From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.89]) by mx.groups.io with SMTP id smtpd.web11.3138.1664398942485708365 for ; Wed, 28 Sep 2022 14:02:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=bdu1o6C/; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.89, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WOkGrP7ltiO8ziBZx2cX9HRv9zIedNdgm3MZ7K6dPhqBtMsk/fwlzDiYCO2ccfFJfsrI/06sbXOZF5R0IF5DORO0o/RTOHtbk2BbAsgEA50FIStbAS+0s3sTlnHa9Tn1hdPp24QP0+AJpA3r9iWL5EU59107DR3O8q6bFVbgrNbN+CZoyQTF8Gt8ZRXPTCJ/jFw6IfEnj8HL6omVyEYNIKQpJ6LUCeTFracsFqUiRr68f/qvlUieUd15oJ+Ig6aA8kNn2o/Xd7Jj4F6uBv5iHOPfn7MRBhLbFfVmcSPH6DMEWmBQXYohFUI4C19x+jeX8r4AupC/ggHq86Qj7KHajw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=93m+uVDBneOLVbi7TLYLpLTyBddb63jEeKsFlqZtQsA=; b=Jf/JBWCTJ/aiPUa9wbZJIdcaz2dcBH7hy/Wj46xmJV818p+TvkIgZ4y85MSEchLmcbp2YRi+JLBSHmCEKwKU1V4Qbb0pfBUKcmDu7CRZE3riuSg0wdVAkRTJPS945GTaKgZLsrk2phRZSk9yTpRv5Vj7ShaIaq6vcB8uIuGGigwuH5mEaDE9r7AgbZUVP/E5LG870wYu8UvYEzVJYYe2BnE0fIfR4q1+1NUDx+IDtWw4t5AAyJz4AyFXiby7PJtucJyNMvtRR94rMNw54AK4UItUZnfLgKhxEDmPfdyWdkwQvFeRCjFHKKdBloQKo30glBYw0a4C6JoCh/72JgFnog== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=93m+uVDBneOLVbi7TLYLpLTyBddb63jEeKsFlqZtQsA=; b=bdu1o6C/eqCS442qInIorePkTQ9gzZDVPWAeCWa05lxYZa95zHHPf29uZQ/5EbvpAwa4kSqFVVIB8rh+gxgb5ob0Z6DUFSr2o7ppWzDDiUcyf9OeLn65yLGkWgWQ951SMHdOoyqEmXTv5nn5NxdWez1rvyL2fvAmC2suw7M3fpg= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by PH7PR12MB5734.namprd12.prod.outlook.com (2603:10b6:510:1e1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.24; Wed, 28 Sep 2022 21:02:20 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::c175:4c:c0d:1396]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::c175:4c:c0d:1396%4]) with mapi id 15.20.5676.017; Wed, 28 Sep 2022 21:02:20 +0000 Message-ID: <584ccb31-f5c6-eba3-c44e-85ceaa6a7d82@amd.com> Date: Wed, 28 Sep 2022 16:02:18 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH v4 1/6] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe To: Dionna Glaze , devel@edk2.groups.io Cc: Gerd Hoffmann , James Bottomley , Jiewen Yao , Sophia Wolf References: <20220928153323.2583389-1-dionnaglaze@google.com> <20220928153323.2583389-2-dionnaglaze@google.com> From: "Lendacky, Thomas" In-Reply-To: <20220928153323.2583389-2-dionnaglaze@google.com> X-ClientProxiedBy: CH2PR05CA0051.namprd05.prod.outlook.com (2603:10b6:610:38::28) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: Thomas.Lendacky@amd.