[edk2] [RFC PATCH v2 10/10] OvmfPkg/QemuVideoDxe: Clear the C-bit from framebuffer region when SEV is enabled

Brijesh Singh posted 10 patches 7 years, 7 months ago
There is a newer version of this series
[edk2] [RFC PATCH v2 10/10] OvmfPkg/QemuVideoDxe: Clear the C-bit from framebuffer region when SEV is enabled
Posted by Brijesh Singh 7 years, 7 months ago
Since the framebuffer memory region is shared between the guest and hypervisor
hence we must clear the memory encryption bit from this memory region when SEV
is enabled.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/QemuVideoDxe/Gop.c            |   15 +++++++++++++++
 OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf |    1 +
 2 files changed, 16 insertions(+)

diff --git a/OvmfPkg/QemuVideoDxe/Gop.c b/OvmfPkg/QemuVideoDxe/Gop.c
index 359e921..96661d1 100644
--- a/OvmfPkg/QemuVideoDxe/Gop.c
+++ b/OvmfPkg/QemuVideoDxe/Gop.c
@@ -13,6 +13,8 @@
 
 **/
 
+#include <Library/MemEncryptSevLib.h>
+
 #include "Qemu.h"
 
 STATIC
@@ -65,6 +67,19 @@ QemuVideoCompleteModeData (
                         (VOID**) &FrameBufDesc
                         );
 
+  //
+  // Framebuffer memory region is shared between hypervisor and guest,
+  // Clear the memory encryption mask when SEV is active.
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    EFI_STATUS Status;
+
+    Status = MemEncryptSevClearPageEncMask (FrameBufDesc->AddrRangeMin, EFI_SIZE_TO_PAGES (FrameBufDesc->AddrLen));
+    if (EFI_ERROR(Status)) {
+      DEBUG ((EFI_D_WARN, "Failed to clear memory encryption mask 0x%#Lx+0x%x\n", FrameBufDesc->AddrRangeMin, FrameBufDesc->AddrLen));
+    }
+  }
+
   Mode->FrameBufferBase = FrameBufDesc->AddrRangeMin;
   Mode->FrameBufferSize = Info->HorizontalResolution * Info->VerticalResolution;
   Mode->FrameBufferSize = Mode->FrameBufferSize * ((ModeData->ColorDepth + 7) / 8);
diff --git a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf b/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
index affb6ff..83ea86c 100644
--- a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+++ b/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
@@ -60,6 +60,7 @@
   UefiBootServicesTableLib
   UefiDriverEntryPoint
   UefiLib
+  MemEncryptSevLib
 
 [Protocols]
   gEfiDriverSupportedEfiVersionProtocolGuid     # PROTOCOL ALWAYS_PRODUCED

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [RFC PATCH v2 10/10] OvmfPkg/QemuVideoDxe: Clear the C-bit from framebuffer region when SEV is enabled
Posted by Laszlo Ersek 7 years, 7 months ago
On 03/21/17 22:13, Brijesh Singh wrote:
> Since the framebuffer memory region is shared between the guest and hypervisor
> hence we must clear the memory encryption bit from this memory region when SEV
> is enabled.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  OvmfPkg/QemuVideoDxe/Gop.c            |   15 +++++++++++++++
>  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf |    1 +
>  2 files changed, 16 insertions(+)
> 
> diff --git a/OvmfPkg/QemuVideoDxe/Gop.c b/OvmfPkg/QemuVideoDxe/Gop.c
> index 359e921..96661d1 100644
> --- a/OvmfPkg/QemuVideoDxe/Gop.c
> +++ b/OvmfPkg/QemuVideoDxe/Gop.c
> @@ -13,6 +13,8 @@
>  
>  **/
>  
> +#include <Library/MemEncryptSevLib.h>
> +
>  #include "Qemu.h"
>  
>  STATIC
> @@ -65,6 +67,19 @@ QemuVideoCompleteModeData (
>                          (VOID**) &FrameBufDesc
>                          );
>  
> +  //
> +  // Framebuffer memory region is shared between hypervisor and guest,
> +  // Clear the memory encryption mask when SEV is active.
> +  //
> +  if (MemEncryptSevIsEnabled ()) {
> +    EFI_STATUS Status;
> +
> +    Status = MemEncryptSevClearPageEncMask (FrameBufDesc->AddrRangeMin, EFI_SIZE_TO_PAGES (FrameBufDesc->AddrLen));
> +    if (EFI_ERROR(Status)) {
> +      DEBUG ((EFI_D_WARN, "Failed to clear memory encryption mask 0x%#Lx+0x%x\n", FrameBufDesc->AddrRangeMin, FrameBufDesc->AddrLen));
> +    }
> +  }
> +
>    Mode->FrameBufferBase = FrameBufDesc->AddrRangeMin;
>    Mode->FrameBufferSize = Info->HorizontalResolution * Info->VerticalResolution;
>    Mode->FrameBufferSize = Mode->FrameBufferSize * ((ModeData->ColorDepth + 7) / 8);

This way the above logic is executed on every GOP->SetMode() call.

Instead, I think it should occur in QemuVideoControllerDriverStart().

And, likely, undone / rolled back in QemuVideoControllerDriverStop().

Thanks
Laszlo

> diff --git a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf b/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
> index affb6ff..83ea86c 100644
> --- a/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
> +++ b/OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
> @@ -60,6 +60,7 @@
>    UefiBootServicesTableLib
>    UefiDriverEntryPoint
>    UefiLib
> +  MemEncryptSevLib
>  
>  [Protocols]
>    gEfiDriverSupportedEfiVersionProtocolGuid     # PROTOCOL ALWAYS_PRODUCED
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
> 

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel