From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web09.40.1622070711612080194 for ; Wed, 26 May 2021 16:11:52 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=GMq45onY; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=luMuXTMDDsLrN2STW71iOH4W5y8NJkft0DXr6gND1n5Tb1Uy6j5vK3fUD4v9GX3jW1niKy3azNrtOSp3ZcceKlI3W7GgVOCXgivvtDtLBPK5sGzeOUQ6Ni41y5QqBn2PJSioHOK3MLa+Qj5D1LCmSU9FGzsX8B8mXOw+vEAEyMOpTCufcH9utTWyhur57ejkaX27w0In6XoDstPEU2eRHz/DNHjkPT94WsGDef6uP+or7GxSuIirjaO4EFIzjkLaqXZr3P1uQXF8Da6UWkd7BpW7I75MmaoQknGncgnrP8Qq4bdEvBQKDoOzbNEaQJ+gv6n24BN+iFTNbZiXuqkyLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=OBBXnGQF36NnSTzzwGCOUC/SId3BMtcQYScwCGIBAkLz3y2RmzSByJGV1IrPWhCEARpuHfDmw02n2EO8OXgPcjRGfeJ6UKGrpaiZwL8rUoGMeFYthBvm5fjdBTa/0YD8BgVMjp5ncL47gcnowTCH66rApQ0yTGmeNsICsU4UAB+KkkSALcZBJ/oOUXzxOCthHAZFaov0kBbxhVmUD7A1lwrUFwAXcetXeXu07Fo2nc+p1PFmdeZsNYVOHAKHdzvE79CfLQ2KRnpjiDjkIXnjaMUXqXoBjGuhIlolKEi1LVhvdRQ1bDH5Qut1KefwA2a6kuO2uBYWqxW1yg2Rtq/Z3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=GMq45onYEAYMuKwQ08UU15kLzIrkyUz9hKja6Kcu4gZptMxlBMkcWt4zl5T+qsy14GzRha8RX42wSTyJLAL+JF5mvGV43vZo+jpf2+Aa5BKpmp99CxgZ3RPvX1ERySc2Q8ZLhS5fXzuKwUsH13sDY431L2bIr7j+1HhQ1d0D9no= Authentication-Results: linux.ibm.com; dkim=none (message not signed) header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:48 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:48 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [PATCH RFC v3 14/22] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM Date: Wed, 26 May 2021 18:11:10 -0500 Message-ID: <20210526231118.12946-15-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:47 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cd3560a6-7e5a-4860-c140-08d9209ba337 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XNDGHF2GkQsV9s+4VH1069UaxlpsVOa2z0N+UP8eZN9F8GG/mC/W4sB7cXCjXhzPqFGS1U5hIhmSPSyvtARLafGqpNTyzTzFsA9SJ9E/XngC86/aKH6+HtZLgwu/MGpRhnrlJgU821g6u7IDtWBOgzYHUfLuYXxgYYgW2fhsBzvuX8CKzSPRsxzGx7bvg5HPN7OHUxIjluUCnR31zdfqQrA3XgvIOHAqQyosqvzJZl4vx5GyxXyJ+MJQXjIhHfTzyTvPo010tkiSa2/k9puvchroie83XXfqyUJ9KVuSo5jtT7iDiUDToikWO6ryXkyYdPeNN2BoOiq2UE9fVBlebGbYmRBgc2Qgim1RT0l+A43DBUDdpKj+KPazpevilYuZheak9jBmuRfta55TZI/UPsJPUC14o2VXnqKyyLltfI4RJ5kluki6jEz1XfcfBNBTM58vzjfsAspCxLteYOk7VjihAE7zTF6wqc/LC9mOarlq1Kg1LMqeEr86EXRSjKZSjO67jVu6DuIKJy3LfhykuJI2o3uNagThEFQwIikgDQK/9W2AR2rKtanvJQkcTeXVCkmsZgNHURJObWhGxBrAZ55Nrot0JXHndiSRX4B8DFV2UTIjHTFSBe/VqmML8uSeWh6wSmCYX6jt5p3vJ1u91lKzXynJBqnch6u0vTrpBYrL0LiDId2tFDfKF8IcYqJ/NHpoLpzyK5DGVOLD0JjV0Gxu/sgpw8J58HpC2dGfO1I0OqBNzv1W04WHUCeWmaPzVWSMheYREAKipaVDkwrk1K7SlLNlH9gj+7tgrTWrnxg69zfn5rjhQs1CZLT83bZv X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(39860400002)(346002)(396003)(376002)(136003)(26005)(316002)(5660300002)(8676002)(83380400001)(186003)(38350700002)(16526019)(478600001)(54906003)(36756003)(4326008)(86362001)(6666004)(7416002)(15650500001)(2616005)(110136005)(44832011)(2906002)(52116002)(66476007)(66556008)(7696005)(921005)(19627235002)(6486002)(8936002)(38100700002)(66946007)(1076003)(956004)(966005)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?f0JDdNTgR+UEDgNO7ljV9MFzOn+6I7B8PE5olPv07aC9K2szY4PIAmApuggr?= =?us-ascii?Q?w3ZNWVkSSzkNfXY+9oV0FzKemXE9O5pNw5IJXVAxVRDE+MGMxp1sGxbn//2O?= =?us-ascii?Q?KC/9ev/O1U1B+pTtXEB1E/6ii4mFFlA8SLEAs1eL47fhxGHcwAS6Fo0EXMQR?= =?us-ascii?Q?HqZ/SGtGy4GdWDmjQZTRt3yea+szAm9PEP7CKbtuQxgS8JYIE0SJs+4TLqXd?= =?us-ascii?Q?T95qFOA3RXJateo/6t9sTeohXnG/n2bmTFvyGXFBfBZQpUyapUTNnRwaxpHn?= =?us-ascii?Q?2f7esdNa0lFkC+YnvzmGjVlNUBLpMS2Zlmumu55QWzXEyg9pj/CFvxy1J4qG?= =?us-ascii?Q?aPKxjnhDK2LzYALg4teKMTNwVipj3Hcy6ll0ywSBLzziIm9mVkpXz+fOCVY6?= =?us-ascii?Q?ZshPYYlLuBXVCvftBQaF+BFducBn4xuOD7xV7Opi9NTOrk2ykRI6mWfXPeUL?= =?us-ascii?Q?htF4RW0Vscg4SCDWEyYZKhgrzH+RWOartnq0cdhwy6foczuf2/M4aHWzIO7K?= =?us-ascii?Q?r6zAPcIZyZ8iCz0nxiPNKdMrQ4p+i8NvfcMPOCFD1rhMp0upGV398lm6q+E0?= =?us-ascii?Q?Gvmwc6tgPNAhXAgXoQUGLflMB3/JugSCx6TF9/XeGHQXS7UtwoClUicdUAe7?= =?us-ascii?Q?N12C10qiSBgKGxnAcJV17N8L75f4nEEIIy7U2SQt9B0+l0/bGdzCxybdIRoJ?= =?us-ascii?Q?n9JW98Reb3kJ7Zn93ETWi5hj74XIt//2QJUtK6Y8upv1RwwiepymLZk0vUS7?= =?us-ascii?Q?iR/hHqSezd0ndzXYIzBkYAEft6Mj86wPx7erTrQyfCgSAaHpU1xUQrSq5FNW?= =?us-ascii?Q?7JVh0LQz5G0r2Ng24/gjiu/MXHjstEDwj5XSC7taQkpCdy8jL6EHSAhJIsC0?= =?us-ascii?Q?U55iuaiLVIv3E5orZrEHi0kzN7gwkHrcIwLzrz+kKNtOJtqa0If3fGR64hTD?= =?us-ascii?Q?++8S3Mv1Z7eX9d0Y7vnklG3jSKq8vSMB/5HbST70OwhCUloqNloeGsyO4jx/?= =?us-ascii?Q?5Hb6zGXPCIl/iXOvygO3lR6sjlVd9sNbsxQcUwrwGZA/Ri6ZWJfaDPevHibO?= =?us-ascii?Q?i0miAAIaN0fD6ZHe3b0WCULAOZW/wwAOUVZndat0qylAR9TuF8uje8Fg/bCO?= =?us-ascii?Q?HXvlwvA9Lq/vsBCjnVgAcXpmkrvvQ3eYSiKnsZVpc8fyi0QLxuaDoGMDrk0K?= =?us-ascii?Q?x7Zv9c8Mp5ENO363jHNYYDnV8/pntLgO1t/9xLCPf2umfnCVxVOnz149Bl/Y?= =?us-ascii?Q?j5AO3cH9RLbdBxkc32kYAy/VQ5OMVotLwkWE2CN5SVxSFwuo8w8FWmHvkmMl?= =?us-ascii?Q?meQFyfwmN/iAx27NhqlEG3uz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd3560a6-7e5a-4860-c140-08d9209ba337 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:48.1604 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wiYfhlTacXg4Hg5GuvAAi/2nqTpZJJ8hzKKV8iQEt/vXxUjtFnRU0LSg7iB1/kloZ0T2/ILEQgPHIAL3RmJ/rA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../PeiMemEncryptSevLib.inf | 2 + .../X64/PeiSnpSystemRamValidate.c | 65 ++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a1028..f4058911e7b6 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 64aab7f45b6d..3e692a3b869d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ =20 #include "SnpPageStateChange.h" =20 +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i =3D 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress =3D mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress =3D mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)= ) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + } + + BaseAddress =3D OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress =3D EndAddress; + } } --=20 2.17.1