OvmfPkg:Remove code that apply AddressEncMask to non-leaf entry

Remove code that sets AddressEncMask for non-leaf entries when
modifing smm page table by MemEncryptSevLib. In FvbServicesSmm
driver, it calls MemEncryptSevClearMmioPageEncMask to clear
AddressEncMask bit in page table for a specific range. In AMD
SEV feature, this AddressEncMask bit in page table is used to
indicate if the memory is guest private memory or shared memory.
But all memory accessed by the hardware page table walker is
treated as encrypted, regardless of whether the encryption bit
is present. So remove the code to set the EncMask bit for smm
non-leaf entries doesn't impact AMD SEV feature.

The reason encryption mask should not be set for non-leaf
entries is because CpuPageTableLib doesn't consume encryption
mask PCD. In PiSmmCpuDxeSmm module, it will use CpuPageTableLib
to modify smm page table in next patch. The encryption mask is
overlapped with the PageTableBaseAddress field of non-leaf page
table entries. If the encryption mask is set for smm non-leaf
page table entries, issue happens when CpuPageTableLib code
use the non-leaf entry PageTableBaseAddress field with the
encryption mask set to find the next level page table.

Signed-off-by: Dun Tan <dun.tan@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>

1 files changed, 19 insertions, 4 deletions

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
index cf2441b551..dee3fb8914 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c
@@ -232,8 +232,14 @@ Split2MPageTo4K (
   //

   // Fill in 2M page entry.

   //

+  // AddressEncMask is not set for non-leaf entries since CpuPageTableLib doesn't consume

+  // encryption mask PCD. The encryption mask is overlapped with the PageTableBaseAddress

+  // field of non-leaf page table entries. If encryption mask is set for non-leaf entries,

+  // issue happens when CpuPageTableLib code use the non-leaf entry PageTableBaseAddress

+  // field with the encryption mask set to find the next level page table.

+  //

   *PageEntry2M = ((UINT64)(UINTN)PageTableEntry1 |

-                  IA32_PG_P | IA32_PG_RW | AddressEncMask);

+                  IA32_PG_P | IA32_PG_RW);

 }

 

 /**

@@ -352,7 +358,10 @@ SetPageTablePoolReadOnly (
         PhysicalAddress += LevelSize[Level - 1];

       }

 

-      PageTable[Index] = (UINT64)(UINTN)NewPageTable | AddressEncMask |

+      //

+      // AddressEncMask is not set for non-leaf entries because of the way CpuPageTableLib works

+      //

+      PageTable[Index] = (UINT64)(UINTN)NewPageTable |

                          IA32_PG_P | IA32_PG_RW;

       PageTable = NewPageTable;

     }

@@ -439,8 +448,10 @@ Split1GPageTo2M (
   //

   // Fill in 1G page entry.

   //

+  // AddressEncMask is not set for non-leaf entries because of the way CpuPageTableLib works

+  //

   *PageEntry1G = ((UINT64)(UINTN)PageDirectoryEntry |

-                  IA32_PG_P | IA32_PG_RW | AddressEncMask);

+                  IA32_PG_P | IA32_PG_RW);

 

   PhysicalAddress2M = PhysicalAddress;

   for (IndexOfPageDirectoryEntries = 0;

@@ -616,7 +627,11 @@ InternalMemEncryptSevCreateIdentityMap1G (
       }

 

       SetMem (NewPageTable, EFI_PAGE_SIZE, 0);

-      PageMapLevel4Entry->Uint64          = (UINT64)(UINTN)NewPageTable | AddressEncMask;

+

+      //

+      // AddressEncMask is not set for non-leaf entries because of the way CpuPageTableLib works

+      //

+      PageMapLevel4Entry->Uint64          = (UINT64)(UINTN)NewPageTable;

       PageMapLevel4Entry->Bits.MustBeZero = 0;

       PageMapLevel4Entry->Bits.ReadWrite  = 1;

       PageMapLevel4Entry->Bits.Present    = 1;