From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: Dionna Glaze <dionnaglaze@google.com>, devel@edk2.groups.io
Cc: Gerd Hoffmann <kraxel@redhat.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>
Subject: Re: [PATCH v5 1/7] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
Date: Mon, 3 Oct 2022 09:52:41 -0500 [thread overview]
Message-ID: <2ecad3cc-b3bd-5470-30f9-7290c1d9b2e6@amd.com> (raw)
In-Reply-To: <20220930230627.3371754-2-dionnaglaze@google.com>
On 9/30/22 18:06, Dionna Glaze wrote:
> From: Sophia Wolf <phiawolf@google.com>
>
> When a guest OS does not support unaccepted memory, the unaccepted
> memory must be accepted before returning a memory map to the caller.
>
> EfiMemoryAcceptProtocol is defined in MdePkg and is implemented /
> Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Just some formatting suggestions and one area of cleanup from previous
version of the patch below. Assuming you take care of those:
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 57 ++++++++++++++++++--
> OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++
> OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 +++++++--
> 3 files changed, 76 insertions(+), 8 deletions(-)
>
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> index 662d3c4ccb..77d3caa833 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> @@ -20,6 +20,7 @@
> #include <Library/UefiBootServicesTableLib.h>
> #include <Guid/ConfidentialComputingSevSnpBlob.h>
> #include <Library/PcdLib.h>
> +#include <Protocol/MemoryAccept.h>
>
> STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
> SIGNATURE_32 ('A', 'M', 'D', 'E'),
> @@ -31,6 +32,38 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
> FixedPcdGet32 (PcdOvmfCpuidSize),
> };
>
> +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL;
> +
> +STATIC
> +EFI_STATUS
> +EFIAPI
> +AmdSevMemoryAccept (
> + IN EFI_MEMORY_ACCEPT_PROTOCOL *This,
> + IN EFI_PHYSICAL_ADDRESS StartAddress,
> + IN UINTN Size
> +)
> +{
> + //
> + // The StartAddress must be page-aligned, and the Size must be a positive
> + // multiple of SIZE_4KB. Use an assert instead of returning an erros since
> + // this is an EDK2-internal protocol.
> + //
> + ASSERT (((StartAddress & ~(SIZE_4KB - 1)) == 0) &&
> + ((Size & ~(SIZE_4KB - 1)) == 0) &&
> + (Size != 0));
Create a generic alignment check macro?
#define IS_ALIGNED(x, y) (((x) & ((y) - 1)) == 0)
Maybe keep the ASSERTs separate so they better identify which condition
caused the assert, e.g.:
ASSERT (IS_ALIGNED (StartAddress, SIZE_4KB));
ASSERT (IS_ALIGNED (Size, SIZE_4KB));
ASSERT (Size != 0);
?
Not sure if those are worth it or not, though.
> +
> + MemEncryptSevSnpPreValidateSystemRam (
> + StartAddress,
> + EFI_SIZE_TO_PAGES (Size)
> + );
> +
> + return EFI_SUCCESS;
> +}
> +
> +STATIC EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
> + AmdSevMemoryAccept
> +};
> +
> EFI_STATUS
> EFIAPI
> AmdSevDxeEntryPoint (
> @@ -147,11 +180,27 @@ AmdSevDxeEntryPoint (
> }
> }
>
> - //
> - // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
> - // It contains the location for both the Secrets and CPUID page.
> - //
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n"));
> + }
Looks like this shouldn't be here.
> +
> if (MemEncryptSevSnpIsEnabled ()) {
> + //
> + // Memory acceptance began being required in SEV-SNP, so install the
> + // memory accept protocol implementation for a SEV-SNP active guest.
> + //
> + Status = gBS->InstallProtocolInterface (
> + &mAmdSevDxeHandle,
> + &gEfiMemoryAcceptProtocolGuid,
> + EFI_NATIVE_INTERFACE,
> + &mMemoryAcceptProtocol
> + );
Need to indent these two more spaces to align with the "s" in Install.
Thanks,
Tom
> + ASSERT_EFI_ERROR (Status);
> +
> + //
> + // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
> + // It contains the location for both the Secrets and CPUID page.
> + //
> return gBS->InstallConfigurationTable (
> &gConfidentialComputingSevSnpBlobGuid,
> &mSnpBootDxeTable
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> index 9acf860cf2..5ddddabc32 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> @@ -47,6 +47,9 @@
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
>
> +[Protocols]
> + gEfiMemoryAcceptProtocolGuid
> +
> [Guids]
> gConfidentialComputingSevSnpBlobGuid
>
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> index d3a95e4913..ee3710f7b3 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> @@ -14,6 +14,7 @@
> #include <Library/MemEncryptSevLib.h>
>
> #include "SnpPageStateChange.h"
> +#include "VirtualMemory.h"
>
> /**
> Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
> @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam (
> IN UINTN NumPages
> )
> {
> + EFI_STATUS Status;
> +
> if (!MemEncryptSevSnpIsEnabled ()) {
> return;
> }
>
> - //
> - // All the pre-validation must be completed in the PEI phase.
> - //
> - ASSERT (FALSE);
> + // DXE pre-validation may happen with the memory accept protocol.
> + // The protocol should only be called outside the prevalidated ranges
> + // that the PEI stage code explicitly skips. Specifically, only memory
> + // ranges that are classified as unaccepted.
> + if (BaseAddress >= SIZE_4GB) {
> + Status = InternalMemEncryptSevCreateIdentityMap1G (
> + 0,
> + BaseAddress,
> + EFI_PAGES_TO_SIZE (NumPages)
> + );
> + if (EFI_ERROR (Status)) {
> + ASSERT (FALSE);
> + CpuDeadLoop ();
> + }
> + }
> +
> + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
> }
next prev parent reply other threads:[~2022-10-03 14:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-30 23:06 [PATCH v5 0/7] Add safe unaccepted memory behavior Dionna Glaze
2022-09-30 23:06 ` [PATCH v5 1/7] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe Dionna Glaze
2022-10-03 14:52 ` Lendacky, Thomas [this message]
2022-09-30 23:06 ` [PATCH v5 2/7] MdePkg: Introduce ExitBootServicesCallbackProtocol Dionna Glaze
2022-10-01 0:15 ` [edk2-devel] " Ni, Ray
2022-10-03 1:16 ` Dionna Glaze
2022-10-03 11:23 ` Ard Biesheuvel
2022-10-03 17:25 ` Dionna Glaze
2022-10-05 16:20 ` Felix Polyudov
2022-10-05 16:54 ` Dionna Glaze
2022-09-30 23:06 ` [PATCH v5 3/7] MdeModulePkg: Invoke all ExitBootServicesCallback instances at ExitBootServices Dionna Glaze
2022-10-03 11:33 ` Ard Biesheuvel
2022-09-30 23:06 ` [PATCH v5 4/7] OvmfPkg: Introduce CocoDxe driver Dionna Glaze
2022-09-30 23:06 ` [PATCH v5 5/7] MdePkg: Introduce the AcceptAllUnacceptedMemory protocol Dionna Glaze
2022-09-30 23:06 ` [PATCH v5 6/7] OvmfPkg: Implement AcceptAllUnacceptedMemory in CocoDxe Dionna Glaze
2022-09-30 23:06 ` [PATCH v5 7/7] OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted Dionna Glaze
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2ecad3cc-b3bd-5470-30f9-7290c1d9b2e6@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox