From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <brijesh.ksingh@gmail.com>
Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com
 [IPv6:2607:f8b0:4003:c06::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id B25CA80380
 for <edk2-devel@ml01.01.org>; Tue, 21 Mar 2017 13:59:50 -0700 (PDT)
Received: by mail-oi0-x242.google.com with SMTP id a94so7257903oic.0
 for <edk2-devel@ml01.01.org>; Tue, 21 Mar 2017 13:59:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:subject:to:cc:date:message-id:in-reply-to:references
 :user-agent:mime-version:content-transfer-encoding;
 bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=;
 b=Pq8q9IF1kcQhuQkyX/Iqyz4LwnJIF7tgCZyt1+1LzoGfFyqec+oOLEwxFrWm5eI4KR
 9AuEA69nj3DbyfSvqSKuni1aOCxAz5azXMiCCPCLf+0IqLd8n56fvANGjjTdGyPSFixS
 lLAtpdjQ4x0gl/cGDkcOF52fUAS/CzzdIScsrwbA76j+I0Bl93B98Jjd3IgK9rivtWkT
 YKW0YiSHGUNt0RTQY9B+ovtwYi+AxAJ7ts/QbjPfMiGsPVia0fP5Ut2OuQiVgrjs/rSG
 cVlTq92aIaz327IgSUf2waj+OX/LpRSKP0TJ8FAVTCapCZfbbCbC2etwuKw40mV46gCz
 654g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to
 :references:user-agent:mime-version:content-transfer-encoding;
 bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=;
 b=kk9jok4rtLoTGwlPUjQZyDDjY7zvSkn2pv6oNgbJm/ynyz6tGeyOBbBRf0jJymlSDe
 G+vSeHXEQplG8xTuWXRRccHRoPM4kP++JOtNzW4pSiqERt9wLCPzTqoKFZFZeqpQbHJk
 c7CWGIQVQnpF+Pw6yPLdHjP5uf+5KLAQCRwEdYzD+Ti0vpRLI0ZxM56NP8djSrn2QGff
 DXVamLmgxzoj7yOKFaNQlWLf1BMfeuuboCAKrjsPqiBwLDl27vsn/9Iv8k7cmSo/A4Pd
 gaauALIp29rFRDkTFqi/rSjh7T0mkEw+tqsLsDTZN79x9TfzqzrauQI04oEcDuhfaixr
 Htow==
X-Gm-Message-State: AFeK/H0mZOP8ogbNWb4jiTfMJHd8VtRJ87c+6cAT2N4rfVYj+vT4IAaXxkAGoQmKO5cIfg==
X-Received: by 10.202.93.10 with SMTP id r10mr9897080oib.7.1490129990045;
 Tue, 21 Mar 2017 13:59:50 -0700 (PDT)
Received: from [127.0.1.1] ([165.204.77.1])
 by smtp.gmail.com with ESMTPSA id s133sm9411716oif.9.2017.03.21.13.59.49
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 21 Mar 2017 13:59:49 -0700 (PDT)
From: Brijesh Singh <brijesh.ksingh@gmail.com>
X-Google-Original-From: Brijesh Singh <brijesh.singh@amd.com>
To: michael.d.kinney@intel.com, ersek@redhat.com, edk2-devel@ml01.01.org,
 liming.gao@intel.com, jordan.l.justen@intel.com
Cc: leo.duran@amd.com, brijesh.singh@amd.com, Thomas.Lendacky@amd.com
Date: Tue, 21 Mar 2017 16:59:49 -0400
Message-ID: <149012998906.26803.5553611418601227860.stgit@brijesh-build-machine>
In-Reply-To: <149012994545.26803.15256468111517327020.stgit@brijesh-build-machine>
References: <149012994545.26803.15256468111517327020.stgit@brijesh-build-machine>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Subject: [RFC PATCH v2 07/10] OvmfPkg/BmDmaLib: Add SEV support
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 20:59:51 -0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

