From nobody Wed Apr 24 03:14:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74653+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74653+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one); dmarc=fail(p=none dis=none) header.from=amd.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619783559420959.7403014687465; Fri, 30 Apr 2021 04:52:39 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jpJ9YY1788612xTUfMwQ7Sxa; Fri, 30 Apr 2021 04:52:39 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iec8lELoKnREnsBHfhFJbKxy0moqXhQRZxMCKRazbbtr/0qTEXHLdeYehnxcDGDw4FCYHqktLPycb7KTZoccp9x3paDDnoZLXr4i7DJgrhCSpagOErdQJTPPMwbotubGMCeifRyeBR340BJK3VHJLaLr2ms9vjK41yFVHPRgEeaoqXv8oNcAIa+u79e0qBl6SWFf7GXTdN2NT8NTJYDLtmlcY2LYlUDg0A0bc5GYt9ZfjQylZ+H1Tz8BBb3G2wTQLgCwKjc1gqZULzMvSCvk9HboLUuqTTb37d5X0pC81PUN4G1jpKbtEN2hm+Zw2UnCsvW3xLoW6R1krrN1W+zrLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V0j8OP/2ANlnZHh8b5+1ZmnJsJerNrLcIgRlUD4YEYM=; b=FgYqB8zXTMr/7iiw6KrLwjsSreLtX4srAX7ky2i1DEHp38ADbbF7CPnaCHiTfCNSjWj0DOX/CgvZXApY3WAbEUg/6hsDIH/7w1UzCfQ5MBqvGUspwK0e8cBM9suUdtckgQ1jyk9rTqVVEmIku4egEpL9IX7QId5AjVJw4XVP65GfeMM0Dg5sn5rIfgSM3Bpnm6ge7mr6krRfgWRTIdLgFRoOtSCERpwSotRjky2uSWD5r4lQUXWI7Bm7sev1kI1BOMEGzhQC3Nepm0DeFPXXzdPgIWNnv5/YG0s6eV9NYb+YhoW85VUQn/1a/kuUHYLV4NDTAskNJHlgmHJFIIqEMA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:33 +0000 X-Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:33 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [edk2-devel] [PATCH RFC v2 26/28] OvmfPkg/MemEncryptSevLib: Change the page state in the RMP table Date: Fri, 30 Apr 2021 06:51:46 -0500 Message-Id: <20210430115148.22267-27-brijesh.singh@amd.com> In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5f74b450-3531-4d87-f58b-08d90bce6ff5 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: p6j/UUpZYanuTX4b2aFOm9eQyK9UPl3KmSR7nr3bnFvWSQsE+UkpVAwycG3Koj8cZ7nedTOwLVUrU+dzcJqN5in2SSdRGMmLidYqSB7b3WiDHcFwW9cUvoYE3x8tCebvIR0f2XnS+heSl9KGgGn7KPx4ZE+KfU3yUA8ub/24SWwfhl2jMP4hu3bQXL3hYLsZk8vhpGgIbruhXSreaDTQKB72wDAxPC1XKDJujWnZ1VYwrp8ayM6lMJFaUnzpJPGYi+F23ebxStY46ngHUR+2KHfFHMuUmA0T8QGd7XNZqryS/CF1J7fPhcEtrM2mzYwJwy+kD2oICE84SOASD1zorIS1MguhX7kVT/NAXTFiU7za1XKs5r+6wUK83mjaVrGQINxuPJIokuITTSpxVVFRongi+YrW/w2xkGVZOt2z8HLJ4MT1TVN06xMWuxNafQ1RA0R9b/dRxhXDOimXd1piPK1kkKTnM9VK43qXMVveP6jJRzrLQmhcy63joeFpSzMhB3JDpRFgWixTeiViZRju0Jba44dAg0fCAA0BJLfwUqKTpyMTnFumK1IpuQ8kyHB9jpj4DbCeub06aRCGQWMeT53NwSW4rrbwSwX5GZcl6sUTaxV13XlMIwOoi480Bg/xgT1U4mJjJ0OviZhPU1dqvxyty6EWeGCIZACIkabwgNRbdm9m3cdCKnG3m67ABfUjX4zcodjenSvacOCA3fS3cgkfJ45TT0yz2gmafjciwbM= X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?0lwuIGAyC9C9QbdKLQQGQA0Z0VmXVYBy1apqEGHpTK9eIGLb+oRPqznnqwjv?= =?us-ascii?Q?up7++kNzYkp7bLoVGUwQdS04qb7VXT3V3XVw8zigBCeGwa++qtlr56ijYqh3?= =?us-ascii?Q?+VN7ppIy5HNYiIGZYW/FolazrTB2No2AOyeZU/wlDFEzkO5Qch6TD4kI3L7s?= =?us-ascii?Q?bmcJ9ZJebpK16PHsrGVh/vg49YuMw08SLWdSxP3wa+zsBlZdW7XT8/eLux38?= =?us-ascii?Q?2JWdtlzTvY37ACV7KiWRGDqOOX6DM58XMdTjkgSMHnsWm44/R3tMFZgPYSZk?= =?us-ascii?Q?M+8/5nzzZQTKE9khWenlz/QJHUxlvRejy8KD7AoA1sH4lbQp+95yQ/qKg3Av?= =?us-ascii?Q?/MZTP7tzU+8e807u3eCK/uSjfmsvI9jFKuvKsiOKwpg0VEt5UWaobmr56ePl?= =?us-ascii?Q?gLtKDAIC2TRalEDUKaExvcLTC5Dz9EQ4TcjKya3gNvCejCQO6KzV8erkBkIP?= =?us-ascii?Q?8HGpl/us0E0+8Nl3cpiyVYjGybrmucZrqNh+J9tGGA7a6guYDjqY9mjpOaJW?= =?us-ascii?Q?pXdi1SS9c5mN9qh+X+ODXeI7ebULE+lWhOYOLNhVQTQ9B/qA2ZYfj/YgejNY?= =?us-ascii?Q?D4i5jbT0JenTilwab5tM3sVEnMCiuhWhUkknuVpTzy4zlOQov/GGszsjEJtM?= =?us-ascii?Q?yOFnZIU2Fz+5Iu2VRSO6iW6P/xHEqiVPfeGN23DVyaL08U0FfDJR1557uOZE?= =?us-ascii?Q?xBR1H2+IUjUIy9Nxz+2hcXYzj3jewm5D3FOoqOI1G8Z3XXuC3tTfOQ+qRFtS?= =?us-ascii?Q?F5h4uPYLAqGt+GVeizuJJBCpPcZN2+9Sg7yON7simY5gv65c8NrLSaix3flz?= =?us-ascii?Q?yWXkFzn+ZwX8N1iypiEMrBN6PJB4dcu1QjLUGDddgK3ykihYUY/+nIKREbq8?= =?us-ascii?Q?aQSqpKt2Qx0pebUJvHl1JNJwZGRnMwh+oDo51cQAWgHwbvyHJEGT2oSY3yQb?= =?us-ascii?Q?YBABSpzMEwwXaOVtWqExtsWdbnXLIMUZFxpxu5mHnE4542e6a/n5PHpHlEbK?= =?us-ascii?Q?3/A61H4K1E+Nce6fT9uqKjhkY1bUP7e77TxjTFM7BW81uHc1354OjvYiZbYR?= =?us-ascii?Q?RjhMQrYuRrpR0rUNVihk1Q2x+qKk5nEP8rkJCuquiXCy7694TQt1ypqkcPMs?= =?us-ascii?Q?tEXO3ZDaXAV9RRtEs3zbFuhnBl2AsNDoMjzFMr5xsYRZKQwEgjSRkFywzPk3?= =?us-ascii?Q?QP1dppWzW+01/kZx+9Z1Huz64N3h3Sv6Qq23PmygcS+J9Pko/XEYx44Vf6SH?= =?us-ascii?Q?Vk+6klEJ/i8nTVZgatS2rvkNWfiTSn+NLyvps+r2KsacryKf6dSbEDwPp0zP?= =?us-ascii?Q?t/sjMTDJ4GqDFWOrJA+X/lbm?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5f74b450-3531-4d87-f58b-08d90bce6ff5 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:32.0613 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: a44nVUUk2RyyTQ2Z1oSaldDXp88t0J16YrOn6bPYclkRWZljFXHfib0kunQgheTxi+YCo+TDlg0XBFnp5CEgFA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,brijesh.singh@amd.com X-Gm-Message-State: MLtwSckGyQffc7aCdwRwn8GPx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619783559; bh=DljtUGikc4WePBF48pX9s2Dt5d1Rn/mMSZDHIkbUvQw=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=e6G1UCfs6p7XsdmbLjRTVePMm2xLRSdR1kpInzE4Wm49ATxgpesD30ll6xwcEmtfwuf rdqjgs0xNk87QqVzg1z16agOoUNDXh1i8jO7uhtxza3gQrE+9y/Ed+1ivCDBdkbaodeO3 cqlYUIxYFwqk6+Y07b82nkvwsWlGkebyZiU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSev{Set,Clear}PageEncMask() functions are used to set or clear the memory encryption attribute in the page table. When SEV-SNP is active, we also need to change the page state in the RMP table so that it is in sync with the memory encryption attribute change. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 34 ++++++= ++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index 2158e1cba3..f613bb314f 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -51,6 +51,7 @@ DebugLib MemoryAllocationLib PcdLib + VmgExitLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index 996a319b26..9cca8efecb 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -17,6 +17,7 @@ #include =20 #include "VirtualMemory.h" +#include "SnpPageStateChange.h" =20 STATIC BOOLEAN mAddressEncMaskChecked =3D FALSE; STATIC UINT64 mAddressEncMask; @@ -697,10 +698,12 @@ SetMemoryEncDec ( PAGE_MAP_AND_DIRECTORY_POINTER *PageDirectoryPointerEntry; PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; PAGE_TABLE_ENTRY *PageDirectory2MEntry; + PHYSICAL_ADDRESS OrigPhysicalAddress; PAGE_TABLE_4K_ENTRY *PageTableEntry; UINT64 PgTableMask; UINT64 AddressEncMask; BOOLEAN IsWpEnabled; + UINTN OrigLength; RETURN_STATUS Status; =20 // @@ -753,6 +756,22 @@ SetMemoryEncDec ( =20 Status =3D EFI_SUCCESS; =20 + // + // To maintain the security gurantees we must set the page to shared in = the RMP + // table before clearing the memory encryption mask from the current pag= e table. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if (!Mmio && (Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev= SnpPageShared, FALSE); + } + + // + // Save the specified length and physical address (we need it later). + // + OrigLength =3D Length; + OrigPhysicalAddress =3D PhysicalAddress; + while (Length !=3D 0) { // @@ -925,6 +944,21 @@ SetMemoryEncDec ( // CpuFlushTlb(); =20 + // + // SEV-SNP requires that all the private pages (i.e pages mapped encrypt= ed) must be + // added in the RMP table (as a private) before the access. + // + // The InternalSetPageState() is used for setting the page state in the = RMP table. + // + if (!Mmio && (Mode =3D=3D SetCBit) && MemEncryptSevSnpIsEnabled ()) { + InternalSetPageState ( + OrigPhysicalAddress, + EFI_SIZE_TO_PAGES (OrigLength), + SevSnpPagePrivate, + FALSE + ); + } + Done: // // Restore page table write protection, if any. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74653): https://edk2.groups.io/g/devel/message/74653 Mute This Topic: https://groups.io/mt/82479083/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-