From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=Ajc/qLbF; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BnBC6k6gVjuAw+SQeibjZmHzXR/ysjzLlLL44qlaYol35ykuBeSBvwwjO7Lq0OuF+woN4RWJv1+aglSJrnrnpz3jj2Ew3ZgMeW8rexBZ8fY4zX8TFyCAhetmgae2xWH87bcnv2ViurlLzKcveUAIB5TjtApgo/WMI6Dr+5jsLol5zPmxjZJ6SwGohfn3kbu7qnlojVPsBFaBidox6IOXgefvvOodxADLyVLOwzscLVSsWxMum6Xb2X3f6y2Pgm8DgLd9Jz+XjtLxMkc0rSbDSg1G7eXKqKmSLweN3WacJfQe66wY6+bA3qznXMXIuXKmyDQNuPFEw9B6lJHlEzIdKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZfUBbUUPnLeX5tHcCLnMUtoz3rJa4rgDDInBo9nO/Mw=; b=lAfLtBTQbC6/JtGiNaJtBDOxFFWq1QvafwQGkuiABeofLfXiITntEblBlXJSASskCFBFti2iecz99vFahJNp5lJk6275SnFydMpuaDoHkHV378re3C5mKDq1T1f3zm7iy2tyEjqHl3V1RieEX8JSNhG1AFBFP9EdBw8K9l1riofnqm7J9hBC/QVgddheqk2sx/2l77vC5ab1DwlUbmQryHMqfdg0rHAU6owDHz15Ig2mEVoFLZiVbp7aLwajXA7YIaX2h6BAaWf8AdPfk56cQE2kVt/q8BjbO8s0U/vDe59wPl1UM8Yh1I+NZQLLxLUDJD+jLZp2j6Qr2iN4dukTVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZfUBbUUPnLeX5tHcCLnMUtoz3rJa4rgDDInBo9nO/Mw=; b=Ajc/qLbFMUaP288xdXxTttitoqVLYtFfQe0DTPRa1vq0dqhwKPmwRGVgRlzOHzL1+6brZtrvNBtE+O3eAw1if9DpzS8Y4Xb8VfYBZmF7wqDV0GanzNzApXRKP+DF8YlKcM8JafDm0Hr1fCjcahuW9EEFUn86nfdY+LYDd2YsO8o= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:31 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:31 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [PATCH RFC v2 22/28] OvmfPkg/BaseMemEncryptSevLib: Skip the pre-validated system RAM Date: Fri, 30 Apr 2021 06:51:42 -0500 Message-Id: <20210430115148.22267-23-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 59ac87a4-a91c-4db1-9db4-08d90bce6e94 X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4sEPwLSaigBzOQxIuap8i/Ic1hTkaM8vGs+Opga20cO/4uiOQhDrAshjmqn1n4offqykHWrXRtWrg7z8fGDoYNbDst4y4kjXKXcOtizKYAk6YhTUKDWbngt7LP4G8yrlhT2g7kYyk7kK0i1TpIqZE2aTaVTZo5rFqBD2IJCWk9mFS+EFxgXCm++q/hoG+4Km3u2N5Q27OvXB/fpbr+JfJSi4DHAzgCDV4kjfvmVIEmGxWk+R+J3yklpmna4pYLfwqr0yKGMKpHb4cofzq6F8zuMyEPKoiTqoctZpivahUVKKFmF4wZteaounfmiejUZ/q5FaQgQN0LkuEdPc6WPmlKmUwohmbx5WNXUMcG19s23Jf6/lfQVG/DcWpRTerLEHgCaZUnJUrea/G42lVS8VqAeLMISV17qA+MRdWk3OXuKN08aWeZQiJN1WpaE06BH8MVPz967rgSq5nahNaXJF25GvLwroJYouEO6OKTIdBVnwc4rk2Mj00sJSn3a0ZMj765T8YU2228V6NoCCd5O1IMLL8GVYwFC9+AM0mEFSyWPKEwEP94FACtS8jT6TJ1zFYsYgaK9hiVhmpnHdFsD1qkJZSsKMiBoY3cOaEml+4+ZoGCkzqZPqpAUlzu2Sw095OUEXowX/R2fwztZ7KEFwXgjzI5YK8qcg6mSC8joZIguIObhi9NnLf/o0CM19rTq3UP7vi771JpgDzZMkl/azhzrc0+Fsdl5t2i0eM/823uI75uk3fhtq/QOsoLouzmXi X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(396003)(136003)(366004)(376002)(346002)(36756003)(44832011)(16526019)(52116002)(2616005)(956004)(66556008)(26005)(38100700002)(54906003)(966005)(1076003)(66476007)(186003)(7696005)(66946007)(5660300002)(15650500001)(6486002)(38350700002)(6916009)(86362001)(316002)(83380400001)(2906002)(6666004)(8936002)(478600001)(8676002)(4326008)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?61xpXHREM+f0J2LSAbXfw9gjAp4kl4kKRFJyMT2+DEHXmOZJcdMLbFp8EVvz?= =?us-ascii?Q?zNkrWDAh68yHW+PDV7Y1RwGN1jlLrn3tMbOnPglWOpEOMZcnIKlOptfo2/AD?= =?us-ascii?Q?TtODlROpiDNFBu4jwS9H07OjTWyehC3uH22wQMomhDSI6S++lCM0qfoU62EJ?= =?us-ascii?Q?tKFC1gM4a6hoku1j6HtQftF75wT2C07ntgIPLe7X0ImAXJ1Ygw5/a2fy3cxF?= =?us-ascii?Q?QSwZiUtg/tIazsvsdcpIbSjfm8hYu0ytguOl+hkzTCKkyEW7MWk5lxChU8u7?= =?us-ascii?Q?/wgbRgMFRBdv6Qcgr82b9SlzBv3vTgyVHfz5ybT5iIiIEp9a1A2LPGEADRpE?= =?us-ascii?Q?xyqJYus5Sz/bsB5TYpB9P9Lk/oVWGWua/jg/YR9UUowDCpbQsjXKPXNPNS0q?= =?us-ascii?Q?dkvcVmdbciYBhEUWP8ao2gqdjGEDkpOWUUNwCPkzbdTz+RoGkzI8hJFU1T2u?= =?us-ascii?Q?Z33GsyNOPz/HKdrMaXuqcwMEeA2WMVa6STaUdEJ8NMVCvtQUK2PQXLGQ/VEt?= =?us-ascii?Q?hUY0NNaiXJk15gJ/GLmkyGuj/DNaSTtrrDiaIkpPMiWtTvJwwSVIqu78IIU1?= =?us-ascii?Q?JOA5Qassa0DLW7Ihvb+g70qUZJa3kwDGm1lMNhNtd20Z6G+PYdPXwJfAkzmK?= =?us-ascii?Q?ufR/qYjgv+50lx/u8DvWWowjmuxKR9SWndACcX9EVl+8o8YjVBRFy62U2skj?= =?us-ascii?Q?mRTUaqqU0o9MEPAGzjrWdYenuMGEP4Ea7uN3TsqoStpvIleb30WBENTw9B02?= =?us-ascii?Q?/qNBi8W4KR+G3E7NKVC0chRFiQpwn6JbT+VcSr9rph6aPv4G3Bqbiwp9Lx75?= =?us-ascii?Q?+a8vbVATG6VEwqv2t2qedaGCFWZgRplYrdt0Prto0uP69OASGxa8KfWCUMIt?= =?us-ascii?Q?7zEFgOgFr+Hkor0/MgTP3a1W0IBIFxKcK9C1STqtAEnqYxoBe0WbMRYUXygj?= =?us-ascii?Q?/LSsXn6XpsS3POUTLToOY5FRKC+NoN0vf6voY3WCORH78j00/dhnnPFKI/Zx?= =?us-ascii?Q?vzYdI6SYbbYz7MmhPpQ9pJHB9M2q9EkvVa8XC7Vj3sIRLiYHk06cUViDBM01?= =?us-ascii?Q?gbK6qwZCBIEebTa2Y+ikgkKH7Tsuyf3ekjye0teRDkfk8mlTHfhtc7wHpuwL?= =?us-ascii?Q?Z/MA6MxKwBc8XllnrxF9odm5YcmFjcSqR4HrVL3EQHX5t+/NdtL48rixyQwa?= =?us-ascii?Q?cg0L9swAWAfGivxZdga3PHiIKGbsOaqRrbyJUONl6qD9Vd28VF8zBwEny6Wo?= =?us-ascii?Q?xCOHXHBY6KVQaS/YdP+0L37+1vUzBT1CIax43CxZ2UNBX8VdtkiSvczMxsWW?= =?us-ascii?Q?5GlSJvxxht/jO8owfWHJDcIK?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 59ac87a4-a91c-4db1-9db4-08d90bce6e94 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:29.7447 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xJAhQqTdP64+ehNUvz2x/9B6yRO+6Mi+PywtqnU3OTF24My33EbC/foEqcdiLbPXsIM+qAZ6q674DP1meW//Hg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 2 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 65 +++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a10..f4058911e7 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index ba673d193b..1fc3337f7c 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ #include "SnpPageStateChange.h" +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] = { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i = 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress = mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress = mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress = BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages = EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAddress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + } + + BaseAddress = OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages = EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress = EndAddress; + } } -- 2.17.1