From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DC4C520348624 for ; Fri, 6 Jul 2018 05:08:36 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2B002402312B; Fri, 6 Jul 2018 12:08:36 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-154.rdu2.redhat.com [10.10.120.154]) by smtp.corp.redhat.com (Postfix) with ESMTP id C77A72026D68; Fri, 6 Jul 2018 12:08:34 +0000 (UTC) To: Brijesh Singh , edk2-devel@lists.01.org Cc: Lendacky Thomas , Ard Biesheuvel , Anthony Perard , Julien Grall , Justen Jordan L References: <1530817945-8030-1-git-send-email-brijesh.singh@amd.com> <1530817945-8030-4-git-send-email-brijesh.singh@amd.com> From: Laszlo Ersek Message-ID: <6271d1eb-628c-7a68-4ed6-287e8deb41d8@redhat.com> Date: Fri, 6 Jul 2018 14:08:33 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <1530817945-8030-4-git-send-email-brijesh.singh@amd.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 06 Jul 2018 12:08:36 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Fri, 06 Jul 2018 12:08:36 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: Re: [PATCH v3 3/3] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Restore C-bit when SEV is active X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2018 12:08:37 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 07/05/18 21:12, Brijesh Singh wrote: > AmdSevDxe maps the flash memory range with C=0, but > SetMemorySpaceAttributes() unconditionally resets the C-bit to '1'. Lets > restore the mapping back to C=0. > > Cc: Ard Biesheuvel > Cc: Anthony Perard > Cc: Julien Grall > Cc: Justen Jordan L > Cc: Laszlo Ersek > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Brijesh Singh > --- > .../FvbServicesRuntimeDxe.inf | 1 + > .../QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c | 17 +++++++++++++++++ > 2 files changed, 18 insertions(+) > > diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf > index d7b4ec06c4e6..6bb5c2093790 100644 > --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf > +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf > @@ -54,6 +54,7 @@ [LibraryClasses] > DevicePathLib > DxeServicesTableLib > MemoryAllocationLib > + MemEncryptSevLib > PcdLib > UefiBootServicesTableLib > UefiDriverEntryPoint (1) Please keep this list sorted. (I realize I must have missed this dis-order when we added the MemEncryptSevLib class to the "FvbServicesSmm.inf" file. If you want, you can include a patch in v4 for fixing that order, but it's really not necessary. Let's just not increase the dis-order if we can manage.) > diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c > index 646427bf4e2c..3add4bbad74c 100644 > --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c > +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c > @@ -24,6 +24,7 @@ > #include > #include > #include > +#include (2) Here too, please keep the Library #include list sorted. > > #include "FwBlockService.h" > #include "QemuFlash.h" > @@ -204,5 +205,21 @@ MarkIoMemoryRangeForRuntimeAccess ( > ); > ASSERT_EFI_ERROR (Status); > > + // > + // When SEV is active, AmdSevDxe should have mapped the BaseAddress with > + // C=0 but SetMemorySpaceAttribute() remap the range with C=1. Lets restore > + // the mapping so that both guest and hyervisor can access the flash > + // memory range. > + // (3) A couple of cleanups, please: (3a) I suggest s/should have mapped/mapped/, because AmdSevDxe is really not to blame here, (3b) s/SetMemorySpaceAttribute/SetMemorySpaceAttributes/ (plural) (3c) s/remap/remaps/ (3d) s/Lets/Let's/ (3e) Please check that, after the typo fixes, we are still under 80 chars per line. > + if (MemEncryptSevIsEnabled()) { (4) missing space before the "()" > + Status = MemEncryptSevClearPageEncMask ( > + 0, > + BaseAddress, > + EFI_SIZE_TO_PAGES (Length), > + FALSE > + ); I'm glad that you had documented the "Flush" parameter earlier! :) "Flush the caches before clearing the bit (mostly TRUE except MMIO addresses)". So, this looks fine. > + ASSERT_EFI_ERROR (Status); > + } > + > return Status; > } > I've requested a few changes, but none of those affect functionality in practice. So, I will go ahead and collect some test results. I'll report back. Thanks! Laszlo