From nobody Sun Feb 8 22:07:22 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+106504+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106504+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1688033351; cv=none; d=zohomail.com; s=zohoarc; b=Oj0Axh1jWNuFZjkb7M4zUYFXYlwG/wqwnOxPhhe5n7171yL41A+5vrUIXEpHhxNrum3IdZic02iRhT9Apb6zWIClc/FLY7OxEpjT0ptJOs+WeDSkrlK6S2Okd8TN4QHkTz9/dPGdwzztCBKEnIp2ONpM05j06CR2sYSLhqgOpps= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1688033351; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=R2dSeLV/l0C8ujWappbOjDokp8lqXiYFqYL6HQXEEi0=; b=MSfg6hCYVr3YdCk3L0Bi1U7Y88HP4HWJ11GB0aatHMGNTh7a7gz07TsGYzTYQVPWHi74tBQTIrtD0nTeW2Gk17mQY9VQ4QtbX0QWFruvOxErFAOsBtz3vG9veOL4n7YtxcFqv+4ullUgLF1MHFHBT6YYabU+GCVEpm4x5a3BA4U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+106504+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1688033351735990.4121601827209; Thu, 29 Jun 2023 03:09:11 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id RwNRYY1788612xbSSptUPjXB; Thu, 29 Jun 2023 03:09:11 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.4980.1688033346805069325 for ; Thu, 29 Jun 2023 03:09:10 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10755"; a="364620228" X-IronPort-AV: E=Sophos;i="6.01,168,1684825200"; d="scan'208";a="364620228" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2023 03:09:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10755"; a="746974504" X-IronPort-AV: E=Sophos;i="6.01,168,1684825200"; d="scan'208";a="746974504" X-Received: from shwdeopenlab702.ccr.corp.intel.com ([10.239.55.158]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jun 2023 03:09:08 -0700 From: "duntan" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Jordan Justen , Gerd Hoffmann , Tom Lendacky , Ray Ni Subject: [edk2-devel] [Patch V8 01/14] OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry Date: Thu, 29 Jun 2023 18:08:47 +0800 Message-Id: <20230629100847.1132-2-dun.tan@intel.com> In-Reply-To: <20230629100847.1132-1-dun.tan@intel.com> References: <20230629100847.1132-1-dun.tan@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dun.tan@intel.com X-Gm-Message-State: 258SM8rZnCz0SNrg92uZuH4ex1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1688033351; bh=+HPsnOh0rtAO1Eta5lTlX3rs0uxORxKLzkLWjil0PXc=; h=Cc:Date:From:Reply-To:Subject:To; b=l8xzeF0R3dWRGsLRT7gcpFJSJO9bFI4qj0s1j4A6NNRUbSgYpZUBjadVaG5N7jcgdCq ZpxS55dzrCK7NgvfW+VXA3dLK3kBOfUZ+ZBAYkUz//UKRv8wImwRJBaUUCkcjYR6dx4wl UY1UvbtWkf5o0ozJhrTd12iTd3lWGwLs7/w= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1688033352589100005 Content-Type: text/plain; charset="utf-8" Remove code that sets AddressEncMask for non-leaf entries when modifing smm page table by MemEncryptSevLib. In FvbServicesSmm driver, it calls MemEncryptSevClearMmioPageEncMask to clear AddressEncMask bit in page table for a specific range. In AMD SEV feature, this AddressEncMask bit in page table is used to indicate if the memory is guest private memory or shared memory. But all memory accessed by the hardware page table walker is treated as encrypted, regardless of whether the encryption bit is present. So remove the code to set the EncMask bit for smm non-leaf entries doesn't impact AMD SEV feature. The reason encryption mask should not be set for non-leaf entries is because CpuPageTableLib doesn't consume encryption mask PCD. In PiSmmCpuDxeSmm module, it will use CpuPageTableLib to modify smm page table in next patch. The encryption mask is overlapped with the PageTableBaseAddress field of non-leaf page table entries. If the encryption mask is set for smm non-leaf page table entries, issue happens when CpuPageTableLib code use the non-leaf entry PageTableBaseAddress field with the encryption mask set to find the next level page table. Signed-off-by: Dun Tan Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Gerd Hoffmann Reviewed-by: Tom Lendacky Reviewed-by: Ray Ni --- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 23 ++++++= +++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index cf2441b551..dee3fb8914 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -232,8 +232,14 @@ Split2MPageTo4K ( // // Fill in 2M page entry. // + // AddressEncMask is not set for non-leaf entries since CpuPageTableLib = doesn't consume + // encryption mask PCD. The encryption mask is overlapped with the PageT= ableBaseAddress + // field of non-leaf page table entries. If encryption mask is set for n= on-leaf entries, + // issue happens when CpuPageTableLib code use the non-leaf entry PageTa= bleBaseAddress + // field with the encryption mask set to find the next level page table. + // *PageEntry2M =3D ((UINT64)(UINTN)PageTableEntry1 | - IA32_PG_P | IA32_PG_RW | AddressEncMask); + IA32_PG_P | IA32_PG_RW); } =20 /** @@ -352,7 +358,10 @@ SetPageTablePoolReadOnly ( PhysicalAddress +=3D LevelSize[Level - 1]; } =20 - PageTable[Index] =3D (UINT64)(UINTN)NewPageTable | AddressEncMask | + // + // AddressEncMask is not set for non-leaf entries because of the way= CpuPageTableLib works + // + PageTable[Index] =3D (UINT64)(UINTN)NewPageTable | IA32_PG_P | IA32_PG_RW; PageTable =3D NewPageTable; } @@ -439,8 +448,10 @@ Split1GPageTo2M ( // // Fill in 1G page entry. // + // AddressEncMask is not set for non-leaf entries because of the way Cpu= PageTableLib works + // *PageEntry1G =3D ((UINT64)(UINTN)PageDirectoryEntry | - IA32_PG_P | IA32_PG_RW | AddressEncMask); + IA32_PG_P | IA32_PG_RW); =20 PhysicalAddress2M =3D PhysicalAddress; for (IndexOfPageDirectoryEntries =3D 0; @@ -616,7 +627,11 @@ InternalMemEncryptSevCreateIdentityMap1G ( } =20 SetMem (NewPageTable, EFI_PAGE_SIZE, 0); - PageMapLevel4Entry->Uint64 =3D (UINT64)(UINTN)NewPageTable = | AddressEncMask; + + // + // AddressEncMask is not set for non-leaf entries because of the way= CpuPageTableLib works + // + PageMapLevel4Entry->Uint64 =3D (UINT64)(UINTN)NewPageTable; PageMapLevel4Entry->Bits.MustBeZero =3D 0; PageMapLevel4Entry->Bits.ReadWrite =3D 1; PageMapLevel4Entry->Bits.Present =3D 1; --=20 2.31.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106504): https://edk2.groups.io/g/devel/message/106504 Mute This Topic: https://groups.io/mt/99847924/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-