From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.61]) by mx.groups.io with SMTP id smtpd.web10.176.1630513061970038126 for ; Wed, 01 Sep 2021 09:17:51 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=eMMTBZQg; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.61, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m7/gjBJx6BoTwRxvy0foeV7CADhvMLKclf7cJO/TCuRhbyGP6g57bTBtOP0TbECDOaz01wCpX73AsYbskdDkKR0TKXOG1HVXUU/mGqSsiRisFqTwuMaVL1yzajsH5Tg89z7xnxePWKGnCtMK/c5kTIxYQBDJezwLHXs/Cms+CNlG/7Ap4zNzZa+suIEWxIkuqir9v14DcCF9zFi0jF2YRuiC+QIYWWzrbLyyRmtL3+O6/idl88PoJjH3nwjje0QhWp0Esssga6/qwVz6DOAYKwHxOiMNqPVwAftMoJK+mfbKFt2kVGwFp3fATg7JBLyDT6pg6NtqLLSQVCqEIkXFCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=7zIWo9GeGewtJfUP1bc76si9U9TM5Jl11fzPq+3jcMA=; b=Gbp8B2Mie975GOTa7OHD3kbyy8OyhxUBleNXFQHbZWpkAWSIWs64/Q+dZyN9CZ791k7U1pFS5/5yUjEJhqdlVwiY3uoE3V2I5DJKusiw+uLlU1jAvhnqe57203a/JK060a+s/kqxZIzie0Vgt7o5/KJ2MYdkTkFzCqWhVVb3mpzA3hYmDIs9RxY4Z5R6CZCgJQNDCqkF17sKu2M6PayfFdBtSA56l0MNfukQprDGgR9LJf6HRukd+JtkbWw9G58d53exc3+HROjmgBG7p1uehMC/yxw2u1ySwIP50Ibh4HdYwJdCmZaFVjDMqj2xoh0bjkfQu0T0G5FzB0nBeV/EXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7zIWo9GeGewtJfUP1bc76si9U9TM5Jl11fzPq+3jcMA=; b=eMMTBZQgavgJtD7WNDH8HO4yPVLVF5irwzPd39JgKJmTUTpoYt3wWKri2komS+u2DSYblGiTZjwCnZNsU7sq2U9Eq0uIJ0D5SbUsNu49aBqAHUzX6Gur1SO1UBfPB46+OiNgxizu92MdMbI55TxsUiAqmXbghjAUFANfMPJTUYo= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Wed, 1 Sep 2021 16:17:48 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:48 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth Subject: [PATCH v6 16/29] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM Date: Wed, 1 Sep 2021 11:16:33 -0500 Message-ID: <20210901161646.24763-17-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: adc3540c-0358-4cbf-c615-08d96d64093d X-MS-TrafficTypeDiagnostic: SA0PR12MB4415: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: uB9dqvOrH8fCgvqMvpX8OlqrNaDq13PK1yKiDYZXbIHmd0inKznyqXJX/JqNwBBvZ+bdF3rv0Z3CwDowLJGSWzjamEEqHxKjxtYnSaWW/RukS3v2HpvB+xM4ugA2KrxmEsWzn+l8JaZsQyKCBFWQb17OLr6jvv1cC8DzT2XeX/29xBI6a101b3szdxY3RWB/ZgMeXJPiegfz3pL/fqIqh6sozoKmh0GcxloYCvQ2NmlavlPCSB6idaxJbA6AuKorYCxfgTJl74qjIj7+Rb5DrFXraKn8YgN+tsxQy1la91wGpt1RGwVpGKD1L0bQ+s9k5+OouiesN6XuoFBFjwZ1LXOduUaADpuSYmN8Dqw25YqthOqk0diUksuA7+tnCChhufjYDLhZGamNcHC0Z2yHLQdfR/y9fN5HVhlLmDSrwGfEPt0RbDjjRMY+tTgFnQJjS4tgkxChrmH+iiOZiImI+rRGyAMA/18MlFsidbKeaMdGPuhXJ7Ly3tw3VVUiMprqT4Ef2DjoaphXTh4R9e+bpGMm2D1r5XiS3uieWAkiZLIPqdgA3lu0FZOYlnmH65V33XWMZK7ljQ8hAYYUYS2+7G8UtdQEvChEFH+yy3kG9lJmeGV4jIe5hqEAnQVl/UkR0rqLy1E2YXJ2/97uMkNxeTAYA3lownKWNuMwI9hz5i74c9ycnrJho801Mhn+s+heEEg5d7JXCb7bc7ZAmN/62KmF/Qrz2BiU8VasEVx3ceSahwz2K5tVt1YtkDgDiQ4/yWsFK4Iz7HMinDUozmuXYiAi43CbMdTLhQvzZ3AG5AU+un3GaJU6R4j2ER+TSiT+ X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(136003)(396003)(346002)(366004)(66476007)(1076003)(83380400001)(6916009)(2906002)(8936002)(8676002)(186003)(26005)(15650500001)(66946007)(86362001)(19627235002)(66556008)(316002)(478600001)(966005)(44832011)(2616005)(54906003)(6486002)(5660300002)(36756003)(956004)(4326008)(6666004)(7696005)(52116002)(38350700002)(38100700002)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?buM02A6Ip4y7tbE3aDX7kUJYEf73NqEBAtRdjcHphbs8GyPwjEuUhKGIsvj4?= =?us-ascii?Q?HaQqGDJQ7LEvo+uLXWZ/oMh8e4jlImF1O/ONA9eSwlL8VfAuQa8b0RmRqBGE?= =?us-ascii?Q?+FcYStAGzIXmiZbEO6U2yhsJ0Hvuavla2nmcGTs4ilafMgNqrwZgttKGW2bD?= =?us-ascii?Q?hz+FvWygaYpBa/KZOyj1FcD2sM1os84UU154NYZgCC47VUGEUrQZkvbYnYqT?= =?us-ascii?Q?hjvKaBhgSwXARhQv89/7lSdeLTHR9LcqxjCPDyITfovUeF88zqFkpl1xhGJk?= =?us-ascii?Q?v0xQt7pPbW9KEWC36J9YMco63klNuXZPlouWgpgssECyjj/wSMUHC5TiclOi?= =?us-ascii?Q?RxNPIRiAtREIozwg1eWUoh5V2HGRF9rx0qArs9pME2ZQmCnBfYGTB08S355+?= =?us-ascii?Q?qqir09jB1WFh2qJxGuLteud5988awSxzJzhNUq+ErZm7Er4V6uV+fG9e8oOL?= =?us-ascii?Q?Fcan5yZnMRXjdIUA1OKt8NKRxiqGbbSsduLd/Bsd2Sox/9wrbas1Ik1O2syS?= =?us-ascii?Q?zN0DBxJMkgrysFeBZzxh1sZrjAdLgfg5YFvPW73iRrUoi3glqhCO91TIVaSb?= =?us-ascii?Q?ipmh2vdHjdaS+hQCO3oLQwO+mlqA7G2YLzSCRzkSm4bZQPQbFgiD09myA5uG?= =?us-ascii?Q?IhZdVeVUShk+zps+282mGG1PPgmUwjm6yj3oR+k+rs/qAm5W8b6xmQs73qXI?= =?us-ascii?Q?O4U+Gq2VL1BjmJJQUrFWkh6ZwsjGnO/TGAHaiVum9eOq/ah4xtLY8hgt6hkj?= =?us-ascii?Q?Cy/QsRQL8p9jHioNd9TIra6rOHFlpAgLCNRjzrJ/qb5Xn8K0HYdSzFJ+dUc+?= =?us-ascii?Q?6notPC9BPhzuwESIku+WdkhG55Qlifgd0g6lvq+O3ygYQxCfiUU4qXTxaM+j?= =?us-ascii?Q?6hAy2cgmP3JBdpctqwR5LhVX37TEgPohe7TMMRjV2e+7gaiUnoGNIl2Q6qzN?= =?us-ascii?Q?TPWE3qrTxXvqhRK4qGryxcykPzmJs6HNSDko8IClVRfCVew0abpyKNKYgrPQ?= =?us-ascii?Q?mM6W1vQMO5w8DbuJc0oKPaIVmGkiU/XOtHdU3CMQ5R8CDC5bYm0VGxfVISBO?= =?us-ascii?Q?fSYVlHBvsg/nDP7P+Y0rEKpXwFQUZQ0fZNMsjz7GeSqKzIKfr0Ej+IFmi0+V?= =?us-ascii?Q?h8kHK7kSy8Hsyi+wRRb5WolEciB3JKMaL8IX3DqoFqqCtl4GKLSizCSkuQR1?= =?us-ascii?Q?TI9z84dZIFvp6Mv10Na3U9Jmk1OiagHe19ZkOoeFoqEoO2P4HHR7iSEgNS4M?= =?us-ascii?Q?8gvM0cTo48XFY2BlW38/buZNCFuPXSoSQ81aqWjwOakFqhqTbbdYgk7nrGAI?= =?us-ascii?Q?zvPNSMspRtBvGqLTnd8ZRH2p?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: adc3540c-0358-4cbf-c615-08d96d64093d X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:47.0375 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KwInSMcSW7RBtaKeGdmi+80UMHwHL9zIdgah3PYTBaHInb0zQg+BuryTmEjvd9yzefpjmkSJk0iBp+A5aSGa6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The MemEncryptSevSnpPreValidateSystemRam() is used for pre-validating the system RAM. As the boot progress, each phase validates a fixed region of the RAM. In the PEI phase, the PlatformPei detects all the available RAM and calls to pre-validate the detected system RAM. While validating the system RAM in PEI phase, we must skip previously validated system RAM to avoid the double validation. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- .../PeiMemEncryptSevLib.inf | 2 + .../X64/PeiSnpSystemRamValidate.c | 65 ++++++++++++++++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 0402e49a1028..f4058911e7b6 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -58,3 +58,5 @@ [FeaturePcd] =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedEnd + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpHypervisorPreValidatedStart diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 64aab7f45b6d..3e692a3b869d 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -14,6 +14,44 @@ =20 #include "SnpPageStateChange.h" =20 +typedef struct { + UINT64 StartAddress; + UINT64 EndAddress; +} SNP_PRE_VALIDATED_RANGE; + +STATIC SNP_PRE_VALIDATED_RANGE mPreValidatedRange[] =3D { + // This range is pre-validated by the Hypervisor. + { + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedStart), + FixedPcdGet32 (PcdOvmfSnpHypervisorPreValidatedEnd) + } +}; + +STATIC +BOOLEAN +DetectPreValidatedOverLap ( + IN PHYSICAL_ADDRESS StartAddress, + IN PHYSICAL_ADDRESS EndAddress, + OUT SNP_PRE_VALIDATED_RANGE *OverlapRange + ) +{ + UINTN i; + + // + // Check if the specified address range exist in pre-validated array. + // + for (i =3D 0; i < ARRAY_SIZE (mPreValidatedRange); i++) { + if ((mPreValidatedRange[i].StartAddress < EndAddress) && + (StartAddress < mPreValidatedRange[i].EndAddress)) { + OverlapRange->StartAddress =3D mPreValidatedRange[i].StartAddress; + OverlapRange->EndAddress =3D mPreValidatedRange[i].EndAddress; + return TRUE; + } + } + + return FALSE; +} + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -28,9 +66,34 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + PHYSICAL_ADDRESS EndAddress; + SNP_PRE_VALIDATED_RANGE OverlapRange; + if (!MemEncryptSevSnpIsEnabled ()) { return; } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); + + while (BaseAddress < EndAddress) { + // + // Check if the range overlaps with the pre-validated ranges. + // + if (DetectPreValidatedOverLap (BaseAddress, EndAddress, &OverlapRange)= ) { + // Validate the non-overlap regions. + if (BaseAddress < OverlapRange.StartAddress) { + NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); + + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + } + + BaseAddress =3D OverlapRange.EndAddress; + continue; + } + + // Validate the remaining pages. + NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + BaseAddress =3D EndAddress; + } } --=20 2.17.1