From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.47337.1682330103505880394 for ; Mon, 24 Apr 2023 02:55:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RaOpmeoO; spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: kraxel@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1682330102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=K2gUljZR5AqAU0uCDjfgsJqB4BXgAO28zddQV9BSYto=; b=RaOpmeoOtAChCfid8mx03Srj1X0A7RfGbNXZRMKwFZz/ClWZDSH26QuaaclJ1g3PqKIMad m4Nd+LK65GVGm198e7BMHlIrqycojZZPROYdbt7dN2jLEQsIBLWN7ds15523oIw0tfXLvM bK3WKgY8wr7oLvJBRrteEewlFf87Jb8= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-673-LI_Y27cMNFqDJwcI8IOfHw-1; Mon, 24 Apr 2023 05:54:56 -0400 X-MC-Unique: LI_Y27cMNFqDJwcI8IOfHw-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 391943C1014A; Mon, 24 Apr 2023 09:54:56 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.246]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F0D172027043; Mon, 24 Apr 2023 09:54:55 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id A44AC1800632; Mon, 24 Apr 2023 11:54:54 +0200 (CEST) Date: Mon, 24 Apr 2023 11:54:54 +0200 From: "Gerd Hoffmann" To: Tom Lendacky Cc: Dun Tan , devel@edk2.groups.io, Ard Biesheuvel , Jiewen Yao , Jordan Justen , Ray Ni Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry Message-ID: References: <20230421083628.1408-1-dun.tan@intel.com> <20230421083628.1408-4-dun.tan@intel.com> <123351a8-1f6b-07b1-6b73-6052bb84d704@amd.com> MIME-Version: 1.0 In-Reply-To: <123351a8-1f6b-07b1-6b73-6052bb84d704@amd.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote: > On 4/21/23 03:36, Dun Tan wrote: > > Remove code that apply AddressEncMask to non-leaf entry when split > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask > > bit in page table for a specific range. In AMD SEV feature, this > > AddressEncMask bit in page table is used to indicate if the memory > > is guest private memory or shared memory. But all memory used by > > page table are treated as encrypted regardless of encryption bit. > > So remove the EncMask bit for smm non-leaf page table entry > > doesn't impact AMD SEV feature. > > If page split happens in the AddressEncMask bit clear process, > > there will be some new non-leaf entries with AddressEncMask > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe > > module will use CpuPageTableLib to modify smm page table. So > > remove code to apply AddressEncMask for new non-leaf entries > > since CpuPageTableLib doesn't consume the EncMask PCD. > > I'm really not a fan of removing the encryption mask, because technically it > is correct to have it present in non-leaf entries. I really think the > pagetable library should be able to work correctly with or without the > encryption mask. Agree. We have a bunch of custom page page code in TDX and SEV support libraries. See here: - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c - Library/BaseMemEncryptTdxLib/MemoryEncryption.c - Library/PeilessStartupLib/X64/VirtualMemory.c I'd like to see those switched over to use the pagetable library, and that probably requires support for the tdx/sev specific page table bits. take care, Gerd