From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.88]) by mx.groups.io with SMTP id smtpd.web08.5393.1625057666050764756 for ; Wed, 30 Jun 2021 05:54:26 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=NfuY2eXI; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.223.88, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cMNtrSdyjnFFllY9VT86WmXNlWc3/QNIZFw6hrvjmaYwpNt19fiDBVAH5S3+tYjN2TLI+lNIgPcc7Km/oV1d5URSYoUy2Xy8sUdbqhlo6q9rZA0GbjXL+J+AhP/lpiieOjCVo9s9Qn7TKGSCQ62DuuqwJS1AZQxXeI7vIMO7RHB3plt5DNm2xhY/sBuN2r1N7Rcl0SbnF+bZTaNdePlu7swviSmrh5IOuSeUE55HnWbQd6CnSdySn0t3e8CvB+9jNdEOZR6KwhTt/zpq+ZQ/tQA71IxH9NqLHyFzYuewBpG6Pa28aZMdrNJfaoTdQecY1h5MXrxr/WMAyfXtBQg8wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=Z0ZJBDt1nkbg9634gVNLRuZzsPqhyFI/8MWhrOqMH3Cqmf8XQijfuPtKXrPkevTwhnE87BPU6uug6SNr2KHh7nElWBGv/O6h0lj0STpHvQUqan9jvu2AgncmnLvfGbWpi2dVE6jrPA3wSF76zTX4ZXw9Qdp+ecUI63n366jr8Xz+zfxYfX/0A/vSxP4CoBckPHi22QQ2bYQ6Jta6FFepDlO/lyr+exAlvR41OJEGIi99c02BTeOSjRhVvgihQr5DyEPkbkP9okBiUofX+Kl8EoMzpUA32/Bv9UJIEtHfKAfRCM9LrEo4n0PF1rvcjPOvHMMcqotPz/4oaSD1gjDbFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=URSxc56vVLsOwHj2hHLtVzBkpJZsLZcVWeQq6C9vkO0=; b=NfuY2eXIA4bBi9gPL9s+lezT71sJLX4SGJDqs6vQ7fr0uLJZT2ktqYxwASqbBjKEW8CNdUyxfCGbgXI1wU0VUswxKoQazfQ9sO8PR1QeIrY4Y0nGuOVGy6JqUu0hZpT2J3+XM4DSeetHnMO0ZoWOX03WHbJN6/czfDVMfJlbfsk= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM5PR1201MB0076.namprd12.prod.outlook.com (2603:10b6:4:55::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Wed, 30 Jun 2021 12:54:24 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021 12:54:24 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v5 16/28] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM Date: Wed, 30 Jun 2021 07:53:09 -0500 Message-ID: <20210630125321.30278-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com> References: <20210630125321.30278-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 97d324be-8886-4a46-90d9-08d93bc62fd7 X-MS-TrafficTypeDiagnostic: DM5PR1201MB0076: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BDIOQX0aPGKkB9zTrm5Z3nBFXl0+fEpCMI2qbjBLGUuvHdqnySct8iy5jBSp3coN+6VKtWpSysaucmQIUx65D2Rq5nICXL1A/t2Fvr8G4U/2QNDuGfAetiZexJ5y6kiqxDUAKSmCJllJRP+cEl7nQpB11xb+ipaTMbLCLx1Hw3/INWq6L0EPs7QEP92u7mSdTJEbskUuHCS6YV/uNj3XUAxkk9Ld+2pCXEks6Lin0G1o+iJHiohFMFPgCJ88N8N8szTgBEypRZOpi8mimN4d/VedIi4t4+oYqvHKZ/1CivWHMANOdn/VGmDJFtDn4sj0XTmpDMUnniJt/unc/uS2quLKMglJnm0qZJB+QQvXau6MR0aCSikNAx567UbFRMFVOySx3shOzz9HizXCuegdOYbM+B62duueEPpj9r+vUqg+vUX9kmXofyC4Bv39MnV1wjav53NkigEc/+p07sLekeZ2hajgdbnjxaQJZoZypU/4RAil2cFwlgj5hNC+NJc9SsG9Runuy+xR90iZmD+S9y1hUK0ggbwNbGJV/JSIOVX0xl6iKkN9CTb1bqnth36KjkSuyB4PsSTqzKC0lq+5MXBfpnxX8xMUERM6bo5ALbvg5gdJnUE1e/Of9eF81Ch9tEkcWGDeB12doQNsX6tUoRCMZ+l/ZlZg1oztwYodzZfxsT58H5bLl5olwShRGNGLEVmXB9PBqjehIlbPfneKbPepZlSsjaxXZKb2Xvg29whFpPlQv0XG60sXZkpN5uOvgTP10VW435Zl/DFcDopPs481VdHgCmXotRQ/8QdX+b+m+JR78zE/iqRDVwb1ak+mwGao9Isb/mVVfNuNPFM3Ycieb4nbNfALvHrGnl+DQxk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(7696005)(1076003)(8676002)(16526019)(15650500001)(8936002)(6666004)(2616005)(4326008)(956004)(38350700002)(38100700002)(478600001)(186003)(6486002)(19627235002)(66556008)(66476007)(26005)(7416002)(316002)(966005)(86362001)(66946007)(52116002)(36756003)(54906003)(5660300002)(2906002)(6916009)(44832011)(83380400001)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?m8Ph1qLdt6mSP9DN9hTtdCzooG1qY4UXpvmgTyxWIiFsfelc7pISMMyAOP5u?= =?us-ascii?Q?HO7Xa8yg+X0KVsRsjo657RnRjhZz1UuAKqxC4x36w3HMoqixM69yxFFAn//f?= =?us-ascii?Q?c2/Od4vqtUkYBrbIwwBxYfmOZitwuLhWN4gJewX5X6oSHpaHpQ83Il/pKCjo?= =?us-ascii?Q?g3qXNmYq4WuldtxiwypGtNS5S4r9bKTTEP5jaXZkOvrddjKPV/rNrKIgLNeo?= =?us-ascii?Q?3DynSzPOptpX1Obqo/Vfw2tXLKJxV+WnwtqvPkynfJe+x8ePCdB5KABP/2xS?= =?us-ascii?Q?UYxpa92m2/Ct1BcOoBsENv5XNcH/DJgZcoMPR5EAH13zMCUXooZroND6EIfO?= =?us-ascii?Q?7ALOzbwjDcO0sMViJ0WLchZ+Qe8Cb/yBr7k7NSp1iYQns04XHPt9HFRsfrhE?= =?us-ascii?Q?9PkjSGhosVnOXtzD+/LNcd3EVuObqgB7LblaQO/T8YRqWhjBbKuU+hwar6OV?= =?us-ascii?Q?F147d/S2ug9i1Qo+h0+2o8Hjtsg71p2i7/sp6V3LCnxuWtDxJRbVwgjm72E1?= =?us-ascii?Q?2pOrBOwutnQbCHxogFfqJqfYu0/1ElPGD/+Y8lMKjAky0y87TWEBW2OYUKM1?= =?us-ascii?Q?c/ktnbCt613Ds/GQkmV1UVuoQyKo6tPLZn1d2i6bJao7hOrq6Ns+71Fnk0FK?= =?us-ascii?Q?DYkkWsdvMe5vEnlLiU3rkO2o2k+xjEXuNwczEt1Ui+uNHML1xdyKhAWSLZiw?= =?us-ascii?Q?bFNCcskzIaVnpZUFlWWAQ45BrxW0A6VpuiDSpG9VaFMr5z3WKQ0U5VA8rPQ9?= =?us-ascii?Q?1rp40PwWeZJUHzkU6S63z7ypwTCCWdB+qS9OiO3YviGH5h1VkQYqFtBT3DfD?= =?us-ascii?Q?MKUWO8fHRdyIRVnDjvT6iLcqiW1IuuDM2RUuPa9saMhXsvkF+HxeS73XsONW?= =?us-ascii?Q?SvLzfLpeCBwyUJSdsf1ARdGnH9tjkHPQXTGIwDOPddAO9qylMDNsdx1nunH3?= =?us-ascii?Q?JyqqYG7up/q6PRCCMMh/dp4YWKsn9NOaxK6h/j+erMcSiZFjJgxssA7e03Ks?= =?us-ascii?Q?VbTBTMxB+szYpF7jDlTOGe87XfqRVossYyJSlIeEAwjTbumbWwXrzOMcMm//?= =?us-ascii?Q?kiGQjSJ7WjRMTQ/GaaTopW81aR4lKn0Ee91Ogbatt9z7wJ5Rur3LWRngKnUR?= =?us-ascii?Q?1VWFjQGtipYrF7x+WAoGmhn6d+R4O4Z5B0YILtPfMzLCe8FL8VkMs+MdGXjy?= =?us-ascii?Q?Cy8APdVGmaFWp8Fd4YLGKzblld+QB/S0EkKo4RLB26ZMJnOUQFNGpQb1OTb+?= =?us-ascii?Q?p6ZgRB+tn7wIqFF69IXVl34iJvdpd2saScwvYDuiYkCVp34GHh85G7xkJRDt?= =?us-ascii?Q?V2SnK6/IJz0KFtIF4ujlcGtt?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 97d324be-8886-4a46-90d9-08d93bc62fd7 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:24.4094 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cXFmrwmNq6o3l4dp1whdCxQ35zduPvLlpdAepS218k/e/RSynw5zXKTS70HuLR6LqWn0sK7rP8XrC0s9SEuLSw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0076 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../PeiMemEncryptSevLib.inf | 2 + .../X64/PeiSnpSystemRamValidate.c | 65 ++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a1028..f4058911e7b6 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 64aab7f45b6d..3e692a3b869d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ =20 #include "SnpPageStateChange.h" =20 +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i =3D 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress =3D mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress =3D mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)= ) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + } + + BaseAddress =3D OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress =3D EndAddress; + } } --=20 2.17.1