From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709107997206.37596936214356; Wed, 2 Aug 2017 14:25:07 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D78E0208AE400; Wed, 2 Aug 2017 14:22:50 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 34CF021AEB0AE for ; Wed, 2 Aug 2017 14:22:49 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 95A8D20272; Wed, 2 Aug 2017 21:24:59 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 10F1D17B57; Wed, 2 Aug 2017 21:24:57 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 95A8D20272 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:42 +0200 Message-Id: <20170802212453.19221-2-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 02 Aug 2017 21:24:59 +0000 (UTC) Subject: [edk2] [PATCH 01/12] OvmfPkg/IoMmuDxe: rewrap source code to 79 characters X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" No functional changes. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 11 +- OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 8 +- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 173 +++++++++++++------- OvmfPkg/IoMmuDxe/IoMmuDxe.c | 8 +- 4 files changed, 130 insertions(+), 70 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf index b90dc80dfd37..21dc39b9233a 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf @@ -1,17 +1,18 @@ #/** @file # # Driver provides the IOMMU protcol support for PciHostBridgeIo and others # drivers. # # Copyright (c) 2017, AMD Inc. All rights reserved.
# -# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the B= SD -# License which accompanies this distribution. The full text of the lice= nse may -# be found at http://opensource.org/licenses/bsd-license.php +# This program and the accompanying materials are licensed and made avail= able +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php # # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR +# IMPLIED. # #**/ =20 diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h index 8b3962a8c395..88dabfc2c435 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h @@ -1,36 +1,36 @@ /** @file =20 - The protocol provides support to allocate, free, map and umap a DMA buff= er for - bus master (e.g PciHostBridge). When SEV is enabled, the DMA operations = must - be performed on unencrypted buffer hence protocol clear the encryption b= it - from the DMA buffer. + The protocol provides support to allocate, free, map and umap a DMA buff= er + for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operati= ons + must be performed on unencrypted buffer hence protocol clear the encrypt= ion + bit from the DMA buffer. =20 Copyright (c) 2017, Intel Corporation. All rights reserved.
Copyright (c) 2017, AMD Inc. All rights reserved.
This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php =20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. =20 **/ =20 #ifndef __AMD_SEV_IOMMU_H_ #define __AMD_SEV_IOMMU_H =20 #include =20 #include #include #include #include #include #include =20 /** Install IOMMU protocol to provide the DMA support for PciHostBridge and MemEncryptSevLib. =20 **/ diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 9e78058b7242..edef0f41eecc 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -1,21 +1,21 @@ /** @file =20 - The protocol provides support to allocate, free, map and umap a DMA buff= er for - bus master (e.g PciHostBridge). When SEV is enabled, the DMA operations = must - be performed on unencrypted buffer hence we use a bounce buffer to map t= he guest - buffer into an unencrypted DMA buffer. + The protocol provides support to allocate, free, map and umap a DMA buff= er + for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operati= ons + must be performed on unencrypted buffer hence we use a bounce buffer to = map + the guest buffer into an unencrypted DMA buffer. =20 Copyright (c) 2017, AMD Inc. All rights reserved.
Copyright (c) 2017, Intel Corporation. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php =20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. =20 **/ =20 #include "AmdSevIoMmu.h" @@ -23,37 +23,41 @@ typedef struct { EDKII_IOMMU_OPERATION Operation; UINTN NumberOfBytes; UINTN NumberOfPages; EFI_PHYSICAL_ADDRESS HostAddress; EFI_PHYSICAL_ADDRESS DeviceAddress; } MAP_INFO; =20 #define NO_MAPPING (VOID *) (UINTN) -1 =20 /** - Provides the controller-specific addresses required to access system mem= ory from a - DMA bus master. On SEV guest, the DMA operations must be performed on sh= ared - buffer hence we allocate a bounce buffer to map the HostAddress to a Dev= iceAddress. - The Encryption attribute is removed from the DeviceAddress buffer. + Provides the controller-specific addresses required to access system mem= ory + from a DMA bus master. On SEV guest, the DMA operations must be performe= d on + shared buffer hence we allocate a bounce buffer to map the HostAddress t= o a + DeviceAddress. The Encryption attribute is removed from the DeviceAddress + buffer. =20 @param This The protocol instance pointer. @param Operation Indicates if the bus master is going to re= ad or write to system memory. - @param HostAddress The system memory address to map to the PC= I controller. + @param HostAddress The system memory address to map to the PCI + controller. @param NumberOfBytes On input the number of bytes to map. On ou= tput - the number of bytes - that were mapped. - @param DeviceAddress The resulting map address for the bus mast= er PCI - controller to use to - access the hosts HostAddress. + the number of bytes that were mapped. + @param DeviceAddress The resulting map address for the bus mast= er + PCI controller to use to access the hosts + HostAddress. @param Mapping A resulting value to pass to Unmap(). =20 - @retval EFI_SUCCESS The range was mapped for the returned Numb= erOfBytes. - @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a comm= on buffer. + @retval EFI_SUCCESS The range was mapped for the returned + NumberOfBytes. + @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a comm= on + buffer. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. - @retval EFI_OUT_OF_RESOURCES The request could not be completed due to = a lack - of resources. - @retval EFI_DEVICE_ERROR The system hardware could not map the requ= ested address. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a + lack of resources. + @retval EFI_DEVICE_ERROR The system hardware could not map the requ= ested + address. =20 **/ EFI_STATUS @@ -61,223 +65,249 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; EFI_PHYSICAL_ADDRESS PhysicalAddress; MAP_INFO *MapInfo; EFI_PHYSICAL_ADDRESS DmaMemoryTop; EFI_ALLOCATE_TYPE AllocateType; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // Make sure that Operation is valid // if ((UINT32) Operation >=3D EdkiiIoMmuOperationMaximum) { return EFI_INVALID_PARAMETER; } PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; =20 DmaMemoryTop =3D (UINTN)-1; AllocateType =3D AllocateAnyPages; =20 if (((Operation !=3D EdkiiIoMmuOperationBusMasterRead64 && Operation !=3D EdkiiIoMmuOperationBusMasterWrite64 && Operation !=3D EdkiiIoMmuOperationBusMasterCommonBuffer64)) && ((PhysicalAddress + *NumberOfBytes) > SIZE_4GB)) { // // If the root bridge or the device cannot handle performing DMA above // 4GB but any part of the DMA transfer being mapped is above 4GB, then // map the DMA transfer to a buffer below 4GB. // DmaMemoryTop =3D SIZE_4GB - 1; AllocateType =3D AllocateMaxAddress; =20 if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { // // Common Buffer operations can not be remapped. If the common bu= ffer - // if above 4GB, then it is not possible to generate a mapping, so= return - // an error. + // if above 4GB, then it is not possible to generate a mapping, so + // return an error. // return EFI_UNSUPPORTED; } } =20 // // CommandBuffer was allocated by us (AllocateBuffer) and is already in // unencryted buffer so no need to create bounce buffer // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { *Mapping =3D NO_MAPPING; *DeviceAddress =3D PhysicalAddress; =20 return EFI_SUCCESS; } =20 // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // MapInfo =3D AllocatePool (sizeof (MAP_INFO)); if (MapInfo =3D=3D NULL) { *NumberOfBytes =3D 0; return EFI_OUT_OF_RESOURCES; } =20 // // Initialize the MAP_INFO structure // MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); MapInfo->HostAddress =3D PhysicalAddress; MapInfo->DeviceAddress =3D DmaMemoryTop; =20 // // Allocate a buffer to map the transfer to. // Status =3D gBS->AllocatePages ( AllocateType, EfiBootServicesData, MapInfo->NumberOfPages, &MapInfo->DeviceAddress ); if (EFI_ERROR (Status)) { FreePool (MapInfo); *NumberOfBytes =3D 0; return Status; } =20 // // Clear the memory encryption mask from the device buffer // - Status =3D MemEncryptSevClearPageEncMask (0, MapInfo->DeviceAddress, Map= Info->NumberOfPages, TRUE); + Status =3D MemEncryptSevClearPageEncMask ( + 0, + MapInfo->DeviceAddress, + MapInfo->NumberOfPages, + TRUE + ); ASSERT_EFI_ERROR(Status); =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64) { CopyMem ( (VOID *) (UINTN) MapInfo->DeviceAddress, (VOID *) (UINTN) MapInfo->HostAddress, MapInfo->NumberOfBytes ); } =20 // // The DeviceAddress is the address of the maped buffer below 4GB // *DeviceAddress =3D MapInfo->DeviceAddress; =20 // // Return a pointer to the MAP_INFO structure in Mapping // *Mapping =3D MapInfo; =20 - DEBUG ((DEBUG_VERBOSE, "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%= Lx\n", - __FUNCTION__, MapInfo->DeviceAddress, MapInfo->HostAddress, - MapInfo->NumberOfPages, MapInfo->NumberOfBytes)); + DEBUG (( + DEBUG_VERBOSE, + "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", + __FUNCTION__, + MapInfo->DeviceAddress, + MapInfo->HostAddress, + MapInfo->NumberOfPages, + MapInfo->NumberOfBytes + )); =20 return EFI_SUCCESS; } =20 /** Completes the Map() operation and releases any corresponding resources. =20 @param This The protocol instance pointer. @param Mapping The mapping value returned from Map(). =20 @retval EFI_SUCCESS The range was unmapped. - @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned b= y Map(). - @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem memory. + @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by + Map(). + @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem + memory. **/ EFI_STATUS EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // See if the Map() operation associated with this Unmap() required a ma= pping // buffer. If a mapping buffer was not required, then this function simp= ly // buffer. If a mapping buffer was not required, then this function simp= ly // if (Mapping =3D=3D NO_MAPPING) { return EFI_SUCCESS; } =20 MapInfo =3D (MAP_INFO *)Mapping; =20 // // If this is a write operation from the Bus Master's point of view, // then copy the contents of the mapped buffer into the real buffer // so the processor can read the contents of the real buffer. // if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite || MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite64) { CopyMem ( (VOID *) (UINTN) MapInfo->HostAddress, (VOID *) (UINTN) MapInfo->DeviceAddress, MapInfo->NumberOfBytes ); } =20 - DEBUG ((DEBUG_VERBOSE, "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%= Lx\n", - __FUNCTION__, MapInfo->DeviceAddress, MapInfo->HostAddress, - MapInfo->NumberOfPages, MapInfo->NumberOfBytes)); + DEBUG (( + DEBUG_VERBOSE, + "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", + __FUNCTION__, + MapInfo->DeviceAddress, + MapInfo->HostAddress, + MapInfo->NumberOfPages, + MapInfo->NumberOfBytes + )); // // Restore the memory encryption mask // - Status =3D MemEncryptSevSetPageEncMask (0, MapInfo->DeviceAddress, MapIn= fo->NumberOfPages, TRUE); + Status =3D MemEncryptSevSetPageEncMask ( + 0, + MapInfo->DeviceAddress, + MapInfo->NumberOfPages, + TRUE + ); ASSERT_EFI_ERROR(Status); =20 // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->DeviceAddress, MapInfo->NumberOfPages); FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. - @param MemoryType The type of memory to allocate, EfiBootSer= vicesData - or EfiRuntimeServicesData. + @param MemoryType The type of memory to allocate, + EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. - @param HostAddress A pointer to store the base system memory = address - of the allocated range. - @param Attributes The requested bit mask of attributes for t= he allocated range. + @param HostAddress A pointer to store the base system memory + address of the allocated range. + @param Attributes The requested bit mask of attributes for t= he + allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. - @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal = attribute - bits are MEMORY_WRITE_COMBINE and MEMORY_C= ACHED. + @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal + attribute bits are MEMORY_WRITE_COMBINE and + MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ @@ -286,75 +316,82 @@ EFIAPI IoMmuAllocateBuffer ( IN EDKII_IOMMU_PROTOCOL *This, IN EFI_ALLOCATE_TYPE Type, IN EFI_MEMORY_TYPE MemoryType, IN UINTN Pages, IN OUT VOID **HostAddress, IN UINT64 Attributes ) { EFI_STATUS Status; EFI_PHYSICAL_ADDRESS PhysicalAddress; =20 // // Validate Attributes // if ((Attributes & EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER) != =3D 0) { return EFI_UNSUPPORTED; } =20 // // Check for invalid inputs // if (HostAddress =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // The only valid memory types are EfiBootServicesData and // EfiRuntimeServicesData // if (MemoryType !=3D EfiBootServicesData && MemoryType !=3D EfiRuntimeServicesData) { return EFI_INVALID_PARAMETER; } =20 PhysicalAddress =3D (UINTN)-1; if ((Attributes & EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE) =3D=3D 0) { // // Limit allocations to memory below 4GB // PhysicalAddress =3D SIZE_4GB - 1; } Status =3D gBS->AllocatePages ( AllocateMaxAddress, MemoryType, Pages, &PhysicalAddress ); if (!EFI_ERROR (Status)) { *HostAddress =3D (VOID *) (UINTN) PhysicalAddress; =20 // // Clear memory encryption mask // Status =3D MemEncryptSevClearPageEncMask (0, PhysicalAddress, Pages, T= RUE); ASSERT_EFI_ERROR(Status); } =20 - DEBUG ((DEBUG_VERBOSE, "%a Address 0x%Lx Pages 0x%Lx\n", __FUNCTION__, P= hysicalAddress, Pages)); + DEBUG (( + DEBUG_VERBOSE, + "%a Address 0x%Lx Pages 0x%Lx\n", + __FUNCTION__, + PhysicalAddress, + Pages + )); return Status; } =20 /** Frees memory that was allocated with AllocateBuffer(). =20 @param This The protocol instance pointer. @param Pages The number of pages to free. - @param HostAddress The base system memory address of the allo= cated range. + @param HostAddress The base system memory address of the allo= cated + range. =20 @retval EFI_SUCCESS The requested memory pages were freed. - @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress = and Pages - was not allocated with AllocateBuffer(). + @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress = and + Pages was not allocated with AllocateBuffe= r(). =20 **/ EFI_STATUS @@ -362,57 +399,79 @@ EFIAPI IoMmuFreeBuffer ( IN EDKII_IOMMU_PROTOCOL *This, IN UINTN Pages, IN VOID *HostAddress ) { EFI_STATUS Status; =20 // // Set memory encryption mask // - Status =3D MemEncryptSevSetPageEncMask (0, (EFI_PHYSICAL_ADDRESS)(UINTN)= HostAddress, Pages, TRUE); + Status =3D MemEncryptSevSetPageEncMask ( + 0, + (EFI_PHYSICAL_ADDRESS)(UINTN)HostAddress, + Pages, + TRUE + ); ASSERT_EFI_ERROR(Status); =20 - DEBUG ((DEBUG_VERBOSE, "%a Address 0x%Lx Pages 0x%Lx\n", __FUNCTION__, (= UINTN)HostAddress, Pages)); + DEBUG (( + DEBUG_VERBOSE, + "%a Address 0x%Lx Pages 0x%Lx\n", + __FUNCTION__, + (UINTN)HostAddress, + Pages + )); return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); } =20 =20 /** Set IOMMU attribute for a system memory. =20 If the IOMMU protocol exists, the system memory cannot be used for DMA by default. =20 When a device requests a DMA access for a system memory, the device driver need use SetAttribute() to update the IOMMU attribute to request DMA access (read and/or write). =20 The DeviceHandle is used to identify which device submits the request. - The IOMMU implementation need translate the device path to an IOMMU devi= ce ID, - and set IOMMU hardware register accordingly. + The IOMMU implementation need translate the device path to an IOMMU devi= ce + ID, and set IOMMU hardware register accordingly. 1) DeviceHandle can be a standard PCI device. The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ. The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE. - The memory for BusMasterCommonBuffer need set EDKII_IOMMU_ACCESS_READ= |EDKII_IOMMU_ACCESS_WRITE. - After the memory is used, the memory need set 0 to keep it being prot= ected. + The memory for BusMasterCommonBuffer need set + EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE. + After the memory is used, the memory need set 0 to keep it being + protected. 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc). - The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or EDK= II_IOMMU_ACCESS_WRITE. + The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or + EDKII_IOMMU_ACCESS_WRITE. =20 @param[in] This The protocol instance pointer. - @param[in] DeviceHandle The device who initiates the DMA access re= quest. + @param[in] DeviceHandle The device who initiates the DMA access + request. @param[in] Mapping The mapping value returned from Map(). @param[in] IoMmuAccess The IOMMU access. =20 - @retval EFI_SUCCESS The IoMmuAccess is set for the memory ran= ge specified by DeviceAddress and Length. + @retval EFI_SUCCESS The IoMmuAccess is set for the memory ran= ge + specified by DeviceAddress and Length. @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle. - @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned = by Map(). - @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combinat= ion of access. + @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned = by + Map(). + @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combinat= ion + of access. @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU. - @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not suppor= ted by the IOMMU. - @retval EFI_UNSUPPORTED The IOMMU does not support the memory ran= ge specified by Mapping. - @retval EFI_OUT_OF_RESOURCES There are not enough resources available = to modify the IOMMU access. - @retval EFI_DEVICE_ERROR The IOMMU device reported an error while = attempting the operation. + @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not suppor= ted + by the IOMMU. + @retval EFI_UNSUPPORTED The IOMMU does not support the memory ran= ge + specified by Mapping. + @retval EFI_OUT_OF_RESOURCES There are not enough resources available = to + modify the IOMMU access. + @retval EFI_DEVICE_ERROR The IOMMU device reported an error while + attempting the operation. =20 **/ EFI_STATUS diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.c b/OvmfPkg/IoMmuDxe/IoMmuDxe.c index 101157e228b3..5809afc44196 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.c +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.c @@ -1,27 +1,27 @@ /** @file =20 IoMmuDxe driver installs EDKII_IOMMU_PROTOCOL to provide the support for= DMA operations when SEV is enabled. =20 Copyright (c) 2017, AMD Inc. All rights reserved.
=20 - This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD - License which accompanies this distribution. The full text of the licen= se may - be found at http://opensource.org/licenses/bsd-license.php + This program and the accompanying materials are licensed and made availa= ble + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php =20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. =20 **/ =20 #include =20 #include #include #include #include #include #include =20 #include "AmdSevIoMmu.h" --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709108086433.9891914558227; Wed, 2 Aug 2017 14:25:08 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 29BFF209589C9; Wed, 2 Aug 2017 14:22:52 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E063021AEB0B0 for ; Wed, 2 Aug 2017 14:22:50 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 462F5C04B317; Wed, 2 Aug 2017 21:25:01 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id E7E1917B57; Wed, 2 Aug 2017 21:24:59 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 462F5C04B317 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:43 +0200 Message-Id: <20170802212453.19221-3-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 02 Aug 2017 21:25:01 +0000 (UTC) Subject: [edk2] [PATCH 02/12] OvmfPkg/IoMmuDxe: rename DeviceAddress to PlainTextAddress in MAP_INFO X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In this particular IOMMU driver, "DeviceAddress" is just as accessible to the CPU as "HostAddress", the difference is that the area pointed-to by the former is plain-text and accessible to the hypervisor. Rename "DeviceAddress" to "PlainTextAddress" in MAP_INFO. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Suggested-by: Ard Biesheuvel Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 26 ++++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index edef0f41eecc..fcb7bcfaecc2 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -23,40 +23,40 @@ typedef struct { EDKII_IOMMU_OPERATION Operation; UINTN NumberOfBytes; UINTN NumberOfPages; EFI_PHYSICAL_ADDRESS HostAddress; - EFI_PHYSICAL_ADDRESS DeviceAddress; + EFI_PHYSICAL_ADDRESS PlainTextAddress; } MAP_INFO; =20 #define NO_MAPPING (VOID *) (UINTN) -1 =20 /** Provides the controller-specific addresses required to access system mem= ory from a DMA bus master. On SEV guest, the DMA operations must be performe= d on shared buffer hence we allocate a bounce buffer to map the HostAddress t= o a DeviceAddress. The Encryption attribute is removed from the DeviceAddress buffer. =20 @param This The protocol instance pointer. @param Operation Indicates if the bus master is going to re= ad or write to system memory. @param HostAddress The system memory address to map to the PCI controller. @param NumberOfBytes On input the number of bytes to map. On ou= tput the number of bytes that were mapped. @param DeviceAddress The resulting map address for the bus mast= er PCI controller to use to access the hosts HostAddress. @param Mapping A resulting value to pass to Unmap(). =20 @retval EFI_SUCCESS The range was mapped for the returned NumberOfBytes. @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a comm= on buffer. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. @retval EFI_DEVICE_ERROR The system hardware could not map the requ= ested address. =20 **/ @@ -65,160 +65,160 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; EFI_PHYSICAL_ADDRESS PhysicalAddress; MAP_INFO *MapInfo; EFI_PHYSICAL_ADDRESS DmaMemoryTop; EFI_ALLOCATE_TYPE AllocateType; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // Make sure that Operation is valid // if ((UINT32) Operation >=3D EdkiiIoMmuOperationMaximum) { return EFI_INVALID_PARAMETER; } PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; =20 DmaMemoryTop =3D (UINTN)-1; AllocateType =3D AllocateAnyPages; =20 if (((Operation !=3D EdkiiIoMmuOperationBusMasterRead64 && Operation !=3D EdkiiIoMmuOperationBusMasterWrite64 && Operation !=3D EdkiiIoMmuOperationBusMasterCommonBuffer64)) && ((PhysicalAddress + *NumberOfBytes) > SIZE_4GB)) { // // If the root bridge or the device cannot handle performing DMA above // 4GB but any part of the DMA transfer being mapped is above 4GB, then // map the DMA transfer to a buffer below 4GB. // DmaMemoryTop =3D SIZE_4GB - 1; AllocateType =3D AllocateMaxAddress; =20 if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { // // Common Buffer operations can not be remapped. If the common bu= ffer // if above 4GB, then it is not possible to generate a mapping, so // return an error. // return EFI_UNSUPPORTED; } } =20 // // CommandBuffer was allocated by us (AllocateBuffer) and is already in // unencryted buffer so no need to create bounce buffer // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { *Mapping =3D NO_MAPPING; *DeviceAddress =3D PhysicalAddress; =20 return EFI_SUCCESS; } =20 // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // MapInfo =3D AllocatePool (sizeof (MAP_INFO)); if (MapInfo =3D=3D NULL) { *NumberOfBytes =3D 0; return EFI_OUT_OF_RESOURCES; } =20 // // Initialize the MAP_INFO structure // MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); MapInfo->HostAddress =3D PhysicalAddress; - MapInfo->DeviceAddress =3D DmaMemoryTop; + MapInfo->PlainTextAddress =3D DmaMemoryTop; =20 // // Allocate a buffer to map the transfer to. // Status =3D gBS->AllocatePages ( AllocateType, EfiBootServicesData, MapInfo->NumberOfPages, - &MapInfo->DeviceAddress + &MapInfo->PlainTextAddress ); if (EFI_ERROR (Status)) { FreePool (MapInfo); *NumberOfBytes =3D 0; return Status; } =20 // // Clear the memory encryption mask from the device buffer // Status =3D MemEncryptSevClearPageEncMask ( 0, - MapInfo->DeviceAddress, + MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64) { CopyMem ( - (VOID *) (UINTN) MapInfo->DeviceAddress, + (VOID *) (UINTN) MapInfo->PlainTextAddress, (VOID *) (UINTN) MapInfo->HostAddress, MapInfo->NumberOfBytes ); } =20 // // The DeviceAddress is the address of the maped buffer below 4GB // - *DeviceAddress =3D MapInfo->DeviceAddress; + *DeviceAddress =3D MapInfo->PlainTextAddress; =20 // // Return a pointer to the MAP_INFO structure in Mapping // *Mapping =3D MapInfo; =20 DEBUG (( DEBUG_VERBOSE, - "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", + "%a PlainText 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, - MapInfo->DeviceAddress, + MapInfo->PlainTextAddress, MapInfo->HostAddress, MapInfo->NumberOfPages, MapInfo->NumberOfBytes )); =20 return EFI_SUCCESS; } =20 /** Completes the Map() operation and releases any corresponding resources. =20 @param This The protocol instance pointer. @param Mapping The mapping value returned from Map(). =20 @retval EFI_SUCCESS The range was unmapped. @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by Map(). @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem memory. **/ @@ -227,87 +227,87 @@ EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // See if the Map() operation associated with this Unmap() required a ma= pping // buffer. If a mapping buffer was not required, then this function simp= ly // buffer. If a mapping buffer was not required, then this function simp= ly // if (Mapping =3D=3D NO_MAPPING) { return EFI_SUCCESS; } =20 MapInfo =3D (MAP_INFO *)Mapping; =20 // // If this is a write operation from the Bus Master's point of view, // then copy the contents of the mapped buffer into the real buffer // so the processor can read the contents of the real buffer. // if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite || MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite64) { CopyMem ( (VOID *) (UINTN) MapInfo->HostAddress, - (VOID *) (UINTN) MapInfo->DeviceAddress, + (VOID *) (UINTN) MapInfo->PlainTextAddress, MapInfo->NumberOfBytes ); } =20 DEBUG (( DEBUG_VERBOSE, - "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", + "%a PlainText 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, - MapInfo->DeviceAddress, + MapInfo->PlainTextAddress, MapInfo->HostAddress, MapInfo->NumberOfPages, MapInfo->NumberOfBytes )); // // Restore the memory encryption mask // Status =3D MemEncryptSevSetPageEncMask ( 0, - MapInfo->DeviceAddress, + MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // Free the mapped buffer and the MAP_INFO structure. // - gBS->FreePages (MapInfo->DeviceAddress, MapInfo->NumberOfPages); + gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. @param MemoryType The type of memory to allocate, EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. @param HostAddress A pointer to store the base system memory address of the allocated range. @param Attributes The requested bit mask of attributes for t= he allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are MEMORY_WRITE_COMBINE and MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709110210940.5420094892992; Wed, 2 Aug 2017 14:25:10 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 644D4209589CD; Wed, 2 Aug 2017 14:22:53 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A16AC21AEB0BA for ; Wed, 2 Aug 2017 14:22:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EEE4BC04B317; Wed, 2 Aug 2017 21:25:02 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9764817B57; Wed, 2 Aug 2017 21:25:01 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EEE4BC04B317 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:44 +0200 Message-Id: <20170802212453.19221-4-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 02 Aug 2017 21:25:03 +0000 (UTC) Subject: [edk2] [PATCH 03/12] OvmfPkg/IoMmuDxe: rename HostAddress to CryptedAddress in MAP_INFO X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" As a continuation of the last patch, clarify that the area pointed-to by "HostAddress" is encrypted and hidden from the hypervisor. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index fcb7bcfaecc2..dfad2cbb569d 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -23,40 +23,40 @@ typedef struct { EDKII_IOMMU_OPERATION Operation; UINTN NumberOfBytes; UINTN NumberOfPages; - EFI_PHYSICAL_ADDRESS HostAddress; + EFI_PHYSICAL_ADDRESS CryptedAddress; EFI_PHYSICAL_ADDRESS PlainTextAddress; } MAP_INFO; =20 #define NO_MAPPING (VOID *) (UINTN) -1 =20 /** Provides the controller-specific addresses required to access system mem= ory from a DMA bus master. On SEV guest, the DMA operations must be performe= d on shared buffer hence we allocate a bounce buffer to map the HostAddress t= o a DeviceAddress. The Encryption attribute is removed from the DeviceAddress buffer. =20 @param This The protocol instance pointer. @param Operation Indicates if the bus master is going to re= ad or write to system memory. @param HostAddress The system memory address to map to the PCI controller. @param NumberOfBytes On input the number of bytes to map. On ou= tput the number of bytes that were mapped. @param DeviceAddress The resulting map address for the bus mast= er PCI controller to use to access the hosts HostAddress. @param Mapping A resulting value to pass to Unmap(). =20 @retval EFI_SUCCESS The range was mapped for the returned NumberOfBytes. @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a comm= on buffer. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. @retval EFI_DEVICE_ERROR The system hardware could not map the requ= ested address. =20 **/ @@ -65,160 +65,160 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; EFI_PHYSICAL_ADDRESS PhysicalAddress; MAP_INFO *MapInfo; EFI_PHYSICAL_ADDRESS DmaMemoryTop; EFI_ALLOCATE_TYPE AllocateType; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // Make sure that Operation is valid // if ((UINT32) Operation >=3D EdkiiIoMmuOperationMaximum) { return EFI_INVALID_PARAMETER; } PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; =20 DmaMemoryTop =3D (UINTN)-1; AllocateType =3D AllocateAnyPages; =20 if (((Operation !=3D EdkiiIoMmuOperationBusMasterRead64 && Operation !=3D EdkiiIoMmuOperationBusMasterWrite64 && Operation !=3D EdkiiIoMmuOperationBusMasterCommonBuffer64)) && ((PhysicalAddress + *NumberOfBytes) > SIZE_4GB)) { // // If the root bridge or the device cannot handle performing DMA above // 4GB but any part of the DMA transfer being mapped is above 4GB, then // map the DMA transfer to a buffer below 4GB. // DmaMemoryTop =3D SIZE_4GB - 1; AllocateType =3D AllocateMaxAddress; =20 if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { // // Common Buffer operations can not be remapped. If the common bu= ffer // if above 4GB, then it is not possible to generate a mapping, so // return an error. // return EFI_UNSUPPORTED; } } =20 // // CommandBuffer was allocated by us (AllocateBuffer) and is already in // unencryted buffer so no need to create bounce buffer // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { *Mapping =3D NO_MAPPING; *DeviceAddress =3D PhysicalAddress; =20 return EFI_SUCCESS; } =20 // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // MapInfo =3D AllocatePool (sizeof (MAP_INFO)); if (MapInfo =3D=3D NULL) { *NumberOfBytes =3D 0; return EFI_OUT_OF_RESOURCES; } =20 // // Initialize the MAP_INFO structure // MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); - MapInfo->HostAddress =3D PhysicalAddress; + MapInfo->CryptedAddress =3D PhysicalAddress; MapInfo->PlainTextAddress =3D DmaMemoryTop; =20 // // Allocate a buffer to map the transfer to. // Status =3D gBS->AllocatePages ( AllocateType, EfiBootServicesData, MapInfo->NumberOfPages, &MapInfo->PlainTextAddress ); if (EFI_ERROR (Status)) { FreePool (MapInfo); *NumberOfBytes =3D 0; return Status; } =20 // // Clear the memory encryption mask from the device buffer // Status =3D MemEncryptSevClearPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64) { CopyMem ( (VOID *) (UINTN) MapInfo->PlainTextAddress, - (VOID *) (UINTN) MapInfo->HostAddress, + (VOID *) (UINTN) MapInfo->CryptedAddress, MapInfo->NumberOfBytes ); } =20 // // The DeviceAddress is the address of the maped buffer below 4GB // *DeviceAddress =3D MapInfo->PlainTextAddress; =20 // // Return a pointer to the MAP_INFO structure in Mapping // *Mapping =3D MapInfo; =20 DEBUG (( DEBUG_VERBOSE, - "%a PlainText 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", + "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, - MapInfo->HostAddress, + MapInfo->CryptedAddress, MapInfo->NumberOfPages, MapInfo->NumberOfBytes )); =20 return EFI_SUCCESS; } =20 /** Completes the Map() operation and releases any corresponding resources. =20 @param This The protocol instance pointer. @param Mapping The mapping value returned from Map(). =20 @retval EFI_SUCCESS The range was unmapped. @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by Map(). @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem memory. **/ @@ -227,87 +227,87 @@ EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // See if the Map() operation associated with this Unmap() required a ma= pping // buffer. If a mapping buffer was not required, then this function simp= ly // buffer. If a mapping buffer was not required, then this function simp= ly // if (Mapping =3D=3D NO_MAPPING) { return EFI_SUCCESS; } =20 MapInfo =3D (MAP_INFO *)Mapping; =20 // // If this is a write operation from the Bus Master's point of view, // then copy the contents of the mapped buffer into the real buffer // so the processor can read the contents of the real buffer. // if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite || MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite64) { CopyMem ( - (VOID *) (UINTN) MapInfo->HostAddress, + (VOID *) (UINTN) MapInfo->CryptedAddress, (VOID *) (UINTN) MapInfo->PlainTextAddress, MapInfo->NumberOfBytes ); } =20 DEBUG (( DEBUG_VERBOSE, - "%a PlainText 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", + "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, - MapInfo->HostAddress, + MapInfo->CryptedAddress, MapInfo->NumberOfPages, MapInfo->NumberOfBytes )); // // Restore the memory encryption mask // Status =3D MemEncryptSevSetPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. @param MemoryType The type of memory to allocate, EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. @param HostAddress A pointer to store the base system memory address of the allocated range. @param Attributes The requested bit mask of attributes for t= he allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are MEMORY_WRITE_COMBINE and MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709115344144.95767942811995; Wed, 2 Aug 2017 14:25:15 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id AD1D221AEB0CD; Wed, 2 Aug 2017 14:23:02 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 178A02007D250 for ; Wed, 2 Aug 2017 14:23:01 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5E24281235; Wed, 2 Aug 2017 21:25:11 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0AABC17B57; Wed, 2 Aug 2017 21:25:09 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5E24281235 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:45 +0200 Message-Id: <20170802212453.19221-5-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 02 Aug 2017 21:25:11 +0000 (UTC) Subject: [edk2] [PATCH 04/12] OvmfPkg/IoMmuDxe: convert UINTN arguments to UINT64 for the %Lx fmt spec X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The portable way to print UINTN values is to use the %Lx format specifier, and to convert the values to UINT64. The second step is currently missing, add it. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index dfad2cbb569d..954062442782 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -65,160 +65,160 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; EFI_PHYSICAL_ADDRESS PhysicalAddress; MAP_INFO *MapInfo; EFI_PHYSICAL_ADDRESS DmaMemoryTop; EFI_ALLOCATE_TYPE AllocateType; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // Make sure that Operation is valid // if ((UINT32) Operation >=3D EdkiiIoMmuOperationMaximum) { return EFI_INVALID_PARAMETER; } PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; =20 DmaMemoryTop =3D (UINTN)-1; AllocateType =3D AllocateAnyPages; =20 if (((Operation !=3D EdkiiIoMmuOperationBusMasterRead64 && Operation !=3D EdkiiIoMmuOperationBusMasterWrite64 && Operation !=3D EdkiiIoMmuOperationBusMasterCommonBuffer64)) && ((PhysicalAddress + *NumberOfBytes) > SIZE_4GB)) { // // If the root bridge or the device cannot handle performing DMA above // 4GB but any part of the DMA transfer being mapped is above 4GB, then // map the DMA transfer to a buffer below 4GB. // DmaMemoryTop =3D SIZE_4GB - 1; AllocateType =3D AllocateMaxAddress; =20 if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { // // Common Buffer operations can not be remapped. If the common bu= ffer // if above 4GB, then it is not possible to generate a mapping, so // return an error. // return EFI_UNSUPPORTED; } } =20 // // CommandBuffer was allocated by us (AllocateBuffer) and is already in // unencryted buffer so no need to create bounce buffer // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { *Mapping =3D NO_MAPPING; *DeviceAddress =3D PhysicalAddress; =20 return EFI_SUCCESS; } =20 // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // MapInfo =3D AllocatePool (sizeof (MAP_INFO)); if (MapInfo =3D=3D NULL) { *NumberOfBytes =3D 0; return EFI_OUT_OF_RESOURCES; } =20 // // Initialize the MAP_INFO structure // MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); MapInfo->CryptedAddress =3D PhysicalAddress; MapInfo->PlainTextAddress =3D DmaMemoryTop; =20 // // Allocate a buffer to map the transfer to. // Status =3D gBS->AllocatePages ( AllocateType, EfiBootServicesData, MapInfo->NumberOfPages, &MapInfo->PlainTextAddress ); if (EFI_ERROR (Status)) { FreePool (MapInfo); *NumberOfBytes =3D 0; return Status; } =20 // // Clear the memory encryption mask from the device buffer // Status =3D MemEncryptSevClearPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64) { CopyMem ( (VOID *) (UINTN) MapInfo->PlainTextAddress, (VOID *) (UINTN) MapInfo->CryptedAddress, MapInfo->NumberOfBytes ); } =20 // // The DeviceAddress is the address of the maped buffer below 4GB // *DeviceAddress =3D MapInfo->PlainTextAddress; =20 // // Return a pointer to the MAP_INFO structure in Mapping // *Mapping =3D MapInfo; =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, - MapInfo->NumberOfPages, - MapInfo->NumberOfBytes + (UINT64)MapInfo->NumberOfPages, + (UINT64)MapInfo->NumberOfBytes )); =20 return EFI_SUCCESS; } =20 /** Completes the Map() operation and releases any corresponding resources. =20 @param This The protocol