From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201])
 by mx.groups.io with SMTP id smtpd.web11.86794.1674767868278419502
 for <devel@edk2.groups.io>;
 Thu, 26 Jan 2023 13:17:48 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@google.com header.s=20210112 header.b=hyhqg7bw;
 spf=pass (domain: flex--dionnaglaze.bounces.google.com, ip: 209.85.210.201, mailfrom: 3--3sywskbugnsyxxkqvk9oqyyqvo.mywno5ovonuc.q1y4z2.sy@flex--dionnaglaze.bounces.google.com)
Received: by mail-pf1-f201.google.com with SMTP id c5-20020aa78805000000b0058d983c708aso1467619pfo.22
        for <devel@edk2.groups.io>; Thu, 26 Jan 2023 13:17:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=OrEDZ3HisosKe8Q8x3xRuRYxbxjgPj64ypvk9vJfNXc=;
        b=hyhqg7bwPugb7OnOfq0IgJ3AXEbibo9Oh0OjA3d1gIN8vbSweOjFaZLFVFz/xPwxM1
         o281jFZQmB1pN8+j6SIs7JnJSpkpAc6qAD3cpEvyHFWlH8iTiQA+P7TdjHFyVimKw++N
         CgXJQ+vNtfl6e8LDEmFTcJscXe/ttpkRv22tTPUa2CQRLjDfheDOw1a7cfw0SgnM+EaB
         3eL+F97Q53ol1/5krScDqwGpTo+tsvuoun0TuP99vFtgYc8R02ARqb0P8xlS9x4mz18e
         mKBMi6dH7Dr3aBNg8xsrwr83o/ERv1aVRPPWU4Ir/iptJ/azQ5Spyv35PUeshDIUZFDt
         DDxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=OrEDZ3HisosKe8Q8x3xRuRYxbxjgPj64ypvk9vJfNXc=;
        b=tFY8+0XZtfGKeLBhyaD7w7l86v1J7GJXhL8KnMWgkw5oQKqq9tLCdT3dZNhZlUueH7
         8jdFL1zWWuOr3l7XRge0FNnDui4K9byTppxCnmmDuYAyEThYfx85otYjsj6tCmGoFAla
         a6f767rX/I9l7ziz6oXPB+ETls2xp8p0LLGMdMComyz6iTFfGh0hxhqKv2mDbtPhF+A6
         D823YyERwNwvoi/GIRHLrM45ovD4xf3PBxDtkQoErDekL3RVmGUp0ADj3LafhmZSbJWT
         xtfQU1jCufiAgVndc1VmLCeDSW2s/Vg9mqcV+7TqPXszLMknbkjeTZj1V7alQRdJvNVz
         mRkg==
X-Gm-Message-State: AO0yUKU1tt+MlH9JIspJ9Q6E9Q0KkRoGEQ7vdplpHS1sETYqIWcs+i+Q
	1FHYLYDiLmeJNS6ixTTkLjmodmUnuFaUAY9wu43GDLqtL8aVvt4Ts35gwtWdn8T+l2MqfowKTkS
	nJ2bPbilQLdoSzb3NoSYbOR86RgD8FL5VyT4AwdRDIeyTkrxOdtm+bSs3bE5OOG/S3m6srYR4
X-Google-Smtp-Source: AK7set9QiSvyYPDBWUYDTP/x0W6GobPmfM2sTU/O1R1BrVZ9HqCsyrjRBfqEZPdtPC5qpmRwYKC3ewMnCupEdWYPRQ==
X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6])
 (user=dionnaglaze job=sendgmr) by 2002:a17:903:2652:b0:196:32fa:6991 with
 SMTP id je18-20020a170903265200b0019632fa6991mr852817plb.29.1674767867612;
 Thu, 26 Jan 2023 13:17:47 -0800 (PST)
Date: Thu, 26 Jan 2023 21:17:37 +0000
In-Reply-To: <20230126211740.3235408-1-dionnaglaze@google.com>
Mime-Version: 1.0
References: <20230126211740.3235408-1-dionnaglaze@google.com>
X-Mailer: git-send-email 2.39.1.456.gfc5497dd1b-goog
Message-ID: <20230126211740.3235408-2-dionnaglaze@google.com>
Subject: [PATCH v11 1/4] OvmfPkg: Add memory acceptance event in AmdSevDxe
From: "Dionna Glaze" <dionnaglaze@google.com>
To: devel@edk2.groups.io
Cc: Dionna Glaze <dionnaglaze@google.com>, Gerd Hoffmann <kraxel@redhat.com>, 
	James Bottomley <jejb@linux.ibm.com>, Jiewen Yao <jiewen.yao@intel.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, Ard Biesheuvel <ardb@kernel.org>, 
	"Min M. Xu" <min.m.xu@intel.com>, Andrew Fish <afish@apple.com>, 
	"Michael D. Kinney" <michael.d.kinney@intel.com>
Content-Type: text/plain; charset="UTF-8"

