From nobody Mon Feb  9 11:33:37 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+99050+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+99050+1787277+3901457@groups.io
ARC-Seal: i=1; a=rsa-sha256; t=1674694616; cv=none;
	d=zohomail.com; s=zohoarc;
	b=JBwY0fOZazjE/ii+4fTFPyTkk7SoMu97pTYf3KNs0KBRz6CEahCAlMLbX4M/uBmZ4mKgvmSirFSk1BCv0zy1mrCWmY5roS+gbs1nRfISNnwx7syXCEeUuzg0PQcGZN43MS8L+8988GZ0Z4CrpezzKmEqdOgLHM6gFwJPav/9Eig=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1674694616;
 h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=CILa/N6eWRDR9Vq8FUuNMup3wcB46/sGBdSOzsw2Wk8=;
	b=Q/q7RwTE9m81eWHYMei/5YgGDYQvtxWdxKW5HFVRpk3ir96aFZvwfEP8ipN7nv/6VuOqKMB9KuT4K1r37mN3paSSEQuXP+Ln+Mwpzrf4UADDptwlkZilcTPMkyWtlOtcC/dBY3v6gqMB3jn3JVoUxivLakMlUuwCwO37+2a/7ik=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)  smtp.mailfrom=bounce+27952+99050+1787277+3901457@groups.io
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1674694616404933.7920557895561;
 Wed, 25 Jan 2023 16:56:56 -0800 (PST)
Return-Path: <bounce+27952+99050+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id VDoYYY1788612xh2cjur8KeS;
 Wed, 25 Jan 2023 16:56:56 -0800
X-Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
 by mx.groups.io with SMTP id smtpd.web10.63533.1674694615382100831
 for <devel@edk2.groups.io>;
 Wed, 25 Jan 2023 16:56:55 -0800
X-Received: by mail-pf1-f201.google.com with SMTP id
 s4-20020a056a00194400b0058d9b9fecb6so161092pfk.1
        for <devel@edk2.groups.io>; Wed, 25 Jan 2023 16:56:55 -0800 (PST)
X-Gm-Message-State: m3pJdgqPVi7Sla5BpeHE24elx1787277AA=
X-Google-Smtp-Source: 
 AMrXdXuc9VBssLdY5fSnaLDJdEgtQH6eVmXFXCxp2nVtMyjZcgz5cxUu82/C2NoFnUNITxnkMcvhXsxp0RaeHlIuyw==
X-Received: from dionnaglaze.c.googlers.com
 ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6])
 (user=dionnaglaze job=sendgmr) by 2002:a63:5753:0:b0:499:7f08:40c3 with SMTP
 id h19-20020a635753000000b004997f0840c3mr3762633pgm.80.1674694614600; Wed, 25
 Jan 2023 16:56:54 -0800 (PST)
Date: Thu, 26 Jan 2023 00:56:44 +0000
In-Reply-To: <20230126005647.3019225-1-dionnaglaze@google.com>
Mime-Version: 1.0
References: <20230126005647.3019225-1-dionnaglaze@google.com>
Message-ID: <20230126005647.3019225-2-dionnaglaze@google.com>
Subject: [edk2-devel] [PATCH v10 1/4] OvmfPkg: Add memory acceptance event in
 AmdSevDxe
From: "Dionna Glaze via groups.io" <dionnaglaze=google.com@groups.io>
To: devel@edk2.groups.io
Cc: Dionna Glaze <dionnaglaze@google.com>, Gerd Hoffmann <kraxel@redhat.com>,
	James Bottomley <jejb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>, Ard Biesheuvel <ardb@kernel.org>,
	"Min M. Xu" <min.m.xu@intel.com>, Andrew Fish <afish@apple.com>,
	"Michael D. Kinney" <michael.d.kinney@intel.com>
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dionnaglaze@google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1674694616;
 bh=7xVEPSMZ/nDoaazxKcDtiMZHv//zZUrJHK6xxjE9ETk=;
 h=Cc:Content-Type:Date:From:Reply-To:Subject:To;
 b=EKDW7m0Nh3qhlUduwRCZUdcS10KbLxIlM8ilfneY0kQVGcVtSl9GyDPDXuNRiOYG59Z
 dK/NHjobWxKlvT6xEV7wBEjNpifByFoybuj6GSqIhZTSsnrkecZqLr2EK47npK0iqQeeu
 W2y6ifcfcA5bvh6sr7K6DPd9XXPa2nFNAU8=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1674694618075100007
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The added behavior is to accept all unaccepted memory at
ExitBootServices if the behavior is not disabled. This allows safe
upgrades for OS loaders to affirm their support for the unaccepted
memory type.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: "Min M. Xu" <min.m.xu@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: "Michael D. Kinney" <michael.d.kinney@intel.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 OvmfPkg/AmdSevDxe/AmdSevDxe.c   | 109 ++++++++++++++++++++
 OvmfPkg/AmdSevDxe/AmdSevDxe.inf |   1 +
 2 files changed, 110 insertions(+)

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index f7600c3c81..5eec76fea2 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -20,6 +20,7 @@
 #include <Library/UefiBootServicesTableLib.h>
 #include <Guid/ConfidentialComputingSevSnpBlob.h>
 #include <Library/PcdLib.h>
+#include <Pi/PrePiDxeCis.h>
 #include <Protocol/MemoryAccept.h>
=20
 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable =3D {
@@ -34,6 +35,10 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBoo=
tDxeTable =3D {
=20
 STATIC EFI_HANDLE  mAmdSevDxeHandle =3D NULL;
=20
+STATIC BOOLEAN  mAcceptAllMemoryAtEBS =3D TRUE;
+
+STATIC EFI_EVENT  mAcceptAllMemoryEvent =3D NULL;
+
 #define IS_ALIGNED(x, y)  ((((x) & ((y) - 1)) =3D=3D 0))
=20
 STATIC
@@ -62,6 +67,94 @@ AmdSevMemoryAccept (
   return EFI_SUCCESS;
 }
=20
+STATIC
+EFI_STATUS
+AcceptAllMemory (
+  IN EDKII_MEMORY_ACCEPT_PROTOCOL  *AcceptMemory
+  )
+{
+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *AllDescMap;
+  UINTN                            NumEntries;
+  UINTN                            Index;
+  EFI_STATUS                       Status;
+
+  DEBUG ((DEBUG_INFO, "Accepting all memory\n"));
+
+  /*
+   * Get a copy of the memory space map to iterate over while
+   * changing the map.
+   */
+  Status =3D gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  for (Index =3D 0; Index < NumEntries; Index++) {
+    CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *Desc;
+
+    Desc =3D &AllDescMap[Index];
+    if (Desc->GcdMemoryType !=3D EFI_GCD_MEMORY_TYPE_UNACCEPTED) {
+      continue;
+    }
+
+    Status =3D AcceptMemory->AcceptMemory (
+                             AcceptMemory,
+                             Desc->BaseAddress,
+                             Desc->Length
+                             );
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+
+    Status =3D gDS->RemoveMemorySpace (Desc->BaseAddress, Desc->Length);
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+
+    Status =3D gDS->AddMemorySpace (
+                    EfiGcdMemoryTypeSystemMemory,
+                    Desc->BaseAddress,
+                    Desc->Length,
+                    EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO =
| EFI_MEMORY_RP
+                    );
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+  }
+
+  gBS->FreePool (AllDescMap);
+  return Status;
+}
+
+VOID
+EFIAPI
+ResolveUnacceptedMemory (
+  IN EFI_EVENT  Event,
+  IN VOID       *Context
+  )
+{
+  EDKII_MEMORY_ACCEPT_PROTOCOL  *AcceptMemory;
+  EFI_STATUS                    Status;
+
+  if (!mAcceptAllMemoryAtEBS) {
+    return;
+  }
+
+  Status =3D gBS->LocateProtocol (
+                  &gEdkiiMemoryAcceptProtocolGuid,
+                  NULL,
+                  (VOID **)&AcceptMemory
+                  );
+  if (Status =3D=3D EFI_NOT_FOUND) {
+    return;
+  }
+
+  ASSERT_EFI_ERROR (Status);
+
+  Status =3D AcceptAllMemory (AcceptMemory);
+  ASSERT_EFI_ERROR (Status);
+}
+
 STATIC EDKII_MEMORY_ACCEPT_PROTOCOL  mMemoryAcceptProtocol =3D {
   AmdSevMemoryAccept
 };
@@ -195,6 +288,22 @@ AmdSevDxeEntryPoint (
                     );
     ASSERT_EFI_ERROR (Status);
=20
+    // SEV-SNP support does not automatically imply unaccepted memory supp=
ort,
+    // so make ExitBootServices accept all unaccepted memory if support is
+    // not communicated.
+    Status =3D gBS->CreateEventEx (
+                    EVT_NOTIFY_SIGNAL,
+                    TPL_CALLBACK,
+                    ResolveUnacceptedMemory,
+                    NULL,
+                    &gEfiEventBeforeExitBootServicesGuid,
+                    &mAcceptAllMemoryEvent
+                    );
+
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for Event=
BeforeExitBootServices failed.\n"));
+    }
+
     //
     // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING=
_SEV_SNP_BLOB.
     // It contains the location for both the Secrets and CPUID page.
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.=
inf
index cd1b686c53..5b443d45bc 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -52,6 +52,7 @@
=20
 [Guids]
   gConfidentialComputingSevSnpBlobGuid
+  gEfiEventBeforeExitBootServicesGuid
=20
 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
--=20
2.39.1.456.gfc5497dd1b-goog



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#99050): https://edk2.groups.io/g/devel/message/99050
Mute This Topic: https://groups.io/mt/96534752/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-