instance pointer. @param Mapping The mapping value returned from Map(). =20 @retval EFI_SUCCESS The range was unmapped. @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by Map(). @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem memory. **/ @@ -227,87 +227,87 @@ EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // See if the Map() operation associated with this Unmap() required a ma= pping // buffer. If a mapping buffer was not required, then this function simp= ly // buffer. If a mapping buffer was not required, then this function simp= ly // if (Mapping =3D=3D NO_MAPPING) { return EFI_SUCCESS; } =20 MapInfo =3D (MAP_INFO *)Mapping; =20 // // If this is a write operation from the Bus Master's point of view, // then copy the contents of the mapped buffer into the real buffer // so the processor can read the contents of the real buffer. // if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite || MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite64) { CopyMem ( (VOID *) (UINTN) MapInfo->CryptedAddress, (VOID *) (UINTN) MapInfo->PlainTextAddress, MapInfo->NumberOfBytes ); } =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, - MapInfo->NumberOfPages, - MapInfo->NumberOfBytes + (UINT64)MapInfo->NumberOfPages, + (UINT64)MapInfo->NumberOfBytes )); // // Restore the memory encryption mask // Status =3D MemEncryptSevSetPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. @param MemoryType The type of memory to allocate, EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. @param HostAddress A pointer to store the base system memory address of the allocated range. @param Attributes The requested bit mask of attributes for t= he allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are MEMORY_WRITE_COMBINE and MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ @@ -316,81 +316,81 @@ EFIAPI IoMmuAllocateBuffer ( IN EDKII_IOMMU_PROTOCOL *This, IN EFI_ALLOCATE_TYPE Type, IN EFI_MEMORY_TYPE MemoryType, IN UINTN Pages, IN OUT VOID **HostAddress, IN UINT64 Attributes ) { EFI_STATUS Status; EFI_PHYSICAL_ADDRESS PhysicalAddress; =20 // // Validate Attributes // if ((Attributes & EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER) != =3D 0) { return EFI_UNSUPPORTED; } =20 // // Check for invalid inputs // if (HostAddress =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // The only valid memory types are EfiBootServicesData and // EfiRuntimeServicesData // if (MemoryType !=3D EfiBootServicesData && MemoryType !=3D EfiRuntimeServicesData) { return EFI_INVALID_PARAMETER; } =20 PhysicalAddress =3D (UINTN)-1; if ((Attributes & EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE) =3D=3D 0) { // // Limit allocations to memory below 4GB // PhysicalAddress =3D SIZE_4GB - 1; } Status =3D gBS->AllocatePages ( AllocateMaxAddress, MemoryType, Pages, &PhysicalAddress ); if (!EFI_ERROR (Status)) { *HostAddress =3D (VOID *) (UINTN) PhysicalAddress; =20 // // Clear memory encryption mask // Status =3D MemEncryptSevClearPageEncMask (0, PhysicalAddress, Pages, T= RUE); ASSERT_EFI_ERROR(Status); } =20 DEBUG (( DEBUG_VERBOSE, "%a Address 0x%Lx Pages 0x%Lx\n", __FUNCTION__, PhysicalAddress, - Pages + (UINT64)Pages )); return Status; } =20 /** Frees memory that was allocated with AllocateBuffer(). =20 @param This The protocol instance pointer. @param Pages The number of pages to free. @param HostAddress The base system memory address of the allo= cated range. =20 @retval EFI_SUCCESS The requested memory pages were freed. @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress = and Pages was not allocated with AllocateBuffe= r(). =20 **/ @@ -399,78 +399,78 @@ EFIAPI IoMmuFreeBuffer ( IN EDKII_IOMMU_PROTOCOL *This, IN UINTN Pages, IN VOID *HostAddress ) { EFI_STATUS Status; =20 // // Set memory encryption mask // Status =3D MemEncryptSevSetPageEncMask ( 0, (EFI_PHYSICAL_ADDRESS)(UINTN)HostAddress, Pages, TRUE ); ASSERT_EFI_ERROR(Status); =20 DEBUG (( DEBUG_VERBOSE, "%a Address 0x%Lx Pages 0x%Lx\n", __FUNCTION__, - (UINTN)HostAddress, - Pages + (UINT64)(UINTN)HostAddress, + (UINT64)Pages )); return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); } =20 =20 /** Set IOMMU attribute for a system memory. =20 If the IOMMU protocol exists, the system memory cannot be used for DMA by default. =20 When a device requests a DMA access for a system memory, the device driver need use SetAttribute() to update the IOMMU attribute to request DMA access (read and/or write). =20 The DeviceHandle is used to identify which device submits the request. The IOMMU implementation need translate the device path to an IOMMU devi= ce ID, and set IOMMU hardware register accordingly. 1) DeviceHandle can be a standard PCI device. The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ. The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE. The memory for BusMasterCommonBuffer need set EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE. After the memory is used, the memory need set 0 to keep it being protected. 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc). The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or EDKII_IOMMU_ACCESS_WRITE. =20 @param[in] This The protocol instance pointer. @param[in] DeviceHandle The device who initiates the DMA access request. @param[in] Mapping The mapping value returned from Map(). @param[in] IoMmuAccess The IOMMU access. =20 @retval EFI_SUCCESS The IoMmuAccess is set for the memory ran= ge specified by DeviceAddress and Length. @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle. @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned = by Map(). @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combinat= ion of access. @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU. @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not suppor= ted by the IOMMU. @retval EFI_UNSUPPORTED The IOMMU does not support the memory ran= ge specified by Mapping. @retval EFI_OUT_OF_RESOURCES There are not enough resources available = to modify the IOMMU access. @retval EFI_DEVICE_ERROR The IOMMU device reported an error while attempting the operation. =20 **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709117882668.9816624634069; Wed, 2 Aug 2017 14:25:17 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id E7CEE209589D2; Wed, 2 Aug 2017 14:23:03 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A0543209589D0 for ; Wed, 2 Aug 2017 14:23:02 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 10A9DC047B64; Wed, 2 Aug 2017 21:25:13 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id AF33817B57; Wed, 2 Aug 2017 21:25:11 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 10A9DC047B64 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:46 +0200 Message-Id: <20170802212453.19221-6-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 02 Aug 2017 21:25:13 +0000 (UTC) Subject: [edk2] [PATCH 05/12] OvmfPkg/IoMmuDxe: don't initialize local variables X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The edk2 coding style requires separate assignments. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/IoMmuDxe.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.c b/OvmfPkg/IoMmuDxe/IoMmuDxe.c index 5809afc44196..27b1856e0a17 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.c +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.c @@ -31,23 +31,27 @@ EFIAPI IoMmuDxeEntryPoint ( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status =3D EFI_SUCCESS; - EFI_HANDLE Handle =3D NULL; + EFI_STATUS Status; + EFI_HANDLE Handle; + + Status =3D EFI_SUCCESS; =20 // // When SEV is enabled, install IoMmu protocol otherwise install the // placeholder protocol so that other dependent module can run. // if (MemEncryptSevIsEnabled ()) { AmdSevInstallIoMmuProtocol (); } else { + Handle =3D NULL; + Status =3D gBS->InstallMultipleProtocolInterfaces ( &Handle, &gIoMmuAbsentProtocolGuid, NULL, NULL); } =20 return Status; } --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709120997139.40808420096755; Wed, 2 Aug 2017 14:25:20 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 301DE209589DD; Wed, 2 Aug 2017 14:23:05 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 4F33921AEB0DC for ; Wed, 2 Aug 2017 14:23:04 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B184C85363; Wed, 2 Aug 2017 21:25:14 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6330917B57; Wed, 2 Aug 2017 21:25:13 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B184C85363 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:47 +0200 Message-Id: <20170802212453.19221-7-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 02 Aug 2017 21:25:14 +0000 (UTC) Subject: [edk2] [PATCH 06/12] OvmfPkg/IoMmuDxe: propagate errors from AmdSevInstallIoMmuProtocol() X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" If we cannot install the IOMMU protocol for whatever reason, exit the driver with an error. The same is already done for the IOMMU Absent protocol. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 2 +- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 4 ++-- OvmfPkg/IoMmuDxe/IoMmuDxe.c | 4 +--- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h index 88dabfc2c435..0f2155350817 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h @@ -34,7 +34,7 @@ MemEncryptSevLib. =20 **/ -VOID +EFI_STATUS EFIAPI AmdSevInstallIoMmuProtocol ( VOID diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 954062442782..8c2c23356a40 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -499,20 +499,20 @@ EDKII_IOMMU_PROTOCOL mAmdSev =3D { Initialize Iommu Protocol. =20 **/ -VOID +EFI_STATUS EFIAPI AmdSevInstallIoMmuProtocol ( VOID ) { EFI_STATUS Status; EFI_HANDLE Handle; =20 Handle =3D NULL; Status =3D gBS->InstallMultipleProtocolInterfaces ( &Handle, &gEdkiiIoMmuProtocolGuid, &mAmdSev, NULL ); - ASSERT_EFI_ERROR (Status); + return Status; } diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.c b/OvmfPkg/IoMmuDxe/IoMmuDxe.c index 27b1856e0a17..0ea42cbc13ce 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.c +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.c @@ -31,27 +31,25 @@ EFIAPI IoMmuDxeEntryPoint ( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable ) { EFI_STATUS Status; EFI_HANDLE Handle; =20 - Status =3D EFI_SUCCESS; - // // When SEV is enabled, install IoMmu protocol otherwise install the // placeholder protocol so that other dependent module can run. // if (MemEncryptSevIsEnabled ()) { - AmdSevInstallIoMmuProtocol (); + Status =3D AmdSevInstallIoMmuProtocol (); } else { Handle =3D NULL; =20 Status =3D gBS->InstallMultipleProtocolInterfaces ( &Handle, &gIoMmuAbsentProtocolGuid, NULL, NULL); } =20 return Status; } --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709124210875.7313526901899; Wed, 2 Aug 2017 14:25:24 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 68D5E209589DF; Wed, 2 Aug 2017 14:23:07 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0732A21AEB0DE for ; Wed, 2 Aug 2017 14:23:06 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 666157CDE2; Wed, 2 Aug 2017 21:25:16 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1143817B57; Wed, 2 Aug 2017 21:25:14 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 666157CDE2 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:48 +0200 Message-Id: <20170802212453.19221-8-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 02 Aug 2017 21:25:16 +0000 (UTC) Subject: [edk2] [PATCH 07/12] OvmfPkg/IoMmuDxe: clean up used library classes X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The following library classes are not used by this module, so remove them from the INF file's [LibraryClasses] section: - DxeServicesTableLib - UefiLib The following library classes are used by this module, so add them to the INF file's [LibraryClasses] section: - BaseMemoryLib (e.g. via CopyMem()) - MemoryAllocationLib (e.g. via AllocatePool()) Sort the list of library classes (in both "IoMmuDxe.inf" and "AmdSevIoMmu.h"). Remove all non-local #include directives from "IoMmuDxe.c"; both C files of this module include "AmdSevIoMmu.h", and "AmdSevIoMmu.h" includes all non-local headers already. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/IoMmuDxe.inf | 8 ++++---- OvmfPkg/IoMmuDxe/AmdSevIoMmu.h | 4 ++-- OvmfPkg/IoMmuDxe/IoMmuDxe.c | 9 --------- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf index 21dc39b9233a..307849706800 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf @@ -35,12 +35,12 @@ [Packages] =20 [LibraryClasses] BaseLib - UefiLib - UefiDriverEntryPoint - UefiBootServicesTableLib - DxeServicesTableLib + BaseMemoryLib DebugLib MemEncryptSevLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiDriverEntryPoint =20 [Protocols] gEdkiiIoMmuProtocolGuid ## SOMETIME_PRODUCES diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h index 0f2155350817..bdd83956aab4 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.h @@ -1,36 +1,36 @@ /** @file =20 The protocol provides support to allocate, free, map and umap a DMA buff= er for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operati= ons must be performed on unencrypted buffer hence protocol clear the encrypt= ion bit from the DMA buffer. =20 Copyright (c) 2017, Intel Corporation. All rights reserved.
Copyright (c) 2017, AMD Inc. All rights reserved.
