From: Laszlo Ersek <lersek@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>, edk2-devel@lists.01.org
Cc: Thomas.Lendacky@amd.com, leo.duran@amd.com,
Jordan Justen <jordan.l.justen@intel.com>
Subject: Re: [RFC v4 13/13] OvmfPkg/QemuFwCfgLib: Add SEV support
Date: Thu, 11 May 2017 19:44:20 +0200 [thread overview]
Message-ID: <e6f5b576-e81d-b292-eae7-04e6088d51dd@redhat.com> (raw)
In-Reply-To: <1494454162-9940-14-git-send-email-brijesh.singh@amd.com>
comments below:
On 05/11/17 00:09, Brijesh Singh wrote:
> When SEV is enabled, use a bounce buffer to perform the DMA operation.
>
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c | 54 +++++++++++++++++++-
> 1 file changed, 52 insertions(+), 2 deletions(-)
>
> diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
> index 73a19772bee1..86d8bf880e71 100644
> --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
> +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
> @@ -72,6 +72,8 @@ InternalQemuFwCfgDmaBytes (
> volatile FW_CFG_DMA_ACCESS *Access;
> UINT32 AccessHigh, AccessLow;
> UINT32 Status;
> + UINT32 NumPages;
> + VOID *DmaBuffer, *BounceBuffer;
>
> ASSERT (Control == FW_CFG_DMA_CTL_WRITE || Control == FW_CFG_DMA_CTL_READ ||
> Control == FW_CFG_DMA_CTL_SKIP);
> @@ -80,11 +82,44 @@ InternalQemuFwCfgDmaBytes (
> return;
> }
>
> - Access = &LocalAccess;
> + //
> + // When SEV is enabled then allocate DMA bounce buffer
> + //
> + if (InternalQemuFwCfgSevIsEnabled ()) {
> + UINT32 TotalSize;
(1) Please make TotalSize a UINTN.
> +
> + TotalSize = sizeof (*Access);
> + //
> + // Control operation does not need buffer
(2) The comment should say "skip operation".
> + //
> + if (Control != FW_CFG_DMA_CTL_SKIP) {
> + TotalSize += Size;
> + }
> +
> + //
> + // Allocate SEV DMA bounce buffer
> + //
> + NumPages = EFI_SIZE_TO_PAGES (TotalSize);
(3) Please write
NumPages = (UINT32)EFI_SIZE_TO_PAGES (TotalSize)
otherwise Visual Studio will likely yell at us.
> + InternalQemuFwCfgSevDmaAllocateBuffer (NumPages, &BounceBuffer);
> +
> + Access = BounceBuffer;
> + DmaBuffer = BounceBuffer + sizeof (*Access);
(4) Please cast BounceBuffer to (UINT8*) before the addition; we
shouldn't do arithmetic on (VOID*).
> +
> + //
> + // Copy data from Host buffer into DMA buffer
> + //
> + if (Buffer && Control == FW_CFG_DMA_CTL_WRITE) {
(5) The Control check suffices.
If FW_CFG_DMA_CTL_WRITE is passed in, then Buffer can only be NULL if
Size is also 0, and a zero size is handled transparently by CopyMem().
> + CopyMem (DmaBuffer, Buffer, Size);
(Side remark: it's funny how this innocent-looking CopyMem() actually
implements decryption :))
> + }
> + } else {
> + Access = &LocalAccess;
> + DmaBuffer = Buffer;
> + BounceBuffer = NULL;
> + }
>
> Access->Control = SwapBytes32 (Control);
> Access->Length = SwapBytes32 (Size);
> - Access->Address = SwapBytes64 ((UINTN)Buffer);
> + Access->Address = SwapBytes64 ((UINTN)DmaBuffer);
>
> //
> // Delimit the transfer from (a) modifications to Access, (b) in case of a
> @@ -117,6 +152,21 @@ InternalQemuFwCfgDmaBytes (
> // After a read, the caller will want to use Buffer.
> //
> MemoryFence ();
> +
> + //
> + // If Bounce buffer was allocated then copy the data into host buffer and
> + // free the bounce buffer
> + //
> + if (BounceBuffer) {
(6) The edk2 coding style wants us to write this as
if (BounceBuffer != NULL) {
> + //
> + // Copy data from DMA buffer into host buffer
> + //
> + if (Buffer && Control == FW_CFG_DMA_CTL_READ) {
(7) Again, checking only (Control == FW_CFG_DMA_CTL_READ) suffices.
> + CopyMem (Buffer, DmaBuffer, Size);
(Side note: funny how this innocent-looking CopyMem() implements
encryption :))
> + }
> +
> + InternalQemuFwCfgSevDmaFreeBuffer (BounceBuffer, NumPages);
> + }
> }
>
>
>
(8) In several comments above, you wrote "host buffer". Shouldn't those
say "guest buffer"?
I agree it is somewhat confusing, because in DMA parlance, "host buffer"
is likely the right term. Unfortunately, in virtualization, the "device"
that performs the DMA is actually the virtualization host, so "host
buffer" ends up meaning the exact opposite of what we want.
Can you replace the expression "host buffer" with "encrypted guest
buffer" everywhere?
Accordingly, can you replace the word "copy" with "encrypt" vs.
"decrypt" everywhere, as appropriate?
For example, we should end up with something like:
//
// Copy data from Host buffer into DMA buffer
//
-->
//
// Decrypt data from encrypted guest buffer into DMA buffer
//
Otherwise, the logic of the patch looks good to me.
Thanks!
Laszlo
prev parent reply other threads:[~2017-05-11 17:44 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-10 22:09 [RFC v4 00/13] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-05-10 22:09 ` [RFC v4 01/13] UefiCpuPkg: Define AMD Memory Encryption specific CPUID and MSR Brijesh Singh
2017-05-11 0:30 ` Fan, Jeff
2017-05-10 22:09 ` [RFC v4 02/13] OvmfPkg/ResetVector: Set C-bit when building initial page table Brijesh Singh
2017-05-11 11:40 ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 03/13] OvmfPkg: Update dsc to use IoLib from BaseIoLibIntrinsicSev.inf Brijesh Singh
2017-05-11 11:46 ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 04/13] OvmfPkg/BaseMemcryptSevLib: Add SEV helper library Brijesh Singh
2017-05-11 14:04 ` Laszlo Ersek
2017-05-11 18:03 ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 05/13] OvmfPkg/PlatformPei: Set memory encryption PCD when SEV is enabled Brijesh Singh
2017-05-11 14:37 ` Laszlo Ersek
2017-05-11 18:04 ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 06/13] OvmfPkg:AmdSevDxe: add AmdSevDxe driver Brijesh Singh
2017-05-11 0:56 ` Yao, Jiewen
2017-05-11 15:19 ` Laszlo Ersek
2017-05-11 15:53 ` Laszlo Ersek
2017-05-11 17:43 ` Jordan Justen
2017-05-11 18:01 ` Brijesh Singh
2017-05-15 17:47 ` Jordan Justen
2017-05-16 12:04 ` Brijesh Singh
2017-05-16 17:56 ` Jordan Justen
2017-05-16 20:25 ` Brijesh Singh
2017-05-18 8:50 ` Laszlo Ersek
2017-05-11 20:14 ` Laszlo Ersek
2017-05-11 18:12 ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 07/13] OvmfPkg/QemuFwCfgLib: Provide Pei and Dxe specific library Brijesh Singh
2017-05-11 15:40 ` Laszlo Ersek
2017-05-11 18:16 ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 08/13] OvmfPkg/QemuFwCfgLib: Prepare for SEV support Brijesh Singh
2017-05-11 15:57 ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 09/13] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for SEC phase Brijesh Singh
2017-05-11 16:24 ` Laszlo Ersek
2017-05-11 18:21 ` Brijesh Singh
2017-05-10 22:09 ` [RFC v4 10/13] OvmfPkg/QemuFwCfgLib: Implement SEV internal functions for PEI phase Brijesh Singh
2017-05-11 16:38 ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 11/13] OvmfPkg/QemuFwCfgLib: Implement SEV internal function for Dxe phase Brijesh Singh
2017-05-11 17:07 ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 12/13] OvmfPkg/QemuFwCfgLib: Add option to dynamic alloc FW_CFG_DMA Access Brijesh Singh
2017-05-11 17:10 ` Laszlo Ersek
2017-05-10 22:09 ` [RFC v4 13/13] OvmfPkg/QemuFwCfgLib: Add SEV support Brijesh Singh
2017-05-11 17:44 ` Laszlo Ersek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e6f5b576-e81d-b292-eae7-04e6088d51dd@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox