From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot0-x244.google.com (mail-ot0-x244.google.com [IPv6:2607:f8b0:4003:c0f::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8D0BD8036C for ; Tue, 21 Mar 2017 14:13:27 -0700 (PDT) Received: by mail-ot0-x244.google.com with SMTP id y88so670546ota.1 for ; Tue, 21 Mar 2017 14:13:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:date:message-id:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=; b=pvQGqlgRvAwfZHXkJ+kxCOyzPlMGKWAOLuw/ttXWOBcoYEl+XwSRFC/Igq8HzTKlfB NtdvMJefahi2kmq75oY0nI8XhkYC+xrTu9uSMZNmw1CwmuXzONRh4QEjwrqIl5F9aPcH 7FOBRYti7Lacl0U4NABLTBghzx3ltiMKEIf0Ln/90ixXaYIvLOcdnFq1cxTbd7jSU3Q2 npPWKCdo8+7aaXllzSp2y8UzaFpVN7GZoL65nmLlmqQMQj4Ovqoiqpo8aB+CWhnQQZ3M WHRt3E0kgkAPLhwoUTmjad0RJ3zHiVquKxK1xWsCk8/+LcciMVuhYiffuB4LaButH8Tp qSMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=; b=Jl8Nd97mKi2tsXJ+rCPNOKjFeG4ua9jk+ua947TWmbZlynHPRM27zVtRuA7ISeLdLq FRny0Fn5QyUSa6S9JUX2izkbJhB52zrHqLEgHocUKqk8SteSe+XmmWwR6mMfv4G+32Mg uVhQ5ctYfGIBPZ8QV0Ng8PxAGF38oRaFtTz3lbnxjFH35CAgESYhsWYRdy24ffVgEN1y zAmUPv32fxPf+R3GKvaY5mO0qx7KkqqyR6SGm3rMjRiIxTut2tI8kIslg8wp/KJkjTom NDvRXu2K9zm7CxCY+A+qNvDGPAxCg+b3GdFPHzo9WrDjHY5Odr99iWLne7atAThDw0DQ FTag== X-Gm-Message-State: AFeK/H2AXS7O4lM0lrGUCtFeKgxHHzQWkUtkP1Sgy4ITwr7ldO6PJjxUnkI0SrQQjdKlFg== X-Received: by 10.157.80.30 with SMTP id a30mr22353256oth.219.1490130806897; Tue, 21 Mar 2017 14:13:26 -0700 (PDT) Received: from [127.0.1.1] ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id 63sm9281622oty.57.2017.03.21.14.13.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 14:13:26 -0700 (PDT) From: Brijesh Singh X-Google-Original-From: Brijesh Singh To: michael.d.kinney@intel.com, jordan.l.justen@intel.com, edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com Cc: leo.duran@amd.com, brijesh.singh@amd.com, Thomas.Lendacky@amd.com Date: Tue, 21 Mar 2017 17:13:25 -0400 Message-ID: <149013080578.27235.9783953356246180002.stgit@brijesh-build-machine> In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Subject: [RFC PATCH v2 07/10] OvmfPkg/BmDmaLib: Add SEV support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2017 21:13:27 -0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit When SEV is enabled, the DMA operations must be performed on a shared (i.e unencrypted) pages. The patch adds SEV specific hooks to use the bounce buffer when caller map/unmap host address to a DMA address and similarly clears/set memory encryption attribute when caller allocates or free the DMA pages. Signed-off-by: Brijesh Singh --- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 60 +++++++++++++++++++++++++++ OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 3 + 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c index 0d960a8..39814cc 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c @@ -25,6 +25,7 @@ #include #include #include +#include #define FORCE_BELOW_4GB_TRUE TRUE @@ -100,6 +101,15 @@ AllocateBounceBuffer ( } // + // Clear C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); + if (Status != EFI_SUCCESS) { + return Status; + } + } + // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. @@ -170,6 +180,23 @@ BmDmaMap ( PhysicalAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <= SIZE_4GB) { + + // + // When SEV is enabled the DMA operation must be performed on shared pages. We force to use the + // bounce buffer path which will take care of allocating shared Dma buffers mapping + // + if (MemEncryptSevIsEnabled () && + (Operation == DmaOperationBusMasterRead || Operation == DmaOperationBusMasterWrite)) { + return AllocateBounceBuffer ( + FORCE_BELOW_4GB_FALSE, + Operation, + PhysicalAddress, + NumberOfBytes, + DeviceAddress, + Mapping + ); + } + // // If we CAN handle DMA above 4GB or the transfer is below 4GB, // the DeviceAddress is simply the HostAddress @@ -218,7 +245,8 @@ BmDmaUnmap ( IN VOID *Mapping ) { - MAP_INFO *MapInfo; + MAP_INFO *MapInfo; + EFI_STATUS Status; // // Check for invalid inputs @@ -251,6 +279,17 @@ BmDmaUnmap ( } // + // When SEV is enabled then Dma buffer allocate by bounce buffer have C-bit cleared, + // restore the C-bit before we release the resources + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); + if (Status != EFI_SUCCESS) { + return Status; + } + } + + // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); @@ -322,8 +361,15 @@ BmDmaAllocateBuffer ( ); if (!EFI_ERROR (Status)) { *HostAddress = (VOID *) (UINTN) PhysicalAddress; + // + // Clear C-bit on Dma pages + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevClearPageEncMask (PhysicalAddress, Pages); + } } + return Status; } @@ -346,6 +392,18 @@ BmDmaFreeBuffer ( IN UINTN Pages ) { + EFI_STATUS Status; + + // + // Restore the C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages); + if (Status != EFI_SUCCESS) { + return Status; + } + } + return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages); } diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf index 4ddb27d..fb97caa 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf @@ -29,6 +29,7 @@ [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec [LibraryClasses] BaseLib @@ -37,5 +38,5 @@ DxeServicesTableLib MemoryAllocationLib UefiBootServicesTableLib - + MemEncryptSevLib