This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php =20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. =20 **/ =20 #ifndef __AMD_SEV_IOMMU_H_ #define __AMD_SEV_IOMMU_H =20 #include =20 #include -#include #include +#include +#include #include #include -#include =20 /** Install IOMMU protocol to provide the DMA support for PciHostBridge and MemEncryptSevLib. =20 **/ diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.c b/OvmfPkg/IoMmuDxe/IoMmuDxe.c index 0ea42cbc13ce..70d30ea91627 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuDxe.c +++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.c @@ -1,29 +1,20 @@ /** @file =20 IoMmuDxe driver installs EDKII_IOMMU_PROTOCOL to provide the support for= DMA operations when SEV is enabled. =20 Copyright (c) 2017, AMD Inc. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php =20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. =20 **/ =20 -#include - -#include -#include -#include -#include -#include -#include - #include "AmdSevIoMmu.h" =20 EFI_STATUS --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709131872483.07449151029004; Wed, 2 Aug 2017 14:25:31 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A25CF209589E0; Wed, 2 Aug 2017 14:23:08 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B1AAD21B06E9B for ; Wed, 2 Aug 2017 14:23:07 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 16E9EC057FAD; Wed, 2 Aug 2017 21:25:18 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id BA85717B57; Wed, 2 Aug 2017 21:25:16 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 16E9EC057FAD Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:49 +0200 Message-Id: <20170802212453.19221-9-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Wed, 02 Aug 2017 21:25:18 +0000 (UTC) Subject: [edk2] [PATCH 08/12] OvmfPkg/IoMmuDxe: zero out pages before releasing them X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Whenever we release the plaintext bounce buffer pages that were allocated implicitly in Map() for BusMasterRead[64] and BusMasterWrite[64], we restore the encryption mask on them. However, we should also rewrite the area (fill it with zeros) so that the hypervisor is not left with a plaintext view of the earlier data. Similarly, whenever we release the plaintext common buffer pages that were allocated explicitly in AllocateBuffer() for BusMasterCommonBuffer[64], we restore the encryption mask on them. However, we should also rewrite the area (fill it with zeros) so that the hypervisor is not left with a plaintext view of the earlier data. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 8c2c23356a40..d899b0ab9e41 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -227,87 +227,91 @@ EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // See if the Map() operation associated with this Unmap() required a ma= pping // buffer. If a mapping buffer was not required, then this function simp= ly // buffer. If a mapping buffer was not required, then this function simp= ly // if (Mapping =3D=3D NO_MAPPING) { return EFI_SUCCESS; } =20 MapInfo =3D (MAP_INFO *)Mapping; =20 // // If this is a write operation from the Bus Master's point of view, // then copy the contents of the mapped buffer into the real buffer // so the processor can read the contents of the real buffer. // if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite || MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite64) { CopyMem ( (VOID *) (UINTN) MapInfo->CryptedAddress, (VOID *) (UINTN) MapInfo->PlainTextAddress, MapInfo->NumberOfBytes ); } =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); // // Restore the memory encryption mask // Status =3D MemEncryptSevSetPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); + ZeroMem ( + (VOID*)(UINTN)MapInfo->PlainTextAddress, + EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) + ); =20 // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. @param MemoryType The type of memory to allocate, EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. @param HostAddress A pointer to store the base system memory address of the allocated range. @param Attributes The requested bit mask of attributes for t= he allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are MEMORY_WRITE_COMBINE and MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ @@ -399,78 +403,79 @@ EFIAPI IoMmuFreeBuffer ( IN EDKII_IOMMU_PROTOCOL *This, IN UINTN Pages, IN VOID *HostAddress ) { EFI_STATUS Status; =20 // // Set memory encryption mask // Status =3D MemEncryptSevSetPageEncMask ( 0, (EFI_PHYSICAL_ADDRESS)(UINTN)HostAddress, Pages, TRUE ); ASSERT_EFI_ERROR(Status); + ZeroMem (HostAddress, EFI_PAGES_TO_SIZE (Pages)); =20 DEBUG (( DEBUG_VERBOSE, "%a Address 0x%Lx Pages 0x%Lx\n", __FUNCTION__, (UINT64)(UINTN)HostAddress, (UINT64)Pages )); return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); } =20 =20 /** Set IOMMU attribute for a system memory. =20 If the IOMMU protocol exists, the system memory cannot be used for DMA by default. =20 When a device requests a DMA access for a system memory, the device driver need use SetAttribute() to update the IOMMU attribute to request DMA access (read and/or write). =20 The DeviceHandle is used to identify which device submits the request. The IOMMU implementation need translate the device path to an IOMMU devi= ce ID, and set IOMMU hardware register accordingly. 1) DeviceHandle can be a standard PCI device. The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ. The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE. The memory for BusMasterCommonBuffer need set EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE. After the memory is used, the memory need set 0 to keep it being protected. 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc). The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or EDKII_IOMMU_ACCESS_WRITE. =20 @param[in] This The protocol instance pointer. @param[in] DeviceHandle The device who initiates the DMA access request. @param[in] Mapping The mapping value returned from Map(). @param[in] IoMmuAccess The IOMMU access. =20 @retval EFI_SUCCESS The IoMmuAccess is set for the memory ran= ge specified by DeviceAddress and Length. @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle. @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned = by Map(). @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combinat= ion of access. @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU. @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not suppor= ted by the IOMMU. @retval EFI_UNSUPPORTED The IOMMU does not support the memory ran= ge specified by Mapping. @retval EFI_OUT_OF_RESOURCES There are not enough resources available = to modify the IOMMU access. @retval EFI_DEVICE_ERROR The IOMMU device reported an error while attempting the operation. =20 **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709131803508.5576961646615; Wed, 2 Aug 2017 14:25:31 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id D9E42209589DE; Wed, 2 Aug 2017 14:23:10 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 64C1D209589D0 for ; Wed, 2 Aug 2017 14:23:09 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BA44F5AFC8; Wed, 2 Aug 2017 21:25:19 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6A97617B57; Wed, 2 Aug 2017 21:25:18 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com BA44F5AFC8 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:50 +0200 Message-Id: <20170802212453.19221-10-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 02 Aug 2017 21:25:19 +0000 (UTC) Subject: [edk2] [PATCH 09/12] OvmfPkg/IoMmuDxe: rework setup of "MapInfo->PlainTextAddress" in Map() X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" There are three issues with the current calculations: - The initial logic that sets up "DmaMemoryTop" and "AllocateType" checks for the BusMasterCommonBuffer64 operation in two places. The inner check for BusMasterCommonBuffer64 will never evaluate to TRUE however, because the outer check excludes BusMasterCommonBuffer64. - In order to lower "DmaMemoryTop" to (SIZE_4GB - 1), the outer check requires that the encrypted (original) buffer cross the 4GB mark. This is wrong: for BusMasterRead[64] and BusMasterWrite[64] operations, we unconditionally need a bounce buffer (a decrypted memory area), and for the 32-bit variants, "DmaMemoryTop" should be lowered regardless of the location of the original (encrypted) buffer. - The current logic would be hard to extend for the in-place decryption that we'll implement in the next patch. Therefore rework the "MapInfo->PlainTextAddress" setup. No functional changes beyond said bugfixes. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 156 +++++++++++--------- 1 file changed, 87 insertions(+), 69 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index d899b0ab9e41..0a85ee6559e7 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -65,160 +65,178 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; - EFI_PHYSICAL_ADDRESS PhysicalAddress; MAP_INFO *MapInfo; - EFI_PHYSICAL_ADDRESS DmaMemoryTop; EFI_ALLOCATE_TYPE AllocateType; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // - // Make sure that Operation is valid - // - if ((UINT32) Operation >=3D EdkiiIoMmuOperationMaximum) { - return EFI_INVALID_PARAMETER; - } - PhysicalAddress =3D (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; - - DmaMemoryTop =3D (UINTN)-1; - AllocateType =3D AllocateAnyPages; - - if (((Operation !=3D EdkiiIoMmuOperationBusMasterRead64 && - Operation !=3D EdkiiIoMmuOperationBusMasterWrite64 && - Operation !=3D EdkiiIoMmuOperationBusMasterCommonBuffer64)) && - ((PhysicalAddress + *NumberOfBytes) > SIZE_4GB)) { - // - // If the root bridge or the device cannot handle performing DMA above - // 4GB but any part of the DMA transfer being mapped is above 4GB, then - // map the DMA transfer to a buffer below 4GB. - // - DmaMemoryTop =3D SIZE_4GB - 1; - AllocateType =3D AllocateMaxAddress; - - if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || - Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { - // - // Common Buffer operations can not be remapped. If the common bu= ffer - // if above 4GB, then it is not possible to generate a mapping, so - // return an error. - // - return EFI_UNSUPPORTED; - } - } - - // - // CommandBuffer was allocated by us (AllocateBuffer) and is already in - // unencryted buffer so no need to create bounce buffer - // - if (Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || - Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { - *Mapping =3D NO_MAPPING; - *DeviceAddress =3D PhysicalAddress; - - return EFI_SUCCESS; - } - - // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // MapInfo =3D AllocatePool (sizeof (MAP_INFO)); if (MapInfo =3D=3D NULL) { - *NumberOfBytes =3D 0; - return EFI_OUT_OF_RESOURCES; + Status =3D EFI_OUT_OF_RESOURCES; + goto Failed; } =20 // - // Initialize the MAP_INFO structure + // Initialize the MAP_INFO structure, except the PlainTextAddress field // MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); - MapInfo->CryptedAddress =3D PhysicalAddress; - MapInfo->PlainTextAddress =3D DmaMemoryTop; + MapInfo->CryptedAddress =3D (UINTN)HostAddress; =20 // - // Allocate a buffer to map the transfer to. + // In the switch statement below, we point "MapInfo->PlainTextAddress" t= o the + // plaintext buffer, according to Operation. // - Status =3D gBS->AllocatePages ( - AllocateType, - EfiBootServicesData, - MapInfo->NumberOfPages, - &MapInfo->PlainTextAddress - ); - if (EFI_ERROR (Status)) { + MapInfo->PlainTextAddress =3D MAX_ADDRESS; + AllocateType =3D AllocateAnyPages; + switch (Operation) { + // + // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buf= fer + // is necessary regardless of whether the original (crypted) buffer cros= ses + // the 4GB limit or not -- we have to allocate a separate plaintext buff= er. + // The only variable is whether the plaintext buffer should be under 4GB. + // + case EdkiiIoMmuOperationBusMasterRead: + case EdkiiIoMmuOperationBusMasterWrite: + MapInfo->PlainTextAddress =3D BASE_4GB - 1; + AllocateType =3D AllocateMaxAddress; + // + // fall through + // + case EdkiiIoMmuOperationBusMasterRead64: + case EdkiiIoMmuOperationBusMasterWrite64: + // + // Allocate the implicit plaintext bounce buffer. + // + Status =3D gBS->AllocatePages ( + AllocateType, + EfiBootServicesData, + MapInfo->NumberOfPages, + &MapInfo->PlainTextAddress + ); + if (EFI_ERROR (Status)) { + goto FreeMapInfo; + } + break; + + // + // For BusMasterCommonBuffer[64] operations, a plaintext buffer has been + // allocated already, with AllocateBuffer(). We only check whether the + // address is low enough for the requested operation. + // + case EdkiiIoMmuOperationBusMasterCommonBuffer: + if ((MapInfo->CryptedAddress > BASE_4GB) || + (EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) > + BASE_4GB - MapInfo->CryptedAddress)) { + // + // CommonBuffer operations cannot be remapped. If the common buffer = is + // above 4GB, then it is not possible to generate a mapping, so retu= rn an + // error. + // + Status =3D EFI_UNSUPPORTED; + goto FreeMapInfo; + } + // + // fall through + // + case EdkiiIoMmuOperationBusMasterCommonBuffer64: + // + // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer(), + // and it is already decrypted. + // + MapInfo->PlainTextAddress =3D MapInfo->CryptedAddress; + + // + // Therefore no mapping is necessary. + // + *DeviceAddress =3D MapInfo->PlainTextAddress; + *Mapping =3D NO_MAPPING; FreePool (MapInfo); - *NumberOfBytes =3D 0; - return Status; + return EFI_SUCCESS; + + default: + // + // Operation is invalid + // + Status =3D EFI_INVALID_PARAMETER; + goto FreeMapInfo; } =20 // - // Clear the memory encryption mask from the device buffer + // Clear the memory encryption mask on the plaintext buffer. // Status =3D MemEncryptSevClearPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64) { CopyMem ( (VOID *) (UINTN) MapInfo->PlainTextAddress, (VOID *) (UINTN) MapInfo->CryptedAddress, MapInfo->NumberOfBytes ); } =20 // - // The DeviceAddress is the address of the maped buffer below 4GB + // Populate output parameters. // *DeviceAddress =3D MapInfo->PlainTextAddress; - - // - // Return a pointer to the MAP_INFO structure in Mapping - // *Mapping =3D MapInfo; =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); =20 return EFI_SUCCESS; + +FreeMapInfo: + FreePool (MapInfo); + +Failed: + *NumberOfBytes =3D 0; + return Status; } =20 /** Completes the Map() operation and releases any corresponding resources. =20 @param This The protocol instance pointer. @param Mapping The mapping value returned from Map(). =20 @retval EFI_SUCCESS The range was unmapped. @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by Map(). @retval EFI_DEVICE_ERROR The data was not committed to the target s= ystem memory. **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709135156718.0860849919649; Wed, 2 Aug 2017 14:25:35 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 2283E209589F6; Wed, 2 Aug 2017 14:23:13 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2F9DA209589D0 for ; Wed, 2 Aug 2017 14:23:11 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9652983F40; Wed, 2 Aug 2017 21:25:21 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1B4EF17B57; Wed, 2 Aug 2017 21:25:19 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 9652983F40 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:51 +0200 Message-Id: <20170802212453.19221-11-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Wed, 02 Aug 2017 21:25:21 +0000 (UTC) Subject: [edk2] [PATCH 10/12] OvmfPkg/IoMmuDxe: implement in-place decryption/encryption for Map/Unmap X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" At the moment, we have the following distribution of actions between the IOMMU protocol member functions: - AllocateBuffer() allocates pages and clears the memory encryption mask. - FreeBuffer() re-sets the memory encryption mask, and deallocates pages. - Map() does nothing at all when BusMasterCommonBuffer[64] is requested (and AllocateBuffer() was called previously). Otherwise, Map() allocates pages, and clears the memory encryption mask. - Unmap() does nothing when cleaning up a BusMasterCommonBuffer[64] operation. Otherwise, Unmap() clears the encryption mask, and frees the pages. This is wrong: the AllocateBuffer() protocol member is not expected to produce a buffer that is immediately usable, and client code is required to call Map() unconditionally, even if BusMasterCommonBuffer[64] is the desired operation. Implement the right distribution of actions as follows: - AllocateBuffer() allocates pages and does not touch the encryption mask. - FreeBuffer() deallocates pages and does not touch the encryption mask. - Map() does not allocate pages when BusMasterCommonBuffer[64] is requested, and it allocates pages (bounce buffer) otherwise. Regardless of the BusMaster operation, Map() (and Map() only) clears the memory encryption mask. - Unmap() restores the encryption mask unconditionally. If the operation was BusMasterCommonBuffer[64], then Unmap() does not release the pages. Otherwise, the pages (bounce buffer) are released. This approach also ensures that Unmap() can be called from ExitBootServices() event handlers, for cleaning up BusMasterCommonBuffer[64] operations. (More specifically, for restoring the SEV encryption mask on any in-flight buffers, after resetting any referring devices.) ExitBootServices() event handlers must not change the UEFI memory map, thus any memory allocation or freeing in Unmap() would disqualify Unmap() from being called in such a context. Map()-ing and Unmap()-ing memory for a BusMasterCommonBuffer[64] operation effectively means in-place decryption and encryption in a SEV context. As an additional hurdle, section "7.10.8 Encrypt-in-Place" of AMD publication Nr.24593 implies that we need a separate temporary buffer for decryption and encryption that will eventually land in-place. Allocating said temporary buffer in the straightforward way would violate the above allocation/freeing restrictions on Map()/Unmap(), therefore pre-allocate this "stash buffer" too in AllocateBuffer(), and free it in FreeBuffer(). To completely rid Unmap() of dynamic memory impact, for BusMasterCommonBuffer[64] operations, we're going to rework the lifecycle of the MAP_INFO structures in a later patch. (The MemEncryptSevSetPageEncMask() call in Unmap() could theoretically allocate memory internally for page splitting, however this won't happen in practice: in Unmap() we only restore the memory encryption mask, and don't genuinely set it. Any page splitting will have occurred in Map()'s MemEncryptSevClearPageEncMask() call first.) Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 242 +++++++++++++++----- 1 file changed, 185 insertions(+), 57 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 0a85ee6559e7..5049d19e9cb7 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -23,40 +23,64 @@ typedef struct { EDKII_IOMMU_OPERATION Operation; UINTN NumberOfBytes; UINTN NumberOfPages; EFI_PHYSICAL_ADDRESS CryptedAddress; EFI_PHYSICAL_ADDRESS PlainTextAddress; } MAP_INFO; =20 -#define NO_MAPPING (VOID *) (UINTN) -1 +#define COMMON_BUFFER_SIG SIGNATURE_64 ('C', 'M', 'N', 'B', 'U', 'F', 'F',= 'R') + +// +// The following structure enables Map() and Unmap() to perform in-place +// decryption and encryption, respectively, for BusMasterCommonBuffer[64] +// operations, without dynamic memory allocation or release. +// +// Both COMMON_BUFFER_HEADER and COMMON_BUFFER_HEADER.StashBuffer are allo= cated +// by AllocateBuffer() and released by FreeBuffer(). +// +#pragma pack (1) +typedef struct { + UINT64 Signature; + + // + // Always allocated from EfiBootServicesData type memory, and always + // encrypted. + // + VOID *StashBuffer; + + // + // Followed by the actual common buffer, starting at the next page. + // +} COMMON_BUFFER_HEADER; +#pragma pack () =20 /** Provides the controller-specific addresses required to access system mem= ory from a DMA bus master. On SEV guest, the DMA operations must be performe= d on shared buffer hence we allocate a bounce buffer to map the HostAddress t= o a DeviceAddress. The Encryption attribute is removed from the DeviceAddress buffer. =20 @param This The protocol instance pointer. @param Operation Indicates if the bus master is going to re= ad or write to system memory. @param HostAddress The system memory address to map to the PCI controller. @param NumberOfBytes On input the number of bytes to map. On ou= tput the number of bytes that were mapped. @param DeviceAddress The resulting map address for the bus mast= er PCI controller to use to access the hosts HostAddress. @param Mapping A resulting value to pass to Unmap(). =20 @retval EFI_SUCCESS The range was mapped for the returned NumberOfBytes. @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a comm= on buffer. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. @retval EFI_DEVICE_ERROR The system hardware could not map the requ= ested address. =20 **/ @@ -65,157 +89,175 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; MAP_INFO *MapInfo; EFI_ALLOCATE_TYPE AllocateType; + COMMON_BUFFER_HEADER *CommonBufferHeader; + VOID *DecryptionSource; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // MapInfo =3D AllocatePool (sizeof (MAP_INFO)); if (MapInfo =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto Failed; } =20 // // Initialize the MAP_INFO structure, except the PlainTextAddress field // MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); MapInfo->CryptedAddress =3D (UINTN)HostAddress; =20 // // In the switch statement below, we point "MapInfo->PlainTextAddress" t= o the - // plaintext buffer, according to Operation. + // plaintext buffer, according to Operation. We also set "DecryptionSour= ce". // MapInfo->PlainTextAddress =3D MAX_ADDRESS; AllocateType =3D AllocateAnyPages; + DecryptionSource =3D (VOID *)(UINTN)MapInfo->CryptedAddress; switch (Operation) { // // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buf= fer // is necessary regardless of whether the original (crypted) buffer cros= ses // the 4GB limit or not -- we have to allocate a separate plaintext buff= er. // The only variable is whether the plaintext buffer should be under 4GB. // case EdkiiIoMmuOperationBusMasterRead: case EdkiiIoMmuOperationBusMasterWrite: MapInfo->PlainTextAddress =3D BASE_4GB - 1; AllocateType =3D AllocateMaxAddress; // // fall through // case EdkiiIoMmuOperationBusMasterRead64: case EdkiiIoMmuOperationBusMasterWrite64: // // Allocate the implicit plaintext bounce buffer. // Status =3D gBS->AllocatePages ( AllocateType, EfiBootServicesData, MapInfo->NumberOfPages, &MapInfo->PlainTextAddress ); if (EFI_ERROR (Status)) { goto FreeMapInfo; } break; =20 // - // For BusMasterCommonBuffer[64] operations, a plaintext buffer has been - // allocated already, with AllocateBuffer(). We only check whether the - // address is low enough for the requested operation. + // For BusMasterCommonBuffer[64] operations, a to-be-plaintext buffer an= d a + // stash buffer (for in-place decryption) have been allocated already, w= ith + // AllocateBuffer(). We only check whether the address of the to-be-plai= ntext + // buffer is low enough for the requested operation. // case EdkiiIoMmuOperationBusMasterCommonBuffer: if ((MapInfo->CryptedAddress > BASE_4GB) || (EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) > BASE_4GB - MapInfo->CryptedAddress)) { // // CommonBuffer operations cannot be remapped. If the common buffer = is // above 4GB, then it is not possible to generate a mapping, so retu= rn an // error. // Status =3D EFI_UNSUPPORTED; goto FreeMapInfo; } // // fall through // case EdkiiIoMmuOperationBusMasterCommonBuffer64: // - // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer(), - // and it is already decrypted. + // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer(). // MapInfo->PlainTextAddress =3D MapInfo->CryptedAddress; - // - // Therefore no mapping is necessary. + // Stash the crypted data. // - *DeviceAddress =3D MapInfo->PlainTextAddress; - *Mapping =3D NO_MAPPING; - FreePool (MapInfo); - return EFI_SUCCESS; + CommonBufferHeader =3D (COMMON_BUFFER_HEADER *)( + (UINTN)MapInfo->CryptedAddress - EFI_PAGE_SIZE + ); + ASSERT (CommonBufferHeader->Signature =3D=3D COMMON_BUFFER_SIG); + CopyMem ( + CommonBufferHeader->StashBuffer, + (VOID *)(UINTN)MapInfo->CryptedAddress, + MapInfo->NumberOfBytes + ); + // + // Point "DecryptionSource" to the stash buffer so that we decrypt + // it to the original location, after the switch statement. + // + DecryptionSource =3D CommonBufferHeader->StashBuffer; + break; =20 default: // // Operation is invalid // Status =3D EFI_INVALID_PARAMETER; goto FreeMapInfo; } =20 // // Clear the memory encryption mask on the plaintext buffer. // Status =3D MemEncryptSevClearPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // + // For BusMasterCommonBuffer[64] operations, the CopyMem() below will de= crypt + // the original data (from the stash buffer) back to the original locati= on. + // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || - Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64) { + Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64 || + Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || + Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { CopyMem ( (VOID *) (UINTN) MapInfo->PlainTextAddress, - (VOID *) (UINTN) MapInfo->CryptedAddress, + DecryptionSource, MapInfo->NumberOfBytes ); } =20 // // Populate output parameters. // *DeviceAddress =3D MapInfo->PlainTextAddress; *Mapping =3D MapInfo; =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); =20 return EFI_SUCCESS; @@ -245,91 +287,129 @@ EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; + COMMON_BUFFER_HEADER *CommonBufferHeader; + VOID *EncryptionTarget; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 - // - // See if the Map() operation associated with this Unmap() required a ma= pping - // buffer. If a mapping buffer was not required, then this function simp= ly - // buffer. If a mapping buffer was not required, then this function simp= ly - // - if (Mapping =3D=3D NO_MAPPING) { - return EFI_SUCCESS; - } - MapInfo =3D (MAP_INFO *)Mapping; =20 // - // If this is a write operation from the Bus Master's point of view, - // then copy the contents of the mapped buffer into the real buffer - // so the processor can read the contents of the real buffer. + // For BusMasterWrite[64] operations and BusMasterCommonBuffer[64] opera= tions + // we have to encrypt the results, ultimately to the original place (i.e= ., + // "MapInfo->CryptedAddress"). // - if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite || - MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterWrite64) { + // For BusMasterCommonBuffer[64] operations however, this encryption has= to + // land in-place, so divert the encryption to the stash buffer first. + // + EncryptionTarget =3D (VOID *)(UINTN)MapInfo->CryptedAddress; + + switch (MapInfo->Operation) { + case EdkiiIoMmuOperationBusMasterCommonBuffer: + case EdkiiIoMmuOperationBusMasterCommonBuffer64: + ASSERT (MapInfo->PlainTextAddress =3D=3D MapInfo->CryptedAddress); + + CommonBufferHeader =3D (COMMON_BUFFER_HEADER *)( + (UINTN)MapInfo->PlainTextAddress - EFI_PAGE_SIZE + ); + ASSERT (CommonBufferHeader->Signature =3D=3D COMMON_BUFFER_SIG); + EncryptionTarget =3D CommonBufferHeader->StashBuffer; + // + // fall through + // + + case EdkiiIoMmuOperationBusMasterWrite: + case EdkiiIoMmuOperationBusMasterWrite64: CopyMem ( - (VOID *) (UINTN) MapInfo->CryptedAddress, + EncryptionTarget, (VOID *) (UINTN) MapInfo->PlainTextAddress, MapInfo->NumberOfBytes ); + break; + + default: + // + // nothing to encrypt after BusMasterRead[64] operations + // + break; } =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); + // - // Restore the memory encryption mask + // Restore the memory encryption mask on the area we used to hold the + // plaintext. // Status =3D MemEncryptSevSetPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR(Status); - ZeroMem ( - (VOID*)(UINTN)MapInfo->PlainTextAddress, - EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) - ); =20 // - // Free the mapped buffer and the MAP_INFO structure. + // For BusMasterCommonBuffer[64] operations, copy the stashed data to the + // original (now encrypted) location. + // + // For all other operations, fill the late bounce buffer (which existed = as + // plaintext at some point) with zeros, and then release it. + // + if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || + MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64= ) { + CopyMem ( + (VOID *)(UINTN)MapInfo->CryptedAddress, + CommonBufferHeader->StashBuffer, + MapInfo->NumberOfBytes + ); + } else { + ZeroMem ( + (VOID *)(UINTN)MapInfo->PlainTextAddress, + EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) + ); + gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); + } + + // + // Free the MAP_INFO structure. // - gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. @param MemoryType The type of memory to allocate, EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. @param HostAddress A pointer to store the base system memory address of the allocated range. @param Attributes The requested bit mask of attributes for t= he allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are MEMORY_WRITE_COMBINE and MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ @@ -338,81 +418,116 @@ EFIAPI IoMmuAllocateBuffer ( IN EDKII_IOMMU_PROTOCOL *This, IN EFI_ALLOCATE_TYPE Type, IN EFI_MEMORY_TYPE MemoryType, IN UINTN Pages, IN OUT VOID **HostAddress, IN UINT64 Attributes ) { EFI_STATUS Status; EFI_PHYSICAL_ADDRESS PhysicalAddress; + VOID *StashBuffer; + UINTN CommonBufferPages; + COMMON_BUFFER_HEADER *CommonBufferHeader; =20 // // Validate Attributes // if ((Attributes & EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER) != =3D 0) { return EFI_UNSUPPORTED; } =20 // // Check for invalid inputs // if (HostAddress =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // The only valid memory types are EfiBootServicesData and // EfiRuntimeServicesData // if (MemoryType !=3D EfiBootServicesData && MemoryType !=3D EfiRuntimeServicesData) { return EFI_INVALID_PARAMETER; } =20 + // + // We'll need a header page for the COMMON_BUFFER_HEADER structure. + // + if (Pages > MAX_UINTN - 1) { + return EFI_OUT_OF_RESOURCES; + } + CommonBufferPages =3D Pages + 1; + + // + // Allocate the stash in EfiBootServicesData type memory. + // + // Map() will temporarily save encrypted data in the stash for + // BusMasterCommonBuffer[64] operations, so the data can be decrypted to= the + // original location. + // + // Unmap() will temporarily save plaintext data in the stash for + // BusMasterCommonBuffer[64] operations, so the data can be encrypted to= the + // original location. + // + // StashBuffer always resides in encrypted memory. + // + StashBuffer =3D AllocatePages (Pages); + if (StashBuffer =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + PhysicalAddress =3D (UINTN)-1; if ((Attributes & EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE) =3D=3D 0) { // // Limit allocations to memory below 4GB // PhysicalAddress =3D SIZE_4GB - 1; } Status =3D gBS->AllocatePages ( AllocateMaxAddress, MemoryType, - Pages, + CommonBufferPages, &PhysicalAddress ); - if (!EFI_ERROR (Status)) { - *HostAddress =3D (VOID *) (UINTN) PhysicalAddress; - - // - // Clear memory encryption mask - // - Status =3D MemEncryptSevClearPageEncMask (0, PhysicalAddress, Pages, T= RUE); - ASSERT_EFI_ERROR(Status); + if (EFI_ERROR (Status)) { + goto FreeStashBuffer; } =20 + CommonBufferHeader =3D (VOID *)(UINTN)PhysicalAddress; + PhysicalAddress +=3D EFI_PAGE_SIZE; + + CommonBufferHeader->Signature =3D COMMON_BUFFER_SIG; + CommonBufferHeader->StashBuffer =3D StashBuffer; + + *HostAddress =3D (VOID *)(UINTN)PhysicalAddress; + DEBUG (( DEBUG_VERBOSE, "%a Address 0x%Lx Pages 0x%Lx\n", __FUNCTION__, PhysicalAddress, (UINT64)Pages )); + return EFI_SUCCESS; + +FreeStashBuffer: + FreePages (StashBuffer, Pages); return Status; } =20 /** Frees memory that was allocated with AllocateBuffer(). =20 @param This The protocol instance pointer. @param Pages The number of pages to free. @param HostAddress The base system memory address of the allo= cated range. =20 @retval EFI_SUCCESS The requested memory pages were freed. @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress = and Pages was not allocated with AllocateBuffe= r(). =20 **/ @@ -421,79 +536,92 @@ EFIAPI IoMmuFreeBuffer ( IN EDKII_IOMMU_PROTOCOL *This, IN UINTN Pages, IN VOID *HostAddress ) { - EFI_STATUS Status; + UINTN CommonBufferPages; + COMMON_BUFFER_HEADER *CommonBufferHeader; + + CommonBufferPages =3D Pages + 1; + CommonBufferHeader =3D (COMMON_BUFFER_HEADER *)( + (UINTN)HostAddress - EFI_PAGE_SIZE + ); + + // + // Check the signature. + // + ASSERT (CommonBufferHeader->Signature =3D=3D COMMON_BUFFER_SIG); + if (CommonBufferHeader->Signature !=3D COMMON_BUFFER_SIG) { + return EFI_INVALID_PARAMETER; + } =20 // - // Set memory encryption mask + // Free the stash buffer. This buffer was always encrypted, so no need to + // zero it. // - Status =3D MemEncryptSevSetPageEncMask ( - 0, - (EFI_PHYSICAL_ADDRESS)(UINTN)HostAddress, - Pages, - TRUE - ); - ASSERT_EFI_ERROR(Status); - ZeroMem (HostAddress, EFI_PAGES_TO_SIZE (Pages)); + FreePages (CommonBufferHeader->StashBuffer, Pages); =20 DEBUG (( DEBUG_VERBOSE, "%a Address 0x%Lx Pages 0x%Lx\n", __FUNCTION__, (UINT64)(UINTN)HostAddress, (UINT64)Pages )); - return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages= ); + + // + // Release the common buffer itself. Unmap() has re-encrypted it in-plac= e, so + // no need to zero it. + // + return gBS->FreePages ((UINTN)CommonBufferHeader, CommonBufferPages); } =20 =20 /** Set IOMMU attribute for a system memory. =20 If the IOMMU protocol exists, the system memory cannot be used for DMA by default. =20 When a device requests a DMA access for a system memory, the device driver need use SetAttribute() to update the IOMMU attribute to request DMA access (read and/or write). =20 The DeviceHandle is used to identify which device submits the request. The IOMMU implementation need translate the device path to an IOMMU devi= ce ID, and set IOMMU hardware register accordingly. 1) DeviceHandle can be a standard PCI device. The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ. The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE. The memory for BusMasterCommonBuffer need set EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE. After the memory is used, the memory need set 0 to keep it being protected. 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc). The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or EDKII_IOMMU_ACCESS_WRITE. =20 @param[in] This The protocol instance pointer. @param[in] DeviceHandle The device who initiates the DMA access request. @param[in] Mapping The mapping value returned from Map(). @param[in] IoMmuAccess The IOMMU access. =20 @retval EFI_SUCCESS The IoMmuAccess is set for the memory ran= ge specified by DeviceAddress and Length. @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle. @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned = by Map(). @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combinat= ion of access. @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU. @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not suppor= ted by the IOMMU. @retval EFI_UNSUPPORTED The IOMMU does not support the memory ran= ge specified by Mapping. @retval EFI_OUT_OF_RESOURCES There are not enough resources available = to modify the IOMMU access. @retval EFI_DEVICE_ERROR The IOMMU device reported an error while attempting the operation. =20 **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709138777520.3651215403903; Wed, 2 Aug 2017 14:25:38 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 5D027209589FA; Wed, 2 Aug 2017 14:23:13 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DBDB0209589D0 for ; Wed, 2 Aug 2017 14:23:12 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 49E2F37EEC; Wed, 2 Aug 2017 21:25:23 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id EB96117B57; Wed, 2 Aug 2017 21:25:21 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 49E2F37EEC Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:52 +0200 Message-Id: <20170802212453.19221-12-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 02 Aug 2017 21:25:23 +0000 (UTC) Subject: [edk2] [PATCH 11/12] OvmfPkg/IoMmuDxe: abort harder on memory encryption mask failures X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Upon a MemEncryptSevClearPageEncMask() failure in Map(), it wouldn't be difficult to release the bounce buffer that was implicitly allocated for BusMasterRead[64] and BusMasterWrite[64] operations. However, undoing any partial memory encryption mask changes -- partial page splitting and PTE modifications -- is practically impossible. (For example, restoring the encryption mask on the entire range has no reason to fare any better than the MemEncryptSevClearPageEncMask() call itself.) For this reason, keep ASSERT_EFI_ERROR(), but hang in RELEASE builds too, if MemEncryptSevClearPageEncMask() or MemEncryptSevSetPageEncMask() fails. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index 5049d19e9cb7..ee94cd4efbe2 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -89,175 +89,178 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; MAP_INFO *MapInfo; EFI_ALLOCATE_TYPE AllocateType; COMMON_BUFFER_HEADER *CommonBufferHeader; VOID *DecryptionSource; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // MapInfo =3D AllocatePool (sizeof (MAP_INFO)); if (MapInfo =3D=3D NULL) { Status =3D EFI_OUT_OF_RESOURCES; goto Failed; } =20 // // Initialize the MAP_INFO structure, except the PlainTextAddress field // MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); MapInfo->CryptedAddress =3D (UINTN)HostAddress; =20 // // In the switch statement below, we point "MapInfo->PlainTextAddress" t= o the // plaintext buffer, according to Operation. We also set "DecryptionSour= ce". // MapInfo->PlainTextAddress =3D MAX_ADDRESS; AllocateType =3D AllocateAnyPages; DecryptionSource =3D (VOID *)(UINTN)MapInfo->CryptedAddress; switch (Operation) { // // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buf= fer // is necessary regardless of whether the original (crypted) buffer cros= ses // the 4GB limit or not -- we have to allocate a separate plaintext buff= er. // The only variable is whether the plaintext buffer should be under 4GB. // case EdkiiIoMmuOperationBusMasterRead: case EdkiiIoMmuOperationBusMasterWrite: MapInfo->PlainTextAddress =3D BASE_4GB - 1; AllocateType =3D AllocateMaxAddress; // // fall through // case EdkiiIoMmuOperationBusMasterRead64: case EdkiiIoMmuOperationBusMasterWrite64: // // Allocate the implicit plaintext bounce buffer. // Status =3D gBS->AllocatePages ( AllocateType, EfiBootServicesData, MapInfo->NumberOfPages, &MapInfo->PlainTextAddress ); if (EFI_ERROR (Status)) { goto FreeMapInfo; } break; =20 // // For BusMasterCommonBuffer[64] operations, a to-be-plaintext buffer an= d a // stash buffer (for in-place decryption) have been allocated already, w= ith // AllocateBuffer(). We only check whether the address of the to-be-plai= ntext // buffer is low enough for the requested operation. // case EdkiiIoMmuOperationBusMasterCommonBuffer: if ((MapInfo->CryptedAddress > BASE_4GB) || (EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) > BASE_4GB - MapInfo->CryptedAddress)) { // // CommonBuffer operations cannot be remapped. If the common buffer = is // above 4GB, then it is not possible to generate a mapping, so retu= rn an // error. // Status =3D EFI_UNSUPPORTED; goto FreeMapInfo; } // // fall through // case EdkiiIoMmuOperationBusMasterCommonBuffer64: // // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer(). // MapInfo->PlainTextAddress =3D MapInfo->CryptedAddress; // // Stash the crypted data. // CommonBufferHeader =3D (COMMON_BUFFER_HEADER *)( (UINTN)MapInfo->CryptedAddress - EFI_PAGE_SIZE ); ASSERT (CommonBufferHeader->Signature =3D=3D COMMON_BUFFER_SIG); CopyMem ( CommonBufferHeader->StashBuffer, (VOID *)(UINTN)MapInfo->CryptedAddress, MapInfo->NumberOfBytes ); // // Point "DecryptionSource" to the stash buffer so that we decrypt // it to the original location, after the switch statement. // DecryptionSource =3D CommonBufferHeader->StashBuffer; break; =20 default: // // Operation is invalid // Status =3D EFI_INVALID_PARAMETER; goto FreeMapInfo; } =20 // // Clear the memory encryption mask on the plaintext buffer. // Status =3D MemEncryptSevClearPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); - ASSERT_EFI_ERROR(Status); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + CpuDeadLoop (); + } =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // // For BusMasterCommonBuffer[64] operations, the CopyMem() below will de= crypt // the original data (from the stash buffer) back to the original locati= on. // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64 || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { CopyMem ( (VOID *) (UINTN) MapInfo->PlainTextAddress, DecryptionSource, MapInfo->NumberOfBytes ); } =20 // // Populate output parameters. // *DeviceAddress =3D MapInfo->PlainTextAddress; *Mapping =3D MapInfo; =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); =20 return EFI_SUCCESS; @@ -287,129 +290,132 @@ EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; COMMON_BUFFER_HEADER *CommonBufferHeader; VOID *EncryptionTarget; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 MapInfo =3D (MAP_INFO *)Mapping; =20 // // For BusMasterWrite[64] operations and BusMasterCommonBuffer[64] opera= tions // we have to encrypt the results, ultimately to the original place (i.e= ., // "MapInfo->CryptedAddress"). // // For BusMasterCommonBuffer[64] operations however, this encryption has= to // land in-place, so divert the encryption to the stash buffer first. // EncryptionTarget =3D (VOID *)(UINTN)MapInfo->CryptedAddress; =20 switch (MapInfo->Operation) { case EdkiiIoMmuOperationBusMasterCommonBuffer: case EdkiiIoMmuOperationBusMasterCommonBuffer64: ASSERT (MapInfo->PlainTextAddress =3D=3D