From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.42]) by mx.groups.io with SMTP id smtpd.web09.6566.1611410279512427602 for ; Sat, 23 Jan 2021 05:57:59 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=rBIGxicv; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.42, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ks863A/7AJVnogacLRhsgpImhtDlP+oDHUP6SYhQOCDnVBduh30VqlXDoTCbjk3sp39ISK00cNA1k6gaM9CB90Isib9iaPAj5Mzjrn3BDySMH0mRzMTO1h+Iu2XACx5XUdAXgK/OfL91gVEQKq6ZLuNzaySHNV+sLRl4tTVhuiNF4bn4aG6lspJzcpMdXHHFv1j46UoVWQ1ok3bFH6zxThdCcTynNEeF34+mI1EyjdMZIyixcx8rGS4713L/++swbNnGZqaD/cYY82IzXwqFD/iSjzMD41o4WPWLlqxYId3+CfeYtL6kjoTSJx/HiPOGU3SGoo0t3Bi2J38yyWkj2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BIB52NvnPjddTYEHHdk0wCKsCAnPoFAXieja0F5XwgM=; b=PY7giScTMyTooMCH+qNAxTOSMm4Ts9f4WsEafy1jVqQA9WgNN11CURqvqeDQP9LAAfcP980OgazuTo07TICZLhHWP0VDSt8VAQeAJH/CdprjGZlDjp9UznWoc6HmWsm3URPQnQlw3id2Ik+E7OWQ7ljI9gBkuhVkmIVZlr6nuWKpxdeJ0g55gCv/dm1dtmYLd+52Gd/Gxcr4cZ4Wkw+/s5yC95UnYQhyKtiqLLTJGDF4sdiVTsuf+26LG5IP8Hv1LMT7vM1nI8u0IbuhQfEOHvbWuSEgnrPD83V3PPztkOU+TpgSK7tf0ACTbUjChCrlspqcLjeEcZ48eR1xpBcEdw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BIB52NvnPjddTYEHHdk0wCKsCAnPoFAXieja0F5XwgM=; b=rBIGxicv6BcqDG/L01blLtERIbKRXnruumMOerh/xSVTUf2Tam1TlkHZNP2z/TQb7yS3c2AnhovOUSajWEk46beMouOGwKHrdR4NGGJ2ULG4pqY63wcH5mf7qnrbxHft2J6sYjV9BT4Npv+VkDw0KWkrP14Jw/PCwuwHl7e71kU= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4941.namprd12.prod.outlook.com (2603:10b6:5:1b8::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3784.15; Sat, 23 Jan 2021 13:57:58 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3763.018; Sat, 23 Jan 2021 13:57:57 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Brijesh Singh , Jordan Justen , Laszlo Ersek , Ard Biesheuvel Subject: [PATCH v2] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Use physical address with SEV-ES Date: Sat, 23 Jan 2021 07:57:44 -0600 Message-ID: <84a5f9161541db5aa3b57c96b737afbcb4b6189d.1611410263.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.30.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR05CA0024.namprd05.prod.outlook.com (2603:10b6:805:de::37) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SN6PR05CA0024.namprd05.prod.outlook.com (2603:10b6:805:de::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.7 via Frontend Transport; Sat, 23 Jan 2021 13:57:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9fde6887-461e-436e-05bf-08d8bfa6e36a X-MS-TrafficTypeDiagnostic: DM6PR12MB4941: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vF/7yf1sMoB0j2P8e9RyHg+H8YurwemjkfclCOwtnrA2ej8UfNpQJzl2wgRtIpMxyqnkIU8gL3CMGI6egas+uCxPqnC9lTmTKfUq0+66wNz+F33ZGYReN63V1hYf+QwV/YrO0QXyUWov1zvwtCQQ8hSW/CcHeKssZ3CaxiU8/gta+bC33UsfwktEMddMYUU5eDcq3tns6iuk26GNUqE3el+0Lsn3Zac+5LBuF7mgFrbspcpjCsiujrousHYn15rMunBldZw8fYciIWWJeShvE8mg0hIbHxL2MDlgumGBq19JuDCJdvJPoL4FgqY00lpUYhrn48cqSV6sRR2yJqQ+vnFLvwSihzohs/7l6Z9Th/1XU5XIH4A+gJzMPzUHFr7DreIuKhD9ibkhu4kJgXp5QOqUbmpO/YbRlKtMOuhsto9Bb9NwEN0Qlg8eigK6PUsfL6jqpneKRAg6ZQAukRQisB7Da/Datnk61/7hUdrBoVR2VehbEHp4w39Eoxtg4mrN6nCYz5nf8Hw9rHEIIkRshw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(39860400002)(396003)(136003)(366004)(376002)(83380400001)(66476007)(5660300002)(86362001)(66946007)(966005)(52116002)(36756003)(66556008)(7696005)(2906002)(186003)(2616005)(8936002)(478600001)(26005)(6916009)(8676002)(54906003)(4326008)(6486002)(16526019)(6666004)(316002)(956004)(213903007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?ZpsaVGejMNVutY7BOF9Rx9BOwqGS3VIEVNCw6p2Kw8ScIeGZf73fs0WEzTFt?= =?us-ascii?Q?XUO4mERY1iTf4wBv6xY5Ypl5V00y4Dp7iC8zqh40FN7XpXp6lw9+KXSORsyx?= =?us-ascii?Q?ZOWeVrrrdSRIXCUiTKWVC13nDJT+DH9XOviwOhz9ckaya/ViRA8xiGmpig3B?= =?us-ascii?Q?qNxOeuvMWIsJSByjffsGVkv51iCB9EsOL/CRq15uNVPw72YH2x6AJsd/0IHr?= =?us-ascii?Q?6ChDYY/VbAry0rLB0y2TrWBgybctWewS2cTNiduD++sPp+R+m2fROycFkSlv?= =?us-ascii?Q?HebOrMi+zKFsuXhh0O6olXwNrwc+hwcAZ4EtPipNPw8SpIZmCEEyOzjcz3zF?= =?us-ascii?Q?sXhvRy1Cb50Z6D/0T599jVhTX21y8QJKM13FwSqP5P3VNdqzX9qaG83uc57s?= =?us-ascii?Q?09Pk2HRcOt50iX8shVtjWcKPFNDF58tImZxoNBYWwY/Ai9W0i4+iuIAErk+4?= =?us-ascii?Q?rGaAD7hJVHqOjly547NspbwsjLhtVVE5XoCVcW1J7w1zk21a05X/AFf9y6hj?= =?us-ascii?Q?448H0VkmIimxr8g2OAJxwz75TN7Dl65e+i87KRR2f49qxamJvd0hRb3U4hOm?= =?us-ascii?Q?Ajvk7A3dV5VPdHsuHtDXSn9Q45wNp1GgjRHZuf1C9sk4WEaR5J84xdLSXdvz?= =?us-ascii?Q?zVNar15sWWzbTkfdm8UsClakLIp6Cj4jxOJ2ldyzZNMoV+LB1NHRLIrQ1OvF?= =?us-ascii?Q?BIEJwoI+3rOYwjjMTFDkIPjo8aSv3UDV65NoLYYo5R6z1DrYPtg1UG3IwYJx?= =?us-ascii?Q?U76TIqjqcwLnB8Ja997EQRUAcOOmjMZwM/H48w6IQZTlBF9nRFfgD+0hudKk?= =?us-ascii?Q?Oxikz7aK5kfolqQ2heEYZpvbWPGOuLaXhwSREVc7CrV8DuV/LinGeeyqWiK3?= =?us-ascii?Q?olxGprzBs6LhnzqAle8Tz4fa8+QNbRunqX7NZwkjRg1BuLV2OBY+5MFyFz7i?= =?us-ascii?Q?/26U1+MRiNKcghZ/T7pvyVIbWAcwBnazGDxnYohwtznkSImE8BtgHm1xxu9B?= =?us-ascii?Q?Ida2?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9fde6887-461e-436e-05bf-08d8bfa6e36a X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jan 2021 13:57:57.5357 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4/Wpyd/DqSrjh1Xs669Qql7dPEGglKOGyvZOhYyWT9SDpxkcwx8W6DvtVV6cqPC2sk6HVCoYg5r+FiAdxu+IQQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4941 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3183 Under SEV-ES, a write to the flash device is done using a direct VMGEXIT to perform an MMIO write. The address provided to the MMIO write must be the physical address of the MMIO write destitnation. During boot, OVMF runs with an identity mapped pagetable structure so that VA =3D=3D PA and t= he VMGEXIT MMIO write destination is just the virtual address of the flash area address being written. However, when the UEFI SetVitualAddressMap() API is invoked, an identity mapped pagetable structure may not be in place and using the virtual address for the flash area address is no longer valid. This results in writes to the flash not being performed successfully. This can be seen by attempting to change the boot order under Linux. The update will appear to be performed, based on the output of the command. But rebooting the guest will show that the new boot order has not been set. To remedy this, save the value of the flash base physical address before converting the address as part of SetVirtualAddressMap(). The physical address can then be calculated by obtaining the offset of the MMIO target virtual address relative to the flash base virtual address and adding that to the original flash base physical address. The resulting value produces a successful MMIO write during runtime services. Fixes: 437eb3f7a8db7681afe0e6064d3a8edb12abb766 Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Tom Lendacky --- .../QemuFlashDxe.c | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c b/OvmfPk= g/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c index 1b0742967f71..d303b0078b08 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c @@ -16,11 +16,17 @@ =20 #include "QemuFlash.h" =20 +STATIC EFI_PHYSICAL_ADDRESS mSevEsFlashPhysBase; + VOID QemuFlashConvertPointers ( VOID ) { + if (MemEncryptSevEsIsEnabled ()) { + mSevEsFlashPhysBase =3D (UINTN) mFlashBase; + } + EfiConvertPointer (0x0, (VOID **) &mFlashBase); } =20 @@ -52,11 +58,23 @@ QemuFlashPtrWrite ( if (MemEncryptSevEsIsEnabled ()) { MSR_SEV_ES_GHCB_REGISTER Msr; GHCB *Ghcb; + EFI_PHYSICAL_ADDRESS PhysAddr; BOOLEAN InterruptState; =20 Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); Ghcb =3D Msr.Ghcb; =20 + // + // The MMIO write needs to be to the physical address of the flash poi= nter. + // Since this service is available as part of the EFI runtime services= , + // account for a non-identity mapped VA after SetVitualAddressMap(). + // + if (mSevEsFlashPhysBase =3D=3D 0) { + PhysAddr =3D (UINTN) Ptr; + } else { + PhysAddr =3D mSevEsFlashPhysBase + (Ptr - mFlashBase); + } + // // Writing to flash is emulated by the hypervisor through the use of w= rite // protection. This won't work for an SEV-ES guest because the write w= on't @@ -68,7 +86,7 @@ QemuFlashPtrWrite ( Ghcb->SharedBuffer[0] =3D Value; Ghcb->SaveArea.SwScratch =3D (UINT64) (UINTN) Ghcb->SharedBuffer; VmgSetOffsetValid (Ghcb, GhcbSwScratch); - VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, (UINT64) (UINTN) Ptr, 1); + VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, PhysAddr, 1); VmgDone (Ghcb, InterruptState); } else { *Ptr =3D Value; --=20 2.30.0