From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <brijesh.ksingh@gmail.com>
Received: from mail-ot0-x244.google.com (mail-ot0-x244.google.com
 [IPv6:2607:f8b0:4003:c0f::244])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 8D0BD8036C
 for <edk2-devel@ml01.01.org>; Tue, 21 Mar 2017 14:13:27 -0700 (PDT)
Received: by mail-ot0-x244.google.com with SMTP id y88so670546ota.1
 for <edk2-devel@ml01.01.org>; Tue, 21 Mar 2017 14:13:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:subject:to:cc:date:message-id:in-reply-to:references
 :user-agent:mime-version:content-transfer-encoding;
 bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=;
 b=pvQGqlgRvAwfZHXkJ+kxCOyzPlMGKWAOLuw/ttXWOBcoYEl+XwSRFC/Igq8HzTKlfB
 NtdvMJefahi2kmq75oY0nI8XhkYC+xrTu9uSMZNmw1CwmuXzONRh4QEjwrqIl5F9aPcH
 7FOBRYti7Lacl0U4NABLTBghzx3ltiMKEIf0Ln/90ixXaYIvLOcdnFq1cxTbd7jSU3Q2
 npPWKCdo8+7aaXllzSp2y8UzaFpVN7GZoL65nmLlmqQMQj4Ovqoiqpo8aB+CWhnQQZ3M
 WHRt3E0kgkAPLhwoUTmjad0RJ3zHiVquKxK1xWsCk8/+LcciMVuhYiffuB4LaButH8Tp
 qSMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:subject:to:cc:date:message-id:in-reply-to
 :references:user-agent:mime-version:content-transfer-encoding;
 bh=dEsCDFBhk7KzmKeAKRmnFyl5c8jwD6sJOSPKnbgl85g=;
 b=Jl8Nd97mKi2tsXJ+rCPNOKjFeG4ua9jk+ua947TWmbZlynHPRM27zVtRuA7ISeLdLq
 FRny0Fn5QyUSa6S9JUX2izkbJhB52zrHqLEgHocUKqk8SteSe+XmmWwR6mMfv4G+32Mg
 uVhQ5ctYfGIBPZ8QV0Ng8PxAGF38oRaFtTz3lbnxjFH35CAgESYhsWYRdy24ffVgEN1y
 zAmUPv32fxPf+R3GKvaY5mO0qx7KkqqyR6SGm3rMjRiIxTut2tI8kIslg8wp/KJkjTom
 NDvRXu2K9zm7CxCY+A+qNvDGPAxCg+b3GdFPHzo9WrDjHY5Odr99iWLne7atAThDw0DQ
 FTag==
X-Gm-Message-State: AFeK/H2AXS7O4lM0lrGUCtFeKgxHHzQWkUtkP1Sgy4ITwr7ldO6PJjxUnkI0SrQQjdKlFg==
X-Received: by 10.157.80.30 with SMTP id a30mr22353256oth.219.1490130806897;
 Tue, 21 Mar 2017 14:13:26 -0700 (PDT)
Received: from [127.0.1.1] ([165.204.77.1])
 by smtp.gmail.com with ESMTPSA id 63sm9281622oty.57.2017.03.21.14.13.26
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 21 Mar 2017 14:13:26 -0700 (PDT)
From: Brijesh Singh <brijesh.ksingh@gmail.com>
X-Google-Original-From: Brijesh Singh <brijesh.singh@amd.com>
To: michael.d.kinney@intel.com, jordan.l.justen@intel.com,
 edk2-devel@ml01.01.org, lersek@redhat.com, liming.gao@intel.com
Cc: leo.duran@amd.com, brijesh.singh@amd.com, Thomas.Lendacky@amd.com
Date: Tue, 21 Mar 2017 17:13:25 -0400
Message-ID: <149013080578.27235.9783953356246180002.stgit@brijesh-build-machine>
In-Reply-To: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine>
References: <149013076154.27235.10725020825643505862.stgit@brijesh-build-machine>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Subject: [RFC PATCH v2 07/10] OvmfPkg/BmDmaLib: Add SEV support
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 21:13:27 -0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

When SEV is enabled, the DMA operations must be performed on a shared
(i.e unencrypted) pages. The patch adds SEV specific hooks to use the
bounce buffer when caller map/unmap host address to a DMA address and
similarly clears/set memory encryption attribute when caller allocates or
free the DMA pages.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c   |   60 +++++++++++++++++++++++++++
 OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf |    3 +
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
index 0d960a8..39814cc 100644
--- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
+++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
@@ -25,6 +25,7 @@
 #include <Library/MemoryAllocationLib.h>
 #include <Library/UefiBootServicesTableLib.h>
 #include <Library/BmDmaLib.h>
+#include <Library/MemEncryptSevLib.h>
 
 
 #define FORCE_BELOW_4GB_TRUE   TRUE
@@ -100,6 +101,15 @@ AllocateBounceBuffer (
   }
 
   //
+  // Clear C-bit on DMA pages
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    Status = MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
+    if (Status != EFI_SUCCESS) {
+      return Status;
+    }
+  }
+  //
   // If this is a read operation from the Bus Master's point of view,
   // then copy the contents of the real buffer into the mapped buffer
   // so the Bus Master can read the contents of the real buffer.
@@ -170,6 +180,23 @@ BmDmaMap (
 
   PhysicalAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress;
   if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <= SIZE_4GB) {
+
+    //
+    // When SEV is enabled the DMA operation must be performed on shared pages. We force to use the
+    // bounce buffer path which will take care of allocating shared Dma buffers mapping
+    //
+    if (MemEncryptSevIsEnabled () &&
+        (Operation == DmaOperationBusMasterRead || Operation == DmaOperationBusMasterWrite)) {
+      return AllocateBounceBuffer (
+                                   FORCE_BELOW_4GB_FALSE,
+                                   Operation,
+                                   PhysicalAddress,
+                                   NumberOfBytes,
+                                   DeviceAddress,
+                                   Mapping
+                                   );
+    }
+
     //
     // If we CAN handle DMA above 4GB or the transfer is below 4GB,
     // the DeviceAddress is simply the HostAddress
@@ -218,7 +245,8 @@ BmDmaUnmap (
   IN  VOID                 *Mapping
   )
 {
-  MAP_INFO  *MapInfo;
+  MAP_INFO           *MapInfo;
+  EFI_STATUS         Status;
 
   //
   // Check for invalid inputs
@@ -251,6 +279,17 @@ BmDmaUnmap (
   }
 
   //
+  // When SEV is enabled then Dma buffer allocate by bounce buffer have C-bit cleared,
+  // restore the C-bit before we release the resources
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    Status = MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
+    if (Status != EFI_SUCCESS) {
+      return Status;
+    }
+  }
+
+  //
   // Free the mapped buffer and the MAP_INFO structure.
   //
   gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
@@ -322,8 +361,15 @@ BmDmaAllocateBuffer (
                   );
   if (!EFI_ERROR (Status)) {
     *HostAddress = (VOID *) (UINTN) PhysicalAddress;
+    //
+    // Clear C-bit on Dma pages
+    //
+    if (MemEncryptSevIsEnabled ()) {
+      Status = MemEncryptSevClearPageEncMask (PhysicalAddress, Pages);
+    }
   }
 
+
   return Status;
 }
 
@@ -346,6 +392,18 @@ BmDmaFreeBuffer (
   IN  UINTN                Pages
   )
 {
+  EFI_STATUS           Status;
+
+  //
+  // Restore the C-bit on DMA pages
+  //
+  if (MemEncryptSevIsEnabled ()) {
+    Status = MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages);
+    if (Status != EFI_SUCCESS) {
+      return Status;
+    }
+  }
+
   return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages);
 }
 
diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
index 4ddb27d..fb97caa 100644
--- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
+++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
@@ -29,6 +29,7 @@
 [Packages]
   MdePkg/MdePkg.dec
   MdeModulePkg/MdeModulePkg.dec
+  OvmfPkg/OvmfPkg.dec
 
 [LibraryClasses]
   BaseLib
@@ -37,5 +38,5 @@
   DxeServicesTableLib
   MemoryAllocationLib
   UefiBootServicesTableLib
-
+  MemEncryptSevLib