MapInfo->CryptedAddress); =20 CommonBufferHeader =3D (COMMON_BUFFER_HEADER *)( (UINTN)MapInfo->PlainTextAddress - EFI_PAGE_SIZE ); ASSERT (CommonBufferHeader->Signature =3D=3D COMMON_BUFFER_SIG); EncryptionTarget =3D CommonBufferHeader->StashBuffer; // // fall through // =20 case EdkiiIoMmuOperationBusMasterWrite: case EdkiiIoMmuOperationBusMasterWrite64: CopyMem ( EncryptionTarget, (VOID *) (UINTN) MapInfo->PlainTextAddress, MapInfo->NumberOfBytes ); break; =20 default: // // nothing to encrypt after BusMasterRead[64] operations // break; } =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); =20 // // Restore the memory encryption mask on the area we used to hold the // plaintext. // Status =3D MemEncryptSevSetPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); - ASSERT_EFI_ERROR(Status); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + CpuDeadLoop (); + } =20 // // For BusMasterCommonBuffer[64] operations, copy the stashed data to the // original (now encrypted) location. // // For all other operations, fill the late bounce buffer (which existed = as // plaintext at some point) with zeros, and then release it. // if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64= ) { CopyMem ( (VOID *)(UINTN)MapInfo->CryptedAddress, CommonBufferHeader->StashBuffer, MapInfo->NumberOfBytes ); } else { ZeroMem ( (VOID *)(UINTN)MapInfo->PlainTextAddress, EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) ); gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); } =20 // // Free the MAP_INFO structure. // FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. @param MemoryType The type of memory to allocate, EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. @param HostAddress A pointer to store the base system memory address of the allocated range. @param Attributes The requested bit mask of attributes for t= he allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are MEMORY_WRITE_COMBINE and MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel From nobody Sun Apr 28 22:18:40 2024 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1501709142418209.1970464966895; Wed, 2 Aug 2017 14:25:42 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 9493B209589F4; Wed, 2 Aug 2017 14:23:15 -0700 (PDT) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 83C2D209589F8 for ; Wed, 2 Aug 2017 14:23:14 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EA025C04B30E; Wed, 2 Aug 2017 21:25:24 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-47.phx2.redhat.com [10.3.116.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9C6CE17B57; Wed, 2 Aug 2017 21:25:23 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EA025C04B30E Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=lersek@redhat.com From: Laszlo Ersek To: edk2-devel-01 Date: Wed, 2 Aug 2017 23:24:53 +0200 Message-Id: <20170802212453.19221-13-lersek@redhat.com> In-Reply-To: <20170802212453.19221-1-lersek@redhat.com> References: <20170802212453.19221-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 02 Aug 2017 21:25:25 +0000 (UTC) Subject: [edk2] [PATCH 12/12] OvmfPkg/IoMmuDxe: Unmap(): recycle MAP_INFO after BusMasterCommonBuffer[64] X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Tom Lendacky , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In order for Unmap() to be callable from ExitBootServices() event handler context (for cleaning up a BusMasterCommonBuffer[64] operation), we have to completely liberate the affected path in Unmap() from dynamic memory management. The last remaining piece is the release of the MAP_INFO structure. Rather than freeing it with FreePool(), recycle it to an internal list. Elements of this "free list" can be reused for any kind of Map() operation, and can be freed later, or recycled again. Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Cc: Tom Lendacky Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Laszlo Ersek Reviewed-by: Brijesh Singh Tested-By: Brijesh Singh --- OvmfPkg/IoMmuDxe/AmdSevIoMmu.c | 48 ++++++++++++++++---- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c index ee94cd4efbe2..b2c825123fbb 100644 --- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c +++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c @@ -20,22 +20,36 @@ =20 #include "AmdSevIoMmu.h" =20 +#define MAP_INFO_SIG SIGNATURE_64 ('M', 'A', 'P', '_', 'I', 'N', 'F', 'O') + typedef struct { + UINT64 Signature; + LIST_ENTRY Link; EDKII_IOMMU_OPERATION Operation; UINTN NumberOfBytes; UINTN NumberOfPages; EFI_PHYSICAL_ADDRESS CryptedAddress; EFI_PHYSICAL_ADDRESS PlainTextAddress; } MAP_INFO; =20 +// +// List of MAP_INFO structures recycled by Unmap(). +// +// Recycled MAP_INFO structures are equally good for future recycling and +// freeing. +// +STATIC LIST_ENTRY mRecycledMapInfos =3D INITIALIZE_LIST_HEAD_VARIABLE ( + mRecycledMapInfos + ); + #define COMMON_BUFFER_SIG SIGNATURE_64 ('C', 'M', 'N', 'B', 'U', 'F', 'F',= 'R') =20 // // The following structure enables Map() and Unmap() to perform in-place // decryption and encryption, respectively, for BusMasterCommonBuffer[64] // operations, without dynamic memory allocation or release. // // Both COMMON_BUFFER_HEADER and COMMON_BUFFER_HEADER.StashBuffer are allo= cated // by AllocateBuffer() and released by FreeBuffer(). // #pragma pack (1) @@ -89,178 +103,190 @@ EFIAPI IoMmuMap ( IN EDKII_IOMMU_PROTOCOL *This, IN EDKII_IOMMU_OPERATION Operation, IN VOID *HostAddress, IN OUT UINTN *NumberOfBytes, OUT EFI_PHYSICAL_ADDRESS *DeviceAddress, OUT VOID **Mapping ) { EFI_STATUS Status; + LIST_ENTRY *RecycledMapInfo; MAP_INFO *MapInfo; EFI_ALLOCATE_TYPE AllocateType; COMMON_BUFFER_HEADER *CommonBufferHeader; VOID *DecryptionSource; =20 if (HostAddress =3D=3D NULL || NumberOfBytes =3D=3D NULL || DeviceAddres= s =3D=3D NULL || Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 // // Allocate a MAP_INFO structure to remember the mapping when Unmap() is // called later. // - MapInfo =3D AllocatePool (sizeof (MAP_INFO)); - if (MapInfo =3D=3D NULL) { - Status =3D EFI_OUT_OF_RESOURCES; - goto Failed; + RecycledMapInfo =3D GetFirstNode (&mRecycledMapInfos); + if (RecycledMapInfo =3D=3D &mRecycledMapInfos) { + // + // No recycled MAP_INFO structure, allocate a new one. + // + MapInfo =3D AllocatePool (sizeof (MAP_INFO)); + if (MapInfo =3D=3D NULL) { + Status =3D EFI_OUT_OF_RESOURCES; + goto Failed; + } + } else { + MapInfo =3D CR (RecycledMapInfo, MAP_INFO, Link, MAP_INFO_SIG); + RemoveEntryList (RecycledMapInfo); } =20 // // Initialize the MAP_INFO structure, except the PlainTextAddress field // + ZeroMem (&MapInfo->Link, sizeof MapInfo->Link); + MapInfo->Signature =3D MAP_INFO_SIG; MapInfo->Operation =3D Operation; MapInfo->NumberOfBytes =3D *NumberOfBytes; MapInfo->NumberOfPages =3D EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes= ); MapInfo->CryptedAddress =3D (UINTN)HostAddress; =20 // // In the switch statement below, we point "MapInfo->PlainTextAddress" t= o the // plaintext buffer, according to Operation. We also set "DecryptionSour= ce". // MapInfo->PlainTextAddress =3D MAX_ADDRESS; AllocateType =3D AllocateAnyPages; DecryptionSource =3D (VOID *)(UINTN)MapInfo->CryptedAddress; switch (Operation) { // // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buf= fer // is necessary regardless of whether the original (crypted) buffer cros= ses // the 4GB limit or not -- we have to allocate a separate plaintext buff= er. // The only variable is whether the plaintext buffer should be under 4GB. // case EdkiiIoMmuOperationBusMasterRead: case EdkiiIoMmuOperationBusMasterWrite: MapInfo->PlainTextAddress =3D BASE_4GB - 1; AllocateType =3D AllocateMaxAddress; // // fall through // case EdkiiIoMmuOperationBusMasterRead64: case EdkiiIoMmuOperationBusMasterWrite64: // // Allocate the implicit plaintext bounce buffer. // Status =3D gBS->AllocatePages ( AllocateType, EfiBootServicesData, MapInfo->NumberOfPages, &MapInfo->PlainTextAddress ); if (EFI_ERROR (Status)) { goto FreeMapInfo; } break; =20 // // For BusMasterCommonBuffer[64] operations, a to-be-plaintext buffer an= d a // stash buffer (for in-place decryption) have been allocated already, w= ith // AllocateBuffer(). We only check whether the address of the to-be-plai= ntext // buffer is low enough for the requested operation. // case EdkiiIoMmuOperationBusMasterCommonBuffer: if ((MapInfo->CryptedAddress > BASE_4GB) || (EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) > BASE_4GB - MapInfo->CryptedAddress)) { // // CommonBuffer operations cannot be remapped. If the common buffer = is // above 4GB, then it is not possible to generate a mapping, so retu= rn an // error. // Status =3D EFI_UNSUPPORTED; goto FreeMapInfo; } // // fall through // case EdkiiIoMmuOperationBusMasterCommonBuffer64: // // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer(). // MapInfo->PlainTextAddress =3D MapInfo->CryptedAddress; // // Stash the crypted data. // CommonBufferHeader =3D (COMMON_BUFFER_HEADER *)( (UINTN)MapInfo->CryptedAddress - EFI_PAGE_SIZE ); ASSERT (CommonBufferHeader->Signature =3D=3D COMMON_BUFFER_SIG); CopyMem ( CommonBufferHeader->StashBuffer, (VOID *)(UINTN)MapInfo->CryptedAddress, MapInfo->NumberOfBytes ); // // Point "DecryptionSource" to the stash buffer so that we decrypt // it to the original location, after the switch statement. // DecryptionSource =3D CommonBufferHeader->StashBuffer; break; =20 default: // // Operation is invalid // Status =3D EFI_INVALID_PARAMETER; goto FreeMapInfo; } =20 // // Clear the memory encryption mask on the plaintext buffer. // Status =3D MemEncryptSevClearPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { CpuDeadLoop (); } =20 // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. // // For BusMasterCommonBuffer[64] operations, the CopyMem() below will de= crypt // the original data (from the stash buffer) back to the original locati= on. // if (Operation =3D=3D EdkiiIoMmuOperationBusMasterRead || Operation =3D=3D EdkiiIoMmuOperationBusMasterRead64 || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64) { CopyMem ( (VOID *) (UINTN) MapInfo->PlainTextAddress, DecryptionSource, MapInfo->NumberOfBytes ); } =20 // // Populate output parameters. // *DeviceAddress =3D MapInfo->PlainTextAddress; *Mapping =3D MapInfo; =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); =20 return EFI_SUCCESS; @@ -290,132 +316,138 @@ EFIAPI IoMmuUnmap ( IN EDKII_IOMMU_PROTOCOL *This, IN VOID *Mapping ) { MAP_INFO *MapInfo; EFI_STATUS Status; COMMON_BUFFER_HEADER *CommonBufferHeader; VOID *EncryptionTarget; =20 if (Mapping =3D=3D NULL) { return EFI_INVALID_PARAMETER; } =20 MapInfo =3D (MAP_INFO *)Mapping; =20 // // For BusMasterWrite[64] operations and BusMasterCommonBuffer[64] opera= tions // we have to encrypt the results, ultimately to the original place (i.e= ., // "MapInfo->CryptedAddress"). // // For BusMasterCommonBuffer[64] operations however, this encryption has= to // land in-place, so divert the encryption to the stash buffer first. // EncryptionTarget =3D (VOID *)(UINTN)MapInfo->CryptedAddress; =20 switch (MapInfo->Operation) { case EdkiiIoMmuOperationBusMasterCommonBuffer: case EdkiiIoMmuOperationBusMasterCommonBuffer64: ASSERT (MapInfo->PlainTextAddress =3D=3D MapInfo->CryptedAddress); =20 CommonBufferHeader =3D (COMMON_BUFFER_HEADER *)( (UINTN)MapInfo->PlainTextAddress - EFI_PAGE_SIZE ); ASSERT (CommonBufferHeader->Signature =3D=3D COMMON_BUFFER_SIG); EncryptionTarget =3D CommonBufferHeader->StashBuffer; // // fall through // =20 case EdkiiIoMmuOperationBusMasterWrite: case EdkiiIoMmuOperationBusMasterWrite64: CopyMem ( EncryptionTarget, (VOID *) (UINTN) MapInfo->PlainTextAddress, MapInfo->NumberOfBytes ); break; =20 default: // // nothing to encrypt after BusMasterRead[64] operations // break; } =20 DEBUG (( DEBUG_VERBOSE, "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n", __FUNCTION__, MapInfo->PlainTextAddress, MapInfo->CryptedAddress, (UINT64)MapInfo->NumberOfPages, (UINT64)MapInfo->NumberOfBytes )); =20 // // Restore the memory encryption mask on the area we used to hold the // plaintext. // Status =3D MemEncryptSevSetPageEncMask ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages, TRUE ); ASSERT_EFI_ERROR (Status); if (EFI_ERROR (Status)) { CpuDeadLoop (); } =20 // // For BusMasterCommonBuffer[64] operations, copy the stashed data to the // original (now encrypted) location. // // For all other operations, fill the late bounce buffer (which existed = as // plaintext at some point) with zeros, and then release it. // if (MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer || MapInfo->Operation =3D=3D EdkiiIoMmuOperationBusMasterCommonBuffer64= ) { CopyMem ( (VOID *)(UINTN)MapInfo->CryptedAddress, CommonBufferHeader->StashBuffer, MapInfo->NumberOfBytes ); + + // + // Recycle the MAP_INFO structure. + // + InsertTailList (&mRecycledMapInfos, &MapInfo->Link); } else { ZeroMem ( (VOID *)(UINTN)MapInfo->PlainTextAddress, EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) ); gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages); + + // + // Free the MAP_INFO structure. + // + FreePool (MapInfo); } =20 - // - // Free the MAP_INFO structure. - // - FreePool (Mapping); return EFI_SUCCESS; } =20 /** Allocates pages that are suitable for an OperationBusMasterCommonBuffer = or OperationBusMasterCommonBuffer64 mapping. =20 @param This The protocol instance pointer. @param Type This parameter is not used and must be ign= ored. @param MemoryType The type of memory to allocate, EfiBootServicesData or EfiRuntimeServicesD= ata. @param Pages The number of pages to allocate. @param HostAddress A pointer to store the base system memory address of the allocated range. @param Attributes The requested bit mask of attributes for t= he allocated range. =20 @retval EFI_SUCCESS The requested memory pages were allocated. @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal attribute bits are MEMORY_WRITE_COMBINE and MEMORY_CACHED. @retval EFI_INVALID_PARAMETER One or more parameters are invalid. @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated. =20 **/ --=20 2.13.1.3.g8be5a757fa67 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel