From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 247C32255D6E0
 for <edk2-devel@lists.01.org>; Thu,  1 Mar 2018 15:58:26 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 744AA8182D2E;
 Fri,  2 Mar 2018 00:04:34 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-4.rdu2.redhat.com
 [10.10.120.4])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 8BBFB10B0F24;
 Fri,  2 Mar 2018 00:04:33 +0000 (UTC)
From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Brijesh Singh <brijesh.singh@amd.com>,
 Jordan Justen <jordan.l.justen@intel.com>
Date: Fri,  2 Mar 2018 01:04:05 +0100
Message-Id: <20180302000408.14201-18-lersek@redhat.com>
In-Reply-To: <20180302000408.14201-1-lersek@redhat.com>
References: <20180302000408.14201-1-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.11.55.8]); Fri, 02 Mar 2018 00:04:34 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]);
 Fri, 02 Mar 2018 00:04:34 +0000 (UTC) for IP:'10.11.54.3'
 DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com'
 HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:''
Subject: [PATCH 17/20] OvmfPkg/MemEncryptSevLib: find pages of initial SMRAM save state map
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2018 23:58:26 -0000

In the next three patches, we're going to modify three modules under
OvmfPkg. When OVMF is built with -D SMM_REQUIRE and runs in an SEV guest,
each affected module will have to know the page range that covers the
initial (pre-SMBASE relocation) SMRAM save state map. Add a helper
function to MemEncryptSevLib that calculates the "base address" and
"number of pages" constants for this page range.

(In a RELEASE build -- i.e., with assertions disabled and optimization
enabled --, the helper function can be compiled to store two constants
determined at compile time.)

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf   |  4 ++
 OvmfPkg/Include/Library/MemEncryptSevLib.h                      | 23 +++++++++
 OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c | 51 ++++++++++++++++++++
 3 files changed, 78 insertions(+)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
index 2f0a2392a7ad..464fe1f33e66 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
@@ -34,20 +34,24 @@ [Packages]
   MdeModulePkg/MdeModulePkg.dec
   MdePkg/MdePkg.dec
   OvmfPkg/OvmfPkg.dec
   UefiCpuPkg/UefiCpuPkg.dec
 
 [Sources.X64]
   MemEncryptSevLibInternal.c
   X64/MemEncryptSevLib.c
   X64/VirtualMemory.c
 
 [Sources.IA32]
   Ia32/MemEncryptSevLib.c
   MemEncryptSevLibInternal.c
 
 [LibraryClasses]
   BaseLib
   CacheMaintenanceLib
   CpuLib
   DebugLib
   MemoryAllocationLib
+  PcdLib
+
+[FeaturePcd]
+  gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index e5ebb4401818..1e2ec8641d46 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -69,21 +69,44 @@ MemEncryptSevClearPageEncMask (
                                       address of a memory region.
   @param[in]  NumPages                The number of pages from start memory
                                       region.
   @param[in]  Flush                   Flush the caches before setting the bit
                                       (mostly TRUE except MMIO addresses)
 
   @retval RETURN_SUCCESS              The attributes were set for the memory
                                       region.
   @retval RETURN_INVALID_PARAMETER    Number of pages is zero.
   @retval RETURN_UNSUPPORTED          Setting the memory encryption attribute
                                       is not supported
 **/
 RETURN_STATUS
 EFIAPI
 MemEncryptSevSetPageEncMask (
   IN PHYSICAL_ADDRESS         Cr3BaseAddress,
   IN PHYSICAL_ADDRESS         BaseAddress,
   IN UINTN                    NumPages,
   IN BOOLEAN                  Flush
   );
+
+
+/**
+  Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
+  Save State Map.
+
+  @param[out] BaseAddress     The base address of the lowest-address page that
+                              covers the initial SMRAM Save State Map.
+
+  @param[out] NumberOfPages   The number of pages in the page range that covers
+                              the initial SMRAM Save State Map.
+
+  @retval RETURN_SUCCESS      BaseAddress and NumberOfPages have been set on
+                              output.
+
+  @retval RETURN_UNSUPPORTED  SMM is unavailable.
+**/
+RETURN_STATUS
+EFIAPI
+MemEncryptSevLocateInitialSmramSaveStateMapPages (
+  OUT UINTN *BaseAddress,
+  OUT UINTN *NumberOfPages
+  );
 #endif // _MEM_ENCRYPT_SEV_LIB_H_
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
index 7078ab0d3f46..b92ba50c616c 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c
@@ -1,42 +1,46 @@
 /** @file
 
   Secure Encrypted Virtualization (SEV) library helper function
 
   Copyright (c) 2017, AMD Incorporated. All rights reserved.<BR>
 
   This program and the accompanying materials are licensed and made available
   under the terms and conditions of the BSD License which accompanies this
   distribution.  The full text of the license may be found at
   http://opensource.org/licenses/bsd-license.php
 
   THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
   WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 
 **/
 
 #include <Library/BaseLib.h>
 #include <Library/DebugLib.h>
 #include <Library/MemEncryptSevLib.h>
+#include <Library/PcdLib.h>
 #include <Register/Amd/Cpuid.h>
 #include <Register/Amd/Msr.h>
 #include <Register/Cpuid.h>
+#include <Register/QemuSmramSaveStateMap.h>
+#include <Register/SmramSaveStateMap.h>
+#include <Uefi/UefiBaseType.h>
 
 STATIC BOOLEAN mSevStatus = FALSE;
 STATIC BOOLEAN mSevStatusChecked = FALSE;
 
 /**
 
   Returns a boolean to indicate whether SEV is enabled
 
   @retval TRUE           SEV is enabled
   @retval FALSE          SEV is not enabled
   **/
 STATIC
 BOOLEAN
 EFIAPI
 InternalMemEncryptSevIsEnabled (
   VOID
   )
 {
   UINT32                            RegEax;
   MSR_SEV_STATUS_REGISTER           Msr;
@@ -70,20 +74,67 @@ InternalMemEncryptSevIsEnabled (
   Returns a boolean to indicate whether SEV is enabled
 
   @retval TRUE           SEV is enabled
   @retval FALSE          SEV is not enabled
 **/
 BOOLEAN
 EFIAPI
 MemEncryptSevIsEnabled (
   VOID
   )
 {
   if (mSevStatusChecked) {
     return mSevStatus;
   }
 
   mSevStatus = InternalMemEncryptSevIsEnabled();
   mSevStatusChecked = TRUE;
 
   return mSevStatus;
 }
+
+
+/**
+  Locate the page range that covers the initial (pre-SMBASE-relocation) SMRAM
+  Save State Map.
+
+  @param[out] BaseAddress     The base address of the lowest-address page that
+                              covers the initial SMRAM Save State Map.
+
+  @param[out] NumberOfPages   The number of pages in the page range that covers
+                              the initial SMRAM Save State Map.
+
+  @retval RETURN_SUCCESS      BaseAddress and NumberOfPages have been set on
+                              output.
+
+  @retval RETURN_UNSUPPORTED  SMM is unavailable.
+**/
+RETURN_STATUS
+EFIAPI
+MemEncryptSevLocateInitialSmramSaveStateMapPages (
+  OUT UINTN *BaseAddress,
+  OUT UINTN *NumberOfPages
+  )
+{
+  UINTN MapStart;
+  UINTN MapEnd;
+  UINTN MapPagesStart; // MapStart rounded down to page boundary
+  UINTN MapPagesEnd;   // MapEnd rounded up to page boundary
+  UINTN MapPagesSize;  // difference between MapPagesStart and MapPagesEnd
+
+  if (!FeaturePcdGet (PcdSmmSmramRequire)) {
+    return RETURN_UNSUPPORTED;
+  }
+
+  MapStart      = SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET;
+  MapEnd        = MapStart + sizeof (QEMU_SMRAM_SAVE_STATE_MAP);
+  MapPagesStart = MapStart & ~(UINTN)EFI_PAGE_MASK;
+  MapPagesEnd   = ALIGN_VALUE (MapEnd, EFI_PAGE_SIZE);
+  MapPagesSize  = MapPagesEnd - MapPagesStart;
+
+  ASSERT ((MapPagesSize & EFI_PAGE_MASK) == 0);
+
+  *BaseAddress   = MapPagesStart;
+  *NumberOfPages = MapPagesSize >> EFI_PAGE_SHIFT;
+
+  return RETURN_SUCCESS;
+}
-- 
2.14.1.3.gb7cf6e02401b