From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web11.14803.1624902221596454123 for ; Mon, 28 Jun 2021 10:43:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=fHy8lCV/; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EZkPWom0wYRxhFlnGlH6e17Xm3q5Fq9dHxVo9ViYGrNANj6OIGGboicSvS5u20APJtAaZfqew3mZe2KPsaG5SYSuz0QTN+Eab9Nav8GN+6DWawRfDYbNFmSIL2R+d2OOGDVpfPdmggj+X47w1s11ueanpReNJzKzC0V1EZTGKxJS9K6Hk14qVrR0egpIracwKACvYS1Chw3ihI5CFBN5d/qFFPUIHst4rWFPRVIVhpM5d///zXMgTVze8N2RArK4Rtx5qtqDoaSxkdkhSXkft1hytoGZI+uA/3RJwKZZQQIMYyNoOv6UUUv1e7xuxhfG/MsB3lOgk5aKhuVB9XvxaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=Wg6fK91xmB5wlqYJN7jS7dXI7fDOMTGlor1MOR1e9tWC3kZCRtT0tCvV1SdjxcHsPfSRKOc2slLQ5gPia+QPpnR5qTruQh5OTplhchYW4FRso0EI/ADKGZSbXRGwOoA6eTzoUvUBSmtQugt7UWNZx7Fmuf7gxCXx3jMmhH4zfOzXvFxUZXXSNbAdnZQDxW0mQv87ldHM4ThB/zFaATEMW43k9LZMQXKT1wpUoLAvLz0ev49AHLCQylHUjuaqH1qjSSAUk5ZwpD2e/n6dOnZb/fOU4/AtGu7QeClAvSRB65QQ5kzHFDDBr4L617jJ0hAPaNp03EzHl5i2Joqet35P0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=fHy8lCV/AC7bCb4yTPgjqsI6zXBj+U6owlkBgos11Su4nNBwJ7//9Jx5bcoYhiT5+rxH9gPHKOSqHU+9sx0WoIz+o5Qs00bR14EJpBEVOf1xsobn68u7VfXEEYQIq+BsevJ5coRG4pVOTY5cF+e5CtpW8OIrL5yU9difBZH7gtA= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:39 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:38 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v4 15/27] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM Date: Mon, 28 Jun 2021 12:42:11 -0500 Message-ID: <20210628174223.1302-16-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 16eef5fe-eb4b-43c8-c22a-08d93a5c4318 X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: h63M2c4hOmlqH6Pknz/N16WpxeCXGGaGoI1mkRocNpNkR8WCZhEPGiqNNbf6eAC9/qyM4Kp/7gp9Q7zPQTEtn+2iA2jOy0yXdeQM/r1rSHFBkB+ET7hkVmZ6ofMZxZnHBiy1IPZaBISDqdTtCEqq8gdMUTovS/ClmMJ1Imw6L2acQ8rP88DF8rKCUpkgtD8earoHSAygG7FioicAUE9tiHJwcXsP99J65HO023d12AEolh6wmkaBfJE3llVkh6JGtPRAMBBvpzvsTFgM94NRkmI4lOpnNJQH9gfaNSOJa923QkpktKa/pEK9RcsXY3VLov+Esbv2oiGrzxgGI/z2dMfR53J64fSvsvT8KYf3Ib9W0bsFXmn2rB1eTdheIJ6LnvWgBeifMCIVKA7nUkxHe8d+xvRLk9T60XdOZ+1yZRhE+BZhmsxV72jRygUHQByORWEv6kirrSJJu7Ido70KIBi8CVKq9oIOdUU4UE/UF6ml1XJsxUtzyMsM/+mQOP2cIVOnXiOf8PUEJ2JxzrHq27Zc0pKmIM2vRc+PB+jWXZcGIFi+Ya6O9UHKrpHg3s5mjvZbZH/5c5zpd6g7NX0dhJ3gN9OQ9Vu/LALJ85NSv6qq/YU6QFGFvQ4gOlfpCTnYkYsYGrMAUSYAAmg4EWV7T9z3KmE7waQeZCQeId8oVyFEh8TJpTs3oBpjQV+zPw33fBF7/WA9G4n2U8+aiDgURpB2Uf2IlI8pvRlgfyCnE/eWS//E2CuH3y0lXcUC9XO5k3QAFwON+STI+DHBI7gUiz7kQMvFYvUfzlbGhkQoRg9nbddBlh9pmYfkc0eVzs489k8bHUezx3sYN+rpMGRBu05+rtap/C0fEA+2GD8U+QQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(19627235002)(8676002)(66476007)(66556008)(66946007)(966005)(15650500001)(5660300002)(1076003)(6666004)(8936002)(38350700002)(38100700002)(4326008)(478600001)(52116002)(2616005)(316002)(956004)(6916009)(7416002)(86362001)(54906003)(2906002)(7696005)(83380400001)(16526019)(36756003)(186003)(26005)(6486002)(44832011)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?G2RPzA/R77cZ25npr0IHJZe/YSeuvah0/mf8NSC2woWCP1JG529prvuSVL5U?= =?us-ascii?Q?C5wpgKvZ1N/nwLjbj8XdPs5MAB6ZC5+HgSnJKi0RRu7wftuJFb+KKazKz2Gc?= =?us-ascii?Q?7kxpMOlWyMvaYrdKT7mJ3EzoSTuv1ffzpFFL0O4KTY/2owA9sKoTZrUVt/WD?= =?us-ascii?Q?kmnt0Oe4snYakbT4GboQe2m1I1IkRYiTYHYv1LAC90MDmGycuYei+b/DLqoQ?= =?us-ascii?Q?luZzdvACredRcQ7hdvWyXcH5V6ihZ9sT//mJYenB2cEFwGMDFDzOqvKOSY/2?= =?us-ascii?Q?xEDfIZCwQMY90G7rrKZZn8iNs+CcoCKWPzaxcDgCYHfh/x+K85o0P7FB9yxa?= =?us-ascii?Q?FkXZLxDNGFqlExNFibczjAOe3mFSQImrDTjoBSOU57uDaTlDp0IrmzN7YONU?= =?us-ascii?Q?ddkdlzzDyWYZYDRq9k24tfznhu2yFkjJjxineBJCerIzVRD00blYiv+s8+Ci?= =?us-ascii?Q?maS7086rEg+7WdNw+cjxgmXs/c78spY/a9TEaHkaScStNl688Y225vp2ZYxc?= =?us-ascii?Q?MY3ZixnNGPrI+BRMqHbHWwYKZBUvWJDPdF7wmyUEDhiMWmYiqNqso1r5juCQ?= =?us-ascii?Q?V7Ord1VZ8NVDPdVzYt9qt6bSCFOjsKKysfb1b4B0S4wT8tbYxB3BqfdzdwJH?= =?us-ascii?Q?lWiq/S9+0vNtrDkvVY2D4t/FLeraokj9uh1wTRy/KwulMTdBoM0pBNLUGEJV?= =?us-ascii?Q?H66t1mLHdUw6pzYpGGPJrcSeIqndj45tmKPhG3vTPOWrvlaodpJD/gydyygj?= =?us-ascii?Q?JMZFB/y0iWYmYdxcWlzxJmSQnO+wmdvnnXLtx/tuLLn2CgUX1V4zZtJZOZqX?= =?us-ascii?Q?6rmoZC+uk8pJ9+eMangcr+78YxfJXxR3fwBWKQ40H+2IB2ngtQ5fbYXEeZmb?= =?us-ascii?Q?4hpKs6q5a/Y3by1X+J21GrRr+/pe5nlECacF8a39b2tsBNkPWiTRG8XPqh4h?= =?us-ascii?Q?RBcYaKQ4LLknbDOLgNrGbyHF7+qtsszvdscaUlx5Q0iDGUfKdHwXVzVIDmL3?= =?us-ascii?Q?f+rnt2EMbUtwn6hIomKjP4JmnGatuUbRDAPF8+piH+me7VhHAOm4eSKmUHH6?= =?us-ascii?Q?EIymcbrScNXVvPP37oHaaGZLosSHy4YPKp7hi++3nNrDxfyohCAR0p+3iTcW?= =?us-ascii?Q?xmoM/Gtzgy2BVOI+RA1Riy00YmuS1oBuFYXsXTEQZGHEtDk2eiXLM7sIlpf4?= =?us-ascii?Q?VPGiQRSvnKbOC9wRK2hiIuzAGe4aXzA9zUonMHYToy0MfZsc8MpuyuFw97AV?= =?us-ascii?Q?qWGCcfF5Ou/Z2JUfLLNANLsxUd6vFrNwqdNqufmD0z+sT+/SdJGZSya3d1Yq?= =?us-ascii?Q?A0yqG3SSTFjGWHSjNJuScuUr?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 16eef5fe-eb4b-43c8-c22a-08d93a5c4318 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:38.8113 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vfjkbwDN9781VeUPV2YlB9/fcKq+uMj7xv4+A0jpzqRIWq3ske1uLlL82958K0TC17zgQtXbTkphjFI34AkPnA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../PeiMemEncryptSevLib.inf | 2 + .../X64/PeiSnpSystemRamValidate.c | 65 ++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a1028..f4058911e7b6 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 64aab7f45b6d..3e692a3b869d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ =20 #include "SnpPageStateChange.h" =20 +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i =3D 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress =3D mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress =3D mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)= ) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + } + + BaseAddress =3D OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress =3D EndAddress; + } } --=20 2.17.1