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|PH7PR12MB5734:EE_ X-MS-Office365-Filtering-Correlation-Id: 6e20d794-12b0-4be6-3f32-08daa194bbb5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PQyYnbr5cyB7XOgqZ4pTwvhN0Bh0eZSsYJWoumkgHZ/zM6eGgYOej/s2b+yh6TeUpCxCXuIlB2SE7Nz9zsXDIK8mtgxph3vkO2jPD3IfnkdcYtUyVqcxRxHW3pnK+KEGy9aFCXoSCD18MPMibzOgCUZ/LZVJ9/1kNV2CXxokQJlq1Qe0iDKXmSqtwJOMe+QxqR+FCCzB04OZpDwp9EAQuEaGwC2UMinPDJJMoT+Xs8alPVnJ0ZKaxWh6pjAdB1OZgoXfaFyzDrxFvsiC5xs1Txxe+KWsi38mtQgsXW12LV0Ut2EhpsSF6olw5omEbl9UMwPd5ShfVlQPKj1P2YfiYcIOaChmpv4J9eMdiJjPgit86Vm6JjSjUzpqN7fbFZdlNe+ekxMiFgA9uXEQSa1WLTnvHQ98A7e6waFst4WIsm+kQ9S6WWJ2epQ9WsBknFKc8aF1tquPLgKUc+2FF9vETVjsQiLYqBW1ViOMiKzptmwTIwaCW5WTsBvxwy9Sp0Xd27WT6QXjobGo7OlcV8WNGfjgY0nY6p0F1iRdksWLTqlXDj042LPHahdHcCzSiJmCagQQQwe1vhhTRJ1HWZoyD7Jk1yWGpgpia8NmfoCoVgTjzjJIj9h3pevkm6wEnZzyaKgsDTHZAmt8G6bJhOPTkofF9EEM2aJAK2yz5DAPzbGG9Q998sYGGHH9Laxp35QkcC5iiCTV5vccdMXvySm9s24A9+IywPockrZSavJY5slqZKKo9UyRz09TgnpY3IKRumbULsimZgWV1J5tZMUOSsG36fE8awvs+ajGinG57EA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(376002)(396003)(136003)(346002)(366004)(39860400002)(451199015)(6486002)(66946007)(186003)(36756003)(19627235002)(66476007)(4326008)(31696002)(478600001)(8676002)(83380400001)(8936002)(66556008)(54906003)(316002)(38100700002)(26005)(86362001)(41300700001)(6512007)(2616005)(2906002)(6506007)(31686004)(53546011)(5660300002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VHU2L3lDY2VPSTlibFhJWlphYzhUWVpSWFFBbzYzVzhXU3BONVpHbVNVajNZ?= =?utf-8?B?YXBoNnMzaG5zL3Jlc3RVTFZIcW15dWFtVnNUK2h1TEI1RXp6WVN1dDcwRzhE?= =?utf-8?B?em5FT2VNaXlGc1d2RjdiMTJmS1lsMjFJU3cxcE9yTXd5TlBndkNtUERHeUxZ?= =?utf-8?B?Q2t0SjhRZ0NscFp2d1U5UzhVbTFTTjJ3WStOK2VyS0UyVzVtc3BYZUVRZzQz?= =?utf-8?B?Q3AzTThkT0piL2JPNzJrdTQ3RG5tUzV4ZnB0UWszbWFrbFZJV3RWazlSWG9M?= =?utf-8?B?cUVvcnY1aGJITDBNck44Sm1XTXBhVnpPTG1nUVFmR1RnK2FZRWZNWTNreTIx?= =?utf-8?B?d1VmNWlVOWFPNFFLTGJwbGNPL1hWQnozcGI2bEVwVUpVcktESzEvUHIrZ2xZ?= =?utf-8?B?RFVxc3RHZ254Uzh4VHdRdDBvZ0F5WE1LeWFyRUdXWXlWOU5zeHRNeTBLN3Ra?= =?utf-8?B?YkFEQVNYaWM3emhKSUJPQzVZeVh3ditBWE9UVHVsNFlQM0NZSVZlcG1MWHJH?= =?utf-8?B?cVhZSkxrNFEvZDZOa1hoVkVYZ0QrQjRuNEhsa0swcHNJSXRpTVNhR2F1RHdU?= =?utf-8?B?anQrQWlJaDQ2anNveTZsOWlFUTkrdDZxWEl4KzdMVjdGWW5iQTJFTXIrNGZU?= =?utf-8?B?cUVoOERBWXIyMzI0dU9mQ3VBbTV2YnkrUDh2U0hickZlekhZcEJQb3M3dEU3?= =?utf-8?B?OW1RMTRSbXhWYUJBcmhpNm9yQXM4czJRTm5GVmtvUjVjQzJkZEV6Q1NpNHln?= =?utf-8?B?SjErY3pidVRFVGJzTlZLc2JMK2xRaDBzWWVDeXFzTmJGMVhKeU8ySDZQenZt?= =?utf-8?B?ZSsrQlVKYzJwRjd1U2RNSU5WU1crdjU0N2JKSG02VmFobzlzRGJuY3NRM1A0?= =?utf-8?B?NEVFM3puTVgwdkl2dFFqdjdyU0NWZWpKSllqcmlxcU5ET2NUbzNSU0lTM1hV?= =?utf-8?B?UmRRU3haQ0RaOUFiZkQ3YTlaNmtXZjQvMGJnL2xKWGJFdzVRWjl1MllaRGM3?= =?utf-8?B?endXWjA2blV4S2RDVWdWYUc5ZklLS0xEY2FUdUhMdTMyZUxnTUNjWVRzZXZB?= =?utf-8?B?WTgzYkhEQlVCTjZEcktIaFlnbnhabU9Ub3VTb1BDcnk4Y2oxdnQvVHRuZGd3?= =?utf-8?B?Lyt5MVhHb2k3OGRyT3czaUFvdzhmU05BNnpQSDduRlF3djFocEZidlNKeFpH?= =?utf-8?B?Z0Ftc1IvOWVWay9WRndXWTF3VnFtTVhZZ2pGZTdrUWdUcUhxVlBoT0lkRDJG?= =?utf-8?B?K24vR3M1ZWJDOStxckZtNDVkcjNuTkxhRXpTOHhyK09WQ0UyS2JmZ2NJSWpr?= =?utf-8?B?NlJRTjM1YlhjOUd6RWxiS0JucUowTUErTi9BUzE4a0x6VFFDVFdEU0h6WFEv?= =?utf-8?B?Tit0YzFJeXY4STNKcDlrZmRaVytzd0hXdHZZWXBDZ1JqMDJwRU9PbHpMdE01?= =?utf-8?B?M1FUN3lRY1R0KzRoRXFjQjFlTkNnZlVodlIySG5KVEw2U2NoNDhnNElPWWlT?= =?utf-8?B?OTlZSHQyRi9YeGIwaXlnd0NHczZoVmgwVldaUUI2cE1wWUluV1hlUkFVZEk2?= =?utf-8?B?cDVKZU9IdlZPeWdFdUNKdG5wakI1ei9YNnJPRUxydml1UllWTUlVWVRoNmtr?= =?utf-8?B?SUpQckNZZzRtR1VEL1VLNVJGa1p5RmRRRVNDOUpJZDJUSXRacmp5eGpwMUV2?= =?utf-8?B?c0VONkV5ZHUveERYM1ZzVmM4bFBTeHlUZWhyUXQrN2Y2ckxvaTBPV0pQUCti?= =?utf-8?B?aXhNRm1GVnR5N3NHcVRselhTN0JIYXRwZTdEMGpqV01UOHppNzdFaFNUNmlh?= =?utf-8?B?a29VV2oxc0x6RDByRVNLbGJ3Tm9SU0dGZDZKT2w3cXpwbC9pU1U3MXNCYXFt?= =?utf-8?B?bFd4dHhHV3czMXQ2RVVvNmFucHJXaFdRNlFDT3pKUEdyS1dOK0xBNzc1ZERp?= =?utf-8?B?eVRxbUtLMmgvY3puR2FYNjFFUk5PZmYwMnZwa0xGNGZaMmVicmxPeFA0cit5?= =?utf-8?B?OXV0OFEzMUo5OERFeGhGbFVpVWlCV3QzY0hDMzdGQTFuYWZmRVlhMXJuK3Vv?= =?utf-8?B?dEVGQWlnUHU4NDg3cWN3RmszNENtalpPWmIxbUZDblY1aG0vVHFNSFVaenVR?= =?utf-8?Q?J47bSX6hKVfaxcygaQ/nN3KiN?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6e20d794-12b0-4be6-3f32-08daa194bbb5 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2022 21:02:20.4357 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OG+3bXUm9V/0eFmrkXY7CeWDqdUk7/jc5R3LI0y7bZdMSAxGASn0r1SLqm4JMOwnlZK/cpj/lo4+R1AAbbVKdg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5734 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 9/28/22 10:33, Dionna Glaze wrote: > From: Sophia Wolf > > When a guest OS does not support unaccepted memory, the unaccepted > memory must be accepted before returning a memory map to the caller. > > EfiMemoryAcceptProtocol is defined in MdePkg and is implemented / > Installed in AmdSevDxe for AMD SEV-SNP memory acceptance. > > Cc: Gerd Hoffmann > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > > Signed-off-by: Sophia Wolf > --- > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 34 ++++++++++++++++++++ > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++ > OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 24 +++++++++++--- > 3 files changed, 57 insertions(+), 4 deletions(-) > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > index 662d3c4ccb..09aa15165d 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > @@ -20,6 +20,7 @@ > #include > #include > #include > +#include > > STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { > SIGNATURE_32 ('A', 'M', 'D', 'E'), > @@ -31,6 +32,29 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = { > FixedPcdGet32 (PcdOvmfCpuidSize), > }; > > +STATIC EFI_HANDLE mAmdSevDxeHandle = NULL; > + > +STATIC > +EFI_STATUS > +EFIAPI > +AmdSevMemoryAccept ( > + IN EFI_MEMORY_ACCEPT_PROTOCOL *This, > + IN EFI_PHYSICAL_ADDRESS StartAddress, > + IN UINTN Size > +) > +{ > + MemEncryptSevSnpPreValidateSystemRam ( > + StartAddress, > + EFI_SIZE_TO_PAGES (Size) Sorry, I forgot to ask this earlier in the series, but is StartAddress guaranteed to be page-aligned and Size a multiple of 4KB? Should there be any asserts for those just in case? Also, can Size be 0? In which case MemEncryptSevSnpPreValidateSystemRam() shouldn't be called? > + ); > + > + return EFI_SUCCESS; > +} > + > +STATIC EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { > + AmdSevMemoryAccept > +}; > + > EFI_STATUS > EFIAPI > AmdSevDxeEntryPoint ( > @@ -147,6 +171,16 @@ AmdSevDxeEntryPoint ( > } > } > > + Status = gBS->InstallProtocolInterface ( > + &mAmdSevDxeHandle, > + &gEfiMemoryAcceptProtocolGuid, > + EFI_NATIVE_INTERFACE, > + &mMemoryAcceptProtocol > + ); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n")); > + } Should this only be installed for an SNP guest, e.g. put within the "if (MemEncryptSevSnpIsEnabled ()) {" check? Maybe use ASSERT_EFI_ERROR (Status)? Thanks, Tom > + > // > // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB. > // It contains the location for both the Secrets and CPUID page. > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > index 9acf860cf2..5ddddabc32 100644 > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf > @@ -47,6 +47,9 @@ > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase > gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize > > +[Protocols] > + gEfiMemoryAcceptProtocolGuid > + > [Guids] > gConfidentialComputingSevSnpBlobGuid > > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > index d3a95e4913..ee3710f7b3 100644 > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c > @@ -14,6 +14,7 @@ > #include > > #include "SnpPageStateChange.h" > +#include "VirtualMemory.h" > > /** > Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. > @@ -29,12 +30,27 @@ MemEncryptSevSnpPreValidateSystemRam ( > IN UINTN NumPages > ) > { > + EFI_STATUS Status; > + > if (!MemEncryptSevSnpIsEnabled ()) { > return; > } > > - // > - // All the pre-validation must be completed in the PEI phase. > - // > - ASSERT (FALSE); > + // DXE pre-validation may happen with the memory accept protocol. > + // The protocol should only be called outside the prevalidated ranges > + // that the PEI stage code explicitly skips. Specifically, only memory > + // ranges that are classified as unaccepted. > + if (BaseAddress >= SIZE_4GB) { > + Status = InternalMemEncryptSevCreateIdentityMap1G ( > + 0, > + BaseAddress, > + EFI_PAGES_TO_SIZE (NumPages) > + ); > + if (EFI_ERROR (Status)) { > + ASSERT (FALSE); > + CpuDeadLoop (); > + } > + } > + > + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); > }