When SEV is enabled, the DMA operations must be performed on a shared
(i.e unencrypted) pages. The patch adds SEV specific hooks to use the
bounce buffer when caller map/unmap host address to a DMA address and
similarly clears/set memory encryption attribute when caller allocates or
free the DMA pages.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c   |   60 +++++++++++++++++++++++++++
 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf |    3 +
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
index 0d960a8..39814cc 100644
--- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
+++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
@@ -25,6 +25,7 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/BmDmaLib.h>
+#include <Library/MemEncryptSevLib.h>
 
 
 #define FORCE_BELOW_4GB_TRUE   TRUE
@@ -100,6 +101,15 @@ AllocateBounceBuffer (
   }
 
   //
+  // Clear C-bit on DMA pages
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    Status = MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
+    if (Status != EFI_SUCCESS) {
+      return Status;
+    }
+  }
+  //
   // If this is a read operation from the Bus Master's point of view,
   // then copy the contents of the real buffer into the mapped buffer
   // so the Bus Master can read the contents of the real buffer.
@@ -170,6 +180,23 @@ BmDmaMap (
 
   PhysicalAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress;
   if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <= SIZE_4GB) {
+
+    //
+    // When SEV is enabled the DMA operation must be performed on shared pages. We force to use the
+    // bounce buffer path which will take care of allocating shared Dma buffers mapping
+    //
+    if (MemEncryptSevIsEnabled () &&
+        (Operation == DmaOperationBusMasterRead || Operation == DmaOperationBusMasterWrite)) {
+      return AllocateBounceBuffer (
+                                   FORCE_BELOW_4GB_FALSE,
+                                   Operation,
+                                   PhysicalAddress,
+                                   NumberOfBytes,
+                                   DeviceAddress,
+                                   Mapping
+                                   );
+    }
+
     //
     // If we CAN handle DMA above 4GB or the transfer is below 4GB,
     // the DeviceAddress is simply the HostAddress
@@ -218,7 +245,8 @@ BmDmaUnmap (
   IN  VOID                 *Mapping
   )
 {
-  MAP_INFO  *MapInfo;
+  MAP_INFO           *MapInfo;
+  EFI_STATUS         Status;
 
   //
   // Check for invalid inputs
@@ -251,6 +279,17 @@ BmDmaUnmap (
   }
 
   //
+  // When SEV is enabled then Dma buffer allocate by bounce buffer have C-bit cleared,
+  // restore the C-bit before we release the resources
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    Status = MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
+    if (Status != EFI_SUCCESS) {
+      return Status;
+    }
+  }
+
+  //
   // Free the mapped buffer and the MAP_INFO structure.
   //
   gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
@@ -322,8 +361,15 @@ BmDmaAllocateBuffer (
                   );
   if (!EFI_ERROR (Status)) {
     *HostAddress = (VOID *) (UINTN) PhysicalAddress;
+    //
+    // Clear C-bit on Dma pages
+    //
+    if (MemEncryptSevIsEnabled ()) {
+      Status = MemEncryptSevClearPageEncMask (PhysicalAddress, Pages);
+    }
   }
 
+
   return Status;
 }
 
@@ -346,6 +392,18 @@ BmDmaFreeBuffer (
   IN  UINTN                Pages
   )
 {
+  EFI_STATUS           Status;
+
+  //
+  // Restore the C-bit on DMA pages
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    Status = MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages);
+    if (Status != EFI_SUCCESS) {
+      return Status;
+    }
+  }
+
   return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages);
 }
 
diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
index 4ddb27d..fb97caa 100644
--- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
+++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
@@ -29,6 +29,7 @@
 [Packages]
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
+  OvmfPkg/OvmfPkg.dec
 
 [LibraryClasses]
   BaseLib
@@ -37,5 +38,5 @@
   DxeServicesTableLib
   MemoryAllocationLib
   UefiBootServicesTableLib
-
+  MemEncryptSevLib