From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) by mx.groups.io with SMTP id smtpd.web11.9374.1664379219429306182 for ; Wed, 28 Sep 2022 08:33:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@google.com header.s=20210112 header.b=qqLIgFgy; spf=pass (domain: flex--dionnaglaze.bounces.google.com, ip: 209.85.128.202, mailfrom: 3umk0ywskbrc05baax38xm13bb381.zb901i18107p.3ebhcf.5b@flex--dionnaglaze.bounces.google.com) Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-3515a8a6e06so61857407b3.12 for ; Wed, 28 Sep 2022 08:33:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date; bh=PCrmM3RHKcNJZDV3XqR2oJZfggS55+obVQs3SyAVBcw=; b=qqLIgFgyCmSuijaQ2G/ueaxuVVNzTZw7Q2QCk5qHczoheinOpT+DhH1oU3qG+G0yhm 7DW1QNEB9NWBXNLpKtOuVW7In6HuX7dL4OPPBtfkzAbdM55Tgo6ivXVFL6iBH1UoOIC9 m7uUVhIvJZdFDNCbctLV4H1WYUbqrhkGV4tAaNc2BUDXyWGOHUa/g13iVufgXBXVxXRO Y/aYYqk1qJuubVty4nDJDwJ7g53iHVyrRSHogbPeCjr7qOTWDS1OVoA9Eww+dQdTcdIl proqSa4eIc75LY/prZWUAjf1s0CjourapH/RHRwZ2UQJqXKEfMPl2LvZ0C95rYRU771e l2Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date; bh=PCrmM3RHKcNJZDV3XqR2oJZfggS55+obVQs3SyAVBcw=; b=sKlaQc/8v0lmOGVxRmryx5vsdDP6UWU1POgHyuCKAPlZYTACqtEu67CXlXGUBzo8zj EmJOPdxCmZmDRicM3XAcdSt/H8bBvLhK4b2fxSGvudDc0G3mwDMryATnntIi9iD3OJvq wumT52ZCsOKp+Sft9jKNMMAwyvY3Qaxkj4/iU5IwYNGcVfCMDlGd2C/qVsyT/+TnTKYr Lt999unSatRHyEcxDZoV2b+IiEOYBTZNEFjHP94biuzXhULZgpTCwpYGoSmMQxT1+tQ3 pH1qH9OjkXAQU5oHpX7EjkAwM/Lqb+TVYKOCHyOPuiCU09FP1DA6uXSUqtUC3XYWDCq3 XHvA== X-Gm-Message-State: ACrzQf1vKTm83BImoD1zU4tBQ6fnL6RB5HH7FCGqSrQixua74+C0Lk5f WpshIJY+jTg/0nA7P3ntbJzy6ze3pzoMqLcOZpxu4lY+8qoFi/L9W+BaAm7osjqrEertGTdP/QK W2iKIQpnevHK+lI+MW76TGT5Mqkr1TDeUfwA2WF4GQ7HTYelrV3E8kNejW29SQWUojUqw6Ykd X-Google-Smtp-Source: AMsMyM6890yPVkpbEfnEiUM0KetYVqfodLOKcQrsuumQLLsEGXeAtsqKblzslL5V16cgAHps4gWaw8lwdu0HSxltrg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a25:b749:0:b0:68f:171f:96bd with SMTP id e9-20020a25b749000000b0068f171f96bdmr32573176ybm.137.1664379218354; Wed, 28 Sep 2022 08:33:38 -0700 (PDT) Date: Wed, 28 Sep 2022 15:33:17 +0000 Mime-Version: 1.0 X-Mailer: git-send-email 2.37.3.998.g577e59143f-goog Message-ID: <20220928153323.2583389-1-dionnaglaze@google.com> Subject: [PATCH v4 0/6] Add safe unaccepted memory behavior From: "Dionna Glaze" To: devel@edk2.groups.io Cc: Dionna Glaze , Ard Biescheuvel , "Min M. Xu" , Gerd Hoffmann , James Bottomley , Tom Lendacky , Jiewen Yao , Erdem Aktas Content-Type: text/plain; charset="UTF-8" These three patches build on the lazy-accept patch series "Introduce Lazy-accept for Tdx guest" by adding SEV-SNP support for the MemoryAccept protocol, and importantly making eager memory acceptance the default behavior. For unaccepted memory to be enabled, we must know that the booted image supports the unaccepted memory type. We add a trivial protocol that sets a dynamic Pcd to true when called in order for the booted image to signal its support for unaccepted memory. This does not need to be an OsIndications bit because it does not need to be persisted. We use the Pcd to disable a new ExitBootServices notification that accepts all unaccepted memory, removes the unaccepted memory entries in the memory space map, and then add the same memory ranges back as conventional memory. All images that support unaccepted memory must now locate and call this new ENABLE_UNACCEPTED_MEMORY_PROTOCOL. Changes since v3: - "DxeMain accepts all memory" patch split into 3 to make each patch affect only one package at a time. Changes since v2: - Removed the redundant memory accept interface and added the accept behavior to the DXE implementation of MemEncryptSevSnpPreValidateSystemRam. - Fixed missing #include in >=4GB patch. Changes since v1: - Added a patch to classify SEV-SNP memory above 4GB unaccepted. - Fixed style problems in EfiMemoryAcceptProtocol implementation. Cc: Ard Biescheuvel Cc: "Min M. Xu" Cc: Gerd Hoffmann Cc: James Bottomley Cc: Tom Lendacky Cc: Jiewen Yao Cc: Erdem Aktas Signed-off-by: Dionna Glaze Dionna Glaze (6): OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe MdeModulePkg: Add PcdEnableUnacceptedMemory OvmfPkg: set PcdEnableUnacceptedMemory to FALSE MdeModulePkg: DxeMain accepts all memory at EBS if needed MdeModulePkg: add EnableUnacceptedMemoryProtocol OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++ MdeModulePkg/Core/Dxe/DxeMain.inf | 3 + MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++- MdeModulePkg/Core/Dxe/Mem/Page.c | 122 ++++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 9 ++ MdeModulePkg/MdeModulePkg.uni | 6 + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 34 ++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 + OvmfPkg/Bhyve/BhyveX64.dsc | 2 + OvmfPkg/CloudHv/CloudHvX64.dsc | 2 + OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 +++- OvmfPkg/OvmfPkgIa32X64.dsc | 2 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/OvmfXen.dsc | 2 + OvmfPkg/PlatformPei/AmdSev.c | 5 + 17 files changed, 265 insertions(+), 5 deletions(-) -- 2.37.3.998.g577e59143f-goog