Re: [PATCH v4 1/6] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: Dionna Glaze <dionnaglaze@google.com>, devel@edk2.groups.io
Cc: Gerd Hoffmann <kraxel@redhat.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Sophia Wolf <phiawolf@google.com>
Subject: Re: [PATCH v4 1/6] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
Date: Wed, 28 Sep 2022 16:02:18 -0500	[thread overview]
Message-ID: <584ccb31-f5c6-eba3-c44e-85ceaa6a7d82@amd.com> (raw)
In-Reply-To: <20220928153323.2583389-2-dionnaglaze@google.com>

On 9/28/22 10:33, Dionna Glaze wrote:
> From: Sophia Wolf <phiawolf@google.com>
> 
> When a guest OS does not support unaccepted memory, the unaccepted
> memory must be accepted before returning a memory map to the caller.
> 
> EfiMemoryAcceptProtocol is defined in MdePkg and is implemented /
> Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
> 
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> 
> Signed-off-by: Sophia Wolf <phiawolf@google.com>
> ---
>   OvmfPkg/AmdSevDxe/AmdSevDxe.c                                      | 34 ++++++++++++++++++++
>   OvmfPkg/AmdSevDxe/AmdSevDxe.inf                                    |  3 ++
>   OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 +++++++++++---
>   3 files changed, 57 insertions(+), 4 deletions(-)
> 
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> index 662d3c4ccb..09aa15165d 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> @@ -20,6 +20,7 @@
>   #include <Library/UefiBootServicesTableLib.h>
>   #include <Guid/ConfidentialComputingSevSnpBlob.h>
>   #include <Library/PcdLib.h>
> +#include <Protocol/MemoryAccept.h>
>   
>   STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
>     SIGNATURE_32 ('A',                                    'M', 'D', 'E'),
> @@ -31,6 +32,29 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
>     FixedPcdGet32 (PcdOvmfCpuidSize),
>   };
>   
> +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL;
> +
> +STATIC
> +EFI_STATUS
> +EFIAPI
> +AmdSevMemoryAccept (
> +  IN EFI_MEMORY_ACCEPT_PROTOCOL *This,
> +  IN EFI_PHYSICAL_ADDRESS StartAddress,
> +  IN UINTN Size
> +)
> +{
> +  MemEncryptSevSnpPreValidateSystemRam (
> +    StartAddress,
> +    EFI_SIZE_TO_PAGES (Size)

Sorry, I forgot to ask this earlier in the series, but is StartAddress 
guaranteed to be page-aligned and Size a multiple of 4KB? Should there be 
any asserts for those just in case?

Also, can Size be 0? In which case MemEncryptSevSnpPreValidateSystemRam() 
shouldn't be called?

> +    );
> +
> +  return EFI_SUCCESS;
> +}
> +
> +STATIC EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
> +  AmdSevMemoryAccept
> +};
> +
>   EFI_STATUS
>   EFIAPI
>   AmdSevDxeEntryPoint (
> @@ -147,6 +171,16 @@ AmdSevDxeEntryPoint (
>       }
>     }
>   
> +  Status = gBS->InstallProtocolInterface (
> +                  &mAmdSevDxeHandle,
> +                  &gEfiMemoryAcceptProtocolGuid,
> +                  EFI_NATIVE_INTERFACE,
> +                  &mMemoryAcceptProtocol
> +                  );
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n"));
> +  }

Should this only be installed for an SNP guest, e.g. put within the
"if (MemEncryptSevSnpIsEnabled ()) {" check?

Maybe use ASSERT_EFI_ERROR (Status)?

Thanks,
Tom

> +
>     //
>     // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
>     // It contains the location for both the Secrets and CPUID page.
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> index 9acf860cf2..5ddddabc32 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> @@ -47,6 +47,9 @@
>     gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
>     gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
>   
> +[Protocols]
> +  gEfiMemoryAcceptProtocolGuid
> +
>   [Guids]
>     gConfidentialComputingSevSnpBlobGuid
>   
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> index d3a95e4913..ee3710f7b3 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> @@ -14,6 +14,7 @@
>   #include <Library/MemEncryptSevLib.h>
>   
>   #include "SnpPageStateChange.h"
> +#include "VirtualMemory.h"
>   
>   /**
>     Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
> @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam (
>     IN UINTN             NumPages
>     )
>   {
> +  EFI_STATUS Status;
> +
>     if (!MemEncryptSevSnpIsEnabled ()) {
>       return;
>     }
>   
> -  //
> -  // All the pre-validation must be completed in the PEI phase.
> -  //
> -  ASSERT (FALSE);
> +  // DXE pre-validation may happen with the memory accept protocol.
> +  // The protocol should only be called outside the prevalidated ranges
> +  // that the PEI stage code explicitly skips. Specifically, only memory
> +  // ranges that are classified as unaccepted.
> +  if (BaseAddress >= SIZE_4GB) {
> +    Status = InternalMemEncryptSevCreateIdentityMap1G (
> +               0,
> +               BaseAddress,
> +               EFI_PAGES_TO_SIZE (NumPages)
> +               );
> +    if (EFI_ERROR (Status)) {
> +      ASSERT (FALSE);
> +      CpuDeadLoop ();
> +    }
> +  }
> +
> +  InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
>   }

next prev parent reply	other threads:[~2022-09-28 21:02 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-28 15:33 [PATCH v4 0/6] Add safe unaccepted memory behavior Dionna Glaze
2022-09-28 15:33 ` [PATCH v4 1/6] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe Dionna Glaze
2022-09-28 16:29   ` [edk2-devel] " Ard Biesheuvel
2022-09-28 21:02   ` Lendacky, Thomas [this message]
2022-09-30 17:48     ` Dionna Glaze
2022-09-28 15:33 ` [PATCH v4 2/6] MdeModulePkg: Add PcdEnableUnacceptedMemory Dionna Glaze
2022-09-28 16:33   ` Ard Biesheuvel
2022-09-29 18:38     ` Dionna Glaze
2022-09-28 15:33 ` [PATCH v4 3/6] OvmfPkg: set PcdEnableUnacceptedMemory to FALSE Dionna Glaze
2022-09-28 16:37   ` Ard Biesheuvel
2022-09-29 18:50     ` Dionna Glaze
2022-09-28 15:33 ` [PATCH v4 4/6] MdeModulePkg: DxeMain accepts all memory at EBS if needed Dionna Glaze
2022-09-28 16:50   ` Ard Biesheuvel
2022-09-29  0:11   ` [edk2-devel] " Ni, Ray
2022-09-29 18:14     ` Dionna Glaze
2022-09-30  8:06       ` Ard Biesheuvel
2022-09-28 15:33 ` [PATCH v4 5/6] MdeModulePkg: add EnableUnacceptedMemoryProtocol Dionna Glaze
2022-09-28 17:27   ` Ard Biesheuvel
2022-09-28 15:33 ` [PATCH v4 6/6] OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted Dionna Glaze

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=584ccb31-f5c6-eba3-c44e-85ceaa6a7d82@amd.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox