From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.66897.1670910542634491512 for ; Mon, 12 Dec 2022 21:49:09 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=WfVrx3q7; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1670910549; x=1702446549; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=oKLEZjlZGyYCKA+ujevC289lsxYrEbPPjc9RSZ1KJZo=; b=WfVrx3q7BxPYRQOqSDv0dJZTQdKPrF/bh1iehMHhyqqyfzuX8okjuU3D DTeiAElrmm7P8Y637mJrxi8d2wl87747d/BJz341Ed7om8YUdOuMhBbzC vyHO6fZrj0Qbfpl8S2iXjriawgVSmDCqogmmcqwVyv+MOj5y8ASp0CBCC IodMgrumIX7GzaRfVTKnH+waCq0yxT1f8R+RrwpiishyXC68bopr7a+ZX I76CydrtizDKp3n449ZKNXWic8zOi3yk6rCxQ38ltcwtzGVoOjP2mVYtj dW9anSd5rte6Dad3JQoplrb89iPtyiJr1lOnQd/7ucz1FIV7C0bXT8G+P g==; X-IronPort-AV: E=McAfee;i="6500,9779,10559"; a="404306914" X-IronPort-AV: E=Sophos;i="5.96,240,1665471600"; d="scan'208";a="404306914" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2022 21:49:09 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10559"; a="648443141" X-IronPort-AV: E=Sophos;i="5.96,240,1665471600"; d="scan'208";a="648443141" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.170.38]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Dec 2022 21:49:06 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Tom Lendacky , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , Gerd Hoffmann , Jiewen Yao Subject: [PATCH V2 3/4] OvmfPkg/IoMmuDxe: Add SEV support for reserved shared memory Date: Tue, 13 Dec 2022 13:48:23 +0800 Message-Id: <20221213054824.53-4-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: <20221213054824.53-1-min.m.xu@intel.com> References: <20221213054824.53-1-min.m.xu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Tom Lendacky Add support to use the reserved shared memory within the IoMmu library. This improves boot times for all SEV guests, with SEV-SNP benefiting the most as it avoids the page state change call to the hypervisor. Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Gerd Hoffmann Acked-by: Jiewen Yao Signed-off-by: Tom Lendacky --- OvmfPkg/IoMmuDxe/CcIoMmu.c | 81 +++++++++++++++++----------------- OvmfPkg/IoMmuDxe/IoMmuBuffer.c | 54 ++++++++++++++++++----- 2 files changed, 83 insertions(+), 52 deletions(-) diff --git a/OvmfPkg/IoMmuDxe/CcIoMmu.c b/OvmfPkg/IoMmuDxe/CcIoMmu.c index 1479af469881..e5cbf037c50d 100644 --- a/OvmfPkg/IoMmuDxe/CcIoMmu.c +++ b/OvmfPkg/IoMmuDxe/CcIoMmu.c @@ -223,30 +223,33 @@ IoMmuMap ( goto FreeMapInfo; } - if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { - // - // Clear the memory encryption mask on the plaintext buffer. - // - Status = MemEncryptSevClearPageEncMask ( - 0, - MapInfo->PlainTextAddress, - MapInfo->NumberOfPages - ); - } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + if (MapInfo->ReservedMemBitmap == 0) { // // Set the memory shared bit. // If MapInfo->ReservedMemBitmap is 0, it means the bounce buffer is not allocated // from the pre-allocated shared memory, so it must be converted to shared memory here. // - if (MapInfo->ReservedMemBitmap == 0) { + if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + // + // Clear the memory encryption mask on the plaintext buffer. + // + Status = MemEncryptSevClearPageEncMask ( + 0, + MapInfo->PlainTextAddress, + MapInfo->NumberOfPages + ); + } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + // + // Set the memory shared bit. + // Status = MemEncryptTdxSetPageSharedBit ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages ); + } else { + ASSERT (FALSE); } - } else { - ASSERT (FALSE); } ASSERT_EFI_ERROR (Status); @@ -396,30 +399,30 @@ IoMmuUnmapWorker ( break; } - if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { - // - // Restore the memory encryption mask on the area we used to hold the - // plaintext. - // - Status = MemEncryptSevSetPageEncMask ( - 0, - MapInfo->PlainTextAddress, - MapInfo->NumberOfPages - ); - } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) { - // - // Restore the memory shared bit mask on the area we used to hold the - // plaintext. - // - if (MapInfo->ReservedMemBitmap == 0) { + if (MapInfo->ReservedMemBitmap == 0) { + if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + // + // Restore the memory encryption mask on the area we used to hold the + // plaintext. + // + Status = MemEncryptSevSetPageEncMask ( + 0, + MapInfo->PlainTextAddress, + MapInfo->NumberOfPages + ); + } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + // + // Restore the memory shared bit mask on the area we used to hold the + // plaintext. + // Status = MemEncryptTdxClearPageSharedBit ( 0, MapInfo->PlainTextAddress, MapInfo->NumberOfPages ); + } else { + ASSERT (FALSE); } - } else { - ASSERT (FALSE); } ASSERT_EFI_ERROR (Status); @@ -924,16 +927,14 @@ InstallIoMmuProtocol ( } // - // Currently only Tdx guest support Reserved shared memory for DMA operation. + // For CC guests, use reserved shared memory for DMA operation. // - if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) { - mReservedSharedMemSupported = TRUE; - Status = IoMmuInitReservedSharedMem (); - if (EFI_ERROR (Status)) { - mReservedSharedMemSupported = FALSE; - } else { - DEBUG ((DEBUG_INFO, "%a: Feature of reserved memory for DMA is supported.\n", __FUNCTION__)); - } + mReservedSharedMemSupported = TRUE; + Status = IoMmuInitReservedSharedMem (); + if (EFI_ERROR (Status)) { + mReservedSharedMemSupported = FALSE; + } else { + DEBUG ((DEBUG_INFO, "%a: Feature of reserved memory for DMA is supported.\n", __FUNCTION__)); } return EFI_SUCCESS; diff --git a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c index 1e77d8a57402..3139d10f4c2d 100644 --- a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c +++ b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c @@ -9,7 +9,9 @@ #include #include #include +#include #include +#include #include #include "IoMmuInternal.h" @@ -139,6 +141,7 @@ IoMmuInitReservedSharedMem ( UINTN TotalPages; IOMMU_RESERVED_MEM_RANGE *MemRange; EFI_PHYSICAL_ADDRESS PhysicalAddress; + UINT64 SharedAddress; if (!mReservedSharedMemSupported) { return EFI_UNSUPPORTED; @@ -163,12 +166,25 @@ IoMmuInitReservedSharedMem ( MemRange->StartAddressOfMemRange = PhysicalAddress; for (Index2 = 0; Index2 < MemRange->Slots; Index2++) { - Status = MemEncryptTdxSetPageSharedBit ( - 0, - (UINT64)(UINTN)(MemRange->StartAddressOfMemRange + Index2 * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize), - EFI_SIZE_TO_PAGES (MemRange->DataSize) - ); - ASSERT (!EFI_ERROR (Status)); + SharedAddress = (UINT64)(UINTN)(MemRange->StartAddressOfMemRange + Index2 * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize); + + if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + Status = MemEncryptSevClearPageEncMask ( + 0, + SharedAddress, + EFI_SIZE_TO_PAGES (MemRange->DataSize) + ); + ASSERT (!EFI_ERROR (Status)); + } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + Status = MemEncryptTdxSetPageSharedBit ( + 0, + SharedAddress, + EFI_SIZE_TO_PAGES (MemRange->DataSize) + ); + ASSERT (!EFI_ERROR (Status)); + } else { + ASSERT (FALSE); + } } PhysicalAddress += (MemRange->Slots * SIZE_OF_MEM_RANGE (MemRange)); @@ -190,16 +206,30 @@ IoMmuReleaseReservedSharedMem ( EFI_STATUS Status; UINT32 Index1, Index2; IOMMU_RESERVED_MEM_RANGE *MemRange; + UINT64 SharedAddress; for (Index1 = 0; Index1 < ARRAY_SIZE (mReservedMemRanges); Index1++) { MemRange = &mReservedMemRanges[Index1]; for (Index2 = 0; Index2 < MemRange->Slots; Index2++) { - Status = MemEncryptTdxClearPageSharedBit ( - 0, - (UINT64)(UINTN)(MemRange->StartAddressOfMemRange + Index2 * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize), - EFI_SIZE_TO_PAGES (MemRange->DataSize) - ); - ASSERT (!EFI_ERROR (Status)); + SharedAddress = (UINT64)(UINTN)(MemRange->StartAddressOfMemRange + Index2 * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize); + + if (CC_GUEST_IS_SEV (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + Status = MemEncryptSevSetPageEncMask ( + 0, + SharedAddress, + EFI_SIZE_TO_PAGES (MemRange->DataSize) + ); + ASSERT (!EFI_ERROR (Status)); + } else if (CC_GUEST_IS_TDX (PcdGet64 (PcdConfidentialComputingGuestAttr))) { + Status = MemEncryptTdxClearPageSharedBit ( + 0, + SharedAddress, + EFI_SIZE_TO_PAGES (MemRange->DataSize) + ); + ASSERT (!EFI_ERROR (Status)); + } else { + ASSERT (FALSE); + } } } -- 2.29.2.windows.2