The added behavior is to accept all unaccepted memory at
ExitBootServices if the behavior is not disabled. This allows safe
upgrades for OS loaders to affirm their support for the unaccepted
memory type.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: "Min M. Xu" <min.m.xu@intel.com>
Cc: Andrew Fish <afish@apple.com>
Cc: "Michael D. Kinney" <michael.d.kinney@intel.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 OvmfPkg/AmdSevDxe/AmdSevDxe.c   | 97 ++++++++++++++++++++
 OvmfPkg/AmdSevDxe/AmdSevDxe.inf |  1 +
 2 files changed, 98 insertions(+)

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index f7600c3c81..37d1a3ff55 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -20,6 +20,7 @@
 #include <Library/UefiBootServicesTableLib.h>
 #include <Guid/ConfidentialComputingSevSnpBlob.h>
 #include <Library/PcdLib.h>
+#include <Pi/PrePiDxeCis.h>
 #include <Protocol/MemoryAccept.h>
 
 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
@@ -34,6 +35,10 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
 
 STATIC EFI_HANDLE  mAmdSevDxeHandle = NULL;
 
+STATIC BOOLEAN  mAcceptAllMemoryAtEBS = TRUE;
+
+STATIC EFI_EVENT  mAcceptAllMemoryEvent = NULL;
+
 #define IS_ALIGNED(x, y)  ((((x) & ((y) - 1)) == 0))
 
 STATIC
@@ -62,6 +67,82 @@ AmdSevMemoryAccept (
   return EFI_SUCCESS;
 }
 
+STATIC
+EFI_STATUS
+AcceptAllMemory (
+  VOID
+  )
+{
+  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *AllDescMap;
+  UINTN                            NumEntries;
+  UINTN                            Index;
+  EFI_STATUS                       Status;
+
+  DEBUG ((DEBUG_INFO, "Accepting all memory\n"));
+
+  /*
+   * Get a copy of the memory space map to iterate over while
+   * changing the map.
+   */
+  Status = gDS->GetMemorySpaceMap (&NumEntries, &AllDescMap);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  for (Index = 0; Index < NumEntries; Index++) {
+    CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *Desc;
+
+    Desc = &AllDescMap[Index];
+    if (Desc->GcdMemoryType != EFI_GCD_MEMORY_TYPE_UNACCEPTED) {
+      continue;
+    }
+
+    Status = AmdSevMemoryAccept (
+               NULL,
+               Desc->BaseAddress,
+               Desc->Length
+               );
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+
+    Status = gDS->RemoveMemorySpace (Desc->BaseAddress, Desc->Length);
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+
+    Status = gDS->AddMemorySpace (
+                    EfiGcdMemoryTypeSystemMemory,
+                    Desc->BaseAddress,
+                    Desc->Length,
+                    EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_RP
+                    );
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+  }
+
+  gBS->FreePool (AllDescMap);
+  return Status;
+}
+
+VOID
+EFIAPI
+ResolveUnacceptedMemory (
+  IN EFI_EVENT  Event,
+  IN VOID       *Context
+  )
+{
+  EFI_STATUS  Status;
+
+  if (!mAcceptAllMemoryAtEBS) {
+    return;
+  }
+
+  Status = AcceptAllMemory ();
+  ASSERT_EFI_ERROR (Status);
+}
+
 STATIC EDKII_MEMORY_ACCEPT_PROTOCOL  mMemoryAcceptProtocol = {
   AmdSevMemoryAccept
 };
@@ -195,6 +276,22 @@ AmdSevDxeEntryPoint (
                     );
     ASSERT_EFI_ERROR (Status);
 
+    // SEV-SNP support does not automatically imply unaccepted memory support,
+    // so make ExitBootServices accept all unaccepted memory if support is
+    // not communicated.
+    Status = gBS->CreateEventEx (
+                    EVT_NOTIFY_SIGNAL,
+                    TPL_CALLBACK,
+                    ResolveUnacceptedMemory,
+                    NULL,
+                    &gEfiEventBeforeExitBootServicesGuid,
+                    &mAcceptAllMemoryEvent
+                    );
+
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "AllowUnacceptedMemory event creation for EventBeforeExitBootServices failed.\n"));
+    }
+
     //
     // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
     // It contains the location for both the Secrets and CPUID page.
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index cd1b686c53..5b443d45bc 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -52,6 +52,7 @@
 
 [Guids]
   gConfidentialComputingSevSnpBlobGuid
+  gEfiEventBeforeExitBootServicesGuid
 
 [Pcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
-- 
2.39.1.456.gfc5497dd1b-goog