From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.59]) by mx.groups.io with SMTP id smtpd.web10.14550.1682088832851764885 for ; Fri, 21 Apr 2023 07:53:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=uTXPJ4Oo; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.59, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FxKLCGEd6DLo8Bfy1XzJ7i3nsryl04q4+T4OzDu3JmyP1qeAsBekTKnZv/zYi8wv08wZ+TzDrNOV7ZBF3aFV0dABdA23TAAqT1/LrdLs0e9TEmWJZt1LjBETXmSU5+M1qmHNoYfNwgWyEkkuozXw/p55TtPLzo+qK5LQEwX3KQxJD5Ve7vo9sVRJf6Za8VhyBfZD56KGvmOT++EKh+EfjyvC7KRd/cBHUKYDDM30JVtAQCdbOp8INX2Ao+h/AYphF44JQ9VMzXH1MrOp5F93C6wKv2Y6WmzG7pzWukUMx44JssMT2SjQj6rgtI3Gl+41l6DGZndoIp8SerDLLw/aoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Q62fCT60JTVmNw8zCfd01kjQbOeiVIFu+swLsBUFy40=; b=FtmQ/YPX5/KZSkAxgNXyJYasx3kAucsGj5QtvpIjVfp7qYJEUpfjvEGRMJ9N3I+Yl0fPGkD3a/U5/tH8R3f2HyCIZlI26+sxHsqDYtkW15LVJEGpYwCXpTGw1Yu85u9sMkYVGRPQ6WWnow/d72vMzaA5MKKwYTO2/bdYbh1L1dnYw3lnZ/c06tAHlDUL21AdqjtWEeVCgmVObWkNSS7+S045PZujx5KFy/VyxNzvyxVSfkFN3D0OH0TCrQYnxVvdO//JwKaUW+iFdNyCugGP+Y5lKhvfQGC6K27eZlFVns8L5a8+9m30pW8uZGGR8fPjTYAAHeFbqGQbLtQQNz4M/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q62fCT60JTVmNw8zCfd01kjQbOeiVIFu+swLsBUFy40=; b=uTXPJ4OoYZqMk3YoF+TOgR24e3SyDmh4BrSeV3kgIxta7aLLTYoJ5kH8uqj9qnFX/UvdCyRHdBazPennmSpd1lCqnw81X/BDy6xFj0vwkHTOuo4EQCGJh1o42w0O5+m9CMKYGxfynlhUiOkDzT2I7Svj8hpa6OTHMcinEIXTcag= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH7PR12MB7332.namprd12.prod.outlook.com (2603:10b6:510:20f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.22; Fri, 21 Apr 2023 14:53:50 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::ea32:baf8:cc85:9648%7]) with mapi id 15.20.6319.022; Fri, 21 Apr 2023 14:53:49 +0000 Message-ID: Date: Fri, 21 Apr 2023 09:53:47 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry From: "Lendacky, Thomas" To: Dun Tan , devel@edk2.groups.io CC: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Ray Ni References: <20230421083628.1408-1-dun.tan@intel.com> <20230421083628.1408-4-dun.tan@intel.com> <123351a8-1f6b-07b1-6b73-6052bb84d704@amd.com> In-Reply-To: <123351a8-1f6b-07b1-6b73-6052bb84d704@amd.com> X-ClientProxiedBy: DM6PR03CA0066.namprd03.prod.outlook.com (2603:10b6:5:100::43) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH7PR12MB7332:EE_ X-MS-Office365-Filtering-Correlation-Id: ca0acdde-9d25-4a69-1c26-08db42783763 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /OegMH3hR9O580XEvRrFObPTskMZ780nJoPOj05IM+luI2SQF/BE+VHUHFXDvR0rF4KfPkbmW98USYGuDTZd6/npOTe9OoCohmSy+jmYL8f24cC+6lVo9DRA4kUgIWUovMyPnhOoJfIpgvykxkOyvZKykcz9OSQ9axgWoOAcc2WAvoCo6sWax2mNtYLascIipRfjX2y2ZZXRMDCX42xoKSy7PPkVBYYgzRZcwGvCaDeExqAQEsEbe7I9+3W8gppFESy1DZEVf2aJG6YEjPa6QEjjVgoIkgmVIkKEiJbe4RKcdfO4UkERRx1m1Xy7W9z9bBN87bWnoyEZXkNN40xrnaY36HkBZzzvgwx9Z2yNN2mTulwot/e2ydHVrk1NNYJTx4WOem2Hc/65aWK09+EeL1oYtR62a1RD8TUQk5hFdX3Bx1QRyLbH8SqcnouK8+1g7TaKHMKkxaQnHSJqbIaZMfnGrU832PDKQYOJ/DzfXhATKQcxxebbc1SlnJAbN/kc6GsFFSEJfNBRlZ5REIkIY3z2SA5eMizGhnVA7tmg+KyGtgGTJpibTA1XXZK64gI/wPX89JFAdMKZrjizumsWi6PXB1XuWzaFIVipOd9hOvahVHE+gkcNFeprWvP6y+DCCu1iReJIWyO9GI14x2RWIg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(376002)(366004)(396003)(136003)(451199021)(53546011)(38100700002)(26005)(6506007)(6512007)(5660300002)(4326008)(66476007)(66556008)(66946007)(36756003)(186003)(31686004)(83380400001)(2616005)(6486002)(478600001)(54906003)(31696002)(2906002)(86362001)(8936002)(8676002)(316002)(41300700001)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?D4iBQNlOCWT3pFR9Z8jEKsDcvfXnIZCm1yrlKwAZsSo7E/tfJooDFOhMyiDZ?= =?us-ascii?Q?HzhrvaQtcX1OrLHvEGQJixY//CaiWLxndjUJsf7Ij0dBt9EGbyvi8on7RUCt?= =?us-ascii?Q?NtkOZr4rqHoQQDDvWQ4my6zbl4chpsBncETT40aTskw9Cj/9VYeAPmsr9uZx?= =?us-ascii?Q?Q/sDTgIUu5cQBhUxxGAMK1jHJnSfFCdhZ6oMAs7U6tzQZtF7kh/vswRywntY?= =?us-ascii?Q?53AIMcGI4oZ2qTQOtynKgeyqPhLQ0J3zbqZ4zQFTkRU7dvzyW3DY5zgCQWyV?= =?us-ascii?Q?x1sgqhzjprnDVOBTk1KnzmrdyASVgc6nJwxXmPTNVP5gf/5CG0YpRk/CQWvr?= =?us-ascii?Q?m58wpP8sRw1p7umV1e0Q4uYCk5PIriDk6FiMADODx69Hnp23x18q6hRpsQgC?= =?us-ascii?Q?0BD1xEw7yunURDgMRSZbmzyNosHF7QUtSg5PlNW2RePcAryRBP+pwOFEHsMn?= =?us-ascii?Q?J8V1iqHJ/BFFrO0hlip8OS91NZ1JEm8f2Cs0peND3SydmdfXqiKoSFFXkzN5?= =?us-ascii?Q?5/ck+986f9ND/VPTFxBypynmE4x/PmqdcWFmDM6Q1Yjo4UGyVpFfjJT4VYjG?= =?us-ascii?Q?xJ32jbQNVXbLpWLPOUVcPhXX1OaQegydMQEp8UJTnY4vrJA6MFSp6+WNVSIN?= =?us-ascii?Q?YG9WWiW9/6y+mf3x37I90xVuCNWelPJuGN+RAP9mBPvvYl6ZDWPdCH6c+ja9?= =?us-ascii?Q?5AJj4mlkmK3jks5ORFmTJMyQG28ic+ajL97JXhOe4bJZXJ4KKVOUnBzKfJ0N?= =?us-ascii?Q?LLRc+5uRTaxVUm2dNO0MsAVx+LLl+rH6I1Bq5IRjhoPff+a0mekjPfCp+1eB?= =?us-ascii?Q?pedQbm6R8CvhM9YjJKmyyIBqHFoaWyLOZ9fRf77v2rWXhEVgwaWZ3aMYLxwk?= =?us-ascii?Q?cG+yhaVSciNFu6c69dXwdHhjmckKX8RWcD9jESaFoMuYE9hbvb5pcF+z6ucA?= =?us-ascii?Q?m5xTtTm7Iql09Tkwvj7p8wBbHO38WPT0N9615YRjyn4sSdO7gcRJJOXtsATR?= =?us-ascii?Q?0DfP/CexS0q3mLEPWo6Y2Gb3i17WXKPLcbSabtMWj5BD+zDE4L5prYFnLPwL?= =?us-ascii?Q?MAVGB5bMHcdTSlf+DMfzXs2yN2Js1p2TgVNnErsqWiFMYksSDUhNpaSiYhRT?= =?us-ascii?Q?82xfHy74FY+GFpGraHDOTyT7lGQinR5GsEENOuVzfsEB84sSZyVCuYTwdx9F?= =?us-ascii?Q?AIDmhzXyMBHKbXaECBy/ou5C7BNj7E1h/5aUf6nR2JqIYSKZKJODY1w1tsif?= =?us-ascii?Q?e76gLpOWzNgUXDYUY6qXgHEgz+2KM685d6u9/EoC+K7zuqt9aBivZir0TrrC?= =?us-ascii?Q?BeY+tfb1MUCKYFeU+tLIIgs7/bz8Fi5DM7m8u4DTCZUCB/wwasKezQIKL/fv?= =?us-ascii?Q?dln2w4X0CSgCfZpNIdEl7TysyB1ughBJvljmAUfG0HciU5LcFSgvifivYlI3?= =?us-ascii?Q?bmmplI4044P1HhrEHkhYQZmcSCo6SCm165fI7iaqdfE0WvvnhUCSXW0v9Bh5?= =?us-ascii?Q?8Z0KP4nQ5qeZYIOuQlpe8BGtYflbcS+mccPC3dCxJerU5WnrpP1sx0xJkPjT?= =?us-ascii?Q?RdNH4Oh25hKJywK4EJD9Royfv7+bq/DXxFkHDR4v?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca0acdde-9d25-4a69-1c26-08db42783763 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2023 14:53:49.7357 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xT/kEDjNun7BsMAqJTRKuamWhuLHOlqAmAMQvqztrUtbBZB/pzZZzJJaCKmcD7YsY/xzm882/7LvmKJpMuBu3A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7332 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable On 4/21/23 09:26, Tom Lendacky wrote: > On 4/21/23 03:36, Dun Tan wrote: >> Remove code that apply AddressEncMask to non-leaf entry when split >> smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it >> calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask >> bit in page table for a specific range. In AMD SEV feature, this >> AddressEncMask bit in page table is used to indicate if the memory >> is guest private memory or shared memory. But all memory used by >> page table are treated as encrypted regardless of encryption bit. >> So remove the EncMask bit for smm non-leaf page table entry >> doesn't impact AMD SEV feature. >> If page split happens in the AddressEncMask bit clear process, >> there will be some new non-leaf entries with AddressEncMask >> applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe >> module will use CpuPageTableLib to modify smm page table. So >> remove code to apply AddressEncMask for new non-leaf entries >> since CpuPageTableLib doesn't consume the EncMask PCD. >=20 > I'm really not a fan of removing the encryption mask, because technically= =20 > it is correct to have it present in non-leaf entries. I really think the= =20 > pagetable library should be able to work correctly with or without the=20 > encryption mask. Or if we do go this route, there needs to be a really big, informative=20 comment above the areas where the AddressEncMask is now being removed to=20 explain why the code isn't setting the encryption mask (SEV pagetable walk= =20 behavior and the fact that the pagetable library is unaware of the=20 encryption bit and encounters errors when trying to walk the entries, etc.)= . Thanks, Tom >=20 > What would it take to make the pagetable library aware of the mask? >=20 > Thanks, > Tom >=20 >> >> Signed-off-by: Dun Tan >> Cc: Ard Biesheuvel >> Cc: Jiewen Yao >> Cc: Jordan Justen >> Cc: Gerd Hoffmann >> Cc: Tom Lendacky >> Cc: Ray Ni >> --- >> =C2=A0 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | = 6 +++--- >> =C2=A0 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git=20 >> a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c=20 >> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >> index a1f6e61c1e..f2b821f6d9 100644 >> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c >> @@ -233,7 +233,7 @@ Split2MPageTo4K ( >> =C2=A0=C2=A0=C2=A0 // Fill in 2M page entry. >> =C2=A0=C2=A0=C2=A0 // >> =C2=A0=C2=A0=C2=A0 *PageEntry2M =3D ((UINT64)(UINTN)PageTableEntry1 | >> -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IA32_PG_P | IA32_PG_RW | AddressEncMask); >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IA32_PG_P | IA32_PG_RW); >> =C2=A0 } >> =C2=A0 /** >> @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly ( >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 PhysicalAddress += =3D LevelSize[Level - 1]; >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 } >> -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 PageTable[Index] =3D (UINT64)(UINTN)NewP= ageTable | AddressEncMask | >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 PageTable[Index] =3D (UINT64)(UINTN)NewP= ageTable | >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 IA32_PG_P | IA32_PG_RW; >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 PageTable =3D NewPageTable; >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 } >> @@ -440,7 +440,7 @@ Split1GPageTo2M ( >> =C2=A0=C2=A0=C2=A0 // Fill in 1G page entry. >> =C2=A0=C2=A0=C2=A0 // >> =C2=A0=C2=A0=C2=A0 *PageEntry1G =3D ((UINT64)(UINTN)PageDirectoryEntry | >> -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IA32_PG_P | IA32_PG_RW | AddressEncMask); >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 IA32_PG_P | IA32_PG_RW); >> =C2=A0=C2=A0=C2=A0 PhysicalAddress2M =3D PhysicalAddress; >> =C2=A0=C2=A0=C2=A0 for (IndexOfPageDirectoryEntries =3D 0;