Eric" , "Kumar, Rahul1" Subject: Re: [edk2-devel] [PATCH V3 23/29] UefiCpuPkg: Update AddressEncMask in CpuPageTable Thread-Topic: [edk2-devel] [PATCH V3 23/29] UefiCpuPkg: Update AddressEncMask in CpuPageTable Thread-Index: AQHXzyMDz7Xf2aYAIESvMVCZvEjfNavxYpkAgB2buYCAF45CMA== Date: Tue, 7 Dec 2021 03:50:31 +0000 Message-ID: References: <2885c5213149eadbc99bfc579a9a27cccf080109.1635769996.git.min.m.xu@intel.com> <20211103070008.ker73xikocbxtkfa@sirius.home.kraxel.org> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 86346033-8d7c-47d7-a430-08d9b934b763 x-ms-traffictypediagnostic: PH0PR11MB4775:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: WEbG+ttbIdhYN4DkvMMYzfeEsUUcYTNJgxXYOe1Z6X+LaKDB8tbJAO//rBexiIBG6Lt45dcKfSTf57/MUJ8lUo0RGDqgWdqEQQJ9Sm9OP/VqGU+45yC0qEOJDyeI4V6wTgTPjiOiqxe/DL5u6D6zlM9MLr0SEffvQkBbMBsC/NdiIyHinYJGDTDhn8iWNX0h3URLNIukJ3erQjdbVKenqjjHbzKsL5UTBQzQkrXYN3jVPQk8PAn8gCpHGZDV/gVWFK7NSVz6jLngVMplGDElaMhvSIThq6VAxSa8Q4WioGuiMIS7EzFKzdlIZVjis2jdkcFQgKXo7L8Ljr00kSQfuR5mBn0+zd+p4rzrbIEmHAuzsC4oJIGGxUSy2DqK5BWgTwfKy94z7NJbOud0pJqwpMT8TyqACtBLBfSAaDIUHio8wnjo/mSX06CZLBSq2KWFSOOz09mUvZesR4BF+kALH43nqAjhalYjGL+jvWJ9MtKopITXnBu9+R7wYA0j1eWig5rWhX2N1XRMFfieGB/+8sg9X/tynGKci5w4WaVYF3m6wlNk604PZvEpKZsCG19X4i9cFjSYvFX7fYeiWKeUeFr7NGzNOd6K+8yCLVjkLlgYYNN+dFxsEJMFYyc7DGx91IbNpM/EpgDvYkeMG53PL7Ln1/y0Wj0pi6BuOJhEXVcDMl3pQEqtM5mPgVSRn+QBrx7+Lk693Cavi8Iho4wHvMpoNxe4HzOMOawvAREXbSCx6IR/HgrQiuVkvV/BqXCGrwkaMoE+hsxevmK3ozYLeoL4F5blJiJ3Cuuzi68+HmA= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB5064.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(33656002)(64756008)(82960400001)(66476007)(66556008)(66446008)(110136005)(186003)(6506007)(54906003)(76116006)(316002)(2906002)(38070700005)(66946007)(8676002)(8936002)(4326008)(71200400001)(26005)(86362001)(55016003)(38100700002)(508600001)(122000001)(966005)(52536014)(5660300002)(107886003)(7696005)(9686003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?J6jOE1ZwWDgMcQOMg88GY1blojzl9Nva+t2PHCTizPI2bmcHX2KMndXXN3+c?= =?us-ascii?Q?ukjrLleo+cmR2xL/p17DOb++4qLm3cc87f3i4Y8aWR5LpG1a0Q1KNU3sYtHr?= =?us-ascii?Q?qNZOAQrPDJIou0AaWkHHZEt317ai3f2S9NIAfMxKGxUdb/jr6slh40IFuzjr?= =?us-ascii?Q?CoI7MH+BxlkSjAabY+cLQ/9KYppGnF7gp19BVAl5DiQlvb58/ElziXznjskR?= =?us-ascii?Q?XEQOysRozlPGucgQY01SYlhYTk4rn67Izwm+yRhLkmKsKz6AxCDu3H4DOczn?= =?us-ascii?Q?UhY1LI1tql0Cg5URhRqyGftBaJ7aFTvo3Wn8JeznEK6meqRFLEwjJ22FcPEb?= =?us-ascii?Q?o8aXBAxkVgp18hv8oiukPeMSmclqBduy0ei1zIiZPPFkNvPlN/jdFgqAtZaT?= =?us-ascii?Q?MJ29Ex9u7vdPAYQwqKSgKjhle86S903nvNYrsrNec2ae9hEyCiMWhHuVpyKr?= =?us-ascii?Q?cZZMD6nVfA/U7fgB5ZGaPYZIZjKN3k3oDyaDjtxDbrFioajXYpEpb8ELDwHF?= =?us-ascii?Q?f1UUg+dq8DfXwnRr1xabuA3Yjjg1tuGSEoVrPKfTEUWfA3jRIhiNgtwzFCMJ?= =?us-ascii?Q?bM2lF9vbO8FzbCeeyy54kBGMD70qcQo03t4Khps+8eu2jveq6oEq95EkLD7s?= =?us-ascii?Q?oRCInUFbpoXX8nGAXzKt0mMdTcMTaPGL5EcUYD0LuW2/W5gRCDk1wFiDkFzN?= =?us-ascii?Q?PFYWj97q4iacj2JbbfCw9bkcSrCfjTr5ZPa0eqeMx/l73E3FnnyOva99Ee6T?= =?us-ascii?Q?oYLtsjf3cSgUaTeY9r8oqo2BWI9Mm/K1t5B+jEBvKKLNZoOSZl1QZCoSsuGa?= =?us-ascii?Q?CafUTWOvOmU+F+3rnPZBI5Gq5N2nQ7p1tHMAqjNtotWJECtMtzklepvHfZLQ?= =?us-ascii?Q?WsesZx+j9vM2Nz1oYOz64mcBAdvNdfB4skJJib2CAS44Y1eeby4s1l86ih7u?= =?us-ascii?Q?jXKiuDlLUfg8jmfgREdtb8nc3oLNfRhRfYhrxB9bjt8ww6ndS/ZlIVpUWSty?= =?us-ascii?Q?XhbiDGTTr0tkphEKNYy+raIbIzK450QDicpwSpeXMNI+jMWLWKmAOCBUKoz8?= =?us-ascii?Q?yXjOI9bX5TO3ET39aZZZUI5hdCZkxkJk+oK2EvPljwZ47fpUqbrlas1TAWIZ?= =?us-ascii?Q?Jo7FZi4Za8Yf4tqFJY+yB04yGQbXsqo+8tp/Kq4W81iXPjG8sxaqmvwFwJvX?= =?us-ascii?Q?+sND2dy2Paa9A4gXyI8jhoRZQh+w6S3FXk/p3wHT3v1TSfDW+RQC1oO73srr?= =?us-ascii?Q?QBh0cbT4zQdjUM9SFOVCPpRBucnas3WkA0B/cKdUGPtmfYXxZzT570qKpw+k?= =?us-ascii?Q?5kcAHQ5zP8p63MoVDCUKpCNnJPaCXdwUsZSIOwngjapeQHsS6sAJIf+zG4li?= =?us-ascii?Q?ukbmWZLpkp15/zeJ2K1JcxQwcS0s7/JUMlm/1pNATc9J+KtetqhBxdFs/p20?= =?us-ascii?Q?UCQVlegudkcffjZE4KJVltqyr4MGIje82kcWKz5ukuOnRl3lkE98ledLxnq2?= =?us-ascii?Q?O301G9NM379Yn5IwhQNHAgAsigFtzEgjdubtE06Ovhk3HqHk7xe5h5Cd+R0P?= =?us-ascii?Q?N8fxl92E69A5pH/suVzWBpTrOrIFfGpDAxmGZLGOJbveMQox66xi4gvIT/Gf?= =?us-ascii?Q?mg=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 86346033-8d7c-47d7-a430-08d9b934b763 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Dec 2021 03:50:31.4410 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: anF5tUijH6GYAMpM+38JLr/ddum9bbCx+QR+XfXuk05MksTyiL9oAe18mod6jJ/ry4Ic6VR9aXoKE6wJ5vIA6Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4775 Return-Path: min.m.xu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable On November 22, 2021 11:09 AM, Ni Ray wrote: > Gerd, thanks. I am about to raise the same comments... > > + gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask = ## > CONSUMES >=20 > > AddressEncMask =3D PcdGet64 (PcdPteMemoryEncryptionAddressOrMask) > & > > PAGING_1G_ADDRESS_MASK_64; > > + if (AddressEncMask =3D=3D 0) { > > + AddressEncMask =3D PcdGet64 (PcdTdxSharedBitMask) & > > + PAGING_1G_ADDRESS_MASK_64; } >=20 > Looks like two PCDs for basically the same thing. > Should we create a common CC PCD here? >=20 1. The current situation of PcdPteMemoryEncryptionAddressOrMask is: 1.1 PcdPteMemoryEncryptionAddressOrMask is now set by AmdSev. 1.2 In CreateIdentityMappingPageTables(), this value (AddressEncMask) is se= t to the page tables in SEV guest. 1.3 This PCD is also used as an indicator in InternalMemEncryptSevStatus() = if ReadSevMsr is TRUE or FALSE. 1.4 This PCD is also used in BootScriptExecutorEntryPoint() 2. The meaning and usage scenario of PcdTdxSharedBitMask are somehow differ= ent from PcdPteMemoryEncryptionAddressOrMask. 2.1 Guest physical address (GPA) space of Td guest is divided into private = and shared sub-spaces, determined by the shared bit of GPA.[1] 2.2 PcdTdxSharedBitMask indicates the above shared bit of GPA. And only the= shared GPA has the shared bit set. This breaks 1.2. 2.3 It also breaks above 1.3. Because not all the MSR can be read in Td gue= st (It will trigger #VE). 2.4 It breaks above 1.4 as well. Because the private GPA doesn't have the s= hared bit set (2.2). So BootScriptExecutorEntryPoint() has to check Td gues= t in run-time so that the correct AddressEncMask is used.=20 Based on above investigation and consideration, I suggest use PcdTdxSharedB= itMask for Td guest and PcdPteMemoryEncryptionAddressOrMask for SEV guest. = We can re-visit it later. [1] https://www.intel.com/content/dam/develop/external/us/en/documents/tdx-= module-1.0-public-spec-v0.931.pdf Section 2.4.2 Thanks Min