From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-x242.google.com (mail-oi0-x242.google.com [IPv6:2607:f8b0:4003:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id CB6582193CF44 for ; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) Received: by mail-oi0-x242.google.com with SMTP id m34so28207792oik.2 for ; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lLMUDOZmYXM1ByWLL1bzWFXlpXMuwNkiJyHQmNXRaLU=; b=stJ69d+FEY8R+8wjflqNOQXoZmE1O92jaFDs/vU5oUGxXJT+n+4S1k+KzrDsB0VaIr nt8/PMYdk6SwvhKfRl0lbtB2o7fJZsdb5NupLlydBn/9tWkahzcw/1WJIgNq4WUCLuY5 6dJMFLRI22PEpyXI6Z+5IaUfkNoMaxWmKSZPh5zBW4hfan8Syc8bc343zmdCkj/GsJVs W23R+R1HBoatUEr4b2CC5GTccp0qKhktvQkFt6PXVmGJdvxvFatBAmQENPKBh+oeTZIR IX0z/1MMn8ZXqBc4sjEV2FDjvdPyhlpkVVS67QffN2wgNEwTKlmOkXRggtoe5EIYmlOC jCFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lLMUDOZmYXM1ByWLL1bzWFXlpXMuwNkiJyHQmNXRaLU=; b=fRgwBbjxzaxCjLL5B9yXh9rNaGWqesuZpL8XhgbgGMqbWk0doGZDXSRT/gfKBGNUoR aW0qlxA81F7U0PdIG7Te5GmrtXgyRubX0GcYTFnQ/CIjRshbhyubfZc19UVJQofIpISN dxqTLciJiuWNqvdE4r9lR3MKpnRHALG8zHp1zrzyeHPWQ4gd6MvRu1K6zkVdiMrZ8E54 LcFXyCUbV8aasWzm9G9tWHrwokeh6iA+sOPfatlaBVsO/k8Ig8bhHPLT+XI0n5KjdGv7 pfIk9gj11JCRM40qIv55qh4UuCk+steeCeBs+u2H38LNVeJB81eP4KveM3vqmWTwePa5 kqDg== X-Gm-Message-State: AN3rC/6QWRGl97lrt6k3VJ/ZFTJvVlFhhEB7CmRcYK7Jm3F1CeFIpQZp eyPtUPDTMXiWag== X-Received: by 10.202.86.13 with SMTP id k13mr14554947oib.39.1493138175118; Tue, 25 Apr 2017 09:36:15 -0700 (PDT) Received: from brijesh-build-machine.amd.com ([165.204.77.1]) by smtp.gmail.com with ESMTPSA id j17sm9666356ota.24.2017.04.25.09.36.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Apr 2017 09:36:14 -0700 (PDT) From: Brijesh Singh To: edk2-devel@lists.01.org, lersek@redhat.com, jordan.l.justen@intel.com Cc: jiewen.yao@intel.com, leo.duran@amd.com, star.zeng@intel.com, liming.gao@intel.com, ard.biesheuvel@linaro.org, brijesh.singh@amd.com, William.Tambe@amd.com, thomas.lendacky@amd.com Date: Tue, 25 Apr 2017 12:34:16 -0400 Message-Id: <1493138064-7816-8-git-send-email-brijesh.ksingh@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> References: <1493138064-7816-1-git-send-email-brijesh.ksingh@gmail.com> Subject: [RFC v3 07/15] OvmfPkg/BmDmaLib: Add SEV support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Apr 2017 16:36:16 -0000 From: Brijesh Singh When SEV is enabled, the DMA operations must be performed on a shared (i.e unencrypted) pages. The patch adds SEV specific hooks to use the bounce buffer when caller map/unmap host address to a DMA address and similarly clears/set memory encryption attribute when caller allocates or free the DMA pages. Signed-off-by: Brijesh Singh --- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf | 3 +- OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c | 60 +++++++++++++++++++- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf index 4ddb27d578bc..fb97caa79827 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf @@ -29,6 +29,7 @@ [Sources.common] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + OvmfPkg/OvmfPkg.dec [LibraryClasses] BaseLib @@ -37,5 +38,5 @@ [LibraryClasses] DxeServicesTableLib MemoryAllocationLib UefiBootServicesTableLib - + MemEncryptSevLib diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c index 4a6a704f9aa5..7a79c7091004 100644 --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c @@ -25,6 +25,7 @@ #include #include #include +#include #define FORCE_BELOW_4GB_TRUE TRUE @@ -100,6 +101,15 @@ AllocateBounceBuffer ( } // + // Clear C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages, TRUE); + if (Status != EFI_SUCCESS) { + return Status; + } + } + // // If this is a read operation from the Bus Master's point of view, // then copy the contents of the real buffer into the mapped buffer // so the Bus Master can read the contents of the real buffer. @@ -170,6 +180,23 @@ BmDmaMap ( PhysicalAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress; if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <= SIZE_4GB) { + + // + // When SEV is enabled the DMA operation must be performed on shared pages. We force to use the + // bounce buffer path which will take care of allocating shared Dma buffers mapping + // + if (MemEncryptSevIsEnabled () && + (Operation == DmaOperationBusMasterRead || Operation == DmaOperationBusMasterWrite)) { + return AllocateBounceBuffer ( + FORCE_BELOW_4GB_FALSE, + Operation, + PhysicalAddress, + NumberOfBytes, + DeviceAddress, + Mapping + ); + } + // // If we CAN handle DMA above 4GB or the transfer is below 4GB, // the DeviceAddress is simply the HostAddress @@ -218,7 +245,8 @@ BmDmaUnmap ( IN VOID *Mapping ) { - MAP_INFO *MapInfo; + MAP_INFO *MapInfo; + EFI_STATUS Status; // // Check for invalid inputs @@ -251,6 +279,17 @@ BmDmaUnmap ( } // + // When SEV is enabled then Dma buffer allocate by bounce buffer have C-bit cleared, + // restore the C-bit before we release the resources + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages, TRUE); + if (Status != EFI_SUCCESS) { + return Status; + } + } + + // // Free the mapped buffer and the MAP_INFO structure. // gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages); @@ -322,8 +361,15 @@ BmDmaAllocateBuffer ( ); if (!EFI_ERROR (Status)) { *HostAddress = (VOID *) (UINTN) PhysicalAddress; + // + // Clear C-bit on Dma pages + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevClearPageEncMask (PhysicalAddress, Pages, TRUE); + } } + return Status; } @@ -346,6 +392,18 @@ BmDmaFreeBuffer ( IN UINTN Pages ) { + EFI_STATUS Status; + + // + // Restore the C-bit on DMA pages + // + if (MemEncryptSevIsEnabled ()) { + Status = MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages, TRUE); + if (Status != EFI_SUCCESS) { + return Status; + } + } + return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages); } -- 2.7.4