From nobody Sat Nov 2 10:29:47 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zoho.com; dkim=fail spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1493138186183174.61699333228046; Tue, 25 Apr 2017 09:36:26 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 549E52193CF67; Tue, 25 Apr 2017 09:36:18 -0700 (PDT) Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CB6582193CF44 for ; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) Received: by mail-oi0-x242.google.com with SMTP id m34so28207792oik.2 for ; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:14 -0700 (PDT) X-Original-To: edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lLMUDOZmYXM1ByWLL1bzWFXlpXMuwNkiJyHQmNXRaLU=; b=stJ69d+FEY8R+8wjflqNOQXoZmE1O92jaFDs/vU5oUGxXJT+n+4S1k+KzrDsB0VaIr nt8/PMYdk6SwvhKfRl0lbtB2o7fJZsdb5NupLlydBn/9tWkahzcw/1WJIgNq4WUCLuY5 6dJMFLRI22PEpyXI6Z+5IaUfkNoMaxWmKSZPh5zBW4hfan8Syc8bc343zmdCkj/GsJVs W23R+R1HBoatUEr4b2CC5GTccp0qKhktvQkFt6PXVmGJdvxvFatBAmQENPKBh+oeTZIR IX0z/1MMn8ZXqBc4sjEV2FDjvdPyhlpkVVS67QffN2wgNEwTKlmOkXRggtoe5EIYmlOC jCFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lLMUDOZmYXM1ByWLL1bzWFXlpXMuwNkiJyHQmNXRaLU=; b=fRgwBbjxzaxCjLL5B9yXh9rNaGWqesuZpL8XhgbgGMqbWk0doGZDXSRT/gfKBGNUoR aW0qlxA81F7U0PdIG7Te5GmrtXgyRubX0GcYTFnQ/CIjRshbhyubfZc19UVJQofIpISN dxqTLciJiuWNqvdE4r9lR3MKpnRHALG8zHp1zrzyeHPWQ4gd6MvRu1K6zkVdiMrZ8E54 LcFXyCUbV8aasWzm9G9tWHrwokeh6iA+sOPfatlaBVsO/k8Ig8bhHPLT+XI0n5KjdGv7 pfIk9gj11JCRM40qIv55qh4UuCk+steeCeBs+u2H38LNVeJB81eP4KveM3vqmWTwePa5 kqDg== X-Gm-Message-State: AN3rC/6QWRGl97lrt6k3VJ/ZFTJvVlFhhEB7CmRcYK7Jm3F1CeFIpQZp eyPtUPDTMXiWag== X-Received: by 10.202.86.13 with SMTP id k13mr14554947oib.39.1493138175118; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Date: Tue, 25 Apr 2017 12:34:16 -0400 Message-Id: <1493138064-7816-8-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [edk2] [RFC v3 07/15] OvmfPkg/BmDmaLib: Add SEV support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, ard.biesheuvel@linaro.org, liming.gao@intel.com, leo.duran@amd.com, jiewen.yao@intel.com, star.zeng@intel.com MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Brijesh Singh When SEV is enabled, the DMA operations must be performed on a shared (i.e unencrypted) pages. The patch adds SEV specific hooks to use the bounce buffer when caller map/unmap host address to a DMA address and similarly clears/set memory encryption attribute when caller allocates or free the DMA pages. Signed-off-by: Brijesh Singh --- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 3 +- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 60 +++++++++++++++++++- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/= DxeBmDmaLib/DxeBmDmaLib.inf index 4ddb27d578bc..fb97caa79827 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf @@ -29,6 +29,7 @@ [Sources.common] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec =20 [LibraryClasses] BaseLib @@ -37,5 +38,5 @@ [LibraryClasses] DxeServicesTableLib MemoryAllocationLib UefiBootServicesTableLib - + MemEncryptSevLib =20 diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/Dx= eBmDmaLib/DxeBmDmaLib.c index 4a6a704f9aa5..7a79c7091004 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c @@ -25,6 +25,7 @@ #include #include #include +#include =20 =20 #define FORCE_BELOW_4GB_TRUE TRUE @@ -100,6 +101,15 @@ AllocateBounceBuffer ( } =20 // + // Clear C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, = MapInfo->NumberOfPages, TRUE); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. @@ -170,6 +180,23 @@ BmDmaMap ( =20 PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <=3D SIZE_4GB) { + + // + // When SEV is enabled the DMA operation must be performed on shared p= ages. We force to use the + // bounce buffer path which will take care of allocating shared Dma bu= ffers mapping + // + if (MemEncryptSevIsEnabled () && + (Operation =3D=3D DmaOperationBusMasterRead || Operation =3D=3D Dm= aOperationBusMasterWrite)) { + return AllocateBounceBuffer ( + FORCE_BELOW_4GB_FALSE, + Operation, + PhysicalAddress, + NumberOfBytes, + DeviceAddress, + Mapping + ); + } + // // If we CAN handle DMA above 4GB or the transfer is below 4GB, // the DeviceAddress is simply the HostAddress @@ -218,7 +245,8 @@ BmDmaUnmap ( IN VOID *Mapping ) { - MAP_INFO *MapInfo; + MAP_INFO *MapInfo; + EFI_STATUS Status; =20 // // Check for invalid inputs @@ -251,6 +279,17 @@ BmDmaUnmap ( } =20 // + // When SEV is enabled then Dma buffer allocate by bounce buffer have C-= bit cleared, + // restore the C-bit before we release the resources + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, Ma= pInfo->NumberOfPages, TRUE); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + + // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); @@ -322,8 +361,15 @@ BmDmaAllocateBuffer ( ); if (!EFI_ERROR (Status)) { *HostAddress =3D (VOID *) (UINTN) PhysicalAddress; + // + // Clear C-bit on Dma pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevClearPageEncMask (PhysicalAddress, Pages, TR= UE); + } } =20 + return Status; } =20 @@ -346,6 +392,18 @@ BmDmaFreeBuffer ( IN UINTN Pages ) { + EFI_STATUS Status; + + // + // Restore the C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status =3D MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages, TR= UE); + if (Status !=3D EFI_SUCCESS) { + return Status; + } + } + return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); } =20 --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel