public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: Brijesh Singh <brijesh.ksingh@gmail.com>,
	michael.d.kinney@intel.com, jordan.l.justen@intel.com,
	edk2-devel@ml01.01.org, liming.gao@intel.com
Cc: brijesh.singh@amd.com, leo.duran@amd.com, Thomas.Lendacky@amd.com
Subject: Re: [RFC PATCH v2 07/10] OvmfPkg/BmDmaLib: Add SEV support
Date: Mon, 27 Mar 2017 11:28:59 +0200	[thread overview]
Message-ID: <5d6d6dfa-4077-f560-bf89-878ca35f368e@redhat.com> (raw)
In-Reply-To: <149013080578.27235.9783953356246180002.stgit@brijesh-build-machine>

On 03/21/17 22:13, Brijesh Singh wrote:
> When SEV is enabled, the DMA operations must be performed on a shared
> (i.e unencrypted) pages. The patch adds SEV specific hooks to use the
> bounce buffer when caller map/unmap host address to a DMA address and
> similarly clears/set memory encryption attribute when caller allocates or
> free the DMA pages.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c   |   60 +++++++++++++++++++++++++++
>  OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf |    3 +
>  2 files changed, 61 insertions(+), 2 deletions(-)

It looks like Leo's DxeBmDmaLib isn't final yet (based on the v4
feedback I can see on the list).

Can we perhaps modify the BmDmaLib library class (= public interface)
such that a client module (an executable or even another library) can
reuse the base instance of BmDmaLib, and only provide the hooks?

If not, I guess it's not a big deal, MdeModulePkg/Library/DxeBmDmaLib
contains about 10-12 KB of source. I figured I'd ask though.

Thanks,
Laszlo

> 
> diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
> index 0d960a8..39814cc 100644
> --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
> +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.c
> @@ -25,6 +25,7 @@
>  #include <Library/MemoryAllocationLib.h>
>  #include <Library/UefiBootServicesTableLib.h>
>  #include <Library/BmDmaLib.h>
> +#include <Library/MemEncryptSevLib.h>
>  
>  
>  #define FORCE_BELOW_4GB_TRUE   TRUE
> @@ -100,6 +101,15 @@ AllocateBounceBuffer (
>    }
>  
>    //
> +  // Clear C-bit on DMA pages
> +  //
> +  if (MemEncryptSevIsEnabled ()) {
> +    Status = MemEncryptSevClearPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
> +    if (Status != EFI_SUCCESS) {
> +      return Status;
> +    }
> +  }
> +  //
>    // If this is a read operation from the Bus Master's point of view,
>    // then copy the contents of the real buffer into the mapped buffer
>    // so the Bus Master can read the contents of the real buffer.
> @@ -170,6 +180,23 @@ BmDmaMap (
>  
>    PhysicalAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress;
>    if (DmaAbove4GB || (PhysicalAddress + *NumberOfBytes) <= SIZE_4GB) {
> +
> +    //
> +    // When SEV is enabled the DMA operation must be performed on shared pages. We force to use the
> +    // bounce buffer path which will take care of allocating shared Dma buffers mapping
> +    //
> +    if (MemEncryptSevIsEnabled () &&
> +        (Operation == DmaOperationBusMasterRead || Operation == DmaOperationBusMasterWrite)) {
> +      return AllocateBounceBuffer (
> +                                   FORCE_BELOW_4GB_FALSE,
> +                                   Operation,
> +                                   PhysicalAddress,
> +                                   NumberOfBytes,
> +                                   DeviceAddress,
> +                                   Mapping
> +                                   );
> +    }
> +
>      //
>      // If we CAN handle DMA above 4GB or the transfer is below 4GB,
>      // the DeviceAddress is simply the HostAddress
> @@ -218,7 +245,8 @@ BmDmaUnmap (
>    IN  VOID                 *Mapping
>    )
>  {
> -  MAP_INFO  *MapInfo;
> +  MAP_INFO           *MapInfo;
> +  EFI_STATUS         Status;
>  
>    //
>    // Check for invalid inputs
> @@ -251,6 +279,17 @@ BmDmaUnmap (
>    }
>  
>    //
> +  // When SEV is enabled then Dma buffer allocate by bounce buffer have C-bit cleared,
> +  // restore the C-bit before we release the resources
> +  //
> +  if (MemEncryptSevIsEnabled ()) {
> +    Status = MemEncryptSevSetPageEncMask (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
> +    if (Status != EFI_SUCCESS) {
> +      return Status;
> +    }
> +  }
> +
> +  //
>    // Free the mapped buffer and the MAP_INFO structure.
>    //
>    gBS->FreePages (MapInfo->MappedHostAddress, MapInfo->NumberOfPages);
> @@ -322,8 +361,15 @@ BmDmaAllocateBuffer (
>                    );
>    if (!EFI_ERROR (Status)) {
>      *HostAddress = (VOID *) (UINTN) PhysicalAddress;
> +    //
> +    // Clear C-bit on Dma pages
> +    //
> +    if (MemEncryptSevIsEnabled ()) {
> +      Status = MemEncryptSevClearPageEncMask (PhysicalAddress, Pages);
> +    }
>    }
>  
> +
>    return Status;
>  }
>  
> @@ -346,6 +392,18 @@ BmDmaFreeBuffer (
>    IN  UINTN                Pages
>    )
>  {
> +  EFI_STATUS           Status;
> +
> +  //
> +  // Restore the C-bit on DMA pages
> +  //
> +  if (MemEncryptSevIsEnabled ()) {
> +    Status = MemEncryptSevSetPageEncMask ((UINTN) HostAddress, Pages);
> +    if (Status != EFI_SUCCESS) {
> +      return Status;
> +    }
> +  }
> +
>    return gBS->FreePages ((EFI_PHYSICAL_ADDRESS) (UINTN) HostAddress, Pages);
>  }
>  
> diff --git a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
> index 4ddb27d..fb97caa 100644
> --- a/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
> +++ b/OvmfPkg/Library/DxeBmDmaLib/DxeBmDmaLib.inf
> @@ -29,6 +29,7 @@
>  [Packages]
>    MdePkg/MdePkg.dec
>    MdeModulePkg/MdeModulePkg.dec
> +  OvmfPkg/OvmfPkg.dec
>  
>  [LibraryClasses]
>    BaseLib
> @@ -37,5 +38,5 @@
>    DxeServicesTableLib
>    MemoryAllocationLib
>    UefiBootServicesTableLib
> -
> +  MemEncryptSevLib
>  
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
> 



  reply	other threads:[~2017-03-27  9:29 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-21 21:12 [RESEND] [RFC PATCH v2 00/10] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-03-21 21:12 ` [RFC PATCH v2 01/10] OvmfPkg/Include: Define SEV specific CPUID and MSR Brijesh Singh
2017-03-22 16:03   ` Laszlo Ersek
2017-03-23  7:42     ` Fan, Jeff
2017-03-23  9:19       ` Laszlo Ersek
2017-03-27  7:57         ` Fan, Jeff
2017-03-27 11:58           ` Brijesh Singh
2017-03-27 17:33             ` Laszlo Ersek
2017-03-28  0:45             ` Fan, Jeff
2017-03-28  2:19               ` Duran, Leo
2017-03-28  2:25                 ` Fan, Jeff
2017-03-27 15:59           ` Duran, Leo
2017-03-27 16:07             ` Brijesh Singh
2017-03-21 21:12 ` [RFC PATCH v2 02/10] OvmfPkg/ResetVector: add memory encryption mask when SEV is enabled Brijesh Singh
2017-03-22 20:20   ` Laszlo Ersek
2017-03-23 15:05     ` Brijesh Singh
2017-03-23 16:16       ` Laszlo Ersek
2017-03-23 16:48         ` Brijesh Singh
2017-03-23 16:54           ` Laszlo Ersek
2017-03-23 17:44             ` Brijesh Singh
2017-03-21 21:13 ` [RFC PATCH v2 03/10] OvmfPkg/PlatformPei: Add Secure Encrypted Virutualization (SEV) support Brijesh Singh
2017-03-27  8:23   ` Laszlo Ersek
2017-03-27 12:22     ` Brijesh Singh
2017-03-21 21:13 ` [RFC PATCH v2 04/10] OvmfPkg/BaseMemcryptSevLib: Add SEV helper library Brijesh Singh
2017-03-27  9:19   ` Laszlo Ersek
2017-03-27 10:07     ` Laszlo Ersek
2017-03-27 18:44       ` Brijesh Singh
2017-03-28  8:14         ` Laszlo Ersek
2017-03-21 21:13 ` [RFC PATCH v2 05/10] OvmfPkg/DxeBmDmaLib: Import DxeBmDmaLib package Brijesh Singh
2017-03-27  9:22   ` Laszlo Ersek
2017-03-21 21:13 ` [RFC PATCH v2 06/10] OvmfPkg/DxeBmDmaLib: Fix AllocateBounceBuffer parameter Brijesh Singh
2017-03-27  9:21   ` Laszlo Ersek
2017-03-27 18:40     ` Brijesh Singh
2017-03-21 21:13 ` [RFC PATCH v2 07/10] OvmfPkg/BmDmaLib: Add SEV support Brijesh Singh
2017-03-27  9:28   ` Laszlo Ersek [this message]
2017-03-21 21:13 ` [RFC PATCH v2 08/10] OvmfPkg/QemuFwCfgLib: Provide Pei and Dxe specific library support Brijesh Singh
2017-03-27  9:41   ` Laszlo Ersek
2017-03-21 21:13 ` [RFC PATCH v2 09/10] OvmfPkg/QemuFwCfgLib: Add Secure Encrypted Virtualization (SEV) support Brijesh Singh
2017-03-27 10:19   ` Laszlo Ersek
2017-03-27 19:24     ` Brijesh Singh
2017-03-28  8:12       ` Laszlo Ersek
2017-03-21 21:13 ` [RFC PATCH v2 10/10] OvmfPkg/QemuVideoDxe: Clear the C-bit from framebuffer region when SEV is enabled Brijesh Singh
2017-03-27 10:29   ` Laszlo Ersek
  -- strict thread matches above, loose matches on Subject: below --
2017-03-21 20:59 [RFC PATCH v2 00/10] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-03-21 20:59 ` [RFC PATCH v2 07/10] OvmfPkg/BmDmaLib: Add SEV support Brijesh Singh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5d6d6dfa-4077-f560-bf89-878ca35f368e@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox