From nobody Thu Nov 14 16:26:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94469+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94469+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1664379221; cv=none; d=zohomail.com; s=zohoarc; b=G6cQAy7CQgKZcDttaG+FuJpBaHw9WQWiA/hMhbO4pu0rdW9bqtElqM6bKc3L2AOixd2gDf8HmtZGQQFLgTdshwWvKxOGFnDZuXzTNWOanQ0KOs8bxXKAqn1IrDBBNAVpuhbh6BDMkgGivjqclcVjpKPSFlsihMASkZJxGqJR/a8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664379221; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=OBjZ6ghMhC9lcbYFOtl4H0N4zkSInNqSbt1IyhFtTxg=; b=Kx6F6aRSa089Zd5RaTjmRj+dAeUtm8ODqx3WRhleRC1MvgUWs5avymCJ242YcSabYaLM9X5NHmtHkA3wmXCciyvVMn60t/EmXNhfgASDF5rBYouWV6q/Wy9cNMVsjSM2nTRXbvBqQw/zL7mQxKK3fMvwuhHMiO6Ht3Kb5kZFIDU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94469+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 166437922184360.915359525626286; Wed, 28 Sep 2022 08:33:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id BmUQYY1788612xJITr7tAux7; Wed, 28 Sep 2022 08:33:41 -0700 X-Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by mx.groups.io with SMTP id smtpd.web11.9375.1664379220889820316 for ; Wed, 28 Sep 2022 08:33:40 -0700 X-Received: by mail-pl1-f201.google.com with SMTP id k2-20020a170902c40200b001782bd6c416so8530684plk.20 for ; Wed, 28 Sep 2022 08:33:40 -0700 (PDT) X-Gm-Message-State: R42kKCE5LSSeUDMe8SgMPj2Ix1787277AA= X-Google-Smtp-Source: AMsMyM7o/eTFxCy/sVQb+GPXDcMylEI1OfXi5utIZuSwitehsn11VqKAZu/xqRsOhTyOORerOx3/ht/cxHELZOnciw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:90b:4fc8:b0:202:a340:3594 with SMTP id qa8-20020a17090b4fc800b00202a3403594mr11438462pjb.149.1664379220199; Wed, 28 Sep 2022 08:33:40 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:18 +0000 In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220928153323.2583389-1-dionnaglaze@google.com> Message-ID: <20220928153323.2583389-2-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v4 1/6] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Sophia Wolf Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1664379221; bh=/rUT3LqRzZ9rZupjIcD9v37AtcwnGKb9N0LfrrRNQmQ=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=DNDYWt/uaZOMgTEVI7czkx2mToMVvj8yuLqbG+jgEUG0U0ZNB8Yn91ArA3RL3QuZyes jVXpQcBbZYpWrMa8wEfenEd1U7R/2ITNrztmyECmEkkFcemkRUTD57ixIIXZlQGFbEReS tU6q6QHtRSa9i2D6f6dWubv8jLEYVW8UpSM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1664379223309100003 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Sophia Wolf When a guest OS does not support unaccepted memory, the unaccepted memory must be accepted before returning a memory map to the caller. EfiMemoryAcceptProtocol is defined in MdePkg and is implemented / Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Sophia Wolf --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 34 ++= ++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 ++= +++++++++--- 3 files changed, 57 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index 662d3c4ccb..09aa15165d 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -20,6 +20,7 @@ #include #include #include +#include =20 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable =3D { SIGNATURE_32 ('A', 'M', 'D', 'E'), @@ -31,6 +32,29 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBoo= tDxeTable =3D { FixedPcdGet32 (PcdOvmfCpuidSize), }; =20 +STATIC EFI_HANDLE mAmdSevDxeHandle =3D NULL; + +STATIC +EFI_STATUS +EFIAPI +AmdSevMemoryAccept ( + IN EFI_MEMORY_ACCEPT_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS StartAddress, + IN UINTN Size +) +{ + MemEncryptSevSnpPreValidateSystemRam ( + StartAddress, + EFI_SIZE_TO_PAGES (Size) + ); + + return EFI_SUCCESS; +} + +STATIC EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol =3D { + AmdSevMemoryAccept +}; + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -147,6 +171,16 @@ AmdSevDxeEntryPoint ( } } =20 + Status =3D gBS->InstallProtocolInterface ( + &mAmdSevDxeHandle, + &gEfiMemoryAcceptProtocolGuid, + EFI_NATIVE_INTERFACE, + &mMemoryAcceptProtocol + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n")); + } + // // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_S= EV_SNP_BLOB. // It contains the location for both the Secrets and CPUID page. diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 9acf860cf2..5ddddabc32 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -47,6 +47,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize =20 +[Protocols] + gEfiMemoryAcceptProtocolGuid + [Guids] gConfidentialComputingSevSnpBlobGuid =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c index d3a95e4913..ee3710f7b3 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -14,6 +14,7 @@ #include =20 #include "SnpPageStateChange.h" +#include "VirtualMemory.h" =20 /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + EFI_STATUS Status; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - // - // All the pre-validation must be completed in the PEI phase. - // - ASSERT (FALSE); + // DXE pre-validation may happen with the memory accept protocol. + // The protocol should only be called outside the prevalidated ranges + // that the PEI stage code explicitly skips. Specifically, only memory + // ranges that are classified as unaccepted. + if (BaseAddress >=3D SIZE_4GB) { + Status =3D InternalMemEncryptSevCreateIdentityMap1G ( + 0, + BaseAddress, + EFI_PAGES_TO_SIZE (NumPages) + ); + if (EFI_ERROR (Status)) { + ASSERT (FALSE); + CpuDeadLoop (); + } + } + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); } --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94469): https://edk2.groups.io/g/devel/message/94469 Mute This Topic: https://groups.io/mt/93975245/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Nov 14 16:26:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94470+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94470+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1664379224; cv=none; d=zohomail.com; s=zohoarc; b=RIaci3APA/3/END6HMujO7rAUL16hsY3tAc14BDLrvJKzkfGHlXmb+0gdztE2YPPbQM0TSZNOahBCQpxbkhFD/GNmq3M0yeHqy1Xja32+Q6eMk+drU27jkZaMuzf/NaW+toI7pzFSzivD/iaf1TlqI02W21cm96lXGkBsORwjoo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664379224; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=3IqPjCC+0OQNkDPIBLD4bAzfknWbuOIoncCxUW3E96o=; b=GazS+zQHBSYVoIiJo8aHfvPBVwmM9PwN5Bpz897acuFqvhkTDnoLmaV61UOgyoEVUTrX57RjYtdMhlyrNNGqkv3Tq/2dCbEEkpkyeIfH89QlFAQgM1ldKe3GmNh8eZq4odBWhlouqSSlkBS2qawXa4/rVxe+2EFREh0vX591+sU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94470+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1664379224938852.31897551847; Wed, 28 Sep 2022 08:33:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id e82fYY1788612xcLCkGT7y1z; Wed, 28 Sep 2022 08:33:43 -0700 X-Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) by mx.groups.io with SMTP id smtpd.web12.9581.1664379222858993405 for ; Wed, 28 Sep 2022 08:33:42 -0700 X-Received: by mail-pj1-f74.google.com with SMTP id z9-20020a17090a468900b00202fdb32ba1so1204900pjf.1 for ; Wed, 28 Sep 2022 08:33:42 -0700 (PDT) X-Gm-Message-State: T6EvbnanwdlxhQAx80JWwm9rx1787277AA= X-Google-Smtp-Source: AMsMyM5FUY7GMvGev4/4fYsPjOxOJo5yUPuwL93oRz7Z2q3YofKPJiUXkkn+hZ9aZ7V1OuuAoutDSS31NYI6jpEQLg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a62:82cc:0:b0:553:e631:14f0 with SMTP id w195-20020a6282cc000000b00553e63114f0mr35197632pfd.63.1664379222108; Wed, 28 Sep 2022 08:33:42 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:19 +0000 In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220928153323.2583389-1-dionnaglaze@google.com> Message-ID: <20220928153323.2583389-3-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v4 2/6] MdeModulePkg: Add PcdEnableUnacceptedMemory From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1664379223; bh=U6ezB+Kwj1gV1cdbA/16fycXelm9ufonuctoZHzzkVA=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=g88zCRdNdoJGFKZ/K/VyzhYSC2Sjji3fwKe5ptvA+eHApx/yi+zbEIneKkT8okdl3zf 9ObXIYt/3cP6qKiFsp62Jk18p0qQ/wjUFpsp7VLsKNO5petQi2KgqccLWVFZm9lLbf6Fr /cTAjUyqD3zC/UQfSiCJGMW1hqfqnAc4J+c= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1664379225289100010 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This Pcd is used to toggle whether ExitBootServices should not accept all unaccepted memory. It's the loaded image's responsibility to enable support so that it doesn't get memory types it doesn't understand in its memory map. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Signed-off-by: Dionna Glaze --- MdeModulePkg/MdeModulePkg.dec | 6 ++++++ MdeModulePkg/MdeModulePkg.uni | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 58e6ab0048..dd07b3725a 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -2102,6 +2102,12 @@ # @Prompt The shared bit mask when Intel Tdx is enabled. gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0|UINT64|0x10000025 =20 + ## Indicates if the memory map may include unaccepted memory after ExitB= ootServices().

+ # TRUE - The memory map may include unaccepted memory after ExitBootS= ervices().
+ # FALSE - The memory map may not include unaccepted memory after ExitB= ootServices().
+ # @Prompt Support unaccepted memory type. + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE|BOOLEAN|0= x10000026 + [PcdsPatchableInModule] ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni index 33ce9f6198..fde57da123 100644 --- a/MdeModulePkg/MdeModulePkg.uni +++ b/MdeModulePkg/MdeModulePkg.uni @@ -1338,3 +1338,9 @@ #string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPcieResizableBarSupport_HELP= #language en-US "Indicates if the PCIe Resizable BAR Capability Supported.=

\n" = "TRUE - PCIe Resizable BAR Capability is supported.
\= n" = "FALSE - PCIe Resizable BAR Capability is not supported.<= BR>" + +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdEnableUnacceptedMemory_PROMP= T #language en-US "Support unaccepted memory type" +#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdEnableUnacceptedMemory_HELP = #language en-US "Indicates if the memory map may include unaccepted memory " + = "after ExitBootServices().

\n" + = "TRUE - The memory map may include unaccepted memory after= ExitBootServices().
\n" + = "FALSE - The memory map may not include unaccepted memory a= fter ExitBootServices().
\n" --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94470): https://edk2.groups.io/g/devel/message/94470 Mute This Topic: https://groups.io/mt/93975247/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Nov 14 16:26:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94471+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94471+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1664379225; cv=none; d=zohomail.com; s=zohoarc; b=mZu4QIHotOEO2kWMQ62JyVYT10f7HuuPUECjnnn4DVWZZJUwBDaM6jTi+xdq63OQVEtfouPJc5ej/Oy6fAR2a0deT13vTOQqaJafXfsjAO4s2eKjfn1Hf6GbZ0sN6LcHFm8O6JQ18lYV0KwIeGkBzYwGoBc/FTCNiIuS080J+mw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664379225; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=zGoZ4k6s2+XzP25VK8ubeOD9wYJM6gCiq0fk02yuWyU=; b=W2pErf8LIwQrtbJVqlSJV0z/fECVLzhDB252A2wLOFm6Iv9e+vj7O/eE1HnLhuFvQNarkxvE0zMyjhnDOFWJnCljBz+AJ3D8XOzoD1wU21KDmzvELpAQl2gcTCDxA8+rv6WHjzGMWQVLt1OIECXmvabFl1m92PCHdxSMvJMCHyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94471+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1664379225418998.2646571406156; Wed, 28 Sep 2022 08:33:45 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id EJf0YY1788612xRhby2xGiLR; Wed, 28 Sep 2022 08:33:45 -0700 X-Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by mx.groups.io with SMTP id smtpd.web10.9451.1664379224216609740 for ; Wed, 28 Sep 2022 08:33:44 -0700 X-Received: by mail-pl1-f201.google.com with SMTP id h11-20020a170902f54b00b001780f0f7ea7so8413984plf.9 for ; Wed, 28 Sep 2022 08:33:44 -0700 (PDT) X-Gm-Message-State: iH1KXEbaDMdMJ9l5SkGiO9gbx1787277AA= X-Google-Smtp-Source: AMsMyM5w7IoXdd2fGi0QNd45DIFRHBcHwFGB5Mtlo5ilWtf14zYW2ugNtNEyjcKK9mlVQLWmPruTHPawAyg+XsCCkg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:b8d:b0:543:6731:8b6c with SMTP id g13-20020a056a000b8d00b0054367318b6cmr35177258pfj.80.1664379223704; Wed, 28 Sep 2022 08:33:43 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:20 +0000 In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220928153323.2583389-1-dionnaglaze@google.com> Message-ID: <20220928153323.2583389-4-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v4 3/6] OvmfPkg: set PcdEnableUnacceptedMemory to FALSE From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1664379225; bh=uE+p88GCRdvs48stjtfhX1qf4/CfBwIaQjnyi+Y/o0A=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=VqHFJbuSBAJ4xa5rt1ejhOyW8PSdrQ3JB1vW/noP7JBAavHPSp5vL1/vY35fdiLn9dZ 9N8tBYFWUrgmIHGX2w8giRhfYEswE0ZZ4aeT8khzLoeJGNqW2rdhA9ZamjU5UbfGWuS2N SuHcaD8NlLPWWa8PNtUAZHNsgbI0O/Jovp4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1664379227297100013 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The default value of PcdEnableUnacceptedMemory should be FALSE in order for default safe behavior. If the next started image does not yet understand UEFI v2.9's new memory type, then it's stuck with most of its memory inaccessible. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Signed-off-by: Dionna Glaze --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/Bhyve/BhyveX64.dsc | 2 ++ OvmfPkg/CloudHv/CloudHvX64.dsc | 2 ++ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ OvmfPkg/OvmfPkgX64.dsc | 2 ++ OvmfPkg/OvmfXen.dsc | 2 ++ 7 files changed, 13 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 90e8a213ef..23086748c5 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -526,6 +526,7 @@ =20 # Set ConfidentialComputing defaults gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE =20 !include OvmfPkg/OvmfTpmPcds.dsc.inc =20 diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 475b88b21a..004be8b019 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -559,6 +559,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 # MdeModulePkg resolution sets up the system display resolution diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 10b16104ac..41f43a2631 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -618,6 +618,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index c0c1a15b09..55b6a2a845 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -514,6 +514,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index af566b953f..aebe1c3192 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -655,6 +655,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index f39d9cd117..6e4418388e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -679,6 +679,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + # Set SEV-ES defaults gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 58a7c97cdd..0f57e22a2b 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -505,6 +505,8 @@ # Set Tdx shared bit mask gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0 =20 + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 ##########################################################################= ###### --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94471): https://edk2.groups.io/g/devel/message/94471 Mute This Topic: https://groups.io/mt/93975248/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Nov 14 16:26:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94472+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94472+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1664379227; cv=none; d=zohomail.com; s=zohoarc; b=nGJK2EX5dN/9vOWE9FQM4XZxw7oFAVcqTjlKBcZo3WBkoyAo1Yl0E53d47qXFDUzRfodvJIUO6W3vod+BwEJqwrbgUr8D6F0wwb14Mh5j/PqHLxKWAuK1aNbwpyIgDoz3Bm4Vc7lcSB6/JAAl1QpvNKpvzLa25xOO5zcbxsgnWg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664379227; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=kOV6CilpgeDm7iBvtBQAarLFHOv9WyJn07BFYpfdeuo=; b=OVOjMFX14fjVhYtTk4dPcbB/6RZabJfT+jAikSmwEA9Fi27y+3hB7DbqGSVpTJcIsH07hBvFYBC7wKlH0xDjp/hxbYbDPdAKR1wPaAQay0aSAby9OnQjHPX0cp5lssJRt4epYvSaJhtkjtXIhsGRikdANxt1OF8/3XrKdkysAZM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94472+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1664379227184861.720464930761; Wed, 28 Sep 2022 08:33:47 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GJkjYY1788612xyzqayDHX5s; Wed, 28 Sep 2022 08:33:46 -0700 X-Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) by mx.groups.io with SMTP id smtpd.web08.9577.1664379226005463691 for ; Wed, 28 Sep 2022 08:33:46 -0700 X-Received: by mail-pj1-f73.google.com with SMTP id t18-20020a17090ad51200b00200aaa66422so5264298pju.0 for ; Wed, 28 Sep 2022 08:33:45 -0700 (PDT) X-Gm-Message-State: bpddZ9X15Ywb7UeYqX2d2zRIx1787277AA= X-Google-Smtp-Source: AMsMyM7ejFyhGe8adXRgoxEjgUZ7aVLExzZ2E/TtAUsuB993UWfx9N3qn7rVr7uyE/UF118IsM6/Ckkvd8i3REcNuQ== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:1ad3:b0:548:962b:4c53 with SMTP id f19-20020a056a001ad300b00548962b4c53mr34909847pfv.59.1664379225361; Wed, 28 Sep 2022 08:33:45 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:21 +0000 In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220928153323.2583389-1-dionnaglaze@google.com> Message-ID: <20220928153323.2583389-5-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v4 4/6] MdeModulePkg: DxeMain accepts all memory at EBS if needed From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1664379226; bh=p7CzrOOcZJOgx1KYykoD062dXlXm2RhLKUUma9oL61k=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=CfVXw4IVyvdzIP18Z3it9XQ1BFSo236U4tmyW4G9FYG8gnhQDR4ruGWyqQ33iAA0YOx 8eVdl5TW3U7gqvVys1rG0JaSNCa1oXpR0Pa42vTP0lOhND2iGrR3Wk+4JMORYsBYifCMh amPMH2vaYTXESH/rQrHEuUXCVkoSybFoe2I= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1664379229334100020 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" With the addition of the EfiUnacceptedMemory memory type, it is possible the EFI-enlightened guests do not themselves support the new memory type. This commit uses the new PcdEnableUnacceptedMemory to enable unaccepted memory support before ExitBootServices is called by not accepting all unaccepted memory at EBS. The expected usage is to set the new Pcd with a protocol that is usable by bootloaders and directly-booted OSes when they can determine that the OS does indeed support unaccepted memory. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Signed-off-by: Dionna Glaze --- MdeModulePkg/Core/Dxe/DxeMain.h | 10 +++ MdeModulePkg/Core/Dxe/DxeMain.inf | 2 + MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 14 +++- MdeModulePkg/Core/Dxe/Mem/Page.c | 87 ++++++++++++++++++++ 4 files changed, 112 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai= n.h index 815a6b4bd8..ac943c87a3 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -2698,6 +2698,16 @@ CoreInitializeMemoryProtection ( VOID ); =20 +/** + Accept and convert unaccepted memory to conventional memory if unaccept= ed + memory is not enabled and there is an implementation of MemoryAcceptPro= tocol + installed. + **/ +EFI_STATUS +CoreResolveUnacceptedMemory ( + VOID + ); + /** Install MemoryAttributesTable on memory allocation. =20 diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeM= ain.inf index e4bca89577..deb8bb2ba8 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.inf +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf @@ -153,6 +153,7 @@ gEfiHiiPackageListProtocolGuid ## SOMETIMES_PRODUCES gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES gEdkiiPeCoffImageEmulatorProtocolGuid ## SOMETIMES_CONSUMES + gEfiMemoryAcceptProtocolGuid ## SOMETIMES_CONSUMES =20 # Arch Protocols gEfiBdsArchProtocolGuid ## CONSUMES @@ -186,6 +187,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask = ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard = ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth = ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory = ## CONSUMES =20 # [Hob] # RESOURCE_DESCRIPTOR ## CONSUMES diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dx= e/DxeMain/DxeMain.c index 5733f0c8ec..8d1de32fe7 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c +++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c @@ -768,13 +768,25 @@ CoreExitBootServices ( // gTimer->SetTimerPeriod (gTimer, 0); =20 + // + // Accept all memory if unaccepted memory isn't enabled. + // + Status =3D CoreResolveUnacceptedMemory(); + if (EFI_ERROR (Status)) { + // + // Notify other drivers that ExitBootServices failed + // + CoreNotifySignalList (&gEventExitBootServicesFailedGuid); + return Status; + } + // // Terminate memory services if the MapKey matches // Status =3D CoreTerminateMemoryMap (MapKey); if (EFI_ERROR (Status)) { // - // Notify other drivers that ExitBootServices fail + // Notify other drivers that ExitBootServices failed // CoreNotifySignalList (&gEventExitBootServicesFailedGuid); return Status; diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/P= age.c index ffe79dcca9..cbebe62a28 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "DxeMain.h" #include "Imem.h" #include "HeapGuard.h" +#include +#include =20 // // Entry for tracking the memory regions for each memory type to coalesce = similar memory types @@ -2118,6 +2120,91 @@ CoreFreePoolPages ( CoreConvertPages (Memory, NumberOfPages, EfiConventionalMemory); } =20 +EFI_EVENT gExitBootServiceEvent =3D NULL; + +STATIC +EFI_STATUS +AcceptAllUnacceptedMemory ( + IN EFI_MEMORY_ACCEPT_PROTOCOL *AcceptMemory + ) +{ + EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; + UINTN NumEntries; + UINTN Index; + EFI_STATUS Status; + + /* + * Get a copy of the memory space map to iterate over while + * changing the map. + */ + Status =3D CoreGetMemorySpaceMap (&NumEntries, &AllDescMap); + if (EFI_ERROR (Status)) { + return Status; + } + for (Index =3D 0; Index < NumEntries; Index++) { + CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc; + + Desc =3D &AllDescMap[Index]; + if (Desc->GcdMemoryType !=3D EfiGcdMemoryTypeUnaccepted) { + continue; + } + + Status =3D AcceptMemory->AcceptMemory ( + AcceptMemory, + Desc->BaseAddress, + Desc->Length + ); + if (EFI_ERROR(Status)) { + goto done; + } + + Status =3D CoreRemoveMemorySpace(Desc->BaseAddress, Desc->Length); + if (EFI_ERROR(Status)) { + goto done; + } + + Status =3D CoreAddMemorySpace ( + EfiGcdMemoryTypeSystemMemory, + Desc->BaseAddress, + Desc->Length, + EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_RP + ); + if (EFI_ERROR(Status)) { + goto done; + } + } + +done: + FreePool (AllDescMap); + return Status; +} + +EFI_STATUS +CoreResolveUnacceptedMemory ( + VOID + ) +{ + EFI_MEMORY_ACCEPT_PROTOCOL *AcceptMemory; + EFI_STATUS Status; + + // No need to accept anything. Unaccepted memory is enabled. + if (PcdGetBool(PcdEnableUnacceptedMemory)) { + return EFI_SUCCESS; + } + + Status =3D gBS->LocateProtocol (&gEfiMemoryAcceptProtocolGuid, NULL, + (VOID **)&AcceptMemory); + if (Status =3D=3D EFI_NOT_FOUND) { + return EFI_SUCCESS; + } + if (Status !=3D EFI_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Error locating MemoryAcceptProtocol: %d\n", Stat= us)); + return Status; + } + + return AcceptAllUnacceptedMemory(AcceptMemory); +} + /** Make sure the memory map is following all the construction rules, it is the last time to check memory map error before exit boot services. --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94472): https://edk2.groups.io/g/devel/message/94472 Mute This Topic: https://groups.io/mt/93975251/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Nov 14 16:26:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94473+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94473+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1664379228; cv=none; d=zohomail.com; s=zohoarc; b=L4bWDBKiLUGRzyDnEh5gayLpvlLr4PgwqMCOBmv5Qmgs42ZdWuws69n8rKB/zEnLRuh/Qk6wfwev4Fuq81lVxRof/xH/i76TA5W1B2tHlij+M/YaehMTXwz2T8qrNSrEvcbRDcJCeuWbokgyWFIbK8f2b+scFntv6Nfna2bV8oQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664379228; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=jkPuL0UKFe7bIGHlbDlgaIHbCwYdxDwzqra/X7iipfc=; b=Xk02swsIR/RBPRBVgr2COnZnzSV9LqyZH8d0o6EOsY27tulxgc8QFScZMKGjKLsNYbKYga9hz1dFFKp/U2i/sgP+Xztiob570cuKwc5U32up1ki7O8itr+AjZM6v0FFcbUTxMY5wZ141wyXZzzDed0pB/tcNwsB5/3tAIfgSBT4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94473+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1664379228905446.0305397259723; Wed, 28 Sep 2022 08:33:48 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id QtQDYY1788612xeTXIBSqGRH; Wed, 28 Sep 2022 08:33:48 -0700 X-Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) by mx.groups.io with SMTP id smtpd.web09.9502.1664379227899030940 for ; Wed, 28 Sep 2022 08:33:48 -0700 X-Received: by mail-pg1-f201.google.com with SMTP id g66-20020a636b45000000b0043a256d3639so7627556pgc.12 for ; Wed, 28 Sep 2022 08:33:47 -0700 (PDT) X-Gm-Message-State: OCXTCGEJKonNZefefAyOAJjix1787277AA= X-Google-Smtp-Source: AMsMyM4XPZZzCi0yaUMdOcN8GaL1DCwxG849RooDebXYRweJcm1czGvMm1v7TuPIBSoRHTbQr/JthmyA6FFgdX3j3Q== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a65:48ca:0:b0:43c:b43f:7b25 with SMTP id o10-20020a6548ca000000b0043cb43f7b25mr15075886pgs.538.1664379227041; Wed, 28 Sep 2022 08:33:47 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:22 +0000 In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220928153323.2583389-1-dionnaglaze@google.com> Message-ID: <20220928153323.2583389-6-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v4 5/6] MdeModulePkg: add EnableUnacceptedMemoryProtocol From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky , Ard Biesheuvel Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1664379228; bh=i1BSC7jMeaD/hvU1Cx3iWPsOkm091ejGwG4mWw0iPy4=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=OGVjs9VW4m0atpwtVfm3pktm5vGmP60Ir4WLd32+qrINPeBSdizhP8UyNEUF30RXqwz La9Qhd1vxvsjY76r1WOfxCo1TnIh2INU9oU2edVAId7G3tm/wRC/aka0X2wnaj7fnIINb kZ4nuu1WNmTIjh3HdLk0/T02rVrJVXjTfOk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1664379229288100017 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a simple protocol that enables the use of the unaccepted memory type. Must be called before ExitBootServices to be effective. Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Ard Biesheuvel Signed-off-by: Dionna Glaze --- MdeModulePkg/Core/Dxe/DxeMain.h | 22 ++++++++++++ MdeModulePkg/Core/Dxe/DxeMain.inf | 3 +- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 5 +++ MdeModulePkg/Core/Dxe/Mem/Page.c | 35 ++++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 3 ++ 5 files changed, 67 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMai= n.h index ac943c87a3..5f0114b04f 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.h +++ b/MdeModulePkg/Core/Dxe/DxeMain.h @@ -2708,6 +2708,28 @@ CoreResolveUnacceptedMemory ( VOID ); =20 + +typedef struct _ENABLE_UNACCEPTED_MEMORY_PROTOCOL + ENABLE_UNACCEPTED_MEMORY_PROTOCOL; + +typedef EFI_STATUS (EFIAPI *ENABLE_UNACCEPTED_MEMORY)( + IN ENABLE_UNACCEPTED_MEMORY_PROTOCOL * + ); + +struct _ENABLE_UNACCEPTED_MEMORY_PROTOCOL { + ENABLE_UNACCEPTED_MEMORY Enable; +}; + +extern EFI_GUID gEnableUnacceptedMemoryProtocolGuid; + +/** + Implement the protocol for enabling unaccepted memory. + **/ +VOID +InstallEnableUnacceptedMemoryProtocol ( + VOID + ); + /** Install MemoryAttributesTable on memory allocation. =20 diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeM= ain.inf index deb8bb2ba8..39dcac98bb 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain.inf +++ b/MdeModulePkg/Core/Dxe/DxeMain.inf @@ -122,6 +122,7 @@ gEfiMemoryAttributesTableGuid ## SOMETIMES_PRODUCES ##= SystemTable gEfiEndOfDxeEventGroupGuid ## SOMETIMES_CONSUMES ##= Event gEfiHobMemoryAllocStackGuid ## SOMETIMES_CONSUMES ##= SystemTable + gEnableUnacceptedMemoryProtocolGuid ## PRODUCES ##= GUID # Install protocol =20 [Ppis] gEfiVectorHandoffInfoPpiGuid ## UNDEFINED # HOB @@ -187,7 +188,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask = ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard = ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth = ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory = ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory = ## CONSUMES ## SOMETIMES_PRODUCES =20 # [Hob] # RESOURCE_DESCRIPTOR ## CONSUMES diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dx= e/DxeMain/DxeMain.c index 8d1de32fe7..bc1a8ab6b2 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c +++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c @@ -354,6 +354,11 @@ DxeMain ( Status =3D CoreInstallConfigurationTable (&gEfiMemoryTypeInformationGuid= , &gMemoryTypeInformation); ASSERT_EFI_ERROR (Status); =20 + // + // Install unaccepted memory configuration protocol + // + InstallEnableUnacceptedMemoryProtocol(); + // // If Loading modules At fixed address feature is enabled, install Load = moduels at fixed address // Configuration Table so that user could easily to retrieve the top add= ress to load Dxe and PEI diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/P= age.c index cbebe62a28..10e152d80d 100644 --- a/MdeModulePkg/Core/Dxe/Mem/Page.c +++ b/MdeModulePkg/Core/Dxe/Mem/Page.c @@ -96,6 +96,14 @@ EFI_MEMORY_TYPE_INFORMATION gMemoryTypeInformation[EfiM= axMemoryType + 1] =3D { // GLOBAL_REMOVE_IF_UNREFERENCED BOOLEAN gLoadFixedAddressCodeMemoryReady = =3D FALSE; =20 +EFI_STATUS EFIAPI CoreEnableUnacceptedMemory(IN ENABLE_UNACCEPTED_MEMORY_P= ROTOCOL *); + +struct { + ENABLE_UNACCEPTED_MEMORY enable; +} mEnableUnacceptedMemoryProtocol =3D { + CoreEnableUnacceptedMemory, +}; + /** Enter critical section by gaining lock on gMemoryLock. =20 @@ -2205,6 +2213,33 @@ CoreResolveUnacceptedMemory ( return AcceptAllUnacceptedMemory(AcceptMemory); } =20 +EFI_STATUS +EFIAPI +CoreEnableUnacceptedMemory ( + IN ENABLE_UNACCEPTED_MEMORY_PROTOCOL *This + ) +{ + return PcdSetBoolS(PcdEnableUnacceptedMemory, TRUE); +} + +VOID +InstallEnableUnacceptedMemoryProtocol ( + VOID + ) +{ + EFI_HANDLE Handle; + EFI_STATUS Status; + + Handle =3D NULL; + Status =3D CoreInstallMultipleProtocolInterfaces ( + &Handle, + &gEnableUnacceptedMemoryProtocolGuid, + &mEnableUnacceptedMemoryProtocol, + NULL + ); + ASSERT_EFI_ERROR (Status); +} + /** Make sure the memory map is following all the construction rules, it is the last time to check memory map error before exit boot services. diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index dd07b3725a..ce72c06a93 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -244,6 +244,9 @@ gEdkiiPerformanceMeasurementProtocolGuid =3D { 0xc85d06be, 0x5f75, = 0x48ce, { 0xa8, 0x0f, 0x12, 0x36, 0xba, 0x3b, 0x87, 0xb1 } } gEdkiiSmmPerformanceMeasurementProtocolGuid =3D { 0xd56b6d73, 0x1a7b, = 0x4015, { 0x9b, 0xb4, 0x7b, 0x07, 0x17, 0x29, 0xed, 0x24 } } =20 + ## Bootloader protocol Guid for enabling unaccepted memory support. + gEnableUnacceptedMemoryProtocolGuid =3D { 0xc5a010fe, 0x38a7, 0x4531, { = 0x8a, 0x4a, 0x05, 0x00, 0xd2, 0xfd, 0x16, 0x49 } } + ## Guid is defined for CRC32 encapsulation scheme. # Include/Guid/Crc32GuidedSectionExtraction.h gEfiCrc32GuidedSectionExtractionGuid =3D { 0xFC1BCDB0, 0x7D31, 0x49aa, {= 0x93, 0x6A, 0xA4, 0x60, 0x0D, 0x9D, 0xD0, 0x83 } } --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94473): https://edk2.groups.io/g/devel/message/94473 Mute This Topic: https://groups.io/mt/93975254/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu Nov 14 16:26:55 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+94474+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94474+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1664379231; cv=none; d=zohomail.com; s=zohoarc; b=YSLzJSpzj+ho8x3/y7AXNq5VMzDJc0sdz6wFW4MvRAM02KryQlGYlpOXE9lZuRkuNHBe4WePL7cATq52TircOQ8Cw4feJLU8KjRUqH5iKioPshoT9Z+jVRNXUM+NFyvaegzyP7MGfsWWiiVWjLJVdTx0MEe7LzLPxSTFtDDGOww= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664379231; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Xeaa7vbsC7iXsc+T54TtvxDSsIp+913+FdEgSgxnxLA=; b=TrnjNVXYlrQrUzQDNiIk3QCP1R8AYYNT7kOyCfzYWRQw83I1FdbC1WRU4UbU7Gif55TsphlzzBKP8T6Xy/GzUtlnL45Cd1hmvMvN/+V/eCl+RgquvWZN1urEEsNJRkzwffbkSWVShOyOa/k5YPeOjXfhN7FgDW+oFS2YrOGFkHo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+94474+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1664379231700470.23040727442526; Wed, 28 Sep 2022 08:33:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xvI5YY1788612xV8DR5bFVE5; Wed, 28 Sep 2022 08:33:50 -0700 X-Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) by mx.groups.io with SMTP id smtpd.web10.9452.1664379229517397355 for ; Wed, 28 Sep 2022 08:33:49 -0700 X-Received: by mail-pg1-f201.google.com with SMTP id e187-20020a6369c4000000b0041c8dfb8447so7692004pgc.23 for ; Wed, 28 Sep 2022 08:33:49 -0700 (PDT) X-Gm-Message-State: 1cUmI4fE7pk52MUai8H6bD79x1787277AA= X-Google-Smtp-Source: AMsMyM5+qooofjM/TOJqLewQZKDxNgM93OKNhwID0s1CVONV7ieLVzbUNijgRsBSNA3opSsvpRafuegoW2wBBh1/Tg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:90b:1c8b:b0:203:dcf1:128a with SMTP id oo11-20020a17090b1c8b00b00203dcf1128amr10797413pjb.182.1664379228867; Wed, 28 Sep 2022 08:33:48 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:23 +0000 In-Reply-To: <20220928153323.2583389-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20220928153323.2583389-1-dionnaglaze@google.com> Message-ID: <20220928153323.2583389-7-dionnaglaze@google.com> Subject: [edk2-devel] [PATCH v4 6/6] OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted From: "Dionna Glaze via groups.io" To: devel@edk2.groups.io Cc: Dionna Glaze , Ard Biescheuvel , "Min M. Xu" , Gerd Hoffmann , James Bottomley , Tom Lendacky , Jiewen Yao , Erdem Aktas Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dionnaglaze@google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1664379230; bh=90RnkxdKUueLMJX/xMJe+uayQq7Q7QGcW9TTK72M0OI=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=fAeYo4w1Cb9pkGk38aXfHcQHO3feNkQthCgqYIPhw2q8IfUgTPOAoAiAp8zlxuCjvmH 1LF6VC6HgHSKLOWdr+fRWiZkyHNW95pCjhgLBCUw/F+n3xbBsZpsLw/pPLo41o+Vp89nd uGRM5tyPmbLrzkDIlYW9wuXDEBBP88cZIDk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1664379233334100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Instead of eagerly accepting all memory in PEI, only accept memory under the 4GB address. This allows a loaded image to use the ENABLE_UNACCEPTED_MEMORY_PROTOCOL to indicate that it can interpret the memory type accordingly. This classification is safe since ExitBootServices will accept and reclassify the memory as conventional if the enable protocol is not used. Cc: Ard Biescheuvel Cc: "Min M. Xu" Cc: Gerd Hoffmann Cc: James Bottomley Cc: Tom Lendacky Cc: Jiewen Yao Cc: Erdem Aktas Signed-off-by: Dionna Glaze --- OvmfPkg/PlatformPei/AmdSev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 385562b44c..2a52d6f491 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include @@ -63,6 +64,10 @@ AmdSevSnpInitialize ( for (Hob.Raw =3D GetHobList (); !END_OF_HOB_LIST (Hob); Hob.Raw =3D GET_= NEXT_HOB (Hob)) { if ((Hob.Raw !=3D NULL) && (GET_HOB_TYPE (Hob) =3D=3D EFI_HOB_TYPE_RES= OURCE_DESCRIPTOR)) { ResourceHob =3D Hob.ResourceDescriptor; + if (ResourceHob->PhysicalStart >=3D SIZE_4GB) { + ResourceHob->ResourceType =3D EFI_RESOURCE_MEMORY_UNACCEPTED; + continue; + } =20 if (ResourceHob->ResourceType =3D=3D EFI_RESOURCE_SYSTEM_MEMORY) { MemEncryptSevSnpPreValidateSystemRam ( --=20 2.37.3.998.g577e59143f-goog -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#94474): https://edk2.groups.io/g/devel/message/94474 Mute This Topic: https://groups.io/mt/93975256/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-