1. Patchew
  2. EDK2
  3. [edk2] [PATCH v5 00/14] x86: Secure Encrypted Virtualization (AMD)
  4. View patch

[edk2] [PATCH v5 14/14] OvmfPkg/QemuFwCfgLib: Add SEV support

Brijesh Singh posted 14 patches 7 years, 7 months ago
Only 13 patches received!
There is a newer version of this series
[edk2] [PATCH v5 14/14] OvmfPkg/QemuFwCfgLib: Add SEV support
Posted by Brijesh Singh 7 years, 7 months ago 
When SEV is enabled, use a bounce buffer to perform the DMA operation.


Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c | 54 +++++++++++++++++++-
 1 file changed, 52 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
index 73a19772bee1..40b43ac78ff4 100644
--- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
+++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
@@ -72,6 +72,8 @@ InternalQemuFwCfgDmaBytes (
   volatile FW_CFG_DMA_ACCESS *Access;
   UINT32                     AccessHigh, AccessLow;
   UINT32                     Status;
+  UINT32                     NumPages;
+  VOID                       *DmaBuffer, *BounceBuffer;
 
   ASSERT (Control == FW_CFG_DMA_CTL_WRITE || Control == FW_CFG_DMA_CTL_READ ||
     Control == FW_CFG_DMA_CTL_SKIP);
@@ -80,11 +82,44 @@ InternalQemuFwCfgDmaBytes (
     return;
   }
 
-  Access = &LocalAccess;
+  //
+  // When SEV is enabled then allocate DMA bounce buffer
+  //
+  if (InternalQemuFwCfgSevIsEnabled ()) {
+    UINTN  TotalSize;
+
+    TotalSize = sizeof (*Access);
+    //
+    // Control operation does not need buffer
+    //
+    if (Control != FW_CFG_DMA_CTL_SKIP) {
+      TotalSize += Size;
+    }
+
+    //
+    // Allocate SEV DMA buffer
+    //
+    NumPages = (UINT32)EFI_SIZE_TO_PAGES (TotalSize);
+    InternalQemuFwCfgSevDmaAllocateBuffer (&BounceBuffer, NumPages);
+
+    Access = BounceBuffer;
+    DmaBuffer = (UINT8*)BounceBuffer + sizeof (*Access);
+
+    //
+    //  Decrypt data from encrypted guest buffer into DMA buffer
+    //
+    if (Control == FW_CFG_DMA_CTL_WRITE) {
+      CopyMem (DmaBuffer, Buffer, Size);
+    }
+  } else {
+    Access = &LocalAccess;
+    DmaBuffer = Buffer;
+    BounceBuffer = NULL;
+  }
 
   Access->Control = SwapBytes32 (Control);
   Access->Length  = SwapBytes32 (Size);
-  Access->Address = SwapBytes64 ((UINTN)Buffer);
+  Access->Address = SwapBytes64 ((UINTN)DmaBuffer);
 
   //
   // Delimit the transfer from (a) modifications to Access, (b) in case of a
@@ -117,6 +152,21 @@ InternalQemuFwCfgDmaBytes (
   // After a read, the caller will want to use Buffer.
   //
   MemoryFence ();
+
+  //
+  // If Bounce buffer was allocated then copy the data into guest buffer and
+  // free the bounce buffer
+  //
+  if (BounceBuffer) {
+    //
+    //  Encrypt the data from DMA buffer into guest buffer
+    //
+    if (Control == FW_CFG_DMA_CTL_READ) {
+      CopyMem (Buffer, DmaBuffer, Size);
+    }
+
+    InternalQemuFwCfgSevDmaFreeBuffer (BounceBuffer, NumPages);
+  }
 }
 
 
-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v5 14/14] OvmfPkg/QemuFwCfgLib: Add SEV support
Posted by Laszlo Ersek 7 years, 7 months ago 
comments below:

On 05/22/17 17:23, Brijesh Singh wrote:
> When SEV is enabled, use a bounce buffer to perform the DMA operation.
> 
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c | 54 +++++++++++++++++++-
>  1 file changed, 52 insertions(+), 2 deletions(-)
> 
> diff --git a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
> index 73a19772bee1..40b43ac78ff4 100644
> --- a/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
> +++ b/OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgLib.c
> @@ -72,6 +72,8 @@ InternalQemuFwCfgDmaBytes (
>    volatile FW_CFG_DMA_ACCESS *Access;
>    UINT32                     AccessHigh, AccessLow;
>    UINT32                     Status;
> +  UINT32                     NumPages;
> +  VOID                       *DmaBuffer, *BounceBuffer;
>  
>    ASSERT (Control == FW_CFG_DMA_CTL_WRITE || Control == FW_CFG_DMA_CTL_READ ||
>      Control == FW_CFG_DMA_CTL_SKIP);
> @@ -80,11 +82,44 @@ InternalQemuFwCfgDmaBytes (
>      return;
>    }
>  
> -  Access = &LocalAccess;
> +  //
> +  // When SEV is enabled then allocate DMA bounce buffer
> +  //
> +  if (InternalQemuFwCfgSevIsEnabled ()) {
> +    UINTN  TotalSize;
> +
> +    TotalSize = sizeof (*Access);
> +    //
> +    // Control operation does not need buffer
> +    //

(1) you missed my remark that this comment should say "skip operation",
see point (2) in
<http://mid.mail-archive.com/e6f5b576-e81d-b292-eae7-04e6088d51dd@redhat.com>.

> +    if (Control != FW_CFG_DMA_CTL_SKIP) {
> +      TotalSize += Size;
> +    }
> +
> +    //
> +    // Allocate SEV DMA buffer
> +    //
> +    NumPages = (UINT32)EFI_SIZE_TO_PAGES (TotalSize);
> +    InternalQemuFwCfgSevDmaAllocateBuffer (&BounceBuffer, NumPages);
> +
> +    Access = BounceBuffer;
> +    DmaBuffer = (UINT8*)BounceBuffer + sizeof (*Access);
> +
> +    //
> +    //  Decrypt data from encrypted guest buffer into DMA buffer
> +    //
> +    if (Control == FW_CFG_DMA_CTL_WRITE) {
> +      CopyMem (DmaBuffer, Buffer, Size);
> +    }
> +  } else {
> +    Access = &LocalAccess;
> +    DmaBuffer = Buffer;
> +    BounceBuffer = NULL;
> +  }
>  
>    Access->Control = SwapBytes32 (Control);
>    Access->Length  = SwapBytes32 (Size);
> -  Access->Address = SwapBytes64 ((UINTN)Buffer);
> +  Access->Address = SwapBytes64 ((UINTN)DmaBuffer);
>  
>    //
>    // Delimit the transfer from (a) modifications to Access, (b) in case of a
> @@ -117,6 +152,21 @@ InternalQemuFwCfgDmaBytes (
>    // After a read, the caller will want to use Buffer.
>    //
>    MemoryFence ();
> +
> +  //
> +  // If Bounce buffer was allocated then copy the data into guest buffer and
> +  // free the bounce buffer
> +  //
> +  if (BounceBuffer) {

(2) You missed my remark about the edk2 coding style, see point (6) in
<https://www.mail-archive.com/edk2-devel@lists.01.org/msg25650.html>.

> +    //
> +    //  Encrypt the data from DMA buffer into guest buffer
> +    //
> +    if (Control == FW_CFG_DMA_CTL_READ) {
> +      CopyMem (Buffer, DmaBuffer, Size);
> +    }
> +
> +    InternalQemuFwCfgSevDmaFreeBuffer (BounceBuffer, NumPages);
> +  }
>  }
>  
>  
> 

If a v6 is necessary, then please fix up the above. Otherwise, the patch
is good to me as-is.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Patchew 2.1-devel-8c64711

© 2016 - 2024 Red Hat, Inc.