From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Jordan Justen <jordan.l.justen@intel.com>
Subject: [PATCH v2 08/11] OvmfPkg/SEV: don't manage the lifecycle of the SMRAM at the default SMBASE
Date: Wed, 29 Jan 2020 22:44:09 +0100 [thread overview]
Message-ID: <20200129214412.2361-9-lersek@redhat.com> (raw)
In-Reply-To: <20200129214412.2361-1-lersek@redhat.com>
When OVMF runs in a SEV guest, the initial SMM Save State Map is
(1) allocated as EfiBootServicesData type memory in OvmfPkg/PlatformPei,
function AmdSevInitialize(), for preventing unintended information
sharing with the hypervisor;
(2) decrypted in AmdSevDxe;
(3) re-encrypted in OvmfPkg/Library/SmmCpuFeaturesLib, function
SmmCpuFeaturesSmmRelocationComplete(), which is called by
PiSmmCpuDxeSmm right after initial SMBASE relocation;
(4) released to DXE at the same location.
The SMRAM at the default SMBASE is a superset of the initial Save State
Map. The reserved memory allocation in InitializeRamRegions(), from the
previous patch, must override the allocating and freeing in (1) and (4),
respectively. (Note: the decrypting and re-encrypting in (2) and (3) are
unaffected.)
In AmdSevInitialize(), only assert the containment of the initial Save
State Map, in the larger area already allocated by InitializeRamRegions().
In SmmCpuFeaturesSmmRelocationComplete(), preserve the allocation of the
initial Save State Map into OS runtime, as part of the allocation done by
InitializeRamRegions(). Only assert containment.
These changes only affect the normal boot path (the UEFI memory map is
untouched during S3 resume).
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1512
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
---
Notes:
v2:
- trim Cc list
- pick up Jiewen's R-b <https://edk2.groups.io/g/devel/message/48166>
OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf | 4 ++++
OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c | 21 +++++++++++++++--
OvmfPkg/PlatformPei/AmdSev.c | 24 ++++++++++++++++----
3 files changed, 42 insertions(+), 7 deletions(-)
diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf
index dd316f2b1bd8..97a10afb6e27 100644
--- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf
+++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.inf
@@ -30,5 +30,9 @@ [LibraryClasses]
BaseMemoryLib
DebugLib
MemEncryptSevLib
+ PcdLib
SmmServicesTableLib
UefiBootServicesTableLib
+
+[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase
diff --git a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
index 0bfdeda78d33..7ef7ed98342e 100644
--- a/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
+++ b/OvmfPkg/Library/SmmCpuFeaturesLib/SmmCpuFeaturesLib.c
@@ -6,14 +6,17 @@
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
+#include <IndustryStandard/Q35MchIch9.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/MemEncryptSevLib.h>
+#include <Library/PcdLib.h>
#include <Library/SmmCpuFeaturesLib.h>
#include <Library/SmmServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <PiSmm.h>
+#include <Register/Intel/SmramSaveStateMap.h>
#include <Register/QemuSmramSaveStateMap.h>
//
@@ -215,8 +218,22 @@ SmmCpuFeaturesSmmRelocationComplete (
ZeroMem ((VOID *)MapPagesBase, EFI_PAGES_TO_SIZE (MapPagesCount));
- Status = gBS->FreePages (MapPagesBase, MapPagesCount);
- ASSERT_EFI_ERROR (Status);
+ if (PcdGetBool (PcdQ35SmramAtDefaultSmbase)) {
+ //
+ // The initial SMRAM Save State Map has been covered as part of a larger
+ // reserved memory allocation in PlatformPei's InitializeRamRegions(). That
+ // allocation is supposed to survive into OS runtime; we must not release
+ // any part of it. Only re-assert the containment here.
+ //
+ ASSERT (SMM_DEFAULT_SMBASE <= MapPagesBase);
+ ASSERT (
+ (MapPagesBase + EFI_PAGES_TO_SIZE (MapPagesCount) <=
+ SMM_DEFAULT_SMBASE + MCH_DEFAULT_SMBASE_SIZE)
+ );
+ } else {
+ Status = gBS->FreePages (MapPagesBase, MapPagesCount);
+ ASSERT_EFI_ERROR (Status);
+ }
}
/**
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 2ae8126ccf8a..e484f4b311fe 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -9,6 +9,7 @@
//
// The package level header files this module uses
//
+#include <IndustryStandard/Q35MchIch9.h>
#include <Library/DebugLib.h>
#include <Library/HobLib.h>
#include <Library/MemEncryptSevLib.h>
@@ -16,6 +17,7 @@
#include <PiPei.h>
#include <Register/Amd/Cpuid.h>
#include <Register/Cpuid.h>
+#include <Register/Intel/SmramSaveStateMap.h>
#include "Platform.h"
@@ -83,10 +85,22 @@ AmdSevInitialize (
);
ASSERT_RETURN_ERROR (LocateMapStatus);
- BuildMemoryAllocationHob (
- MapPagesBase, // BaseAddress
- EFI_PAGES_TO_SIZE (MapPagesCount), // Length
- EfiBootServicesData // MemoryType
- );
+ if (mQ35SmramAtDefaultSmbase) {
+ //
+ // The initial SMRAM Save State Map has been covered as part of a larger
+ // reserved memory allocation in InitializeRamRegions().
+ //
+ ASSERT (SMM_DEFAULT_SMBASE <= MapPagesBase);
+ ASSERT (
+ (MapPagesBase + EFI_PAGES_TO_SIZE (MapPagesCount) <=
+ SMM_DEFAULT_SMBASE + MCH_DEFAULT_SMBASE_SIZE)
+ );
+ } else {
+ BuildMemoryAllocationHob (
+ MapPagesBase, // BaseAddress
+ EFI_PAGES_TO_SIZE (MapPagesCount), // Length
+ EfiBootServicesData // MemoryType
+ );
+ }
}
}
--
2.19.1.3.g30247aa5d201
next prev parent reply other threads:[~2020-01-29 21:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-29 21:44 [PATCH v2 00/11] support QEMU's "SMRAM at default SMBASE" feature Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 01/11] OvmfPkg: introduce PcdQ35SmramAtDefaultSmbase Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 02/11] OvmfPkg/IndustryStandard: increase vertical whitespace in Q35 macro defs Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 03/11] OvmfPkg/IndustryStandard: add MCH_DEFAULT_SMBASE* register macros Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 04/11] OvmfPkg/PlatformPei: factor out Q35BoardVerification() Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 05/11] OvmfPkg/PlatformPei: detect SMRAM at default SMBASE (skeleton) Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 06/11] OvmfPkg/PlatformPei: assert there's no permanent PEI RAM at default SMBASE Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 07/11] OvmfPkg/PlatformPei: reserve the SMRAM at the default SMBASE, if it exists Laszlo Ersek
2020-01-29 21:44 ` Laszlo Ersek [this message]
2020-01-29 21:44 ` [PATCH v2 09/11] OvmfPkg/SmmAccess: close and lock SMRAM at default SMBASE Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 10/11] OvmfPkg: introduce PcdCsmEnable feature flag Laszlo Ersek
2020-01-29 21:44 ` [PATCH v2 11/11] OvmfPkg/PlatformPei: detect SMRAM at default SMBASE (for real) Laszlo Ersek
2020-02-05 0:22 ` [PATCH v2 00/11] support QEMU's "SMRAM at default SMBASE" feature Ard Biesheuvel
2020-02-05 13:44 ` [edk2-devel] " Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200129214412.2361-9-lersek@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox