* [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
2022-09-22 20:50 [PATCH 0/3] Add safe unaccepted memory behavior Dionna Glaze
@ 2022-09-22 20:50 ` Dionna Glaze
2022-09-23 17:10 ` Lendacky, Thomas
2022-09-22 20:50 ` [PATCH 2/3] DxeMain accepts all memory at EBS if needed Dionna Glaze
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Dionna Glaze @ 2022-09-22 20:50 UTC (permalink / raw)
To: devel
Cc: Dionna Glaze, Gerd Hoffmann, James Bottomley, Jiewen Yao,
Tom Lendacky, Sophia Wolf
From: Sophia Wolf <phiawolf@google.com>
When a guest OS does not support unaccepted memory, the unaccepted
memory must be accepted before returning a memory map to the caller.
EfiMemoryAcceptProtocol is defined in MdePkg and is implementated /
Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Sophia Wolf <phiawolf@google.com>
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++++++++++++
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++
OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++++++++
.../Ia32/MemEncryptSevLib.c | 17 +++++++++
.../X64/DxeSnpSystemRamValidate.c | 35 +++++++++++++++++++
.../X64/PeiSnpSystemRamValidate.c | 17 +++++++++
.../X64/SecSnpSystemRamValidate.c | 18 ++++++++++
7 files changed, 131 insertions(+)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 662d3c4ccb..74b82a5814 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -20,6 +20,7 @@
#include <Library/UefiBootServicesTableLib.h>
#include <Guid/ConfidentialComputingSevSnpBlob.h>
#include <Library/PcdLib.h>
+#include <Protocol/MemoryAccept.h>
STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
SIGNATURE_32 ('A', 'M', 'D', 'E'),
@@ -31,6 +32,25 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
FixedPcdGet32 (PcdOvmfCpuidSize),
};
+EFI_HANDLE mAmdSevDxeHandle = NULL;
+
+EFI_STATUS
+EFIAPI
+AmdSevMemoryAccept (
+ IN EFI_MEMORY_ACCEPT_PROTOCOL *This,
+ IN EFI_PHYSICAL_ADDRESS StartAddress,
+ IN UINTN Size
+)
+{
+ MemEncryptSnpAcceptPages (StartAddress, Size / SIZE_4KB);
+
+ return EFI_SUCCESS;
+}
+
+EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
+ AmdSevMemoryAccept
+};
+
EFI_STATUS
EFIAPI
AmdSevDxeEntryPoint (
@@ -147,6 +167,13 @@ AmdSevDxeEntryPoint (
}
}
+ Status = gBS->InstallProtocolInterface (&mAmdSevDxeHandle,
+ &gEfiMemoryAcceptProtocolGuid, EFI_NATIVE_INTERFACE,
+ &mMemoryAcceptProtocol);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n"));
+ }
+
//
// If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
// It contains the location for both the Secrets and CPUID page.
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index 9acf860cf2..5ddddabc32 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -47,6 +47,9 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
+[Protocols]
+ gEfiMemoryAcceptProtocolGuid
+
[Guids]
gConfidentialComputingSevSnpBlobGuid
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
index 4fa9c0d700..05ec10471d 100644
--- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
+++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
@@ -228,4 +228,18 @@ MemEncryptSevSnpPreValidateSystemRam (
IN UINTN NumPages
);
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPages Number of pages starting from the base address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ );
+
#endif // _MEM_ENCRYPT_SEV_LIB_H_
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
index f92299fc77..f0747d792e 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
@@ -153,3 +153,20 @@ MemEncryptSevSnpPreValidateSystemRam (
{
ASSERT (FALSE);
}
+
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPages Number of pages starting from the base address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ )
+{
+ ASSERT (FALSE);
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
index d3a95e4913..7693e0ca66 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
@@ -14,6 +14,7 @@
#include <Library/MemEncryptSevLib.h>
#include "SnpPageStateChange.h"
+#include "VirtualMemory.h"
/**
Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
@@ -38,3 +39,37 @@ MemEncryptSevSnpPreValidateSystemRam (
//
ASSERT (FALSE);
}
+
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPages Number of pages starting from the base address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ )
+{
+ EFI_STATUS Status;
+
+ if (!MemEncryptSevSnpIsEnabled ()) {
+ return;
+ }
+ if (BaseAddress >= SIZE_4GB) {
+ Status = InternalMemEncryptSevCreateIdentityMap1G (
+ 0,
+ BaseAddress,
+ EFI_PAGES_TO_SIZE (NumPages)
+ );
+ if (EFI_ERROR (Status)) {
+ ASSERT (FALSE);
+ CpuDeadLoop ();
+ }
+ }
+
+ InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
index 4970165444..1c52bfe691 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
@@ -126,3 +126,20 @@ MemEncryptSevSnpPreValidateSystemRam (
BaseAddress = EndAddress;
}
}
+
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPages Number of pages starting from the base address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ )
+{
+ ASSERT (FALSE);
+}
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
index 7797febb8a..edfebf6ef4 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
@@ -10,6 +10,7 @@
#include <Uefi/UefiBaseType.h>
#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
#include <Library/MemEncryptSevLib.h>
#include "SnpPageStateChange.h"
@@ -80,3 +81,20 @@ MemEncryptSevSnpPreValidateSystemRam (
InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
}
+
+/**
+ Accept pages system RAM when SEV-SNP is enabled in the guest VM.
+
+ @param[in] BaseAddress Base address
+ @param[in] NumPages Number of pages starting from the base address
+
+**/
+VOID
+EFIAPI
+MemEncryptSnpAcceptPages (
+ IN PHYSICAL_ADDRESS BaseAddress,
+ IN UINTN NumPages
+ )
+{
+ ASSERT(FALSE);
+}
--
2.37.3.998.g577e59143f-goog
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
2022-09-22 20:50 ` [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe Dionna Glaze
@ 2022-09-23 17:10 ` Lendacky, Thomas
0 siblings, 0 replies; 9+ messages in thread
From: Lendacky, Thomas @ 2022-09-23 17:10 UTC (permalink / raw)
To: Dionna Glaze, devel
Cc: Gerd Hoffmann, James Bottomley, Jiewen Yao, Sophia Wolf
On 9/22/22 15:50, Dionna Glaze wrote:
> From: Sophia Wolf <phiawolf@google.com>
>
> When a guest OS does not support unaccepted memory, the unaccepted
> memory must be accepted before returning a memory map to the caller.
>
> EfiMemoryAcceptProtocol is defined in MdePkg and is implementated /
> Installed in AmdSevDxe for AMD SEV-SNP memory acceptance.
>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>
> Signed-off-by: Sophia Wolf <phiawolf@google.com>
> ---
> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++++++++++++
> OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 ++
> OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++++++++
> .../Ia32/MemEncryptSevLib.c | 17 +++++++++
> .../X64/DxeSnpSystemRamValidate.c | 35 +++++++++++++++++++
> .../X64/PeiSnpSystemRamValidate.c | 17 +++++++++
> .../X64/SecSnpSystemRamValidate.c | 18 ++++++++++
> 7 files changed, 131 insertions(+)
>
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> index 662d3c4ccb..74b82a5814 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> @@ -20,6 +20,7 @@
> #include <Library/UefiBootServicesTableLib.h>
> #include <Guid/ConfidentialComputingSevSnpBlob.h>
> #include <Library/PcdLib.h>
> +#include <Protocol/MemoryAccept.h>
>
> STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
> SIGNATURE_32 ('A', 'M', 'D', 'E'),
> @@ -31,6 +32,25 @@ STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION mSnpBootDxeTable = {
> FixedPcdGet32 (PcdOvmfCpuidSize),
> };
>
> +EFI_HANDLE mAmdSevDxeHandle = NULL;
Add STATIC this variable and the function below.
> +
> +EFI_STATUS
> +EFIAPI
> +AmdSevMemoryAccept (
> + IN EFI_MEMORY_ACCEPT_PROTOCOL *This,
> + IN EFI_PHYSICAL_ADDRESS StartAddress,
> + IN UINTN Size
> +)
> +{
> + MemEncryptSnpAcceptPages (StartAddress, Size / SIZE_4KB);
Can't this instead just call MemEncryptSevSnpPreValidateSystemRam()? All
phases have this function, so it would just be changing the version that
is currently in
OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
Also, this needs to follow the coding standards and should be:
MemEncryptSevSnpPreValidateSystemRam (
StartAddress,
EFI_SIZE_TO_PAGES (Size)
);
> +
> + return EFI_SUCCESS;
> +}
> +
> +EFI_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
STATIC
> + AmdSevMemoryAccept
> +};
> +
> EFI_STATUS
> EFIAPI
> AmdSevDxeEntryPoint (
> @@ -147,6 +167,13 @@ AmdSevDxeEntryPoint (
> }
> }
>
> + Status = gBS->InstallProtocolInterface (&mAmdSevDxeHandle,
> + &gEfiMemoryAcceptProtocolGuid, EFI_NATIVE_INTERFACE,
> + &mMemoryAcceptProtocol);
Status = gBS->InstallProtocolInterface (
&mAmdSevDxeHandle,
&gEfiMemoryAcceptProtocolGuid,
EFI_NATIVE_INTERFACE,
&mMemoryAcceptProtocol
);
(You'll need to this in all places in order to pass CI)
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "Install EfiMemoryAcceptProtocol failed.\n"));
> + }
> +
> //
> // If its SEV-SNP active guest then install the CONFIDENTIAL_COMPUTING_SEV_SNP_BLOB.
> // It contains the location for both the Secrets and CPUID page.
> diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> index 9acf860cf2..5ddddabc32 100644
> --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
> @@ -47,6 +47,9 @@
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase
> gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize
>
> +[Protocols]
> + gEfiMemoryAcceptProtocolGuid
> +
> [Guids]
> gConfidentialComputingSevSnpBlobGuid
>
> diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h
> index 4fa9c0d700..05ec10471d 100644
> --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h
> +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h
> @@ -228,4 +228,18 @@ MemEncryptSevSnpPreValidateSystemRam (
> IN UINTN NumPages
> );
>
> +/**
> + Accept pages system RAM when SEV-SNP is enabled in the guest VM.
> +
> + @param[in] BaseAddress Base address
> + @param[in] NumPages Number of pages starting from the base address
> +
> +**/
> +VOID
> +EFIAPI
> +MemEncryptSnpAcceptPages (
> + IN PHYSICAL_ADDRESS BaseAddress,
> + IN UINTN NumPages
> + );
> +
This becomes unnecessary if you use MemEncryptSevSnpPreValidateSystemRam()
instead, since this will only be called during DXE, right?
Thanks,
Tom
> #endif // _MEM_ENCRYPT_SEV_LIB_H_
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
> index f92299fc77..f0747d792e 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c
> @@ -153,3 +153,20 @@ MemEncryptSevSnpPreValidateSystemRam (
> {
> ASSERT (FALSE);
> }
> +
> +/**
> + Accept pages system RAM when SEV-SNP is enabled in the guest VM.
> +
> + @param[in] BaseAddress Base address
> + @param[in] NumPages Number of pages starting from the base address
> +
> +**/
> +VOID
> +EFIAPI
> +MemEncryptSnpAcceptPages (
> + IN PHYSICAL_ADDRESS BaseAddress,
> + IN UINTN NumPages
> + )
> +{
> + ASSERT (FALSE);
> +}
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> index d3a95e4913..7693e0ca66 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c
> @@ -14,6 +14,7 @@
> #include <Library/MemEncryptSevLib.h>
>
> #include "SnpPageStateChange.h"
> +#include "VirtualMemory.h"
>
> /**
> Pre-validate the system RAM when SEV-SNP is enabled in the guest VM.
> @@ -38,3 +39,37 @@ MemEncryptSevSnpPreValidateSystemRam (
> //
> ASSERT (FALSE);
> }
> +
> +/**
> + Accept pages system RAM when SEV-SNP is enabled in the guest VM.
> +
> + @param[in] BaseAddress Base address
> + @param[in] NumPages Number of pages starting from the base address
> +
> +**/
> +VOID
> +EFIAPI
> +MemEncryptSnpAcceptPages (
> + IN PHYSICAL_ADDRESS BaseAddress,
> + IN UINTN NumPages
> + )
> +{
> + EFI_STATUS Status;
> +
> + if (!MemEncryptSevSnpIsEnabled ()) {
> + return;
> + }
> + if (BaseAddress >= SIZE_4GB) {
> + Status = InternalMemEncryptSevCreateIdentityMap1G (
> + 0,
> + BaseAddress,
> + EFI_PAGES_TO_SIZE (NumPages)
> + );
> + if (EFI_ERROR (Status)) {
> + ASSERT (FALSE);
> + CpuDeadLoop ();
> + }
> + }
> +
> + InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
> +}
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> index 4970165444..1c52bfe691 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c
> @@ -126,3 +126,20 @@ MemEncryptSevSnpPreValidateSystemRam (
> BaseAddress = EndAddress;
> }
> }
> +
> +/**
> + Accept pages system RAM when SEV-SNP is enabled in the guest VM.
> +
> + @param[in] BaseAddress Base address
> + @param[in] NumPages Number of pages starting from the base address
> +
> +**/
> +VOID
> +EFIAPI
> +MemEncryptSnpAcceptPages (
> + IN PHYSICAL_ADDRESS BaseAddress,
> + IN UINTN NumPages
> + )
> +{
> + ASSERT (FALSE);
> +}
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
> index 7797febb8a..edfebf6ef4 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c
> @@ -10,6 +10,7 @@
>
> #include <Uefi/UefiBaseType.h>
> #include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> #include <Library/MemEncryptSevLib.h>
>
> #include "SnpPageStateChange.h"
> @@ -80,3 +81,20 @@ MemEncryptSevSnpPreValidateSystemRam (
>
> InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE);
> }
> +
> +/**
> + Accept pages system RAM when SEV-SNP is enabled in the guest VM.
> +
> + @param[in] BaseAddress Base address
> + @param[in] NumPages Number of pages starting from the base address
> +
> +**/
> +VOID
> +EFIAPI
> +MemEncryptSnpAcceptPages (
> + IN PHYSICAL_ADDRESS BaseAddress,
> + IN UINTN NumPages
> + )
> +{
> + ASSERT(FALSE);
> +}
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 2/3] DxeMain accepts all memory at EBS if needed
2022-09-22 20:50 [PATCH 0/3] Add safe unaccepted memory behavior Dionna Glaze
2022-09-22 20:50 ` [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe Dionna Glaze
@ 2022-09-22 20:50 ` Dionna Glaze
2022-09-22 20:50 ` [PATCH 3/3] MdeModulePkg: add EnableUnacceptedMemoryProtocol Dionna Glaze
2022-09-23 17:19 ` [PATCH 0/3] Add safe unaccepted memory behavior Lendacky, Thomas
3 siblings, 0 replies; 9+ messages in thread
From: Dionna Glaze @ 2022-09-22 20:50 UTC (permalink / raw)
To: devel
Cc: Dionna Glaze, Gerd Hoffmann, James Bottomley, Jiewen Yao,
Tom Lendacky, Ard Biesheuvel
With the addition of the EfiUnacceptedMemory memory type, it is possible
the EFI-enlightened guests do not themselves support the new memory
type. This commit adds a dynamic Pcd that can be set to enable
unaccepted memory support before ExitBootServices is called.
The expected usage is to set the new Pcd with a protocol that is usable
by bootloaders and directly-booted OSes when they can determine that the
OS does indeed support unaccepted memory.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
MdeModulePkg/Core/Dxe/DxeMain.h | 10 +++
MdeModulePkg/Core/Dxe/DxeMain.inf | 2 +
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 14 +++-
MdeModulePkg/Core/Dxe/Mem/Page.c | 87 +++++++++++++++++++++++++
MdeModulePkg/MdeModulePkg.dec | 6 ++
MdeModulePkg/MdeModulePkg.uni | 6 ++
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/Bhyve/BhyveX64.dsc | 2 +
OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
OvmfPkg/OvmfPkgX64.dsc | 2 +
OvmfPkg/OvmfXen.dsc | 2 +
13 files changed, 137 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index 815a6b4bd8..ac943c87a3 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -2698,6 +2698,16 @@ CoreInitializeMemoryProtection (
VOID
);
+/**
+ Accept and convert unaccepted memory to conventional memory if unaccepted
+ memory is not enabled and there is an implementation of MemoryAcceptProtocol
+ installed.
+ **/
+EFI_STATUS
+CoreResolveUnacceptedMemory (
+ VOID
+ );
+
/**
Install MemoryAttributesTable on memory allocation.
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf
index e4bca89577..deb8bb2ba8 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -153,6 +153,7 @@
gEfiHiiPackageListProtocolGuid ## SOMETIMES_PRODUCES
gEfiSmmBase2ProtocolGuid ## SOMETIMES_CONSUMES
gEdkiiPeCoffImageEmulatorProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiMemoryAcceptProtocolGuid ## SOMETIMES_CONSUMES
# Arch Protocols
gEfiBdsArchProtocolGuid ## CONSUMES
@@ -186,6 +187,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory ## CONSUMES
# [Hob]
# RESOURCE_DESCRIPTOR ## CONSUMES
diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
index 5733f0c8ec..8d1de32fe7 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
+++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -768,13 +768,25 @@ CoreExitBootServices (
//
gTimer->SetTimerPeriod (gTimer, 0);
+ //
+ // Accept all memory if unaccepted memory isn't enabled.
+ //
+ Status = CoreResolveUnacceptedMemory();
+ if (EFI_ERROR (Status)) {
+ //
+ // Notify other drivers that ExitBootServices failed
+ //
+ CoreNotifySignalList (&gEventExitBootServicesFailedGuid);
+ return Status;
+ }
+
//
// Terminate memory services if the MapKey matches
//
Status = CoreTerminateMemoryMap (MapKey);
if (EFI_ERROR (Status)) {
//
- // Notify other drivers that ExitBootServices fail
+ // Notify other drivers that ExitBootServices failed
//
CoreNotifySignalList (&gEventExitBootServicesFailedGuid);
return Status;
diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c
index ffe79dcca9..cbebe62a28 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Page.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Page.c
@@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "DxeMain.h"
#include "Imem.h"
#include "HeapGuard.h"
+#include <Library/PcdLib.h>
+#include <Protocol/MemoryAccept.h>
//
// Entry for tracking the memory regions for each memory type to coalesce similar memory types
@@ -2118,6 +2120,91 @@ CoreFreePoolPages (
CoreConvertPages (Memory, NumberOfPages, EfiConventionalMemory);
}
+EFI_EVENT gExitBootServiceEvent = NULL;
+
+STATIC
+EFI_STATUS
+AcceptAllUnacceptedMemory (
+ IN EFI_MEMORY_ACCEPT_PROTOCOL *AcceptMemory
+ )
+{
+ EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap;
+ UINTN NumEntries;
+ UINTN Index;
+ EFI_STATUS Status;
+
+ /*
+ * Get a copy of the memory space map to iterate over while
+ * changing the map.
+ */
+ Status = CoreGetMemorySpaceMap (&NumEntries, &AllDescMap);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ for (Index = 0; Index < NumEntries; Index++) {
+ CONST EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc;
+
+ Desc = &AllDescMap[Index];
+ if (Desc->GcdMemoryType != EfiGcdMemoryTypeUnaccepted) {
+ continue;
+ }
+
+ Status = AcceptMemory->AcceptMemory (
+ AcceptMemory,
+ Desc->BaseAddress,
+ Desc->Length
+ );
+ if (EFI_ERROR(Status)) {
+ goto done;
+ }
+
+ Status = CoreRemoveMemorySpace(Desc->BaseAddress, Desc->Length);
+ if (EFI_ERROR(Status)) {
+ goto done;
+ }
+
+ Status = CoreAddMemorySpace (
+ EfiGcdMemoryTypeSystemMemory,
+ Desc->BaseAddress,
+ Desc->Length,
+ EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_RP
+ );
+ if (EFI_ERROR(Status)) {
+ goto done;
+ }
+ }
+
+done:
+ FreePool (AllDescMap);
+ return Status;
+}
+
+EFI_STATUS
+CoreResolveUnacceptedMemory (
+ VOID
+ )
+{
+ EFI_MEMORY_ACCEPT_PROTOCOL *AcceptMemory;
+ EFI_STATUS Status;
+
+ // No need to accept anything. Unaccepted memory is enabled.
+ if (PcdGetBool(PcdEnableUnacceptedMemory)) {
+ return EFI_SUCCESS;
+ }
+
+ Status = gBS->LocateProtocol (&gEfiMemoryAcceptProtocolGuid, NULL,
+ (VOID **)&AcceptMemory);
+ if (Status == EFI_NOT_FOUND) {
+ return EFI_SUCCESS;
+ }
+ if (Status != EFI_SUCCESS) {
+ DEBUG ((DEBUG_ERROR, "Error locating MemoryAcceptProtocol: %d\n", Status));
+ return Status;
+ }
+
+ return AcceptAllUnacceptedMemory(AcceptMemory);
+}
+
/**
Make sure the memory map is following all the construction rules,
it is the last time to check memory map error before exit boot services.
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 58e6ab0048..dd07b3725a 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -2102,6 +2102,12 @@
# @Prompt The shared bit mask when Intel Tdx is enabled.
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0|UINT64|0x10000025
+ ## Indicates if the memory map may include unaccepted memory after ExitBootServices().<BR><BR>
+ # TRUE - The memory map may include unaccepted memory after ExitBootServices().<BR>
+ # FALSE - The memory map may not include unaccepted memory after ExitBootServices().<BR>
+ # @Prompt Support unaccepted memory type.
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE|BOOLEAN|0x10000026
+
[PcdsPatchableInModule]
## Specify memory size with page number for PEI code when
# Loading Module at Fixed Address feature is enabled.
diff --git a/MdeModulePkg/MdeModulePkg.uni b/MdeModulePkg/MdeModulePkg.uni
index 33ce9f6198..fde57da123 100644
--- a/MdeModulePkg/MdeModulePkg.uni
+++ b/MdeModulePkg/MdeModulePkg.uni
@@ -1338,3 +1338,9 @@
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdPcieResizableBarSupport_HELP #language en-US "Indicates if the PCIe Resizable BAR Capability Supported.<BR><BR>\n"
"TRUE - PCIe Resizable BAR Capability is supported.<BR>\n"
"FALSE - PCIe Resizable BAR Capability is not supported.<BR>"
+
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdEnableUnacceptedMemory_PROMPT #language en-US "Support unaccepted memory type"
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdEnableUnacceptedMemory_HELP #language en-US "Indicates if the memory map may include unaccepted memory "
+ "after ExitBootServices().<BR><BR>\n"
+ "TRUE - The memory map may include unaccepted memory after ExitBootServices().<BR>\n"
+ "FALSE - The memory map may not include unaccepted memory after ExitBootServices().<BR>\n"
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 90e8a213ef..23086748c5 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -526,6 +526,7 @@
# Set ConfidentialComputing defaults
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
!include OvmfPkg/OvmfTpmPcds.dsc.inc
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 475b88b21a..004be8b019 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -559,6 +559,8 @@
# Set Tdx shared bit mask
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
# MdeModulePkg resolution sets up the system display resolution
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 10b16104ac..41f43a2631 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -618,6 +618,8 @@
# Set Tdx shared bit mask
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
# Set SEV-ES defaults
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index c0c1a15b09..55b6a2a845 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -514,6 +514,8 @@
# Set Tdx shared bit mask
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
# Set SEV-ES defaults
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index af566b953f..aebe1c3192 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -655,6 +655,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
# Set SEV-ES defaults
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f39d9cd117..6e4418388e 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -679,6 +679,8 @@
# Set Tdx shared bit mask
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
# Set SEV-ES defaults
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 58a7c97cdd..0f57e22a2b 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -505,6 +505,8 @@
# Set Tdx shared bit mask
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory|FALSE
+
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
################################################################################
--
2.37.3.998.g577e59143f-goog
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/3] MdeModulePkg: add EnableUnacceptedMemoryProtocol
2022-09-22 20:50 [PATCH 0/3] Add safe unaccepted memory behavior Dionna Glaze
2022-09-22 20:50 ` [PATCH 1/3] OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe Dionna Glaze
2022-09-22 20:50 ` [PATCH 2/3] DxeMain accepts all memory at EBS if needed Dionna Glaze
@ 2022-09-22 20:50 ` Dionna Glaze
2022-09-23 17:19 ` [PATCH 0/3] Add safe unaccepted memory behavior Lendacky, Thomas
3 siblings, 0 replies; 9+ messages in thread
From: Dionna Glaze @ 2022-09-22 20:50 UTC (permalink / raw)
To: devel
Cc: Dionna Glaze, Gerd Hoffmann, James Bottomley, Jiewen Yao,
Tom Lendacky, Ard Biesheuvel
Add a simple protocol that enables the use of the unaccepted memory
type. Must be called before ExitBootServices to be effective.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
MdeModulePkg/Core/Dxe/DxeMain.h | 22 ++++++++++++++++
MdeModulePkg/Core/Dxe/DxeMain.inf | 3 ++-
MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 5 ++++
MdeModulePkg/Core/Dxe/Mem/Page.c | 35 +++++++++++++++++++++++++
MdeModulePkg/MdeModulePkg.dec | 3 +++
5 files changed, 67 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.h b/MdeModulePkg/Core/Dxe/DxeMain.h
index ac943c87a3..5f0114b04f 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.h
+++ b/MdeModulePkg/Core/Dxe/DxeMain.h
@@ -2708,6 +2708,28 @@ CoreResolveUnacceptedMemory (
VOID
);
+
+typedef struct _ENABLE_UNACCEPTED_MEMORY_PROTOCOL
+ ENABLE_UNACCEPTED_MEMORY_PROTOCOL;
+
+typedef EFI_STATUS (EFIAPI *ENABLE_UNACCEPTED_MEMORY)(
+ IN ENABLE_UNACCEPTED_MEMORY_PROTOCOL *
+ );
+
+struct _ENABLE_UNACCEPTED_MEMORY_PROTOCOL {
+ ENABLE_UNACCEPTED_MEMORY Enable;
+};
+
+extern EFI_GUID gEnableUnacceptedMemoryProtocolGuid;
+
+/**
+ Implement the protocol for enabling unaccepted memory.
+ **/
+VOID
+InstallEnableUnacceptedMemoryProtocol (
+ VOID
+ );
+
/**
Install MemoryAttributesTable on memory allocation.
diff --git a/MdeModulePkg/Core/Dxe/DxeMain.inf b/MdeModulePkg/Core/Dxe/DxeMain.inf
index deb8bb2ba8..39dcac98bb 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain.inf
+++ b/MdeModulePkg/Core/Dxe/DxeMain.inf
@@ -122,6 +122,7 @@
gEfiMemoryAttributesTableGuid ## SOMETIMES_PRODUCES ## SystemTable
gEfiEndOfDxeEventGroupGuid ## SOMETIMES_CONSUMES ## Event
gEfiHobMemoryAllocStackGuid ## SOMETIMES_CONSUMES ## SystemTable
+ gEnableUnacceptedMemoryProtocolGuid ## PRODUCES ## GUID # Install protocol
[Ppis]
gEfiVectorHandoffInfoPpiGuid ## UNDEFINED # HOB
@@ -187,7 +188,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdFwVolDxeMaxEncapsulationDepth ## CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdEnableUnacceptedMemory ## CONSUMES ## SOMETIMES_PRODUCES
# [Hob]
# RESOURCE_DESCRIPTOR ## CONSUMES
diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
index 8d1de32fe7..bc1a8ab6b2 100644
--- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
+++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c
@@ -354,6 +354,11 @@ DxeMain (
Status = CoreInstallConfigurationTable (&gEfiMemoryTypeInformationGuid, &gMemoryTypeInformation);
ASSERT_EFI_ERROR (Status);
+ //
+ // Install unaccepted memory configuration protocol
+ //
+ InstallEnableUnacceptedMemoryProtocol();
+
//
// If Loading modules At fixed address feature is enabled, install Load moduels at fixed address
// Configuration Table so that user could easily to retrieve the top address to load Dxe and PEI
diff --git a/MdeModulePkg/Core/Dxe/Mem/Page.c b/MdeModulePkg/Core/Dxe/Mem/Page.c
index cbebe62a28..10e152d80d 100644
--- a/MdeModulePkg/Core/Dxe/Mem/Page.c
+++ b/MdeModulePkg/Core/Dxe/Mem/Page.c
@@ -96,6 +96,14 @@ EFI_MEMORY_TYPE_INFORMATION gMemoryTypeInformation[EfiMaxMemoryType + 1] = {
//
GLOBAL_REMOVE_IF_UNREFERENCED BOOLEAN gLoadFixedAddressCodeMemoryReady = FALSE;
+EFI_STATUS EFIAPI CoreEnableUnacceptedMemory(IN ENABLE_UNACCEPTED_MEMORY_PROTOCOL *);
+
+struct {
+ ENABLE_UNACCEPTED_MEMORY enable;
+} mEnableUnacceptedMemoryProtocol = {
+ CoreEnableUnacceptedMemory,
+};
+
/**
Enter critical section by gaining lock on gMemoryLock.
@@ -2205,6 +2213,33 @@ CoreResolveUnacceptedMemory (
return AcceptAllUnacceptedMemory(AcceptMemory);
}
+EFI_STATUS
+EFIAPI
+CoreEnableUnacceptedMemory (
+ IN ENABLE_UNACCEPTED_MEMORY_PROTOCOL *This
+ )
+{
+ return PcdSetBoolS(PcdEnableUnacceptedMemory, TRUE);
+}
+
+VOID
+InstallEnableUnacceptedMemoryProtocol (
+ VOID
+ )
+{
+ EFI_HANDLE Handle;
+ EFI_STATUS Status;
+
+ Handle = NULL;
+ Status = CoreInstallMultipleProtocolInterfaces (
+ &Handle,
+ &gEnableUnacceptedMemoryProtocolGuid,
+ &mEnableUnacceptedMemoryProtocol,
+ NULL
+ );
+ ASSERT_EFI_ERROR (Status);
+}
+
/**
Make sure the memory map is following all the construction rules,
it is the last time to check memory map error before exit boot services.
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index dd07b3725a..ce72c06a93 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -244,6 +244,9 @@
gEdkiiPerformanceMeasurementProtocolGuid = { 0xc85d06be, 0x5f75, 0x48ce, { 0xa8, 0x0f, 0x12, 0x36, 0xba, 0x3b, 0x87, 0xb1 } }
gEdkiiSmmPerformanceMeasurementProtocolGuid = { 0xd56b6d73, 0x1a7b, 0x4015, { 0x9b, 0xb4, 0x7b, 0x07, 0x17, 0x29, 0xed, 0x24 } }
+ ## Bootloader protocol Guid for enabling unaccepted memory support.
+ gEnableUnacceptedMemoryProtocolGuid = { 0xc5a010fe, 0x38a7, 0x4531, { 0x8a, 0x4a, 0x05, 0x00, 0xd2, 0xfd, 0x16, 0x49 } }
+
## Guid is defined for CRC32 encapsulation scheme.
# Include/Guid/Crc32GuidedSectionExtraction.h
gEfiCrc32GuidedSectionExtractionGuid = { 0xFC1BCDB0, 0x7D31, 0x49aa, {0x93, 0x6A, 0xA4, 0x60, 0x0D, 0x9D, 0xD0, 0x83 } }
--
2.37.3.998.g577e59143f-goog
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH 0/3] Add safe unaccepted memory behavior
2022-09-22 20:50 [PATCH 0/3] Add safe unaccepted memory behavior Dionna Glaze
` (2 preceding siblings ...)
2022-09-22 20:50 ` [PATCH 3/3] MdeModulePkg: add EnableUnacceptedMemoryProtocol Dionna Glaze
@ 2022-09-23 17:19 ` Lendacky, Thomas
2022-09-23 19:34 ` Dionna Glaze
3 siblings, 1 reply; 9+ messages in thread
From: Lendacky, Thomas @ 2022-09-23 17:19 UTC (permalink / raw)
To: Dionna Glaze, devel
Cc: Ard Biescheuvel, Min M. Xu, Gerd Hoffmann, James Bottomley,
Jiewen Yao, Erdem Aktas
On 9/22/22 15:50, Dionna Glaze wrote:
> These three patches build on the lazy-accept patch series
>
> "Introduce Lazy-accept for Tdx guest"
>
> by adding SEV-SNP support for the MemoryAccept protocol, and
> importantly making eager memory acceptance the default behavior.
>
> For unaccepted memory to be enabled, we must know that the booted image
> supports the unaccepted memory type. We add a trivial protocol that sets
> a dynamic Pcd to true when called in order for the booted image to
> signal its support for unaccepted memory. This does not need to be an
> OsIndications bit because it does not need to be persisted.
>
> We use the Pcd to disable a new ExitBootServices notification that
> accepts all unaccepted memory, removes the unaccepted memory entries in
> the memory space map, and then add the same memory ranges back as
> conventional memory.
>
> All images that support unaccepted memory must now locate and call this
> new ENABLE_UNACCEPTED_MEMORY_PROTOCOL.
This seems to be missing the creation of unaccepted memory under SEV-SNP.
Is that going to be part of a separate patch (to update
PlatformAddMemoryBaseSizeHob () and mark anything above 4GB as unaccepted)?
