From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.449.1614718133325719576 for ; Tue, 02 Mar 2021 12:48:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=F6w2rWfz; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: tobin@linux.ibm.com) Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 122KhpaM055083; Tue, 2 Mar 2021 15:48:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=/fiZMuKeat4msZQUiqnuYM/1ktIFWyoDjhiQMtXAAX0=; b=F6w2rWfzf/Nq95XdpIa0rwd7S/3COTjMY324BB+V/zHAWEIv55QZYebU9qyiKdy4MaCz 5J/xnDsGqZiZE8cI3CAGyZ9/OdlBgvizYiDw5QXAIeahADdiHEC+PuAsmbYJezZIQbl4 mosDFYN8KxZrQkMCPR/5z+u6oD5SPCSKEKLC6ZD8Bhqx5HLQ4knh8RpfCC5ifyQGGQVM Nua7k4XMWO0/ylxk9YpD/sAoaDsmvKCGYYI2y30cRKgEjtBVFLu9akuWv1NbOn3cOgqX ma9reKPUtXJwHA62ftJokuBCeAVxhwUz9JIASoQWBlZ5nzyuZZJ9ifMJSk0rJmQrTArG CA== Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0b-001b2d01.pphosted.com with ESMTP id 371vn9g71x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Mar 2021 15:48:50 -0500 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 122KkqMP028086; Tue, 2 Mar 2021 20:48:49 GMT Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma01dal.us.ibm.com with ESMTP id 371qmuagwh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Mar 2021 20:48:49 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 122KmloN27984316 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 2 Mar 2021 20:48:47 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 26D23C605B; Tue, 2 Mar 2021 20:48:47 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 91ED2C6055; Tue, 2 Mar 2021 20:48:46 +0000 (GMT) Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 2 Mar 2021 20:48:46 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: devel@edk2.groups.io Cc: Dov Murik , Tobin Feldman-Fitzthum , Tobin Feldman-Fitzthum , James Bottomley , Hubertus Franke , Brijesh Singh , Ashish Kalra , Jon Grimm , Tom Lendacky Subject: [RFC PATCH 01/14] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Date: Tue, 2 Mar 2021 15:48:26 -0500 Message-Id: <20210302204839.82042-2-tobin@linux.ibm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210302204839.82042-1-tobin@linux.ibm.com> References: <20210302204839.82042-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.761 definitions=2021-03-02_08:2021-03-01,2021-03-02 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 impostorscore=0 suspectscore=0 priorityscore=1501 malwarescore=0 mlxscore=0 lowpriorityscore=0 clxscore=1011 spamscore=0 adultscore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103020156 Content-Transfer-Encoding: 8bit From: Brijesh Singh By default all the SEV guest memory regions are considered encrypted, if a guest changes the encryption attribute of the page (e.g mark a page as decrypted) then notify hypervisor. Hypervisor will need to track the unencrypted pages. The information will be used during guest live migration, guest page migration and guest debugging. Invoke hypercall via the new hypercall library. This hypercall is used to notify hypervisor when a page is marked as 'decrypted' (i.e C-bit removed). Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- .../DxeMemEncryptSevLib.inf | 1 + .../PeiMemEncryptSevLib.inf | 1 + .../X64/PeiDxeVirtualMemory.c | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index f2e162d680..aefcd7c0f7 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -49,6 +49,7 @@ DebugLib MemoryAllocationLib PcdLib + MemEncryptHypercallLib [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 03a78c32df..7503f56a0b 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -49,6 +49,7 @@ DebugLib MemoryAllocationLib PcdLib + MemEncryptHypercallLib [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index d3455e812b..98a1d2e3a8 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "VirtualMemory.h" @@ -585,6 +586,9 @@ SetMemoryEncDec ( UINT64 AddressEncMask; BOOLEAN IsWpEnabled; RETURN_STATUS Status; + UINTN Size; + BOOLEAN CBitChanged; + PHYSICAL_ADDRESS OrigPhysicalAddress; // // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnings. @@ -636,6 +640,10 @@ SetMemoryEncDec ( Status = EFI_SUCCESS; + Size = Length; + CBitChanged = FALSE; + OrigPhysicalAddress = PhysicalAddress; + while (Length != 0) { // @@ -695,6 +703,7 @@ SetMemoryEncDec ( )); PhysicalAddress += BIT30; Length -= BIT30; + CBitChanged = TRUE; } else { // // We must split the page @@ -749,6 +758,7 @@ SetMemoryEncDec ( SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); PhysicalAddress += BIT21; Length -= BIT21; + CBitChanged = TRUE; } else { // // We must split up this page into 4K pages @@ -791,6 +801,7 @@ SetMemoryEncDec ( SetOrClearCBit (&PageTableEntry->Uint64, Mode); PhysicalAddress += EFI_PAGE_SIZE; Length -= EFI_PAGE_SIZE; + CBitChanged = TRUE; } } } @@ -808,6 +819,13 @@ SetMemoryEncDec ( // CpuFlushTlb(); + // + // Notify Hypervisor on C-bit status + // + if (CBitChanged) { + SetMemoryEncDecHypercall3 (OrigPhysicalAddress, EFI_SIZE_TO_PAGES(Size), !Mode); + } + Done: // // Restore page table write protection, if any. -- 2.20.1