* [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall
@ 2020-12-02 7:29 Ashish Kalra
2020-12-02 14:38 ` Lendacky, Thomas
0 siblings, 1 reply; 3+ messages in thread
From: Ashish Kalra @ 2020-12-02 7:29 UTC (permalink / raw)
To: devel
Cc: dovmurik, brijesh.singh, tobin, Jon.Grimm, Thomas.Lendacky, jejb,
frankeh, dgilbert, lersek, jordan.l.justen, ard.biesheuvel
From: Brijesh Singh <brijesh.singh@amd.com>
By default all the SEV guest memory regions are considered encrypted,
if a guest changes the encryption attribute of the page (e.g mark a
page as decrypted) then notify hypervisor. Hypervisor will need to
track the unencrypted pages. The information will be used during
guest live migration, guest page migration and guest debugging.
Invoke hypercall via the new hypercall library
This hypercall is used to notify hypervisor when a page is marked as
'decrypted' (i.e C-bit removed).
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
---
OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 1 +
OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 ++++++++++++++++++
2 files changed, 19 insertions(+)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
index 7c44d09528..95ee707918 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
@@ -46,6 +46,7 @@
DebugLib
MemoryAllocationLib
PcdLib
+ MemEncryptHypercallLib
[FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
index 5e110c84ff..1e670b6200 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
@@ -14,6 +14,7 @@
#include <Library/CpuLib.h>
#include <Register/Amd/Cpuid.h>
#include <Register/Cpuid.h>
+#include <Library/MemEncryptHypercallLib.h>
#include "VirtualMemory.h"
@@ -589,6 +590,9 @@ SetMemoryEncDec (
UINT64 AddressEncMask;
BOOLEAN IsWpEnabled;
RETURN_STATUS Status;
+ UINTN Size;
+ BOOLEAN CBitChanged;
+ PHYSICAL_ADDRESS OrigPhysicalAddress;
//
// Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
@@ -640,6 +644,10 @@ SetMemoryEncDec (
Status = EFI_SUCCESS;
+ Size = Length;
+ CBitChanged = FALSE;
+ OrigPhysicalAddress = PhysicalAddress;
+
while (Length)
{
//
@@ -699,6 +707,7 @@ SetMemoryEncDec (
));
PhysicalAddress += BIT30;
Length -= BIT30;
+ CBitChanged = TRUE;
} else {
//
// We must split the page
@@ -753,6 +762,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
PhysicalAddress += BIT21;
Length -= BIT21;
+ CBitChanged = TRUE;
} else {
//
// We must split up this page into 4K pages
@@ -795,6 +805,7 @@ SetMemoryEncDec (
SetOrClearCBit (&PageTableEntry->Uint64, Mode);
PhysicalAddress += EFI_PAGE_SIZE;
Length -= EFI_PAGE_SIZE;
+ CBitChanged = TRUE;
}
}
}
@@ -812,6 +823,13 @@ SetMemoryEncDec (
//
CpuFlushTlb();
+ //
+ // Notify Hypervisor on C-bit status
+ //
+ if (CBitChanged) {
+ SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode);
+ }
+
Done:
//
// Restore page table write protection, if any.
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall
2020-12-02 7:29 [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Ashish Kalra
@ 2020-12-02 14:38 ` Lendacky, Thomas
2020-12-02 21:13 ` Ashish Kalra
0 siblings, 1 reply; 3+ messages in thread
From: Lendacky, Thomas @ 2020-12-02 14:38 UTC (permalink / raw)
To: Ashish Kalra, devel
Cc: dovmurik, brijesh.singh, tobin, Jon.Grimm, jejb, frankeh,
dgilbert, lersek, jordan.l.justen, ard.biesheuvel
On 12/2/20 1:29 AM, Ashish Kalra wrote:
> From: Brijesh Singh <brijesh.singh@amd.com>
>
> By default all the SEV guest memory regions are considered encrypted,
> if a guest changes the encryption attribute of the page (e.g mark a
> page as decrypted) then notify hypervisor. Hypervisor will need to
> track the unencrypted pages. The information will be used during
> guest live migration, guest page migration and guest debugging.
>
> Invoke hypercall via the new hypercall library
>
> This hypercall is used to notify hypervisor when a page is marked as
> 'decrypted' (i.e C-bit removed).
This will miss the SEC GHCB page that is mapped as unencrypted in
OvmfPkg/ResetVector/Ia32/PageTables64.asm. You'll need to remember to mark
that one specifically. I don't think there are any others.
Thanks,
Tom
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> ---
> OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 1 +
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 ++++++++++++++++++
> 2 files changed, 19 insertions(+)
>
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> index 7c44d09528..95ee707918 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> @@ -46,6 +46,7 @@
> DebugLib
> MemoryAllocationLib
> PcdLib
> + MemEncryptHypercallLib
>
> [FeaturePcd]
> gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> index 5e110c84ff..1e670b6200 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> @@ -14,6 +14,7 @@
> #include <Library/CpuLib.h>
> #include <Register/Amd/Cpuid.h>
> #include <Register/Cpuid.h>
> +#include <Library/MemEncryptHypercallLib.h>
>
> #include "VirtualMemory.h"
>
> @@ -589,6 +590,9 @@ SetMemoryEncDec (
> UINT64 AddressEncMask;
> BOOLEAN IsWpEnabled;
> RETURN_STATUS Status;
> + UINTN Size;
> + BOOLEAN CBitChanged;
> + PHYSICAL_ADDRESS OrigPhysicalAddress;
>
> //
> // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
> @@ -640,6 +644,10 @@ SetMemoryEncDec (
>
> Status = EFI_SUCCESS;
>
> + Size = Length;
> + CBitChanged = FALSE;
> + OrigPhysicalAddress = PhysicalAddress;
> +
> while (Length)
> {
> //
> @@ -699,6 +707,7 @@ SetMemoryEncDec (
> ));
> PhysicalAddress += BIT30;
> Length -= BIT30;
> + CBitChanged = TRUE;
> } else {
> //
> // We must split the page
> @@ -753,6 +762,7 @@ SetMemoryEncDec (
> SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
> PhysicalAddress += BIT21;
> Length -= BIT21;
> + CBitChanged = TRUE;
> } else {
> //
> // We must split up this page into 4K pages
> @@ -795,6 +805,7 @@ SetMemoryEncDec (
> SetOrClearCBit (&PageTableEntry->Uint64, Mode);
> PhysicalAddress += EFI_PAGE_SIZE;
> Length -= EFI_PAGE_SIZE;
> + CBitChanged = TRUE;
> }
> }
> }
> @@ -812,6 +823,13 @@ SetMemoryEncDec (
> //
> CpuFlushTlb();
>
> + //
> + // Notify Hypervisor on C-bit status
> + //
> + if (CBitChanged) {
> + SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode);
> + }
> +
> Done:
> //
> // Restore page table write protection, if any.
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall
2020-12-02 14:38 ` Lendacky, Thomas
@ 2020-12-02 21:13 ` Ashish Kalra
0 siblings, 0 replies; 3+ messages in thread
From: Ashish Kalra @ 2020-12-02 21:13 UTC (permalink / raw)
To: Tom Lendacky
Cc: devel, dovmurik, brijesh.singh, tobin, Jon.Grimm, jejb, frankeh,
dgilbert, lersek, jordan.l.justen, ard.biesheuvel
On Wed, Dec 02, 2020 at 08:38:23AM -0600, Tom Lendacky wrote:
> On 12/2/20 1:29 AM, Ashish Kalra wrote:
> > From: Brijesh Singh <brijesh.singh@amd.com>
> >
> > By default all the SEV guest memory regions are considered encrypted,
> > if a guest changes the encryption attribute of the page (e.g mark a
> > page as decrypted) then notify hypervisor. Hypervisor will need to
> > track the unencrypted pages. The information will be used during
> > guest live migration, guest page migration and guest debugging.
> >
> > Invoke hypercall via the new hypercall library
> >
> > This hypercall is used to notify hypervisor when a page is marked as
> > 'decrypted' (i.e C-bit removed).
>
> This will miss the SEC GHCB page that is mapped as unencrypted in
> OvmfPkg/ResetVector/Ia32/PageTables64.asm. You'll need to remember to mark
> that one specifically. I don't think there are any others.
>
Ok, thanks Tom, i will add this.
Ashish
>
> >
> > Cc: Jordan Justen <jordan.l.justen@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> >
> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> > ---
> > OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 1 +
> > OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c | 18 ++++++++++++++++++
> > 2 files changed, 19 insertions(+)
> >
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > index 7c44d09528..95ee707918 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf
> > @@ -46,6 +46,7 @@
> > DebugLib
> > MemoryAllocationLib
> > PcdLib
> > + MemEncryptHypercallLib
> > [FeaturePcd]
> > gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > index 5e110c84ff..1e670b6200 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c
> > @@ -14,6 +14,7 @@
> > #include <Library/CpuLib.h>
> > #include <Register/Amd/Cpuid.h>
> > #include <Register/Cpuid.h>
> > +#include <Library/MemEncryptHypercallLib.h>
> > #include "VirtualMemory.h"
> > @@ -589,6 +590,9 @@ SetMemoryEncDec (
> > UINT64 AddressEncMask;
> > BOOLEAN IsWpEnabled;
> > RETURN_STATUS Status;
> > + UINTN Size;
> > + BOOLEAN CBitChanged;
> > + PHYSICAL_ADDRESS OrigPhysicalAddress;
> > //
> > // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings.
> > @@ -640,6 +644,10 @@ SetMemoryEncDec (
> > Status = EFI_SUCCESS;
> > + Size = Length;
> > + CBitChanged = FALSE;
> > + OrigPhysicalAddress = PhysicalAddress;
> > +
> > while (Length)
> > {
> > //
> > @@ -699,6 +707,7 @@ SetMemoryEncDec (
> > ));
> > PhysicalAddress += BIT30;
> > Length -= BIT30;
> > + CBitChanged = TRUE;
> > } else {
> > //
> > // We must split the page
> > @@ -753,6 +762,7 @@ SetMemoryEncDec (
> > SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode);
> > PhysicalAddress += BIT21;
> > Length -= BIT21;
> > + CBitChanged = TRUE;
> > } else {
> > //
> > // We must split up this page into 4K pages
> > @@ -795,6 +805,7 @@ SetMemoryEncDec (
> > SetOrClearCBit (&PageTableEntry->Uint64, Mode);
> > PhysicalAddress += EFI_PAGE_SIZE;
> > Length -= EFI_PAGE_SIZE;
> > + CBitChanged = TRUE;
> > }
> > }
> > }
> > @@ -812,6 +823,13 @@ SetMemoryEncDec (
> > //
> > CpuFlushTlb();
> > + //
> > + // Notify Hypervisor on C-bit status
> > + //
> > + if (CBitChanged) {
> > + SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode);
> > + }
> > +
> > Done:
> > //
> > // Restore page table write protection, if any.
> >
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-02 21:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-02 7:29 [PATCH v1 2/2] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Ashish Kalra
2020-12-02 14:38 ` Lendacky, Thomas
2020-12-02 21:13 ` Ashish Kalra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox