From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.89])
 by mx.groups.io with SMTP id smtpd.web12.1478.1620068190029507068
 for <devel@edk2.groups.io>;
 Mon, 03 May 2021 11:56:30 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@amd.com header.s=selector1 header.b=MUkZkGWp;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.89, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=P34vkOkhIJFe/AbOIUSSeI/c9q38K8XHHA8cFW9JpvKAdnzN/o1cPCFZH2CRzo/xcHMXy5t0KT3dvmis2Hm6JP0JU/OQeJbcdafUMEfd+BGzDyB41xqsKGBQ5hmBaRdLk48Zb8K4nvq0JYMEcHrPuC1C4NpIg8W2MqECyQ8MfDFCjOmfcuBdsatFHLmQP7pkp6PUOMfN5bthIpVRXSla/rT11Czhys6SG7ePJ6exznQPKhWNdsN307lQmmAIAH2DDAYpwBKLKv+cyCHrmY2RZbRoxdkIY/Ke0bwqqCsD/QHbzDDW2l8/La5aEraZgGXG7YXORP8LlcoHhXxBbq4Q4A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=VfKi3aPTtBSH2HKrZQSnLP58AyTBh+X9vYmf26KbMjQ=;
 b=emUZC6nzFlU0EknupjrR2p+L4rYL7AhZG85NPv0OdtDwfGsvMu1XleFGVbqKmxKIldB8cUfQA5pKhv/XK4+eEDHNXaU8B0VKyoI7596zGEId1Xnri8TxCCxyxfEt5Jlax1DMU3S4h3/MlJBwhDGUtH7UjPCLdk1vhmk1+NLpHxAKkwDiYIF0+vcaz1W4oI06tYV0DXx6OWjsf2slGXB2SBEERTzxsHHHexhC+HRcwM9YFs02lCsbjvf5mx4KKQ6IEgB9I73hfnh5PmRCNfgKfgBWVSsFpPDbXxsVZtZzH3majB7DN2W1ViEH5OlcN1c3s9bZzpIz6aiBB5crLEqiSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=VfKi3aPTtBSH2HKrZQSnLP58AyTBh+X9vYmf26KbMjQ=;
 b=MUkZkGWpCS2+L91QBbboXBdOCB9C/IBbJh1fU1GDhf7uB6dAg0TodT7nwUPmnnCDfCtSUpAPABGn1JpF7rn7ZQ6fem6HLQIQ8OFrgxi0wfP8sKfav8ygeKIgpsd8dOmqFLdrKqqcl+4L34YP5iEPj1f0Q/AMu0eAHHRBbZymTg8=
Authentication-Results: redhat.com; dkim=none (message not signed)
 header.d=none;redhat.com; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.44; Mon, 3 May
 2021 18:56:28 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4087.044; Mon, 3 May 2021
 18:56:28 +0000
Cc: brijesh.singh@amd.com, devel@edk2.groups.io,
 James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>, Laszlo Ersek <lersek@redhat.com>
Subject: Re: [PATCH RFC v2 21/28] OvmfPkg/MemEncryptSevLib: Add support to validate system RAM
To: Erdem Aktas <erdemaktas@google.com>
References: <20210430115148.22267-1-brijesh.singh@amd.com>
 <20210430115148.22267-22-brijesh.singh@amd.com>
 <CAAYXXYwwjis7XZ8+TqrFR2Gz5imyYRg+Q2-gtfLSHB+=+Q44bw@mail.gmail.com>
From: "Brijesh Singh" <brijesh.singh@amd.com>
Message-ID: <bdf8ab7e-df6f-98be-dd94-e0484ae96799@amd.com>
Date: Mon, 3 May 2021 13:56:25 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0)
 Gecko/20100101 Thunderbird/78.10.0
In-Reply-To: <CAAYXXYwwjis7XZ8+TqrFR2Gz5imyYRg+Q2-gtfLSHB+=+Q44bw@mail.gmail.com>
X-Originating-IP: [70.112.153.56]
X-ClientProxiedBy: SN1PR12CA0068.namprd12.prod.outlook.com
 (2603:10b6:802:20::39) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN1PR12CA0068.namprd12.prod.outlook.com (2603:10b6:802:20::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Mon, 3 May 2021 18:56:27 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6b54d62a-0cf1-43a3-06c1-08d90e652826
X-MS-TrafficTypeDiagnostic: SN6PR12MB4751:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SN6PR12MB4751EA6D7C5BA8BEB20B4B79E55B9@SN6PR12MB4751.