From: Ashish Kalra <ashish.kalra@amd.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com,
brijesh.singh@amd.com, tobin@ibm.com, Jon.Grimm@amd.com,
jejb@linux.ibm.com, frankeh@us.ibm.com, dgilbert@redhat.com,
lersek@redhat.com, jordan.l.justen@intel.com,
ard.biesheuvel@arm.com
Subject: Re: [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall
Date: Wed, 2 Dec 2020 21:13:24 +0000 [thread overview]
Message-ID: <20201202211324.GA14672@ashkalra_ubuntu_server> (raw)
In-Reply-To: <83188ea4-630f-6a7e-e166-2d677df2e25e@amd.com>
On Wed, Dec 02, 2020 at 08:38:23AM -0600, Tom Lendacky wrote:
> On 12/2/20 1:29 AM, Ashish Kalra wrote:
> > From: Brijesh Singh <brijesh.singh@amd.com>
> >
> > By default all the SEV guest memory regions are considered encrypted,
> > if a guest changes the encryption attribute of the page (e.g mark a
> > page as decrypted) then notify hypervisor. Hypervisor will need to
> > track the unencrypted pages. The information will be used during
> > guest live migration, guest page migration and guest debugging.
> >
> > Invoke hypercall via the new hypercall library
> >
> > This hypercall is used to notify hypervisor when a page is marked as
> > 'decrypted' (i.e C-bit removed).
>
> This will miss the SEC GHCB page that is mapped as unencrypted in
> OvmfPkg/ResetVector/Ia32/PageTables64.asm. You'll need to remember to mark
> that one specifically. I don't think there are any others.
>
Ok, thanks Tom, i will add this.
Ashish
>
> >
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> >
> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> > ---
> > OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 1 +
> > OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 ++++++++++++++++++
> > 2 files changed, 19 insertions(+)
> >
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > index 7c44d09528..95ee707918 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > @@ -46,6 +46,7 @@
> > DebugLib
> > MemoryAllocationLib
> > PcdLib
> > + MemEncryptHypercallLib
> > [FeaturePcd]
> > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > index 5e110c84ff..1e670b6200 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > @@ -14,6 +14,7 @@
> > #include <Library/CpuLib.h>
> > #include <Register/Amd/Cpuid.h>
> > #include <Register/Cpuid.h>
> > +#include <Library/MemEncryptHypercallLib.h>
> > #include "VirtualMemory.h"
> > @@ -589,6 +590,9 @@ SetMemoryEncDec (
> > UINT64 AddressEncMask;
> > BOOLEAN IsWpEnabled;
> > RETURN_STATUS Status;
> > + UINTN Size;
> > + BOOLEAN CBitChanged;
> > + PHYSICAL_ADDRESS OrigPhysicalAddress;
> > //
> > // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
> > @@ -640,6 +644,10 @@ SetMemoryEncDec (
> > Status = EFI_SUCCESS;
> > + Size = Length;
> > + CBitChanged = FALSE;
> > + OrigPhysicalAddress = PhysicalAddress;
> > +
> > while (Length)
> > {
> > //
> > @@ -699,6 +707,7 @@ SetMemoryEncDec (
> > ));
> > PhysicalAddress += BIT30;
> > Length -= BIT30;
> > + CBitChanged = TRUE;
> > } else {
> > //
> > // We must split the page
> > @@ -753,6 +762,7 @@ SetMemoryEncDec (
> > SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
> > PhysicalAddress += BIT21;
> > Length -= BIT21;
> > + CBitChanged = TRUE;
> > } else {
> > //
> > // We must split up this page into 4K pages
> > @@ -795,6 +805,7 @@ SetMemoryEncDec (
> > SetOrClearCBit (&PageTableEntry->Uint64, Mode);
> > PhysicalAddress += EFI_PAGE_SIZE;
> > Length -= EFI_PAGE_SIZE;
> > + CBitChanged = TRUE;
> > }
> > }
> > }
> > @@ -812,6 +823,13 @@ SetMemoryEncDec (
> > //
> > CpuFlushTlb();
> > + //
> > + // Notify Hypervisor on C-bit status
> > + //
> > + if (CBitChanged) {
> > + SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode);
> > + }
> > +
> > Done:
> > //
> > // Restore page table write protection, if any.
> >
prev parent reply other threads:[~2020-12-02 21:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-02 7:29 [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Ashish Kalra
2020-12-02 14:38 ` Lendacky, Thomas
2020-12-02 21:13 ` Ashish Kalra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201202211324.GA14672@ashkalra_ubuntu_server \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox