From nobody Thu Mar 28 17:51:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74636+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74636+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783549571984.7830253020821; Fri, 30 Apr 2021 04:52:29 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id CX7lYY1788612xsK4T6xaYIU; Fri, 30 Apr 2021 04:52:29 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.42]) by mx.groups.io with SMTP id smtpd.web08.10381.1619783543755812561 for ; Fri, 30 Apr 2021 04:52:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MFjmtlUPkUjD6XtoBj7ZNM5xYTd5POv9eA0aWPNbr4iQ0Y667REiLqMZEsMNg51P2XU/DO5jJdkEPWMK83RN/dtAP3dHjvG01ixN8tF03JyBB5z5N3YahZf0CBNUlMpxeYnsTwDMrfERfN0qUd29KIlfPxHBk5Ae8U45YeZqVsGzjoPTeBpqDvmyYf4DgsBDsJh6R3cuL5NcJ99/nEw5Lx44on8eLkVPZCAine680O95CbAZ4pYFXm+ni7u/ugQWNOvb+pQGWxI6Fo5YvjhWRbszKFPyjOAY4VXrpA4XhfTTQfr8vFmkSrOqPlckwawPL+pyQBOkI1Dibkq2+ZYVUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WUEWYYr4RpwNijcGY6eM9kia2WrgjEzH4dUbFpeoWDA=; b=h2YbVx/ABmToc77flvNVAa1P6EsxvpONBuIHglwifJ+2P3TsTRHltM74X8Sfcno/Q1qBSDgeitnsnutsPjU0V+FAcqHbQKKnoVEGFxWwVfSkac1+XK6PLmfltXfGng7czQ752rBh9WYv9cMcE600rGZJQLtyuncDFag0lvBvKle9xqmPyA91Ii5KZ7TE2a39I+PeVSByJtTwU5i7ULNHSEPju1QLAf8genfhAwY3cPgiNjHoNr5yKiBWKsdxFtTm+TbJS0xm32KhY+x1F7yVokX8E/7Pk25kN9qQ/VO3YP8frMdkBR6MiPizFrr9fasbeqe6+vn2NMa+2MYYGfaI3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.23; Fri, 30 Apr 2021 11:52:21 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:21 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 09/28] OvmfPkg/VmgExitLib: Allow PMBASE register access in Dxe phase Date: Fri, 30 Apr 2021 06:51:29 -0500 Message-Id: <20210430115148.22267-10-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:20 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a159adf4-5dd8-4378-c817-08d90bce699a X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: g9j0O7vBcTQU5+DIQoA9quJk1olNrtlEIZGDsxxi9Q5vUb+Niz3W08yyFe+H6E3+0I8+9k+WD5IIjnkkLjpdk6KKNUTuSsQJPTGpVucVGvoWyil8z07JxAqbyZOtReHYj7VZ+cd/NwGJ+xvTJsHb1SKTxN3AxYUSwTynIkbJSTNh/9HI/Zxg17Gko+0vFvPLAo8DM73maqhyLWkcP9fahSICJGxhXP5FQYpWXzNaAu1d8SDxeTiZYtm3NoyPASQoKmRRgq8Q44XdigxwMAuYCuOAHeSTJKyI3NNj3O7iVBGTl4AUBiLKe2ZAf0ORs2HEvVaqhPNDO6aP0mG6aTXA/nnToz4pOtcx6DlJ03LigJfBP9oQ3mtWQQSHIuNzKUa5pDd24nXFPRlUSZJtqEgKsYTxACz3+f/agwmjoJeYHH3kjszr3wTgXa1O8YW/qPuYT0Iq9lReUC/gWevAwMzhpYu/kDkERtIxOKvdkMPmMbXuZdStvA1eo+O2k8SB1+X1QsVF5+EmfZDRSBfT3DaqGvpUKzZz40+kNGR7SQR5PCkQBH0WYJEm+b6H10eBuF52vF5yZiaAPMr5/Qi2J4dWHgIyaTDmkyn8n7q6IqcPmvwyEvEPF9H31ULOYYWflEJuVv0N45ZAWtEaS32Vjj3Hb9EhrORwJXeTzLgw7Fmk2zWwZdWCAxw4f785jrQDO5JbVPLgUV7EB+SCgI+iHV9hOm5oJrhOeMdU4ZbJmGKwaAM= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?c3p+ZKmttOOOnAv348p4r/Ju5X/ABDM4Bdy+nMrNNt28gMuUfkAHjvXMk0JK?= =?us-ascii?Q?Uv6lCVt5om/giKqPBtHxRrFlpjB9um5qzN+syMDFJNgvlq/3Hti9ciTx2Cl2?= =?us-ascii?Q?CdtCjbkjbRHGZHItki0SDS7P5qrmRH7+A/aKtt5Fwo6ut3G4zIQTz1+V+SLC?= =?us-ascii?Q?fy1mjWhcIfSwiTuSWzT1Vzd/8q7mApYuBTejXwGhGpUXNOubv1r/2k2jtQmH?= =?us-ascii?Q?8SIYJ00nPseoljJ/HoCk8v0HYJ2cp1eC/Aju3AAvEdZOHWbVjhyWLQPGIgTC?= =?us-ascii?Q?EoUn346sIsLT5eGlawK3aTh7mL0GVlaQLqc040T51q+vOW3Sdj0+ZxwCIcfZ?= =?us-ascii?Q?oybdSj5jP9dwm8BdKDEUEGM1K5mRJK3syOoXPe64yV7AfrcGlguwu4rYH0+c?= =?us-ascii?Q?OlVbZhlnd57UOi1WpqSZkI+zrw0xMHbWFr/md58oYLvUWcLaj/e0xhDgP5QL?= =?us-ascii?Q?v5Jvw/uwAXE+lFCeM9+woJrlGOI8uQNY4e1uwq644dV34Qq0l6W+osMJkGD9?= =?us-ascii?Q?sKdhwoN0QK/Vr4CZ3hf262WC4Hdk0FeRfLWSEimZlQ4o/v9N8Sbxs6le/ywh?= =?us-ascii?Q?paI++h3AaUTOzissMGthIaPfiD6q3i6tXyS0RAbbY/IO5fF7T9nyvV5ZZdwV?= =?us-ascii?Q?rfbO9qW0OzY0F8gREpNeAfNDqm3/6zDifcSgzqZZyj2hBVM+VkQSAHT19NTI?= =?us-ascii?Q?KPlnozELU36G01CCEQYQop56/+ByD+i4Yc8Uen9/oLZJpJNkznZKgRV8Sw32?= =?us-ascii?Q?Ub8wu6Kxs6QBOaDJEu6b7TGjQF2H3/f44FreEmkK6EItv0VugQMubudnZ9mw?= =?us-ascii?Q?F2sAL0TxsKEA5PoefVOBeLI7xxp1sq4rnf7q3EFBm0IdiFPTJKHZmKZH4Su4?= =?us-ascii?Q?Yn6DtdH3pj1SpxPR2ZSJICJUMvTP+hh2shaok3mbj85zu4wi/qLVKVw4WgJv?= =?us-ascii?Q?9Ui0VuFwZFJOIn5iQvixeMlwu3Cs7wC1WDjvVj4fEHU12fAmdUpbSEf/8W5h?= =?us-ascii?Q?iRsGQ5ySIr7u1kWNrZWEu+AGizB+/MjSKgCUIOmRKGAynJc/r8MAZpCuCTWv?= =?us-ascii?Q?trjy8tPhcl/06YEB8kZWPVJ7lz6OE5q5kHIrSwnx8OPNgoOxnVMjriaS79kJ?= =?us-ascii?Q?wBsks6cEUh2BwIPWlOi6byxcj+EGChWjhzlnmAFXXZnIlVG4A1iXLQ49YRJk?= =?us-ascii?Q?MzuZxM2kEsEVPXARbwZJKnpO16IPncKtNcxSU8NIpnm/bXcWxXvXeGjeTOi2?= =?us-ascii?Q?mkfD/E98YLrqNqxHLuO8BgiY7IDninFqb5YcrBwIQCTQ4blYhvNFjnkIymGm?= =?us-ascii?Q?NoDVQbfHR62q8i122gn+xhux?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a159adf4-5dd8-4378-c817-08d90bce699a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:21.4664 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: J+5l6OL1yUa4EMjU0ual8nP6PPaUQhKtuTJHJd1Ia3HZP/ZrZIDneCu5L3gNC5WKzZ0H/CYxlmtdAG0MTaucLw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: KatkTauBNxLlBsQmVhcD7z3xx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783549; bh=fKFD49fFVxEnb2ZvM/5dK/Njq8gwpmULwvTaqQNvqPI=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=TMze6n6nEud+E9HIzXn0vmQdYCWE5zUTFuHH4f79UVdGTDB5m5/49i2oTP3blyhNi7c rDS7Sfm6lK8kA0XAburk7XZMRHfJlEnxHjuD7A8/QPp4njk/VhbN0b5i41+eR81lLg6hE puoTetOGOnYJe0tyBwr0NtkAHQVbXEzK6SE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 Commit 85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803 added support to ensure that MMIO is only performed against the un-encrypted memory. If MMIO is performed against encrypted memory, a #GP is raised. The VmgExitLib library depends on ApicTimerLib to get the APIC base address so that it can exclude the APIC range from the un-encrypted check. The OvmfPkg provides ApicTimerLib for the DXE phase. The constructor AcpiTimerLibConstructor() used in the ApicTimerLib uses the PciRead to get the PMBASE register. The PciRead() will cause an MMIO access. The AmdSevDxe driver clears the memory encryption attribute from the MMIO ranges. However, if VmgExitLib is linked to AmdSevDxe driver then the AcpiTimerLibConstructor() will be called before AmdSevDxe driver can clear the encryption attributes for the MMIO regions. Exclude the PMBASE register from the encrypted check so that we can link VmgExitLib to the MemEncryptSevLib; which gets linked to AmdSevDxe driver. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 4 ++ OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 7 +++ OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 45 ++++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf b/OvmfPkg/Library= /VmgExitLib/SecVmgExitLib.inf index e6f6ea7972..22435a0590 100644 --- a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf +++ b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf @@ -27,6 +27,7 @@ SecVmgExitVcHandler.c =20 [Packages] + MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec @@ -42,4 +43,7 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress =20 +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf b/OvmfPkg/Library/Vm= gExitLib/VmgExitLib.inf index c66c68726c..d3175c260e 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf @@ -27,6 +27,7 @@ PeiDxeVmgExitVcHandler.c =20 [Packages] + MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec @@ -37,4 +38,10 @@ DebugLib LocalApicLib MemEncryptSevLib + PcdLib =20 +[FixedPcd] + gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index 24259060fd..01ac5d8c19 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -14,7 +14,10 @@ #include #include #include +#include +#include #include +#include =20 #include "VmgExitVcHandler.h" =20 @@ -596,6 +599,40 @@ UnsupportedExit ( return Status; } =20 +STATIC +BOOLEAN +IsPmbaBaseAddress ( + IN UINTN Address + ) +{ + UINT16 HostBridgeDevId; + UINTN Pmba; + + // + // Query Host Bridge DID to determine platform type + // + HostBridgeDevId =3D PcdGet16 (PcdOvmfHostBridgePciDevId); + switch (HostBridgeDevId) { + case INTEL_82441_DEVICE_ID: + Pmba =3D POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMBA); + break; + case INTEL_Q35_MCH_DEVICE_ID: + Pmba =3D POWER_MGMT_REGISTER_Q35 (ICH9_PMBASE); + // + // Add the MMCONFIG base address to get the Pmba base access address + // + Pmba +=3D FixedPcdGet64 (PcdPciExpressBaseAddress); + break; + default: + return FALSE; + } + + // Round up the offset to page size + Pmba =3D Pmba & ~(SIZE_4KB - 1); + + return (Address =3D=3D Pmba); +} + /** Validate that the MMIO memory access is not to encrypted memory. =20 @@ -640,6 +677,14 @@ ValidateMmioMemory ( return 0; } =20 + // + // Allow PMBASE accesses (which will have the encryption bit set before + // AmdSevDxe runs in the DXE phase) + // + if (IsPmbaBaseAddress (Address)) { + return 0; + } + // // Any state other than unencrypted is an error, issue a #GP. // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74636): https://edk2.groups.io/g/devel/message/74636 Mute This Topic: https://groups.io/mt/82479056/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-