From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201])
 by mx.groups.io with SMTP id smtpd.web10.3072.1675192124431193030
 for <devel@edk2.groups.io>;
 Tue, 31 Jan 2023 11:08:44 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@google.com header.s=20210112 header.b=pHKCWkUX;
 spf=pass (domain: flex--dionnaglaze.bounces.google.com, ip: 209.85.215.201, mailfrom: 3o2fzywskbzq16cbby49yn24cc492.0ca12j29218q.4fcidg.6c@flex--dionnaglaze.bounces.google.com)
Received: by mail-pg1-f201.google.com with SMTP id k16-20020a635a50000000b0042986056df6so7133163pgm.2
        for <devel@edk2.groups.io>; Tue, 31 Jan 2023 11:08:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=+FTkaKqSHFUa5i4cd55Ns4koulmqjRPrvmLcj+rRauo=;
        b=pHKCWkUXsePMYSM46Emj5a666Qj5jkixEnTR8MML3euL0NecgUAynStYr0TM68Stid
         ZSZt6Ml6rduaPcRE5gOLr/lShCxssl0d+cCs0YBV3DQ8ZLHcSgaUzspsmxZ2U2rIp/5s
         wfL15tbi9uZtChPyYj6PPrRt2qo5zKPlbLA7iRbxrTwmfh+u0KIEZ6XX828gMf/XeCF2
         8IJ6lgb0UczxJp7H/ZUPh6LV5qUptgJSjKB8MPRlAoV/mq0AFZOld6Fxh8Xozu2PvAbn
         8Zft/InWdCXmeayaeUUIKBm3wId0pntarZ9nev/snzjRp08xYBvpPv5oafMsbLYhr9YE
         hTWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=+FTkaKqSHFUa5i4cd55Ns4koulmqjRPrvmLcj+rRauo=;
        b=gwByIJr+Ph+L7b+T3lRipypl3dBz4LVz0b07HpPG6IiI8EkdQXiA3g9jSCXNVoLsj9
         /nwUKfLqBfvVd8ffKEmbaXITT3HSU9iOcc0hKsvhWYpLV55drxz5IDQHbA7UKr4HH9ge
         CvgtcZcn9m5s3Ym/qtBsR9+HUAeen+m9W2ohjVTZ0xidPGeMECx+Nkn+7hg8QpLghWs9
         gkAe5MmkGZ28XTEIm1hECt9FT/mLbrb3TlvFNNg5X1ZItvS+WTiPmz7dSCgQim9vO39P
         dOvSABMFrYsB6uhGPKYhQN/CgxQUubnMUrVAiZuQiHKnfm84/SIxINIraQtBbGioOVVa
         Nfaw==
X-Gm-Message-State: AO0yUKVLypsz+ks7B9EIbHNqYxU48onLjmAWz4aSAgsJFhC6E+ztMXak
	aLcT3fWCPmf03A3POOrQklQmQzHSlB3xio6urtxojt9TGlFzHise2mlVPdDMUb1XevEWMnAU6JY
	DfBizafC89eee8bvR7Aif/TVQgRxR115L/BhG7VC2a76Y84a5BN/E5k0/We7uGiLuT0de/0HY
X-Google-Smtp-Source: AK7set9rC01X7+3Fn3qm0gxxbtZgA0lfLC57bsAF9NatvGh7h3MCdkzMu7eW0msZjdYsOWLL5TARKx4kOWK9emohJQ==
X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6])
 (user=dionnaglaze job=sendgmr) by 2002:a17:90a:6c41:b0:22c:4b14:1da0 with
 SMTP id x59-20020a17090a6c4100b0022c4b141da0mr2584216pjj.149.1675192123261;
 Tue, 31 Jan 2023 11:08:43 -0800 (PST)
Date: Tue, 31 Jan 2023 19:08:37 +0000
Mime-Version: 1.0
X-Mailer: git-send-email 2.39.1.456.gfc5497dd1b-goog
Message-ID: <20230131190837.354950-1-dionnaglaze@google.com>
Subject: [PATCH] OvmfPkg: Fix SevMemoryAcceptance memory attributes
From: "Dionna Glaze" <dionnaglaze@google.com>
To: devel@edk2.groups.io
Cc: Dionna Glaze <dionnaglaze@google.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>, 
	Erdem Aktas <erdemaktas@google.com>, James Bottomley <jejb@linux.ibm.com>, 
	Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, Michael Roth <michael.roth@amd.com>
Content-Type: text/plain; charset="UTF-8"

The hard-coded attributes for the re-added memory space should instead
forward the replaced descriptor's capabilities, plus the
EFI_MEMORY_CPU_CRYPTO attribute.

Tested on Linux with efi=debug. Prior to this change, an 8GiB VM running
a kernel without unaccepted memory support shows this entry

efi: mem94: [Conventional|   |  |CC|  |  |  |  |  |  |   |  |  |  |  ]
range=[0x0000000100000000-0x000000023fffffff] (5120MB)

This does not have the cache capabilities one would expect for system
memory, UC|WC|WT|WB.

After this change, the same entry becomes

efi: mem94: [Conventional|   |  |CC|  |  |  |  |  |  |   |WB|WT|WC|UC]
range=[0x0000000100000000-0x000000023fffffff] (5120MB)

This has all the expected attributes.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 OvmfPkg/AmdSevDxe/AmdSevDxe.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 6391d1f775..59d5ff759f 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -23,6 +23,10 @@
 #include <Pi/PrePiDxeCis.h>
 #include <Protocol/SevMemoryAcceptance.h>
 #include <Protocol/MemoryAccept.h>
+#include <Uefi/UefiSpec.h>
+
+// Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
+#define EFI_MEMORY_INTERNAL_MASK 0x0700000000000000ULL
 
 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
   SIGNATURE_32 ('A',                                    'M', 'D', 'E'),
@@ -78,6 +82,7 @@ AcceptAllMemory (
   UINTN                            NumEntries;
   UINTN                            Index;
   EFI_STATUS                       Status;
+  UINT64                           Capabilities;
 
   DEBUG ((DEBUG_INFO, "Accepting all memory\n"));
 
@@ -112,11 +117,14 @@ AcceptAllMemory (
       break;
     }
 
+    Capabilities = EFI_MEMORY_CPU_CRYPTO | Desc->Capabilities;
     Status = gDS->AddMemorySpace (
                     EfiGcdMemoryTypeSystemMemory,
                     Desc->BaseAddress,
                     Desc->Length,
-                    EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_RP
+                    // Allocable system memory resource capabilities as masked
+                    // in MdeModulePkg/Core/Dxe/Mem/Page.c:PromoteMemoryResource
+                    Capabilities & ~(EFI_MEMORY_INTERNAL_MASK | EFI_MEMORY_RUNTIME)
                     );
     if (EFI_ERROR (Status)) {
       break;
-- 
2.39.1.456.gfc5497dd1b-goog