From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web11.4365.1673036748879244420
 for <devel@edk2.groups.io>;
 Fri, 06 Jan 2023 12:25:49 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=U7zmLQnk;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098396.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 306Jrdfl024165;
	Fri, 6 Jan 2023 20:25:47 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date :
 subject : to : cc : references : from : in-reply-to : content-type :
 content-transfer-encoding : mime-version; s=pp1;
 bh=cDRogZpFInDgvw8bLxWnMDny1vx83gnlooX4W477idA=;
 b=U7zmLQnkzO2oPWJe0t7HgsQd/2/iLxqksMHQ0xPA8CeM47t5l5/LJeSuCdRL/M/AVUiP
 FZOis31a2nEwp2Ntq2evPfxyt8TgurEDbO1QEMHwT+y8Tu1Ys5MaLq8o/VCAuCENfQem
 AkzEyr1BsojhovFohe4/hFsP+Etf9Mvc9R4TKt5qJZnJrSZRnyMS2JJYUYb6gG41fIhD
 fy/xB1CDiiYEmOKb4Bik7hMTScDDmXHQjhk+LyW1WiI+bBqOv80+TUZ12hjELO1UBKMy
 Lf6606EfxSgsQLyhOIMIazYwsgOa+N4NxFJF5GCj1J1WJWsXPQzyGMMBa380xAjft8fX Qw== 
Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3mxfyu56pm-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 06 Jan 2023 20:25:46 +0000
Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1])
	by ppma04wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 306HtAOC025959;
	Fri, 6 Jan 2023 20:25:45 GMT
Received: from smtprelay06.wdc07v.mail.ibm.com ([9.208.129.118])
	by ppma04wdc.us.ibm.com (PPS) with ESMTPS id 3mtcq7wckp-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 06 Jan 2023 20:25:45 +0000
Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232])
	by smtprelay06.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 306KPibR6160980
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 6 Jan 2023 20:25:44 GMT
Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 54EB558053;
	Fri,  6 Jan 2023 20:25:44 +0000 (GMT)
Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 717D05805F;
	Fri,  6 Jan 2023 20:25:42 +0000 (GMT)
Received: from [9.160.72.234] (unknown [9.160.72.234])
	by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP;
	Fri,  6 Jan 2023 20:25:42 +0000 (GMT)
Message-ID: <bb5a8458-08a4-dcb4-da43-d6031c3b3819@linux.ibm.com>
Date: Fri, 6 Jan 2023 22:25:40 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.6.1
Subject: Re: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
        "devel@edk2.groups.io" <devel@edk2.groups.io>,
        "Michael.Roth@amd.com" <Michael.Roth@amd.com>,
        Ard Biesheuvel <ardb@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>, "Ni, Ray" <ray.ni@intel.com>,
        Dov Murik <dovmurik@linux.ibm.com>
References: <20221221160651.182143-1-michael.roth@amd.com>
 <20221221160651.182143-2-michael.roth@amd.com>
 <MW4PR11MB5872F04401F30EEFC73AB1418CFB9@MW4PR11MB5872.namprd11.prod.outlook.com>
From: "Dov Murik" <dovmurik@linux.ibm.com>
In-Reply-To: <MW4PR11MB5872F04401F30EEFC73AB1418CFB9@MW4PR11MB5872.namprd11.prod.outlook.com>
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: DjDWM4VXJF0izjZ72zft1Cj5clNkVE_2
X-Proofpoint-ORIG-GUID: DjDWM4VXJF0izjZ72zft1Cj5clNkVE_2
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2023-01-06_14,2023-01-06_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0
 malwarescore=0 spamscore=0 priorityscore=1501 adultscore=0 impostorscore=0
 mlxlogscore=999 phishscore=0 bulkscore=0 suspectscore=0 clxscore=1015
 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2212070000 definitions=main-2301060155
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Hi Jiewen,

On 06/01/2023 11:18, Yao, Jiewen wrote:
> Are you sure you want to use EfiACPIReclaimMemory ?
> 
> Usually EfiACPIReclaimMemory is only for ACPI table, which can be reclaimed and used by OS, after copy ACPI table.
> 
> If you want to claim the memory owned by firmware (not owned by OS), you need use ACPINvs or reserved.
> 

EfiACPIReclaimMemory type was suggested by Ard [1] for a similar fix
another SEV-related memory area that should remain in-place throughout
the guest OS lifetime (not reused by OS).

Ard -- can you please explain that choice?


[1] https://edk2.groups.io/g/devel/message/97154



-Dov


> 
> Although I don't fully understand SEV, this seems suspicious.
> 
> Please double confirm if this is really you want.
> 
> Thank you
> Yao, Jiewen
> 
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Roth,
>> Michael via groups.io
>> Sent: Thursday, December 22, 2022 12:07 AM
>> To: devel@edk2.groups.io
>> Cc: Tom Lendacky <thomas.lendacky@amd.com>; Ni, Ray
>> <ray.ni@intel.com>; Dov Murik <dovmurik@linux.ibm.com>
>> Subject: [edk2-devel] [PATCH 1/4] OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC
>> blob as EfiACPIReclaimMemory
>>
>> The SEV-SNP Confidential Computing blob contains metadata that should
>> remain accessible for the life of the guest. Allocate it as
>> EfiACPIReclaimMemory to ensure the memory isn't overwritten by the guest
>> operating system later.
>>
>> Reported-by: Dov Murik <dovmurik@linux.ibm.com>
>> Suggested-by: Dov Murik <dovmurik@linux.ibm.com>
>> Signed-off-by: Michael Roth <michael.roth@amd.com>
>> ---
>>  OvmfPkg/AmdSevDxe/AmdSevDxe.c | 62 +++++++++++++++++++++++++++---
>> -----
>>  1 file changed, 48 insertions(+), 14 deletions(-)
>>
>> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
>> b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
>> index 662d3c4ccb..8dfda961d7 100644
>> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
>> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
>> @@ -21,15 +21,36 @@
>>  #include <Guid/ConfidentialComputingSevSnpBlob.h>
>>
>>  #include <Library/PcdLib.h>
>>
>>
>>
>> -STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION
>> mSnpBootDxeTable = {
>>
>> -  SIGNATURE_32 ('A',                                    'M', 'D', 'E'),
>>
>> -  1,
>>
>> -  0,
>>
>> -  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfSnpSecretsBase),
>>
>> -  FixedPcdGet32 (PcdOvmfSnpSecretsSize),
>>
>> -  (UINT64)(UINTN)FixedPcdGet32 (PcdOvmfCpuidBase),
>>
>> -  FixedPcdGet32 (PcdOvmfCpuidSize),
>>
>> -};
>>
>> +STATIC
>>
>> +EFI_STATUS
>>
>> +AllocateConfidentialComputingBlob (
>>
>> +  OUT CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  **CcBlobPtr
>>
>> +  )
>>
>> +{
>>
>> +  EFI_STATUS                                Status;
>>
>> +  CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *CcBlob;
>>
>> +
>>
>> +  Status = gBS->AllocatePool (
>>
>> +                  EfiACPIReclaimMemory,
>>
>> +                  sizeof (CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION),
>>
>> +                  (VOID **)&CcBlob
>>
>> +                  );
>>
>> +  if (EFI_ERROR (Status)) {
>>
>> +    return Status;
>>
>> +  }
>>
>> +
>>
>> +  CcBlob->Header                 = SIGNATURE_32 ('A', 'M', 'D', 'E');
>>
>> +  CcBlob->Version                = 1;
>>
>> +  CcBlob->Reserved1              = 0;
>>
>> +  CcBlob->SecretsPhysicalAddress = (UINT64)(UINTN)FixedPcdGet32
>> (PcdOvmfSnpSecretsBase);
>>
>> +  CcBlob->SecretsSize            = FixedPcdGet32 (PcdOvmfSnpSecretsSize);
>>
>> +  CcBlob->CpuidPhysicalAddress   = (UINT64)(UINTN)FixedPcdGet32
>> (PcdOvmfCpuidBase);
>>
>> +  CcBlob->CpuidLSize             = FixedPcdGet32 (PcdOvmfCpuidSize);
>>
>> +
>>
>> +  *CcBlobPtr = CcBlob;
>>
>> +
>>
>> +  return EFI_SUCCESS;
>>
>> +}
>>
>>
>>
>>  EFI_STATUS
>>
>>  EFIAPI
>>
>> @@ -38,10 +59,11 @@ AmdSevDxeEntryPoint (
>>    IN EFI_SYSTEM_TABLE  *SystemTable
>>
>>    )
>>
>>  {
>>
>> -  EFI_STATUS                       Status;
>>
>> -  EFI_GCD_MEMORY_SPACE_DESCRIPTOR  *AllDescMap;
>>
>> -  UINTN                            NumEntries;
>>
>> -  UINTN                            Index;
>>
>> +  EFI_STATUS                                Status;
>>
>> +  EFI_GCD_MEMORY_SPACE_DESCRIPTOR           *AllDescMap;
>>
>> +  UINTN                                     NumEntries;
>>
>> +  UINTN                                     Index;
>>
>> +  CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *SnpBootDxeTable;
>>
>>
>>
>>    //
>>
>>    // Do nothing when SEV is not enabled
>>
>> @@ -147,6 +169,18 @@ AmdSevDxeEntryPoint (
>>      }
>>
>>    }
>>
>>
>>
>> +  Status = AllocateConfidentialComputingBlob (&SnpBootDxeTable);
>>
>> +  if (EFI_ERROR (Status)) {
>>
>> +    DEBUG ((
>>
>> +      DEBUG_ERROR,
>>
>> +      "%a: AllocateConfidentialComputingBlob(): %r\n",
>>
>> +      __FUNCTION__,
>>
>> +      Status
>>
>> +      ));
>>
>> +    ASSERT (FALSE);
>>
>> +    CpuDeadLoop ();
>>
>> +  }
>>
>> +
>>
>>    //
>>
>>    // If its SEV-SNP active guest then install the
>> CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
>>
>>    // It contains the location for both the Secrets and CPUID page.
>>
>> @@ -154,7 +188,7 @@ AmdSevDxeEntryPoint (
>>    if (MemEncryptSevSnpIsEnabled ()) {
>>
>>      return gBS->InstallConfigurationTable (
>>
>>                    &gConfidentialComputingSevSnpBlobGuid,
>>
>> -                  &mSnpBootDxeTable
>>
>> +                  SnpBootDxeTable
>>
>>                    );
>>
>>    }
>>
>>
>>
>> --
>> 2.25.1
>>
>>
>>
>> 
>>
>