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:5797;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	NmtP7HrhBNz5C1rnJP33HAPlje5OOaI9V6/4IOLKZ/uEqRY2B9JePT6a+U8niDxSZI/Ulv4ECeR8IAkSfj//H+zdgYfJHTaHDT4aLGOdYFu0kwufazZCv3WmcvBV2dkYHMR5oAnzQKPehfUl9TCjBF0ORWkF32yCo6DAXA7fKW7z4cuyYR8FYBJ19HdTbMujGhbdKQEjHnSdXOzrxggwGGnbcipJD7ZVONKVfsIBz6K2AA/V+VWhVgWKHFnEXucn9sHbWgpPPWB6gBrvgBaD6Rlftv6n2Lp9B6lIz9Ql2yh+87I89/ZH16QpUPHfDEyYTChLvtPRCYIcXJ0O2JDZYo2SC+sEEr8Wxa+us5Xc3vL3JnVprVHNCExUySTW+qZkCWUW/74qNk/GWcyEgCsrEoeMc0qkqfMP/Zb23x8G2KS4D5BgZMO8VfXdrxKnbCcJJK8Kfp7AWdb1oLXcXrCKEEw+WLc2pUaDGDUXF1cnflG4eYw+FP/1e7N9TgTU8tgzfIwGjlu/r8pX0xFsVwzgxZ6PYaEVFDBZM2qqh3KEPUg4xOduiRgQp5GimSfeDznBYZuPwatLvlXk1NE0YPn79WR/Q+QtwzVfptuHtoU4UHnm4JxchGLfNr4WzSI7DFIWSaoHioDGmIj0HAYcguxEVd7ZbLbON7ahkU7iy8WRYnBi3mVDWMM8MllfSnP5HWpZgaCW9RgiXoIZy2jO6gmqyK/UlV3No5PU1ihktDY6rEM=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(136003)(39850400004)(376002)(366004)(346002)(478600001)(956004)(26005)(6916009)(44832011)(15650500001)(19627235002)(4326008)(2906002)(316002)(54906003)(186003)(16526019)(8676002)(6486002)(66946007)(8936002)(66556008)(66476007)(52116002)(31696002)(38100700002)(5660300002)(2616005)(83380400001)(38350700002)(86362001)(53546011)(6512007)(36756003)(6506007)(31686004)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
	=?utf-8?B?NlZCSHpjSlZQcUVQWmVpdXpwejQrV2NzRDQ1OEhXS3RiL1ZjekEzWGF0L3Zu?=
 =?utf-8?B?L3dXcVBXUEJHTENLdEY5QnFkcjgyMTAwcWV0K3c3eitLMW1ybWQ5L3JHdWI3?=
 =?utf-8?B?V1czR2xlUEFwTGpaQ3Y0YUlqL3FBclE4QXBFampIK0pEajJIUEpLTklDRWtm?=
 =?utf-8?B?M2laR3VsbWdiSlY1dGlONFFmR1NwSVV4SHBOcDVWdGFibjE4Q1Jtb0FIUTJX?=
 =?utf-8?B?eGxlU0w4cmhKQk9mb2Mvcml2N2dlaTE1RFFCaStkbWVWcUxFdllSS3FvWkhm?=
 =?utf-8?B?cTRiZVgyd09qNGJkNmc5WDFBTW05MkhRbC85YWVVZk1vSitRd2dtRm4vM3Ri?=
 =?utf-8?B?K1ZWaUNHa0pIRms4V2R4NDkxdUhBM2tKL0dud0d2cUNqOEt3U0RXK0xod3ZK?=
 =?utf-8?B?K3l6Rk5rNkJCazVVRzd6MURXaTFYUjNNdGhxTFpYVTdMaGFOVTN2WlEyTUhX?=
 =?utf-8?B?eUducWFha21nQ25naU9SQ1VyVW8yeUxaV3VROG5RcVkrZ3BkQU9KYkNhWFEy?=
 =?utf-8?B?Z0tHVG5KRlVwZ2ZGdGpGUUQrVTROS2JZYlNtYWpBWXdkeFAxNGwyeXJVVHVL?=
 =?utf-8?B?bEdHY3FrL1Z6WkFpOWc1MFZlYUVBa2pvOC9JVjl0ancrTlhMYjN3SWF2MVJj?=
 =?utf-8?B?V1VQeFU3WHZQNEZ4ZEdRS2c1MTMyVGRtKzB5YkF6eEVjbDAyV1NRODlzazRE?=
 =?utf-8?B?cCtrS1cxTlR3TUE0amN0bEgxTWZnd2gxT2tQUkhnYTV0WEdTcW5zOUpSMVJ3?=
 =?utf-8?B?OWZRYnlKK0lKZTJFWlM5dTZzU2xhR3BqWmtnSHBtaXN3T3ZQNGlwNE4xK3Y0?=
 =?utf-8?B?TjRCZkt1OS9GUFVxT3l0bkRmZkRsc0NHYi8yd2s1QTNPanNBTnB2RDAzdjd1?=
 =?utf-8?B?SFZqazJwVnNrTjR5QmxmamV2Z1VlL1Q3OWFWUmVNbTJvQTdXUWZvNEF4cUlt?=
 =?utf-8?B?T2wzeFRWV2hTVHNGMVR5WGNHVkhvNTIrTmEvTXlwbUZNQU52QVJEOC9YazZp?=
 =?utf-8?B?UU5zUkFYdEt6ZVh6REdzSTljN3Bpb3ZWUThlZ0U0TTNqTlErcFRtcjhUZDIz?=
 =?utf-8?B?TzlqL1pRMk51aHRJL1VQbG5sYk9RaXlOYjZLUGdpQXdFYklkN2k0VEo1K3Yx?=
 =?utf-8?B?WWlOL3ZnRWN4bml5NTc2OWVoUWYrSUVsUzhHTFNMMGpFUC9MQzdoTHhzRTZH?=
 =?utf-8?B?OUk5NG1McDF1bEV4TE5BTmhzVThLbXRieGlYYnoxb1VoTmxGdmhTa0puOFZO?=
 =?utf-8?B?NE56dW4wNldvdG9yeVRiU3hWZDV3Ykt1R01RZGh1VDRHRmhUc2hQR0ZDU3Y4?=
 =?utf-8?B?cTh3ZEhJU1Z6YzROclFRNmsrRGd0TW9Vc041bElMNVNNOW5XemNVUFlOTytU?=
 =?utf-8?B?SS8yMytuTmc5MXZZSjRzTUMwdUdPbkZoWkpFSCtXRzRndXlrRWRrV0NCdTlk?=
 =?utf-8?B?ajJIclFzL1lVeEhaamRwd0MyaWZ3WHpTNlpYTkZ3SXlzZ0Z3c3lYOHhMUnFh?=
 =?utf-8?B?NC9nRE5QeS84UUJOZmxpVmVuVU82TnlUZ2JEcmUvQ1hIWU9xQWdtdTkraXlZ?=
 =?utf-8?B?UmhPSjZzRnBoUGU0UCtQSWEzZ3YzdHB1aEV4RXdNR2RiUXB4UzY4NzVFRDVw?=
 =?utf-8?B?bkpxZGk3RGJreTQzZXFOMGFPdWFuQ3M1VDJmTlFlSVV2Yk13LzVyVXhqeHVm?=
 =?utf-8?B?OTNCTmJSdkljU3NDSHl2T001L2xRQWhnZjBHcWc3dEhFSG0weUg0M3BYN2Yz?=
 =?utf-8?Q?BIJKuj3f7lt6r+HUuWPbssSg+CrEVwAeFthh/RK?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6b54d62a-0cf1-43a3-06c1-08d90e652826
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 May 2021 18:56:27.9881
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Y8lJ30wfZK+ut+Nv+voHh20QwYG/FMa9yq8pNuwVasJqDhVFOYjJZDTKilMBGZI/ERviRM6u2PWlzbeAuAyibQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US


On 5/3/21 9:04 AM, Erdem Aktas wrote:
>> +    //
>> +    // If the request page state change is shared then invalidate the pages before
>> +    // adding the page in the RMP table.
>> +    //
>> +    if (State == SevSnpPagePrivate) {
>> +      PvalidateRange (Info, 0, i, TRUE);
>> +    }
> Looks like some copy-paste mistake in the comment.

Ah, thanks for pointing. Yes its copy-paste error.


> Also, it checks the  if hypervisor failed to process all the entries
> for shared pages, but I do not see that it is checked if for the
> private pages. Is there any reason for that?

Sorry, I am not able to follow, can you please expand your review
comment. In the current patch the approach is:

- If page change request is shared then invalidate the range before
requesting the page state change in the RMP.

- Issue the page state change request. Make sure all the entries are
processed by the hypervisor.

- If the page change request is private then validate the range after
its added in the RMP table.


>
>
>> +    VmgDone (Ghcb, InterruptState);
>> +  }
>> +}
>> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
>> index f9355172d6..1c1e911bd0 100644
>> --- a/OvmfPkg/OvmfPkgIa32.dsc
>> +++ b/OvmfPkg/OvmfPkgIa32.dsc
>> @@ -267,6 +267,7 @@
>>  !else
>>    CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
>>  !endif
>> +  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
>>
>>  [LibraryClasses.common.PEI_CORE]
>>    HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
>> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
>> index 3f27d7b90d..804f5d62be 100644
>> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
>> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
>> @@ -271,6 +271,7 @@
>>  !else
>>    CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
>>  !endif
>> +  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
>>
>>  [LibraryClasses.common.PEI_CORE]
>>    HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
>> --
>> 2.17.1
>>