Thanks,
Tom
>
> Cc: Ard Biescheuvel <ardb@kernel.org>
> Cc: "Min M. Xu" <min.m.xu@intel.org>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
>
> Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
>
> Dionna Glaze (3):
> OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
> DxeMain accepts all memory at EBS if needed
> MdeModulePkg: add EnableUnacceptedMemoryProtocol
>
> MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++
> MdeModulePkg/Core/Dxe/DxeMain.inf | 3 +
> MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++-
> MdeModulePkg/Core/Dxe/Mem/Page.c | 122 ++++++++++++++++++
> MdeModulePkg/MdeModulePkg.dec | 9 ++
> MdeModulePkg/MdeModulePkg.uni | 6 +
> OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
> OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++
> OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 +
> OvmfPkg/Bhyve/BhyveX64.dsc | 2 +
> OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +
> OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +
> .../Ia32/MemEncryptSevLib.c | 17 +++
> .../X64/DxeSnpSystemRamValidate.c | 35 +++++
> .../X64/PeiSnpSystemRamValidate.c | 17 +++
> .../X64/SecSnpSystemRamValidate.c | 18 +++
> OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
> OvmfPkg/OvmfPkgX64.dsc | 2 +
> OvmfPkg/OvmfXen.dsc | 2 +
> 20 files changed, 334 insertions(+), 1 deletion(-)
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/3] Add safe unaccepted memory behavior
2022-09-23 17:19 ` [PATCH 0/3] Add safe unaccepted memory behavior Lendacky, Thomas
@ 2022-09-23 19:34 ` Dionna Glaze
2022-09-23 19:42 ` Lendacky, Thomas
0 siblings, 1 reply; 9+ messages in thread
From: Dionna Glaze @ 2022-09-23 19:34 UTC (permalink / raw)
To: Tom Lendacky
Cc: devel, Ard Biescheuvel, Min M. Xu, Gerd Hoffmann, James Bottomley,
Jiewen Yao, Erdem Aktas
[-- Attachment #1: Type: text/plain, Size: 3579 bytes --]
Ah yes, I did forget to include that patch. Will add to v2. I was just
setting the ResourceType to unaccepted and skipping the Prevalidate call in
PlatformPei if the start address is greater or equal to SIZE_4GB. That
seemed more self-contained than messing with PlatformInitLib. Would you
prefer that I add SevSnp logic to PlatformInitLib?
On Fri, Sep 23, 2022 at 10:19 AM Tom Lendacky <thomas.lendacky@amd.com>
wrote:
> On 9/22/22 15:50, Dionna Glaze wrote:
> > These three patches build on the lazy-accept patch series
> >
> > "Introduce Lazy-accept for Tdx guest"
> >
> > by adding SEV-SNP support for the MemoryAccept protocol, and
> > importantly making eager memory acceptance the default behavior.
> >
> > For unaccepted memory to be enabled, we must know that the booted image
> > supports the unaccepted memory type. We add a trivial protocol that sets
> > a dynamic Pcd to true when called in order for the booted image to
> > signal its support for unaccepted memory. This does not need to be an
> > OsIndications bit because it does not need to be persisted.
> >
> > We use the Pcd to disable a new ExitBootServices notification that
> > accepts all unaccepted memory, removes the unaccepted memory entries in
> > the memory space map, and then add the same memory ranges back as
> > conventional memory.
> >
> > All images that support unaccepted memory must now locate and call this
> > new ENABLE_UNACCEPTED_MEMORY_PROTOCOL.
>
> This seems to be missing the creation of unaccepted memory under SEV-SNP.
> Is that going to be part of a separate patch (to update
> PlatformAddMemoryBaseSizeHob () and mark anything above 4GB as unaccepted)?
>
> Thanks,
> Tom
>
> >
> > Cc: Ard Biescheuvel <ardb@kernel.org>
> > Cc: "Min M. Xu" <min.m.xu@intel.org>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Cc: James Bottomley <jejb@linux.ibm.com>
> > Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Erdem Aktas <erdemaktas@google.com>
> >
> > Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
> >
> > Dionna Glaze (3):
> > OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
> > DxeMain accepts all memory at EBS if needed
> > MdeModulePkg: add EnableUnacceptedMemoryProtocol
> >
> > MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++
> > MdeModulePkg/Core/Dxe/DxeMain.inf | 3 +
> > MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++-
> > MdeModulePkg/Core/Dxe/Mem/Page.c | 122 ++++++++++++++++++
> > MdeModulePkg/MdeModulePkg.dec | 9 ++
> > MdeModulePkg/MdeModulePkg.uni | 6 +
> > OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
> > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++
> > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 +
> > OvmfPkg/Bhyve/BhyveX64.dsc | 2 +
> > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +
> > OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++
> > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +
> > .../Ia32/MemEncryptSevLib.c | 17 +++
> > .../X64/DxeSnpSystemRamValidate.c | 35 +++++
> > .../X64/PeiSnpSystemRamValidate.c | 17 +++
> > .../X64/SecSnpSystemRamValidate.c | 18 +++
> > OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
> > OvmfPkg/OvmfPkgX64.dsc | 2 +
> > OvmfPkg/OvmfXen.dsc | 2 +
> > 20 files changed, 334 insertions(+), 1 deletion(-)
> >
>
--
-Dionna Glaze, PhD (she/her)
[-- Attachment #2: Type: text/html, Size: 5115 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/3] Add safe unaccepted memory behavior
2022-09-23 19:34 ` Dionna Glaze
@ 2022-09-23 19:42 ` Lendacky, Thomas
2022-09-26 9:36 ` Gerd Hoffmann
0 siblings, 1 reply; 9+ messages in thread
From: Lendacky, Thomas @ 2022-09-23 19:42 UTC (permalink / raw)
To: Dionna Amalie Glaze
Cc: devel, Ard Biescheuvel, Min M. Xu, Gerd Hoffmann, James Bottomley,
Jiewen Yao, Erdem Aktas
On 9/23/22 14:34, Dionna Amalie Glaze wrote:
> Ah yes, I did forget to include that patch. Will add to v2. I was just
> setting the ResourceType to unaccepted and skipping the Prevalidate call
> in PlatformPei if the start address is greater or equal to SIZE_4GB. That
> seemed more self-contained than messing with PlatformInitLib. Would you
> prefer that I add SevSnp logic to PlatformInitLib?
No, if it works and is easier / more concise, then please keep it the way
you have it.
Thanks,
Tom
>
> On Fri, Sep 23, 2022 at 10:19 AM Tom Lendacky <thomas.lendacky@amd.com
> <mailto:thomas.lendacky@amd.com>> wrote:
>
> On 9/22/22 15:50, Dionna Glaze wrote:
> > These three patches build on the lazy-accept patch series
> >
> > "Introduce Lazy-accept for Tdx guest"
> >
> > by adding SEV-SNP support for the MemoryAccept protocol, and
> > importantly making eager memory acceptance the default behavior.
> >
> > For unaccepted memory to be enabled, we must know that the booted image
> > supports the unaccepted memory type. We add a trivial protocol that
> sets
> > a dynamic Pcd to true when called in order for the booted image to
> > signal its support for unaccepted memory. This does not need to be an
> > OsIndications bit because it does not need to be persisted.
> >
> > We use the Pcd to disable a new ExitBootServices notification that
> > accepts all unaccepted memory, removes the unaccepted memory entries in
> > the memory space map, and then add the same memory ranges back as
> > conventional memory.
> >
> > All images that support unaccepted memory must now locate and call this
> > new ENABLE_UNACCEPTED_MEMORY_PROTOCOL.
>
> This seems to be missing the creation of unaccepted memory under SEV-SNP.
> Is that going to be part of a separate patch (to update
> PlatformAddMemoryBaseSizeHob () and mark anything above 4GB as
> unaccepted)?
>
> Thanks,
> Tom
>
> >
> > Cc: Ard Biescheuvel <ardb@kernel.org <mailto:ardb@kernel.org>>
> > Cc: "Min M. Xu" <min.m.xu@intel.org <mailto:min.m.xu@intel.org>>
> > Cc: Gerd Hoffmann <kraxel@redhat.com <mailto:kraxel@redhat.com>>
> > Cc: James Bottomley <jejb@linux.ibm.com <mailto:jejb@linux.ibm.com>>
> > Cc: Tom Lendacky <Thomas.Lendacky@amd.com
> <mailto:Thomas.Lendacky@amd.com>>
> > Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com>>
> > Cc: Erdem Aktas <erdemaktas@google.com <mailto:erdemaktas@google.com>>
> >
> > Signed-off-by: Dionna Glaze <dionnaglaze@google.com
> <mailto:dionnaglaze@google.com>>
> >
> > Dionna Glaze (3):
> > OvmfPkg: Realize EfiMemoryAcceptProtocol in AmdSevDxe
> > DxeMain accepts all memory at EBS if needed
> > MdeModulePkg: add EnableUnacceptedMemoryProtocol
> >
> > MdeModulePkg/Core/Dxe/DxeMain.h | 32 +++++
> > MdeModulePkg/Core/Dxe/DxeMain.inf | 3 +
> > MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 19 ++-
> > MdeModulePkg/Core/Dxe/Mem/Page.c | 122
> ++++++++++++++++++
> > MdeModulePkg/MdeModulePkg.dec | 9 ++
> > MdeModulePkg/MdeModulePkg.uni | 6 +
> > OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
> > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 27 ++++
> > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 3 +
> > OvmfPkg/Bhyve/BhyveX64.dsc | 2 +
> > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +
> > OvmfPkg/Include/Library/MemEncryptSevLib.h | 14 ++
> > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +
> > .../Ia32/MemEncryptSevLib.c | 17 +++
> > .../X64/DxeSnpSystemRamValidate.c | 35 +++++
> > .../X64/PeiSnpSystemRamValidate.c | 17 +++
> > .../X64/SecSnpSystemRamValidate.c | 18 +++
> > OvmfPkg/OvmfPkgIa32X64.dsc | 2 +
> > OvmfPkg/OvmfPkgX64.dsc | 2 +
> > OvmfPkg/OvmfXen.dsc | 2 +
> > 20 files changed, 334 insertions(+), 1 deletion(-)
> >
>
>
>
> --
> -Dionna Glaze, PhD (she/her)
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 0/3] Add safe unaccepted memory behavior
2022-09-23 19:42 ` Lendacky, Thomas
@ 2022-09-26 9:36 ` Gerd Hoffmann
0 siblings, 0 replies; 9+ messages in thread
From: Gerd Hoffmann @ 2022-09-26 9:36 UTC (permalink / raw)
To: Tom Lendacky
Cc: Dionna Amalie Glaze, devel, Ard Biescheuvel, Min M. Xu,
James Bottomley, Jiewen Yao, Erdem Aktas
On Fri, Sep 23, 2022 at 02:42:57PM -0500, Tom Lendacky wrote:
> On 9/23/22 14:34, Dionna Amalie Glaze wrote:
> > Ah yes, I did forget to include that patch. Will add to v2. I was just
> > setting the ResourceType to unaccepted and skipping the Prevalidate call
> > in PlatformPei if the start address is greater or equal to SIZE_4GB.
> > That seemed more self-contained than messing with PlatformInitLib. Would
> > you prefer that I add SevSnp logic to PlatformInitLib?
>
> No, if it works and is easier / more concise, then please keep it the way
> you have it.
Well, moving over the SEV code over to PlatformInitLib makes sense.
That should allow the AmdSev use pei-less boot, simliar to IntelTdx,
and further down the road allow unify AmdSev + IntelTdx variants into
a single firmware binary supporting both SevSnp and Tdx.
I don't think that should be part of the "unaccepted memory" patch
series though.
take care,
Gerd
^ permalink raw reply [flat|nested] 9+ messages in thread