From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A5AEF740038 for ; Thu, 22 Feb 2024 17:32:16 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=u0+gIMOG+u7VTpDVNlpPHS8frIVKDKsbQ4z76M0UECE=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1708623135; v=1; b=eU7S7B6MGMLA1Vc1uuwZj2rI2LiuYDLRmUJuDGd9fRsPsxrHpshiIBTic2opfvHRVAPFjV+J RyWTp4UHXHPxMHILdHr0JgqBeFo1njfJiBut7hY8+eOKE72ZQJ4v7m3MF3f25mTDKyPuS2+/FQZ zV9zIXqPPOIhCQUZ98UF8VgI= X-Received: by 127.0.0.2 with SMTP id ataQYY7687511xInV0ql4Ef1; Thu, 22 Feb 2024 09:32:15 -0800 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.52]) by mx.groups.io with SMTP id smtpd.web11.18844.1708623134491752335 for ; Thu, 22 Feb 2024 09:32:14 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NYMaYLX04gotysx88GnX3vnAiO4JPGkwHHwcyC3f20B7R3KN/E4CEcUHy8sEP9UuZs6fPynYAXY7XyXSIfibwCZQ5mN6bpxJdsou6LcPhCSltGC0lnmfpvsIAJv3RnOIAeozE/vUHpXBtARaHPqH4BncV6Fbt9PUycV7w5x1+x4LPlB8H1XDuLfm5dQrUiFxvi6hWdOVAmXHfbRCkIId4r3BNl/fW/hSO00A39FlHtlfIBVhsxM8UgZ6Yonobe6J/Y9uTthqL4uPjVQMLh1j9wCk3RZiK0oUkg4guaZntvVQPkXf+AgxFtes2wTrR0ALs5TYQcHZ/ynhtl4mZKtzRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ox82QoT5TtKihp5X6UvKZGrpeipDeq3JYiOsnpSjaTs=; b=LLqydHgWAc8i3X6b9tMnrEKLzlM3T/HmrQugboFi5udkGS7JN4v9WvvadX9URAjxyqRL1RkLWYTVzPOmRiSzkj96G4uE4HtiNCpKzHJqOvSifI/bDfS8ZLO0E+4H2NzsgBS3fizPvJgANw9g6pM6hGH2VOcjDFc3WvH/0piNXjUOX8p9UmKHO4xNpnS5Hm8bwY8RVMWSgp/WeDwQL1ufpORDZwFGkJ8I/LZM0+fi5aOxpTqVASxFNVK7UPTqHUKj1quTtWfWHRtTx5EgHz3gqKTtY/TM6oK9f7/nDnHUJG+Xwyuh/CY1d4MUrV5HPpPD14yv16EvuzyX8bx49kOH1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BN9PR03CA0676.namprd03.prod.outlook.com (2603:10b6:408:10e::21) by DS0PR12MB8576.namprd12.prod.outlook.com (2603:10b6:8:165::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.24; Thu, 22 Feb 2024 17:32:09 +0000 X-Received: from BN2PEPF000044AB.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::21) by BN9PR03CA0676.outlook.office365.com (2603:10b6:408:10e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.43 via Frontend Transport; Thu, 22 Feb 2024 17:32:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044AB.mail.protection.outlook.com (10.167.243.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:32:09 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 22 Feb 2024 11:32:05 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v2 16/23] OvmfPkg/BaseMemEncryptSevLib: Use CcSvsmSnpPvalidate() to validate pages Date: Thu, 22 Feb 2024 11:29:55 -0600 Message-ID: <2e6a55df1941f190c0ce90c54bb9a01c593455c6.1708623001.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044AB:EE_|DS0PR12MB8576:EE_ X-MS-Office365-Filtering-Correlation-Id: fa7d69ae-fb8b-4dc8-439d-08dc33cc3257 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: OEitGaB3nZWhAL/1ERSqJlvqtYEhUOIAhGWLEEFucK7GZ+cvcspRaKOvzZggZk00kHvRgSWfuTDotxC1Sj/jA7u2mVJS7Hh6taeOoJOxwEv2f5QInthbTv2Em5Mevm3UlqP65/yJYIWA27QlOuT82ib3PpbobCQUgeE6tUetH/oHKpKQBcKR43FoG5/rSa3zRKHkXIipyQZ2rv9VVn5duzdr1WeBUodt19MJ1yOm6OmPhjoR7UzNF0jTjHDojORFUgkM3j6gVf/XdatTwp2Xv6lzMNKldIDZHb32pZITP483goG/wAWzTKRAjqHJiDE/Tqh+nWU4q6G5gZCxjmvlUWygs/DOxbGE5+8/3V0IGFFdHSrqoi1p/g6nDd4einor+KZqah0aNDfHNLK3DsxihfiWiUw0/095I0WD8rpbXmRZH9mgNeKnnWtL94wul4xDphobgI3SvNsDEj5ZZrMeig/Np0I6WwAupNcNwNO2NS8wnOiirlS6Hm3PjtTL/S4da9S+0CoGYMnT02Jk8JJDwtqAFRpHT5A7q8FyTq4n7XBVCyiXsH756ZxeMNP/Jh/j0j663V+O+DyCDJ4Dw8Ga1SlMtXBb/4QqeQ4w4FWGOnz53CUiiQ16vvNdGNms1LMADQNl2pTZJxfiEGgWWAqELQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:32:09.0067 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fa7d69ae-fb8b-4dc8-439d-08dc33cc3257 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044AB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8576 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 6fUdDiclVGmtvzVg31oCX3Y4x7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=eU7S7B6M; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The PVALIDATE instruction is used to change the SNP validation of a page, but that can only be done when running at VMPL0. To prepare for running at a less priviledged VMPL, use the CcSvsmLib library API to perform the PVALIDATE. The CcSvsmLib library will perform the proper operation on behalf of the caller. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 3= +- OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 3= +- OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf | 3= +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 74= +------------------- 4 files changed, 9 insertions(+), 74 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index cc24961c9265..7397e5cfb810 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -1,7 +1,7 @@ ## @file # Library provides the helper functions for SEV guest # -# Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<= BR> +# Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<= BR> # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -52,6 +52,7 @@ [LibraryClasses] MemoryAllocationLib PcdLib CcExitLib + CcSvsmLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 8f56783da55e..55928f9e386c 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -1,7 +1,7 @@ ## @file # Library provides the helper functions for SEV guest # -# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<= BR> # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -52,6 +52,7 @@ [LibraryClasses] MemoryAllocationLib PcdLib CcExitLib + CcSvsmLib =20 [FeaturePcd] gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf index b6d76e7e630f..e373f9f010ba 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf @@ -1,7 +1,7 @@ ## @file # Library provides the helper functions for SEV guest # -# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<= BR> # # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -49,6 +49,7 @@ [LibraryClasses] DebugLib PcdLib CcExitLib + CcSvsmLib =20 [FixedPcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern= al.c index f1883239a661..4e1225d12797 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c @@ -14,14 +14,13 @@ #include #include #include +#include =20 #include #include =20 #include "SnpPageStateChange.h" =20 -#define PAGES_PER_LARGE_ENTRY 512 - STATIC UINTN MemoryStateToGhcbOp ( @@ -63,73 +62,6 @@ SnpPageStateFailureTerminate ( CpuDeadLoop (); } =20 -/** - This function issues the PVALIDATE instruction to validate or invalidate = the memory - range specified. If PVALIDATE returns size mismatch then it retry validat= ing with - smaller page size. - - */ -STATIC -VOID -PvalidateRange ( - IN SNP_PAGE_STATE_CHANGE_INFO *Info - ) -{ - UINTN RmpPageSize; - UINTN StartIndex; - UINTN EndIndex; - UINTN Index; - UINTN Ret; - EFI_PHYSICAL_ADDRESS Address; - BOOLEAN Validate; - - StartIndex =3D Info->Header.CurrentEntry; - EndIndex =3D Info->Header.EndEntry; - - for ( ; StartIndex <=3D EndIndex; StartIndex++) { - // - // Get the address and the page size from the Info. - // - Address =3D ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFr= ameNumber) << EFI_PAGE_SHIFT; - RmpPageSize =3D Info->Entry[StartIndex].PageSize; - Validate =3D Info->Entry[StartIndex].Operation =3D=3D SNP_PAGE_STAT= E_PRIVATE; - - Ret =3D AsmPvalidate (RmpPageSize, Validate, Address); - - // - // If we fail to validate due to size mismatch then try with the - // smaller page size. This senario will occur if the backing page in - // the RMP entry is 4K and we are validating it as a 2MB. - // - if ((Ret =3D=3D PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize =3D=3D Pv= alidatePageSize2MB)) { - for (Index =3D 0; Index < PAGES_PER_LARGE_ENTRY; Index++) { - Ret =3D AsmPvalidate (PvalidatePageSize4K, Validate, Address); - if (Ret) { - break; - } - - Address =3D Address + EFI_PAGE_SIZE; - } - } - - // - // If validation failed then do not continue. - // - if (Ret) { - DEBUG (( - DEBUG_ERROR, - "%a:%a: Failed to %a address 0x%Lx Error code %d\n", - gEfiCallerBaseName, - __func__, - Validate ? "Validate" : "Invalidate", - Address, - Ret - )); - SnpPageStateFailureTerminate (); - } - } -} - STATIC EFI_PHYSICAL_ADDRESS BuildPageStateBuffer ( @@ -328,7 +260,7 @@ InternalSetPageState ( // invalidate the pages before making the page shared in the RMP table= . // if (State =3D=3D SevSnpPageShared) { - PvalidateRange (Info); + CcSvsmSnpPvalidate (Info); } =20 // @@ -341,7 +273,7 @@ InternalSetPageState ( // validate the pages after it has been added in the RMP table. // if (State =3D=3D SevSnpPagePrivate) { - PvalidateRange (Info); + CcSvsmSnpPvalidate (Info); } } } --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115851): https://edk2.groups.io/g/devel/message/115851 Mute This Topic: https://groups.io/mt/104512967/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-