1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH V4 0/2] Re-design CcProbeLib

Min Xu posted 2 patches 1 year, 8 months ago
Failed in applying to current master (apply log)
There is a newer version of this series
OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  3 +-
OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.c    | 68 +++++++++++++++++++
OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf  | 26 +++++++
.../{CcProbeLib.c => SecPeiCcProbeLib.c}      |  0
.../{CcProbeLib.inf => SecPeiCcProbeLib.inf}  |  8 +--
OvmfPkg/OvmfPkgX64.dsc                        |  5 +-
6 files changed, 104 insertions(+), 6 deletions(-)
create mode 100644 OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.c
create mode 100644 OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
rename OvmfPkg/Library/CcProbeLib/{CcProbeLib.c => SecPeiCcProbeLib.c} (100%)
rename OvmfPkg/Library/CcProbeLib/{CcProbeLib.inf => SecPeiCcProbeLib.inf} (65%)
[edk2-devel] [PATCH V4 0/2] Re-design CcProbeLib
Posted by Min Xu 1 year, 8 months ago 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3974

CcProbeLib once was designed to probe the Confidential Computing guest
type by checking the PcdOvmfWorkArea. But this memory is allocated with
either EfiACPIMemoryNVS or EfiBootServicesData. It cannot be accessed
after ExitBootService. Please see the detailed analysis in BZ#3974.

To fix this issue, CcProbeLib is re-designed as 2 implementation:
 - SecPeiCcProbeLib
 - DxeCcProbeLib

In SecPeiCcProbeLib we check the CC guest type by reading the
PcdOvmfWorkArea. Because it is used in SEC / PEI and we don't worry about
the issues in BZ#3974.

In DxeCcProbeLib we cache the GuestType in Ovmf work area in a global
variable. After that the Guest type is returned with the cached value.
So that we don't need to worry about the access to Ovmf work area after
ExitBootService.

The reason why we probe CC guest type in 2 different ways is the global
varialbe. Global variable cannot be used in SEC/PEI and CcProbe is called
very frequently.

Code: https://github.com/mxu9/edk2/tree/CcProbeLib.BZ3974.v4

v4 changes:
 - Read Cc guest type in both DxeCcProbeLib's constructor and CcProbe. So
   that we guarantee the Cc guest type is read early enough.

v3 changes:
 - Re-design CcProbeLib to 2 implementation: SecPeiCcProbeLib and
   DxeCcProbeLib. The difference between the 2 implementation is the
   cache of the CcGuestType.

v2 changes:
 - Reserve Ovmf work-area as RT_DATA. See
   https://edk2.groups.io/g/devel/message/92599

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Yuan Yu <yuanyu@google.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

Min M Xu (2):
  OvmfPkg: Add SecPeiCcProbeLib
  OvmfPkg: Update CcProbeLib to DxeCcProbeLib

 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  3 +-
 OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.c    | 68 +++++++++++++++++++
 OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf  | 26 +++++++
 .../{CcProbeLib.c => SecPeiCcProbeLib.c}      |  0
 .../{CcProbeLib.inf => SecPeiCcProbeLib.inf}  |  8 +--
 OvmfPkg/OvmfPkgX64.dsc                        |  5 +-
 6 files changed, 104 insertions(+), 6 deletions(-)
 create mode 100644 OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.c
 create mode 100644 OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf
 rename OvmfPkg/Library/CcProbeLib/{CcProbeLib.c => SecPeiCcProbeLib.c} (100%)
 rename OvmfPkg/Library/CcProbeLib/{CcProbeLib.inf => SecPeiCcProbeLib.inf} (65%)

-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92873): https://edk2.groups.io/g/devel/message/92873
Mute This Topic: https://groups.io/mt/93281451/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH V4 0/2] Re-design CcProbeLib
Posted by Gerd Hoffmann 1 year, 8 months ago 
On Sat, Aug 27, 2022 at 07:07:06AM +0800, Min Xu wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3974
> 
> CcProbeLib once was designed to probe the Confidential Computing guest
> type by checking the PcdOvmfWorkArea. But this memory is allocated with
> either EfiACPIMemoryNVS or EfiBootServicesData. It cannot be accessed
> after ExitBootService. Please see the detailed analysis in BZ#3974.
> 
> To fix this issue, CcProbeLib is re-designed as 2 implementation:
>  - SecPeiCcProbeLib
>  - DxeCcProbeLib
> 
> In SecPeiCcProbeLib we check the CC guest type by reading the
> PcdOvmfWorkArea. Because it is used in SEC / PEI and we don't worry about
> the issues in BZ#3974.
> 
> In DxeCcProbeLib we cache the GuestType in Ovmf work area in a global
> variable. After that the Guest type is returned with the cached value.
> So that we don't need to worry about the access to Ovmf work area after
> ExitBootService.
> 
> The reason why we probe CC guest type in 2 different ways is the global
> varialbe. Global variable cannot be used in SEC/PEI and CcProbe is called
> very frequently.
> 
> Code: https://github.com/mxu9/edk2/tree/CcProbeLib.BZ3974.v4
> 
> v4 changes:
>  - Read Cc guest type in both DxeCcProbeLib's constructor and CcProbe. So
>    that we guarantee the Cc guest type is read early enough.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#92910): https://edk2.groups.io/g/devel/message/92910
Mute This Topic: https://groups.io/mt/93281451/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.