From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web10.3012.1673999579609367110 for ; Tue, 17 Jan 2023 15:52:59 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=EkcNUO2t; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673999579; x=1705535579; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=0yvYFiZsrThutqDjhWcHgednVpHRcF7lQidLI2itFHE=; b=EkcNUO2t4OxVrx8PIWa71yzdq9DFI96MGQckBSkdmYRh0Jo4lUEBRObS gj84V3MlhrOB5UyifgeUct8Ghs3QdtcjThcJljN9z6B75EklwfZ+5uBFq vfP+5uhm4pKJ2rFRl2s17L+17OmlUbJ38W/GQEA51jU2plglH6jnOo6gl 3ikzAfJYbe8CuJDOKZfl1O+1pVBUXh0NXdx359Irb5VdWe+22/Vesrmoz 0H9EZjLmW5641Kb5TGXMszXclK1DeTs92trEDfTcaCbZRC2aLM0E9ebwa kusjmGA87ykJSzkfOa1wLWzxzGHpRWRRsiYfJqnCqVZH8zDqxZJY8FnWn w==; X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="308417195" X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; d="scan'208";a="308417195" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 15:52:47 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10593"; a="783435322" X-IronPort-AV: E=Sophos;i="5.97,224,1669104000"; d="scan'208";a="783435322" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.169.184]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jan 2023 15:52:44 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Gerd Hoffmann , Tom Lendacky , Michael Roth Subject: [PATCH V2 1/1] OvmfPkg/BaseMemEncryptTdxLib: Refactor error handle of SetOrClearSharedBit Date: Wed, 18 Jan 2023 07:52:32 +0800 Message-Id: <20230117235232.242-1-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu The previous implementation of SetOrClearSharedBit doesn't handle the error correctly. In this patch SetOrClearSharedBit is changed to return error code so that the caller can handle it. Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Gerd Hoffmann Cc: Tom Lendacky Cc: Michael Roth Reviewed-by: Jiewen Yao Signed-off-by: Min Xu --- .../BaseMemEncryptTdxLib/MemoryEncryption.c | 48 +++++++++++++++---- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c b/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c index 503f626d75c6..5b13042512ad 100644 --- a/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c +++ b/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c @@ -510,8 +510,11 @@ Split1GPageTo2M ( @param[in] PagetablePoint Page table entry pointer (PTE). @param[in] Mode Set or Clear shared bit + @retval EFI_SUCCESS Successfully set or clear the memory shared bit + @retval Others Other error as indicated **/ -STATIC VOID +STATIC +EFI_STATUS SetOrClearSharedBit ( IN OUT UINT64 *PageTablePointer, IN TDX_PAGETABLE_MODE Mode, @@ -520,7 +523,8 @@ SetOrClearSharedBit ( ) { UINT64 AddressEncMask; - UINT64 Status; + UINT64 TdStatus; + EFI_STATUS Status; EDKII_MEMORY_ACCEPT_PROTOCOL *MemoryAcceptProtocol; AddressEncMask = GetMemEncryptionAddressMask (); @@ -536,16 +540,30 @@ SetOrClearSharedBit ( PhysicalAddress &= ~AddressEncMask; } - Status = TdVmCall (TDVMCALL_MAPGPA, PhysicalAddress, Length, 0, 0, NULL); + TdStatus = TdVmCall (TDVMCALL_MAPGPA, PhysicalAddress, Length, 0, 0, NULL); + if (TdStatus != 0) { + DEBUG ((DEBUG_ERROR, "%a: TdVmcall(MAPGPA) failed with %llx\n", __FUNCTION__, TdStatus)); + ASSERT (FALSE); + return EFI_DEVICE_ERROR; + } // // If changing shared to private, must accept-page again // if (Mode == ClearSharedBit) { Status = gBS->LocateProtocol (&gEdkiiMemoryAcceptProtocolGuid, NULL, (VOID **)&MemoryAcceptProtocol); - ASSERT (!EFI_ERROR (Status)); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to locate MemoryAcceptProtocol with %r\n", __FUNCTION__, Status)); + ASSERT (FALSE); + return Status; + } + Status = MemoryAcceptProtocol->AcceptMemory (MemoryAcceptProtocol, PhysicalAddress, Length); - ASSERT (!EFI_ERROR (Status)); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a: Failed to AcceptMemory with %r\n", __FUNCTION__, Status)); + ASSERT (FALSE); + return Status; + } } DEBUG (( @@ -558,6 +576,8 @@ SetOrClearSharedBit ( Mode, Status )); + + return EFI_SUCCESS; } /** @@ -747,7 +767,11 @@ SetMemorySharedOrPrivate ( // If we have at least 1GB to go, we can just update this entry // if (!(PhysicalAddress & (BIT30 - 1)) && (Length >= BIT30)) { - SetOrClearSharedBit (&PageDirectory1GEntry->Uint64, Mode, PhysicalAddress, BIT30); + Status = SetOrClearSharedBit (&PageDirectory1GEntry->Uint64, Mode, PhysicalAddress, BIT30); + if (EFI_ERROR (Status)) { + goto Done; + } + DEBUG (( DEBUG_VERBOSE, "%a:%a: updated 1GB entry for Physical=0x%Lx\n", @@ -809,7 +833,11 @@ SetMemorySharedOrPrivate ( // If we have at least 2MB left to go, we can just update this entry // if (!(PhysicalAddress & (BIT21-1)) && (Length >= BIT21)) { - SetOrClearSharedBit (&PageDirectory2MEntry->Uint64, Mode, PhysicalAddress, BIT21); + Status = SetOrClearSharedBit (&PageDirectory2MEntry->Uint64, Mode, PhysicalAddress, BIT21); + if (EFI_ERROR (Status)) { + goto Done; + } + PhysicalAddress += BIT21; Length -= BIT21; } else { @@ -856,7 +884,11 @@ SetMemorySharedOrPrivate ( goto Done; } - SetOrClearSharedBit (&PageTableEntry->Uint64, Mode, PhysicalAddress, EFI_PAGE_SIZE); + Status = SetOrClearSharedBit (&PageTableEntry->Uint64, Mode, PhysicalAddress, EFI_PAGE_SIZE); + if (EFI_ERROR (Status)) { + goto Done; + } + PhysicalAddress += EFI_PAGE_SIZE; Length -= EFI_PAGE_SIZE; } -- 2.29.2.windows.2