From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B3F4321E0C2E6 for ; Thu, 27 Jul 2017 14:29:43 -0700 (PDT) Received: by mail-wm0-x229.google.com with SMTP id m85so103490051wma.1 for ; Thu, 27 Jul 2017 14:31:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8xdRV1usS0/l6tvqTZAPMUOG6NEJKoxp8eIQPAvKBr8=; b=bTArphba6scgGmf00vuCE51VI56fvHNC2AsdcDFlS0+hzaEX/6Lj994bgKEvj6pCJH u3OQn99pUVS0boBdQBSR6QU4WvC5JJp4D4V4X6iaVwJOJzGJdWpE2wGsaVBSU5caFkRM BoHA57Jqq3HuZVBkp3E5s2um3Llf8dT0S90wQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8xdRV1usS0/l6tvqTZAPMUOG6NEJKoxp8eIQPAvKBr8=; b=FhUlp0/mAxAAzz51Nf9VTk602U6Gi7sD4PkdWAXDzNfidINmtul8I7ndSnQ6vWnObd DcWh5537ue0SymCv9jISX/kSwUNfQ6M+c6Z2u8+UoUVseEzYNt1OujjHNTow2E2vkTW+ 04FE9YZ7ww6VJwrxcL4nLqPHekZoSKflJE+bR3P7UVOfcLgjBFmIqT6QoZtsSpbPCrME T8ABp1Zot4/es3O/cw4sGTtn6yA5YjozTdktKBePXwoSPbTvN3uENcgkjXUpUyl56Xa2 sVHOZZ6bkCfk3guQWEwNy7JoVJmpAOlg9DwLtOMihYua1AZakcDOgEF0gkhGZU5Olfj+ klJg== X-Gm-Message-State: AIVw112rqdzFBGKrdOLw4zjVuX+dKpfvaFUhmZH1JAkgkNBB2fC5af42 IGa4yO/fzyKfc5Xy X-Received: by 10.28.159.133 with SMTP id i127mr4184992wme.172.1501191106452; Thu, 27 Jul 2017 14:31:46 -0700 (PDT) Received: from [100.69.32.23] (94.202.154.77.rev.sfr.net. [77.154.202.94]) by smtp.gmail.com with ESMTPSA id e17sm16192139wma.19.2017.07.27.14.31.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Jul 2017 14:31:45 -0700 (PDT) Mime-Version: 1.0 (1.0) From: Ard Biesheuvel X-Mailer: iPhone Mail (14F89) In-Reply-To: <6517a7f8-5564-35e1-dc27-1b85a23c815e@amd.com> Date: Thu, 27 Jul 2017 22:31:41 +0100 Cc: Laszlo Ersek , "edk2-devel@lists.01.org" , Tom Lendacky , Jordan Justen , Jason Wang , "Michael S . Tsirkin" , Gerd Hoffmann Message-Id: <9C4ABF62-4018-4014-A3C4-0A8B3B3CE1C2@linaro.org> References: <1500502151-13508-1-git-send-email-brijesh.singh@amd.com> <841bec5f-6f6e-8b1f-25ba-0fd37a915b72@redhat.com> <4e2fc623-3656-eea7-09a8-b5c6d2f694e1@amd.com> <4071596d-32c9-e6d9-8c93-0d43d28e9b5a@redhat.com> <6517a7f8-5564-35e1-dc27-1b85a23c815e@amd.com> To: Brijesh Singh Subject: Re: [RFC v1 0/3] Add VIRTIO_F_IOMMU_PLATFORM support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2017 21:29:44 -0000 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable > On 27 Jul 2017, at 21:55, Brijesh Singh wrote: >=20 >=20 >=20 > On 07/27/2017 02:00 PM, Brijesh Singh wrote: >=20 >>>> This distribution of operations seems wrong. The key point is that >>>> AllocateBuffer() *need not* result in a buffer that is immediately >>>> usable, and that client code is required to call Map() >>>> *unconditionally*, even if BusMasterCommonBuffer is the desired >>>> operation. Therefore, the right distribution of operations is: >>>>=20 >>>> - IoMmuAllocateBuffer() allocates pages and does not touch the >>>> encryption mask.. >>>>=20 >>>> - IoMmuFreeBuffer() deallocates pages and does not touch the encryption= >>>> mask. >>>>=20 >> Actually one of main reason why we cleared and restored the memory encryp= tion mask >> during allocate/free is because we also consume the IOMMU protocol in Qem= uFwCfgLib >> as a method to allocate and free a DMA buffer. I am certainly open to sug= gestions. >> [1] https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/QemuFwC= fgLib/QemuFwCfgDxe.c#L159 >> [2] https://github.com/tianocore/edk2/blob/master/OvmfPkg/Library/QemuFwC= fgLib/QemuFwCfgDxe.c#L197 >>>> - IoMmuMap() does not allocate pages when BusMasterCommonBuffer is >>>> requested, and it allocates pages (bounce buffer) otherwise. >>>>=20 >> I am trying to wrap my head around how we can support BusMasterCommonBuff= er >> when buffer was not allocated by us. Changing the memory encryption mask i= n >> a page table will not update the contents. Also since the memory encrypti= on >> mask works on PAGE_SIZE hence changing the encryption mask on not our all= ocated >> buffer could mess things up (e.g if NumberOfBytes is not PAGE_SIZE aligne= d). >=20 > I may be missing something in my understanding. Here is a flow I have in m= y > mind, please correct me. >=20 > OvmfPkg/VirtIoBlk.c: >=20 > VirtioBlkInit() > .... > .... > VirtioRingInit > Virtio->AllocateSharedPages(RingSize, &Ring->Base) > PciIo->AllocatePages(RingSize, &RingAddress) > Virtio->MapSharedPages(...,BusMasterCommonBuffer, Ring->Base, RingSize,= &RingDeviceAddress) > ..... > ..... >=20 > This case is straight forward and we can easily maps. No need for bounce b= uffering. >=20 > VirtioBlkReadBlocks(..., BufferSize, Buffer,) > ...... > ...... > SynchronousRequest(..., BufferSize, Buffer) > .... > Virtio->MapSharedPages(..., BusMasterCommonBuffer, Buffer, BufferSize, &= DeviceAddress) > VirtioAppendDesc(DeviceAddress, BufferSize, ...) > VirtioFlush (...) > =20 > In the above case, "Buffer" was not allocated by us hence we will not able= to change the > memory encryption attributes. Am I missing something in the flow ? >=20 Common buffer mappings may only be created from buffers that were allocated b= y AllocateBuffer(). In fact, that is its main purpose >=20 >>>> *Regardless* of BusMaster operation, the following actions are carrie= d >>>> out unconditionally: >>>>=20 >>>> . the memory encryption mask is cleared in this function (and in this= >>>> function only), >>>>=20 >>>> . An attempt is made to grab a MAP_INFO structure from an internal >>>> free list (to be introduced!). The head of the list is a new static= >>>> variable. If the free list is empty, then a MAP_INFO structure is >>>> allocated with AllocatePool(). The NO_MAPPING macro becomes unused >>>> and can be deleted from the source code. >>>>=20 >>>> - IoMmuUnmap() clears the encryption mask unconditionally. (For this, i= t >>>> has to consult the MAP_INFO structure that is being passed in from th= e >>>> caller.) In addition: >>>>=20 >>>> . If MapInfo->Operation is BusMasterCommonBuffer, then we know the >>>> allocation was done separately in AllocateBuffer, so we do not >>>> release the pages. Otherwise, we do release the pages. >>>>=20 >>>> . MapInfo is linked back on the internal free list (see above). It is= >>>> *never* released with FreePool(). >>>>=20 >>>> This approach guarantees that IoMmuUnmap() can de-program the IOMMU (= =3D >>>> re-set the memory encryption mask) without changing the UEFI memory >>>> map. (I trust that MemEncryptSevSetPageEncMask() will not split page >>>> tables internally when it *re*sets the encryption mask -- is that >>>> correct?) >=20 >=20 >=20