From: Laszlo Ersek <lersek@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>,
edk2-devel@lists.01.org, jordan.l.justen@intel.com
Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com
Subject: Re: [PATCH v5 12/14] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for Dxe phase
Date: Wed, 24 May 2017 15:45:10 +0200 [thread overview]
Message-ID: <b15d60e4-829f-45a5-d6df-bc03c4de4ad2@redhat.com> (raw)
In-Reply-To: <1495466592-21641-13-git-send-email-brijesh.singh@amd.com>
comments below:
On 05/22/17 17:23, Brijesh Singh wrote:
> When SEV is enabled, the DMA must be performed on unencrypted pages.
> So when get asked to perfom FWCFG DMA read or write, we allocate a
> intermediate (bounce buffer) unencrypted buffer and use this buffer
> for DMA read or write.
>
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf | 7 ++
> OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c | 108 ++++++++++++++++++++
> 2 files changed, 115 insertions(+)
>
> diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
> index d7e368e5435d..ec128f82c702 100644
> --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
> +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxeLib.inf
> @@ -39,6 +39,7 @@ [Sources]
>
> [Packages]
> MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> OvmfPkg/OvmfPkg.dec
>
> [LibraryClasses]
> @@ -47,4 +48,10 @@ [LibraryClasses]
> DebugLib
> IoLib
> MemoryAllocationLib
> + MemEncryptSevLib
>
> +[Protocols]
> + gEdkiiIoMmuProtocolGuid ## SOMETIMES_CONSUMES
> +
> +[Depex]
> + gEdkiiIoMmuProtocolGuid OR gIoMmuDetectedProtocolGuid
I'll comment on the depex elsewhere (returning to an earlier spot in the
series). Other than that, I have only cosmetic comments:
> diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> index ac05f4c347f3..bda1a80b5eb9 100644
> --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgDxe.c
> @@ -4,6 +4,7 @@
>
> Copyright (C) 2013, Red Hat, Inc.
> Copyright (c) 2011 - 2013, Intel Corporation. All rights reserved.<BR>
> + Copyright (c) 2017, Advanced Micro Devices. All rights reserved.<BR>
>
> This program and the accompanying materials are licensed and made available
> under the terms and conditions of the BSD License which accompanies this
> @@ -14,14 +15,36 @@
> WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> **/
>
> +#include <Uefi.h>
> +
> +#include <Protocol/IoMmu.h>
> +
> +#include <Library/BaseLib.h>
> #include <Library/DebugLib.h>
> #include <Library/QemuFwCfgLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/MemEncryptSevLib.h>
>
> #include "QemuFwCfgLibInternal.h"
>
> STATIC BOOLEAN mQemuFwCfgSupported = FALSE;
> STATIC BOOLEAN mQemuFwCfgDmaSupported;
>
> +STATIC EDKII_IOMMU_PROTOCOL *mIoMmuProtocol;
> +/**
> +
> + Returns a boolean indicating whether SEV is enabled
> +
> + @retval TRUE SEV is enabled
> + @retval FALSE SEV is disabled
> +**/
> +BOOLEAN
> +InternalQemuFwCfgSevIsEnabled (
> + VOID
> + )
> +{
> + return MemEncryptSevIsEnabled ();
> +}
>
> /**
> Returns a boolean indicating if the firmware configuration interface
> @@ -79,6 +102,22 @@ QemuFwCfgInitialize (
> mQemuFwCfgDmaSupported = TRUE;
> DEBUG ((DEBUG_INFO, "QemuFwCfg interface (DMA) is supported.\n"));
> }
> +
> + if (mQemuFwCfgDmaSupported && MemEncryptSevIsEnabled ()) {
> + EFI_STATUS Status;
> +
> + //
> + // IoMmuDxe driver must have installed the IOMMU protocol. If we are not
> + // able to locate the protocol then something must have gone wrong.
> + //
> + Status = gBS->LocateProtocol (&gEdkiiIoMmuProtocolGuid, NULL, (VOID **)&mIoMmuProtocol);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "QemuwCfgSevDma: failed to locate IOMMU protocol\n"));
(1) The word "QemuwCfgSevDma" has a typo, it should be "QemuFwCfgSevDma".
Also, I recommend printing gEfiCallerBaseName / __FUNCTION__ here as well.
(2) A number of DEBUGs are incorrectly indented below.
I'm not comfortable giving my R-b in advance, with those fixed, because
my comments on the depex (to be made elsewhere in the series) might
induce a change to the depex, and I'd like to review that separately.
If it turns out that the v5 depex will be fine, then the above two
remarks don't necessitate a v6, and I'll be OK to R-b this v5 patch.
Thanks,
Laszlo
> + ASSERT (FALSE);
> + CpuDeadLoop ();
> + }
> + }
> +
> return RETURN_SUCCESS;
> }
>
> @@ -114,3 +153,72 @@ InternalQemuFwCfgDmaIsAvailable (
> {
> return mQemuFwCfgDmaSupported;
> }
> +
> +/**
> + Allocate a bounce buffer for SEV DMA.
> +
> + @param[in] NumPage Number of pages.
> + @param[out] Buffer Allocated DMA Buffer pointer
> +
> +**/
> +VOID
> +InternalQemuFwCfgSevDmaAllocateBuffer (
> + OUT VOID **Buffer,
> + IN UINT32 NumPages
> + )
> +{
> + EFI_STATUS Status;
> +
> + ASSERT (mIoMmuProtocol != NULL);
> +
> + Status = mIoMmuProtocol->AllocateBuffer (
> + mIoMmuProtocol,
> + 0,
> + EfiBootServicesData,
> + NumPages,
> + Buffer,
> + EDKII_IOMMU_ATTRIBUTE_MEMORY_CACHED
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a:%a failed to allocate %u pages\n", gEfiCallerBaseName,
> + __FUNCTION__, NumPages));
> + ASSERT (FALSE);
> + CpuDeadLoop ();
> + }
> +
> + DEBUG ((DEBUG_VERBOSE, "%a:%a buffer 0x%Lx Pages %u\n", gEfiCallerBaseName,
> + __FUNCTION__, (UINT64)(UINTN)Buffer, NumPages));
> +}
> +
> +/**
> + Free the DMA buffer allocated using InternalQemuFwCfgSevDmaAllocateBuffer
> +
> + @param[in] NumPage Number of pages.
> + @param[in] Buffer DMA Buffer pointer
> +
> +**/
> +VOID
> +InternalQemuFwCfgSevDmaFreeBuffer (
> + IN VOID *Buffer,
> + IN UINT32 NumPages
> + )
> +{
> + EFI_STATUS Status;
> +
> + ASSERT (mIoMmuProtocol != NULL);
> +
> + Status = mIoMmuProtocol->FreeBuffer (
> + mIoMmuProtocol,
> + NumPages,
> + Buffer
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "%a:%a failed to free buffer 0x%Lx pages %u\n",
> + gEfiCallerBaseName, __FUNCTION__, (UINT64)(UINTN)Buffer, NumPages));
> + ASSERT (FALSE);
> + CpuDeadLoop ();
> + }
> +
> + DEBUG ((DEBUG_VERBOSE, "%a:%a buffer 0x%Lx Pages %u\n", gEfiCallerBaseName,
> + __FUNCTION__, (UINT64)(UINTN)Buffer, NumPages));
> +}
>
next prev parent reply other threads:[~2017-05-24 13:45 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-22 15:22 [PATCH v5 00/14] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-05-22 15:22 ` [PATCH v5 01/14] UefiCpuPkg: Define AMD Memory Encryption specific CPUID and MSR Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 02/14] OvmfPkg/ResetVector: Set C-bit when building initial page table Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 03/14] OvmfPkg: Update dsc to use IoLib from BaseIoLibIntrinsicSev.inf Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 04/14] OvmfPkg/BaseMemcryptSevLib: Add SEV helper library Brijesh Singh
2017-05-24 13:06 ` Laszlo Ersek
2017-05-24 13:23 ` Brijesh Singh
2017-05-24 22:12 ` Brijesh Singh
2017-05-25 15:10 ` Laszlo Ersek
2017-05-25 18:23 ` Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 05/14] OvmfPkg/PlatformPei: Set memory encryption PCD when SEV is enabled Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 06/14] OvmfPkg:AmdSevDxe: Add AmdSevDxe driver Brijesh Singh
2017-05-24 14:17 ` Laszlo Ersek
2017-05-22 15:23 ` [PATCH v5 07/14] OvmfPkg:IoMmuDxe: Add IoMmuDxe driver Brijesh Singh
2017-05-24 15:09 ` Laszlo Ersek
2017-05-25 17:58 ` Laszlo Ersek
2017-05-25 18:56 ` Jordan Justen
2017-05-25 19:58 ` Laszlo Ersek
2017-05-22 15:23 ` [PATCH v5 08/14] OvmfPkg/QemuFwCfgLib: Provide Pei and Dxe specific library Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 09/14] OvmfPkg/QemuFwCfgLib: Prepare for SEV support Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 10/14] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for SEC phase Brijesh Singh
2017-05-24 13:17 ` Laszlo Ersek
2017-05-22 15:23 ` [PATCH v5 11/14] OvmfPkg/QemuFwCfgLib: Implement SEV internal functions for PEI phase Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 12/14] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for Dxe phase Brijesh Singh
2017-05-24 13:45 ` Laszlo Ersek [this message]
2017-05-22 15:23 ` [PATCH v5 13/14] OvmfPkg/QemuFwCfgLib: Add option to dynamic alloc FW_CFG_DMA Access Brijesh Singh
2017-05-22 15:23 ` [PATCH v5 14/14] OvmfPkg/QemuFwCfgLib: Add SEV support Brijesh Singh
2017-05-24 13:55 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b15d60e4-829f-45a5-d6df-bc03c4de4ad2@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox