1. Patchew
  2. EDK2
  3. [edk2-devel] [Patch V3 00/11] Use CpuPageTableLib to create and update smm page table
  4. View patch

[edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry

duntan posted 11 patches 2 years, 9 months ago
There is a newer version of this series
[edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Posted by duntan 2 years, 9 months ago 
Remove code that apply AddressEncMask to non-leaf entry when split
smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
bit in page table for a specific range. In AMD SEV feature, this
AddressEncMask bit in page table is used to indicate if the memory
is guest private memory or shared memory. But all memory used by
page table are treated as encrypted regardless of encryption bit.
So remove the EncMask bit for smm non-leaf page table entry
doesn't impact AMD SEV feature.
If page split happens in the AddressEncMask bit clear process,
there will be some new non-leaf entries with AddressEncMask
applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
module will use CpuPageTableLib to modify smm page table. So
remove code to apply AddressEncMask for new non-leaf entries
since CpuPageTableLib doesn't consume the EncMask PCD.

Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ray Ni <ray.ni@intel.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index a1f6e61c1e..f2b821f6d9 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -233,7 +233,7 @@ Split2MPageTo4K (
   // Fill in 2M page entry.
   //
   *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
-                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
+                  IA32_PG_P | IA32_PG_RW);
 }
 
 /**
@@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
         PhysicalAddress += LevelSize[Level - 1];
       }
 
-      PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
+      PageTable[Index] = (UINT64)(UINTN)NewPageTable |
                          IA32_PG_P | IA32_PG_RW;
       PageTable = NewPageTable;
     }
@@ -440,7 +440,7 @@ Split1GPageTo2M (
   // Fill in 1G page entry.
   //
   *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
-                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
+                  IA32_PG_P | IA32_PG_RW);
 
   PhysicalAddress2M = PhysicalAddress;
   for (IndexOfPageDirectoryEntries = 0;
-- 
2.39.1.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103387): https://edk2.groups.io/g/devel/message/103387
Mute This Topic: https://groups.io/mt/98406586/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Posted by Lendacky, Thomas via groups.io 2 years, 9 months ago 
On 4/21/23 03:36, Dun Tan wrote:
> Remove code that apply AddressEncMask to non-leaf entry when split
> smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> bit in page table for a specific range. In AMD SEV feature, this
> AddressEncMask bit in page table is used to indicate if the memory
> is guest private memory or shared memory. But all memory used by
> page table are treated as encrypted regardless of encryption bit.
> So remove the EncMask bit for smm non-leaf page table entry
> doesn't impact AMD SEV feature.
> If page split happens in the AddressEncMask bit clear process,
> there will be some new non-leaf entries with AddressEncMask
> applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> module will use CpuPageTableLib to modify smm page table. So
> remove code to apply AddressEncMask for new non-leaf entries
> since CpuPageTableLib doesn't consume the EncMask PCD.

I'm really not a fan of removing the encryption mask, because technically 
it is correct to have it present in non-leaf entries. I really think the 
pagetable library should be able to work correctly with or without the 
encryption mask.

What would it take to make the pagetable library aware of the mask?

Thanks,
Tom

> 
> Signed-off-by: Dun Tan <dun.tan@intel.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Ray Ni <ray.ni@intel.com>
> ---
>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> index a1f6e61c1e..f2b821f6d9 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> @@ -233,7 +233,7 @@ Split2MPageTo4K (
>     // Fill in 2M page entry.
>     //
>     *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
> -                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
> +                  IA32_PG_P | IA32_PG_RW);
>   }
>   
>   /**
> @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
>           PhysicalAddress += LevelSize[Level - 1];
>         }
>   
> -      PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
> +      PageTable[Index] = (UINT64)(UINTN)NewPageTable |
>                            IA32_PG_P | IA32_PG_RW;
>         PageTable = NewPageTable;
>       }
> @@ -440,7 +440,7 @@ Split1GPageTo2M (
>     // Fill in 1G page entry.
>     //
>     *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
> -                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
> +                  IA32_PG_P | IA32_PG_RW);
>   
>     PhysicalAddress2M = PhysicalAddress;
>     for (IndexOfPageDirectoryEntries = 0;


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103400): https://edk2.groups.io/g/devel/message/103400
Mute This Topic: https://groups.io/mt/98406586/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Posted by Gerd Hoffmann 2 years, 9 months ago 
On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> On 4/21/23 03:36, Dun Tan wrote:
> > Remove code that apply AddressEncMask to non-leaf entry when split
> > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > bit in page table for a specific range. In AMD SEV feature, this
> > AddressEncMask bit in page table is used to indicate if the memory
> > is guest private memory or shared memory. But all memory used by
> > page table are treated as encrypted regardless of encryption bit.
> > So remove the EncMask bit for smm non-leaf page table entry
> > doesn't impact AMD SEV feature.
> > If page split happens in the AddressEncMask bit clear process,
> > there will be some new non-leaf entries with AddressEncMask
> > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > module will use CpuPageTableLib to modify smm page table. So
> > remove code to apply AddressEncMask for new non-leaf entries
> > since CpuPageTableLib doesn't consume the EncMask PCD.
> 
> I'm really not a fan of removing the encryption mask, because technically it
> is correct to have it present in non-leaf entries. I really think the
> pagetable library should be able to work correctly with or without the
> encryption mask.

Agree.  We have a bunch of custom page page code in TDX and SEV support
libraries.  See here:

 - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
 - Library/BaseMemEncryptTdxLib/MemoryEncryption.c
 - Library/PeilessStartupLib/X64/VirtualMemory.c

I'd like to see those switched over to use the pagetable library, and
that probably requires support for the tdx/sev specific page table bits.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103463): https://edk2.groups.io/g/devel/message/103463
Mute This Topic: https://groups.io/mt/98406586/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Posted by Ni, Ray 2 years, 9 months ago 

> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Monday, April 24, 2023 5:55 PM
> To: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Tan, Dun <dun.tan@intel.com>; devel@edk2.groups.io; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Yao, Jiewen <jiewen.yao@intel.com>; Justen,
> Jordan L <jordan.l.justen@intel.com>; Ni, Ray <ray.ni@intel.com>
> Subject: Re: [Patch V3 03/11] OvmfPkg:Remove code that apply
> AddressEncMask to non-leaf entry
> 
> On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> > On 4/21/23 03:36, Dun Tan wrote:
> > > Remove code that apply AddressEncMask to non-leaf entry when split
> > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > > bit in page table for a specific range. In AMD SEV feature, this
> > > AddressEncMask bit in page table is used to indicate if the memory
> > > is guest private memory or shared memory. But all memory used by
> > > page table are treated as encrypted regardless of encryption bit.
> > > So remove the EncMask bit for smm non-leaf page table entry
> > > doesn't impact AMD SEV feature.
> > > If page split happens in the AddressEncMask bit clear process,
> > > there will be some new non-leaf entries with AddressEncMask
> > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > > module will use CpuPageTableLib to modify smm page table. So
> > > remove code to apply AddressEncMask for new non-leaf entries
> > > since CpuPageTableLib doesn't consume the EncMask PCD.
> >
> > I'm really not a fan of removing the encryption mask, because technically it
> > is correct to have it present in non-leaf entries. I really think the
> > pagetable library should be able to work correctly with or without the
> > encryption mask.
> 
> Agree.  We have a bunch of custom page page code in TDX and SEV support
> libraries.  See here:
> 
>  - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>  - Library/BaseMemEncryptTdxLib/MemoryEncryption.c
>  - Library/PeilessStartupLib/X64/VirtualMemory.c
> 
> I'd like to see those switched over to use the pagetable library, and
> that probably requires support for the tdx/sev specific page table bits.

Gerd,
Changing all TDX/SEV code to use PageTableLib would be the best.
And we have evaluated TDX/SEV spec/code-logic and concluded that
either the C_bit (SEV) or Share_bit (TDX) is not required to set in the page
table non-leaf entry.

+@Xu, Min M for confirmation from TDX part.

I don't want PageTableLib to be aware of the EncMask bit because if the guest
page table is compliant to spec to not have EncMask bit set in non-leaf entry,
PageTableLib can well support the SEV/TDX scenario.

> 
> take care,
>   Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103507): https://edk2.groups.io/g/devel/message/103507
Mute This Topic: https://groups.io/mt/98406586/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/xyzzy [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Posted by Min Xu 2 years, 9 months ago 
On April 25, 2023 10:51 AM, Ni Ray wrote:
> >
> > On Fri, Apr 21, 2023 at 09:26:44AM -0500, Tom Lendacky wrote:
> > > On 4/21/23 03:36, Dun Tan wrote:
> > > > Remove code that apply AddressEncMask to non-leaf entry when split
> > > > smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
> > > > calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
> > > > bit in page table for a specific range. In AMD SEV feature, this
> > > > AddressEncMask bit in page table is used to indicate if the memory
> > > > is guest private memory or shared memory. But all memory used by
> > > > page table are treated as encrypted regardless of encryption bit.
> > > > So remove the EncMask bit for smm non-leaf page table entry
> > > > doesn't impact AMD SEV feature.
> > > > If page split happens in the AddressEncMask bit clear process,
> > > > there will be some new non-leaf entries with AddressEncMask
> > > > applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
> > > > module will use CpuPageTableLib to modify smm page table. So
> > > > remove code to apply AddressEncMask for new non-leaf entries since
> > > > CpuPageTableLib doesn't consume the EncMask PCD.
> > >
> > > I'm really not a fan of removing the encryption mask, because
> > > technically it is correct to have it present in non-leaf entries. I
> > > really think the pagetable library should be able to work correctly
> > > with or without the encryption mask.
> >
> > Agree.  We have a bunch of custom page page code in TDX and SEV
> > support libraries.  See here:
> >
> >  - Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
> >  - Library/BaseMemEncryptTdxLib/MemoryEncryption.c
> >  - Library/PeilessStartupLib/X64/VirtualMemory.c
> >
> > I'd like to see those switched over to use the pagetable library, and
> > that probably requires support for the tdx/sev specific page table bits.
> 
> Gerd,
> Changing all TDX/SEV code to use PageTableLib would be the best.
> And we have evaluated TDX/SEV spec/code-logic and concluded that either
> the C_bit (SEV) or Share_bit (TDX) is not required to set in the page table non-
> leaf entry.
> 
> +@Xu, Min M for confirmation from TDX part.
Td guest creates the page table with Share_bit cleared. Only the leaf entries are set the share_bit if needed.

Thanks
Min


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103631): https://edk2.groups.io/g/devel/message/103631
Mute This Topic: https://groups.io/mt/98406586/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Posted by Lendacky, Thomas via groups.io 2 years, 9 months ago 
On 4/21/23 09:26, Tom Lendacky wrote:
> On 4/21/23 03:36, Dun Tan wrote:
>> Remove code that apply AddressEncMask to non-leaf entry when split
>> smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it
>> calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask
>> bit in page table for a specific range. In AMD SEV feature, this
>> AddressEncMask bit in page table is used to indicate if the memory
>> is guest private memory or shared memory. But all memory used by
>> page table are treated as encrypted regardless of encryption bit.
>> So remove the EncMask bit for smm non-leaf page table entry
>> doesn't impact AMD SEV feature.
>> If page split happens in the AddressEncMask bit clear process,
>> there will be some new non-leaf entries with AddressEncMask
>> applied in smm page table. When ReadyToLock, code in PiSmmCpuDxe
>> module will use CpuPageTableLib to modify smm page table. So
>> remove code to apply AddressEncMask for new non-leaf entries
>> since CpuPageTableLib doesn't consume the EncMask PCD.
> 
> I'm really not a fan of removing the encryption mask, because technically 
> it is correct to have it present in non-leaf entries. I really think the 
> pagetable library should be able to work correctly with or without the 
> encryption mask.

Or if we do go this route, there needs to be a really big, informative 
comment above the areas where the AddressEncMask is now being removed to 
explain why the code isn't setting the encryption mask (SEV pagetable walk 
behavior and the fact that the pagetable library is unaware of the 
encryption bit and encounters errors when trying to walk the entries, etc.).

Thanks,
Tom

> 
> What would it take to make the pagetable library aware of the mask?
> 
> Thanks,
> Tom
> 
>>
>> Signed-off-by: Dun Tan <dun.tan@intel.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> ---
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 +++---
>>   1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git 
>> a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c 
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> index a1f6e61c1e..f2b821f6d9 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> @@ -233,7 +233,7 @@ Split2MPageTo4K (
>>     // Fill in 2M page entry.
>>     //
>>     *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
>> -                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> +                  IA32_PG_P | IA32_PG_RW);
>>   }
>>   /**
>> @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
>>           PhysicalAddress += LevelSize[Level - 1];
>>         }
>> -      PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |
>> +      PageTable[Index] = (UINT64)(UINTN)NewPageTable |
>>                            IA32_PG_P | IA32_PG_RW;
>>         PageTable = NewPageTable;
>>       }
>> @@ -440,7 +440,7 @@ Split1GPageTo2M (
>>     // Fill in 1G page entry.
>>     //
>>     *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
>> -                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> +                  IA32_PG_P | IA32_PG_RW);
>>     PhysicalAddress2M = PhysicalAddress;
>>     for (IndexOfPageDirectoryEntries = 0;


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103402): https://edk2.groups.io/g/devel/message/103402
Mute This Topic: https://groups.io/mt/98406586/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry
Posted by duntan 2 years, 9 months ago 
Hi Tom,

Thanks for the comments. I'll add more detailed commits in code to explain why the encryption mask is removed in this patch in next version patch.

Thanks,
Dun

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Lendacky, Thomas via groups.io
Sent: Friday, April 21, 2023 10:54 PM
To: Tan, Dun <dun.tan@intel.com>; devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>; Yao, Jiewen <jiewen.yao@intel.com>; Justen, Jordan L <jordan.l.justen@intel.com>; Gerd Hoffmann <kraxel@redhat.com>; Ni, Ray <ray.ni@intel.com>
Subject: Re: [edk2-devel] [Patch V3 03/11] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry

On 4/21/23 09:26, Tom Lendacky wrote:
> On 4/21/23 03:36, Dun Tan wrote:
>> Remove code that apply AddressEncMask to non-leaf entry when split 
>> smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it 
>> calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask bit 
>> in page table for a specific range. In AMD SEV feature, this 
>> AddressEncMask bit in page table is used to indicate if the memory is 
>> guest private memory or shared memory. But all memory used by page 
>> table are treated as encrypted regardless of encryption bit.
>> So remove the EncMask bit for smm non-leaf page table entry doesn't 
>> impact AMD SEV feature.
>> If page split happens in the AddressEncMask bit clear process, there 
>> will be some new non-leaf entries with AddressEncMask applied in smm 
>> page table. When ReadyToLock, code in PiSmmCpuDxe module will use 
>> CpuPageTableLib to modify smm page table. So remove code to apply 
>> AddressEncMask for new non-leaf entries since CpuPageTableLib doesn't 
>> consume the EncMask PCD.
> 
> I'm really not a fan of removing the encryption mask, because 
> technically it is correct to have it present in non-leaf entries. I 
> really think the pagetable library should be able to work correctly 
> with or without the encryption mask.

Or if we do go this route, there needs to be a really big, informative comment above the areas where the AddressEncMask is now being removed to explain why the code isn't setting the encryption mask (SEV pagetable walk behavior and the fact that the pagetable library is unaware of the encryption bit and encounters errors when trying to walk the entries, etc.).

Thanks,
Tom

> 
> What would it take to make the pagetable library aware of the mask?
> 
> Thanks,
> Tom
> 
>>
>> Signed-off-by: Dun Tan <dun.tan@intel.com>
>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Gerd Hoffmann <kraxel@redhat.com>
>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> ---
>>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 6 
>> +++---
>>   1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git
>> a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> index a1f6e61c1e..f2b821f6d9 100644
>> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
>> @@ -233,7 +233,7 @@ Split2MPageTo4K (
>>     // Fill in 2M page entry.
>>     //
>>     *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |
>> -                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> +                  IA32_PG_P | IA32_PG_RW);
>>   }
>>   /**
>> @@ -352,7 +352,7 @@ SetPageTablePoolReadOnly (
>>           PhysicalAddress += LevelSize[Level - 1];
>>         }
>> -      PageTable[Index] = (UINT64)(UINTN)NewPageTable | 
>> AddressEncMask |
>> +      PageTable[Index] = (UINT64)(UINTN)NewPageTable |
>>                            IA32_PG_P | IA32_PG_RW;
>>         PageTable = NewPageTable;
>>       }
>> @@ -440,7 +440,7 @@ Split1GPageTo2M (
>>     // Fill in 1G page entry.
>>     //
>>     *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |
>> -                  IA32_PG_P | IA32_PG_RW | AddressEncMask);
>> +                  IA32_PG_P | IA32_PG_RW);
>>     PhysicalAddress2M = PhysicalAddress;
>>     for (IndexOfPageDirectoryEntries = 0;







-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103456): https://edk2.groups.io/g/devel/message/103456
Mute This Topic: https://groups.io/mt/98406586/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.