public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>, edk2-devel@lists.01.org
Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com,
	Jordan Justen <jordan.l.justen@intel.com>
Subject: Re: [RFC v4 09/13] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for SEC phase
Date: Thu, 11 May 2017 18:24:45 +0200	[thread overview]
Message-ID: <08fc7dad-dc56-7b2e-ed71-9764986491a0@redhat.com> (raw)
In-Reply-To: <1494454162-9940-10-git-send-email-brijesh.singh@amd.com>

On 05/11/17 00:09, Brijesh Singh wrote:
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf |  1 +
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c      | 57 ++++++++++++++++++++
>  2 files changed, 58 insertions(+)
> 
> diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf
> index 7a96575d1851..b782ac6c0aa2 100644
> --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf
> +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf
> @@ -45,4 +45,5 @@ [LibraryClasses]
>    DebugLib
>    IoLib
>    MemoryAllocationLib
> +  MemEncryptSevLib

This will not compile. More below.

>  
> diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c
> index 465ccbe90dad..cd04cc814063 100644
> --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c
> +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSec.c
> @@ -6,6 +6,7 @@
>  
>    Copyright (C) 2013, Red Hat, Inc.
>    Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>
>  
>    This program and the accompanying materials are licensed and made available
>    under the terms and conditions of the BSD License which accompanies this
> @@ -18,6 +19,7 @@
>  
>  #include <Library/DebugLib.h>
>  #include <Library/QemuFwCfgLib.h>
> +#include <Library/MemEncryptSevLib.h>
>  
>  #include "QemuFwCfgLibInternal.h"
>  
> @@ -94,3 +96,58 @@ InternalQemuFwCfgDmaIsAvailable (
>  {
>    return FALSE;
>  }
> +
> +/**
> +
> + Returns a boolean indicating whether SEV is enabled
> +
> + @retval    TRUE    SEV is enabled
> + @retval    FALSE   SEV is disabled
> +**/
> +BOOLEAN
> +InternalQemuFwCfgSevIsEnabled (
> +  VOID
> +  )
> +{
> +  return MemEncryptSevIsEnabled ();
> +}

So, this is not right. We have one instance of MemEncryptSevLib, namely
BaseMemEncryptSevLib. It uses / needs writeable static variables,
therefore it is not usable in SEC phase modules. QemuFwCfgSecLib.inf is
restricted to SEC type client modules, so the above function call would
not work.

Thankfully, this patch won't even compile (showcasing that the edk2
build system works fine). Namely, corresponding to the writeable static
variable requirement in BaseMemEncryptSevLib, we restricted that library
instance to the following client module types:

PEIM DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER

Whereas, QemuFwCfgSecLib.inf itself is restricted to SEC.

The result is, if you try to build QemuFwCfgSecLib.inf into a SEC
module, the client module type restrictions inherited from
BaseMemEncryptSevLib will cause a build conflict. Otherwise, if you try
to build QemuFwCfgSecLib.inf into, say, a PEIM, then
QemuFwCfgSecLib.inf's own SEC restriction will cause a build conflict.

So this patch cannot compile.

You didn't find this in your testing because OVMF currently has no SEC
phase module that uses fw_cfg -- QemuFwCfgSecLib.inf is never built. You
can manually build it like this, for example (note the "-m" option):

  build -a X64 -p OvmfPkg/OvmfPkgX64.dsc -t GCC48 -b DEBUG \
    -m OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf

(a) One solution is what I wrote in
<http://mid.mail-archive.com/a07a25d1-0aec-4176-312f-198bf10e29d1@redhat.com>:

> (2) Implement InternalQemuFwCfgSevIsEnabled() in "QemuFwCfgSec.c"
> without using global variables (i.e., with a CPUID on each call, on
> AMD processors, and return constant FALSE on Intel processors).

So basically you should open-code MemEncryptSevIsEnabled() here, without
using any global variables.

(b) Now, a "by the book" solution would be to introduce a SEC instance
of MemEncryptSevLib as well, which would execute CPUID on every
MemEncryptSevIsEnabled() call, and return RETURN_UNSUPPORTED from both
MemEncryptSevClearPageEncMask() and MemEncryptSevSetPageEncMask(),
regardless of architecture (IA32 vs X64). Then this patch would compile
as-is.

(c) But, I don't want to contribute to the proliferation, or growth, of
library instances that are never used in reality. So I dislike both (a)
and (b) above. The only reason we care about QemuFwCfgLib, with regard
to SEV, is because QemuFwCfgLib *sometimes* uses DMA, and SEV has
consequences for DMA.

Notice though that the SEC instance of InternalQemuFwCfgDmaIsAvailable()
returns constant FALSE. This is why it is fine to put ASSERT(FALSE) /
CpuDeadLoop() in the bounce buffer alloc / dealloc routines: they will
never be called.

With the same argument (i.e., we'll never use DMA fw_cfg in SEC), it is
entirely irrelevant for this lib instance whether SEV is present or not.
So I suggest to simply return FALSE from InternalQemuFwCfgSevIsEnabled()
above, and to remark there, in a comment, that
InternalQemuFwCfgDmaIsAvailable() returns constant FALSE, hence SEV
availability is irrelevant.

Thanks,
Laszlo

> +
> +/**
> + Allocate a bounce buffer for SEV DMA.
> +
> +  @param[in]     NumPage  Number of pages.
> +  @param[out]    Buffer   Allocated DMA Buffer pointer
> +
> +**/
> +VOID
> +InternalQemuFwCfgSevDmaAllocateBuffer (
> +  IN     UINT32   NumPages,
> +  OUT    VOID     **Buffer
> +  )
> +{
> +  //
> +  // We should never reach here
> +  //
> +  ASSERT (FALSE);
> +  CpuDeadLoop ();
> +}
> +
> +/**
> + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer
> +
> +  @param[in]     NumPage  Number of pages.
> +  @param[in]     Buffer   DMA Buffer pointer
> +
> +**/
> +VOID
> +InternalQemuFwCfgSevDmaFreeBuffer (
> +  IN     VOID     *Buffer,
> +  IN     UINT32   NumPages
> +  )
> +{
> +  //
> +  // We should never reach here
> +  //
> +  ASSERT (FALSE);
> +  CpuDeadLoop ();
> +}
> 



  reply	other threads:[~2017-05-11 16:24 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-10 22:09 [RFC v4 00/13] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-05-10 22:09 ` [RFC v4 01/13] UefiCpuPkg: Define AMD Memory Encryption specific CPUID and MSR Brijesh Singh
2017-05-11  0:30   ` Fan, Jeff
2017-05-10 22:09 ` [RFC v4 02/13] OvmfPkg/ResetVector: Set C-bit when building initial page table Brijesh Singh
2017-05-11 11:40   ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 03/13] OvmfPkg: Update dsc to use IoLib from BaseIoLibIntrinsicSev.inf Brijesh Singh
2017-05-11 11:46   ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 04/13] OvmfPkg/BaseMemcryptSevLib: Add SEV helper library Brijesh Singh
2017-05-11 14:04   ` Laszlo Ersek
2017-05-11 18:03     ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 05/13] OvmfPkg/PlatformPei: Set memory encryption PCD when SEV is enabled Brijesh Singh
2017-05-11 14:37   ` Laszlo Ersek
2017-05-11 18:04     ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 06/13] OvmfPkg:AmdSevDxe: add AmdSevDxe driver Brijesh Singh
2017-05-11  0:56   ` Yao, Jiewen
2017-05-11 15:19   ` Laszlo Ersek
2017-05-11 15:53     ` Laszlo Ersek
2017-05-11 17:43       ` Jordan Justen
2017-05-11 18:01         ` Brijesh Singh
2017-05-15 17:47           ` Jordan Justen
2017-05-16 12:04             ` Brijesh Singh
2017-05-16 17:56               ` Jordan Justen
2017-05-16 20:25                 ` Brijesh Singh
2017-05-18  8:50                   ` Laszlo Ersek
2017-05-11 20:14         ` Laszlo Ersek
2017-05-11 18:12     ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 07/13] OvmfPkg/QemuFwCfgLib: Provide Pei and Dxe specific library Brijesh Singh
2017-05-11 15:40   ` Laszlo Ersek
2017-05-11 18:16     ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 08/13] OvmfPkg/QemuFwCfgLib: Prepare for SEV support Brijesh Singh
2017-05-11 15:57   ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 09/13] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for SEC phase Brijesh Singh
2017-05-11 16:24   ` Laszlo Ersek [this message]
2017-05-11 18:21     ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 10/13] OvmfPkg/QemuFwCfgLib: Implement SEV internal functions for PEI phase Brijesh Singh
2017-05-11 16:38   ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 11/13] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for Dxe phase Brijesh Singh
2017-05-11 17:07   ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 12/13] OvmfPkg/QemuFwCfgLib: Add option to dynamic alloc FW_CFG_DMA Access Brijesh Singh
2017-05-11 17:10   ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 13/13] OvmfPkg/QemuFwCfgLib: Add SEV support Brijesh Singh
2017-05-11 17:44   ` Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=08fc7dad-dc56-7b2e-ed71-9764986491a0@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox