From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.groups.io with SMTP id smtpd.web08.5301.1611621047890655475 for ; Mon, 25 Jan 2021 16:30:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gQWuFmmC; spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611621047; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nVDPeKIk5/i1rm0We9XcYMdyCziKg61gE13HX96opJg=; b=gQWuFmmCyyDklADvF3LgCOrKCqGqsIOXxRNA/kJWf7Jey3kMLIYNODNS9KN1imQWEFdERf Fo4f2j0o9qiC/jlMpcCBH8v6kMhjk/q3t+JV7ciPMFmSzM2+A3nz8dZDawZt2hmpgasNG9 4TQB0RpkP1NXKYzQ9Hf5JwO4huwsFag= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-106-lE0KSygUMSesRzNGv-22pw-1; Mon, 25 Jan 2021 19:30:42 -0500 X-MC-Unique: lE0KSygUMSesRzNGv-22pw-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7A554107ACFB; Tue, 26 Jan 2021 00:30:41 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-67.ams2.redhat.com [10.36.112.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2285060C47; Tue, 26 Jan 2021 00:30:39 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Use physical address with SEV-ES To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Brijesh Singh , Jordan Justen , Ard Biesheuvel References: <84a5f9161541db5aa3b57c96b737afbcb4b6189d.1611410263.git.thomas.lendacky@amd.com> From: "Laszlo Ersek" Message-ID: <2bd3cbc9-49fa-a9fe-8551-73f3aa541583@redhat.com> Date: Tue, 26 Jan 2021 01:30:39 +0100 MIME-Version: 1.0 In-Reply-To: <84a5f9161541db5aa3b57c96b737afbcb4b6189d.1611410263.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 01/23/21 14:57, Lendacky, Thomas wrote: > From: Tom Lendacky > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3183 > > Under SEV-ES, a write to the flash device is done using a direct VMGEXIT > to perform an MMIO write. The address provided to the MMIO write must be > the physical address of the MMIO write destitnation. During boot, OVMF > runs with an identity mapped pagetable structure so that VA == PA and the > VMGEXIT MMIO write destination is just the virtual address of the flash > area address being written. > > However, when the UEFI SetVitualAddressMap() API is invoked, an identity > mapped pagetable structure may not be in place and using the virtual > address for the flash area address is no longer valid. This results in > writes to the flash not being performed successfully. This can be seen > by attempting to change the boot order under Linux. The update will > appear to be performed, based on the output of the command. But rebooting > the guest will show that the new boot order has not been set. > > To remedy this, save the value of the flash base physical address before > converting the address as part of SetVirtualAddressMap(). The physical > address can then be calculated by obtaining the offset of the MMIO target > virtual address relative to the flash base virtual address and adding that > to the original flash base physical address. The resulting value produces > a successful MMIO write during runtime services. > > Fixes: 437eb3f7a8db7681afe0e6064d3a8edb12abb766 > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > .../QemuFlashDxe.c | 20 ++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > index 1b0742967f71..d303b0078b08 100644 > --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c > @@ -16,11 +16,17 @@ > > #include "QemuFlash.h" > > +STATIC EFI_PHYSICAL_ADDRESS mSevEsFlashPhysBase; > + > VOID > QemuFlashConvertPointers ( > VOID > ) > { > + if (MemEncryptSevEsIsEnabled ()) { > + mSevEsFlashPhysBase = (UINTN) mFlashBase; > + } > + > EfiConvertPointer (0x0, (VOID **) &mFlashBase); > } > > @@ -52,11 +58,23 @@ QemuFlashPtrWrite ( > if (MemEncryptSevEsIsEnabled ()) { > MSR_SEV_ES_GHCB_REGISTER Msr; > GHCB *Ghcb; > + EFI_PHYSICAL_ADDRESS PhysAddr; > BOOLEAN InterruptState; > > Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB); > Ghcb = Msr.Ghcb; > > + // > + // The MMIO write needs to be to the physical address of the flash pointer. > + // Since this service is available as part of the EFI runtime services, > + // account for a non-identity mapped VA after SetVitualAddressMap(). > + // > + if (mSevEsFlashPhysBase == 0) { > + PhysAddr = (UINTN) Ptr; > + } else { > + PhysAddr = mSevEsFlashPhysBase + (Ptr - mFlashBase); > + } > + > // > // Writing to flash is emulated by the hypervisor through the use of write > // protection. This won't work for an SEV-ES guest because the write won't > @@ -68,7 +86,7 @@ QemuFlashPtrWrite ( > Ghcb->SharedBuffer[0] = Value; > Ghcb->SaveArea.SwScratch = (UINT64) (UINTN) Ghcb->SharedBuffer; > VmgSetOffsetValid (Ghcb, GhcbSwScratch); > - VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, (UINT64) (UINTN) Ptr, 1); > + VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, PhysAddr, 1); > VmgDone (Ghcb, InterruptState); > } else { > *Ptr = Value; > Reviewed-by: Laszlo Ersek I've fixed up the typo as discussed elsewhere in this thread, in both the commit message and the code comment. Merged as commit 3a3501862f73, via . Thanks Laszlo