From nobody Mon Dec 23 09:53:06 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1519949103169201.83141349020514; Thu, 1 Mar 2018 16:05:03 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 1C7222255D6E5; Thu, 1 Mar 2018 15:58:28 -0800 (PST) Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 247C32255D6E0 for ; Thu, 1 Mar 2018 15:58:26 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 744AA8182D2E; Fri, 2 Mar 2018 00:04:34 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-4.rdu2.redhat.com [10.10.120.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8BBFB10B0F24; Fri, 2 Mar 2018 00:04:33 +0000 (UTC) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org From: Laszlo Ersek To: edk2-devel-01 Date: Fri, 2 Mar 2018 01:04:05 +0100 Message-Id: <20180302000408.14201-18-lersek@redhat.com> In-Reply-To: <20180302000408.14201-1-lersek@redhat.com> References: <20180302000408.14201-1-lersek@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 02 Mar 2018 00:04:34 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 02 Mar 2018 00:04:34 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: [edk2] [PATCH 17/20] OvmfPkg/MemEncryptSevLib: find pages of initial SMRAM save state map X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jordan Justen , Brijesh Singh , Ard Biesheuvel MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" In the next three patches, we're going to modify three modules under OvmfPkg. When OVMF is built with -D SMM_REQUIRE and runs in an SEV guest, each affected module will have to know the page range that covers the initial (pre-SMBASE relocation) SMRAM save state map. Add a helper function to MemEncryptSevLib that calculates the "base address" and "number of pages" constants for this page range. (In a RELEASE build -- i.e., with assertions disabled and optimization enabled --, the helper function can be compiled to store two constants determined at compile time.) Cc: Ard Biesheuvel Cc: Brijesh Singh Cc: Jordan Justen Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek --- OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf | 4 ++ OvmfPkg/Include/Library/MemEncryptSevLib.h | 23 +++++= ++++ OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c | 51 +++++= +++++++++++++++ 3 files changed, 78 insertions(+) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf = b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf index 2f0a2392a7ad..464fe1f33e66 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/BaseMemEncryptSevLib.inf @@ -34,20 +34,24 @@ [Packages] MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec OvmfPkg/OvmfPkg.dec UefiCpuPkg/UefiCpuPkg.dec =20 [Sources.X64] MemEncryptSevLibInternal.c X64/MemEncryptSevLib.c X64/VirtualMemory.c =20 [Sources.IA32] Ia32/MemEncryptSevLib.c MemEncryptSevLibInternal.c =20 [LibraryClasses] BaseLib CacheMaintenanceLib CpuLib DebugLib MemoryAllocationLib + PcdLib + +[FeaturePcd] + gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index e5ebb4401818..1e2ec8641d46 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -69,21 +69,44 @@ MemEncryptSevClearPageEncMask ( address of a memory region. @param[in] NumPages The number of pages from start memory region. @param[in] Flush Flush the caches before setting the = bit (mostly TRUE except MMIO addresses) =20 @retval RETURN_SUCCESS The attributes were set for the memo= ry region. @retval RETURN_INVALID_PARAMETER Number of pages is zero. @retval RETURN_UNSUPPORTED Setting the memory encryption attrib= ute is not supported **/ RETURN_STATUS EFIAPI MemEncryptSevSetPageEncMask ( IN PHYSICAL_ADDRESS Cr3BaseAddress, IN PHYSICAL_ADDRESS BaseAddress, IN UINTN NumPages, IN BOOLEAN Flush ); + + +/** + Locate the page range that covers the initial (pre-SMBASE-relocation) SM= RAM + Save State Map. + + @param[out] BaseAddress The base address of the lowest-address page = that + covers the initial SMRAM Save State Map. + + @param[out] NumberOfPages The number of pages in the page range that c= overs + the initial SMRAM Save State Map. + + @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set = on + output. + + @retval RETURN_UNSUPPORTED SMM is unavailable. +**/ +RETURN_STATUS +EFIAPI +MemEncryptSevLocateInitialSmramSaveStateMapPages ( + OUT UINTN *BaseAddress, + OUT UINTN *NumberOfPages + ); #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.= c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c index 7078ab0d3f46..b92ba50c616c 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c @@ -1,42 +1,46 @@ /** @file =20 Secure Encrypted Virtualization (SEV) library helper function =20 Copyright (c) 2017, AMD Incorporated. All rights reserved.
=20 This program and the accompanying materials are licensed and made availa= ble under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php =20 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. =20 **/ =20 #include #include #include +#include #include #include #include +#include +#include +#include =20 STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 /** =20 Returns a boolean to indicate whether SEV is enabled =20 @retval TRUE SEV is enabled @retval FALSE SEV is not enabled **/ STATIC BOOLEAN EFIAPI InternalMemEncryptSevIsEnabled ( VOID ) { UINT32 RegEax; MSR_SEV_STATUS_REGISTER Msr; @@ -70,20 +74,67 @@ InternalMemEncryptSevIsEnabled ( Returns a boolean to indicate whether SEV is enabled =20 @retval TRUE SEV is enabled @retval FALSE SEV is not enabled **/ BOOLEAN EFIAPI MemEncryptSevIsEnabled ( VOID ) { if (mSevStatusChecked) { return mSevStatus; } =20 mSevStatus =3D InternalMemEncryptSevIsEnabled(); mSevStatusChecked =3D TRUE; =20 return mSevStatus; } + + +/** + Locate the page range that covers the initial (pre-SMBASE-relocation) SM= RAM + Save State Map. + + @param[out] BaseAddress The base address of the lowest-address page = that + covers the initial SMRAM Save State Map. + + @param[out] NumberOfPages The number of pages in the page range that c= overs + the initial SMRAM Save State Map. + + @retval RETURN_SUCCESS BaseAddress and NumberOfPages have been set = on + output. + + @retval RETURN_UNSUPPORTED SMM is unavailable. +**/ +RETURN_STATUS +EFIAPI +MemEncryptSevLocateInitialSmramSaveStateMapPages ( + OUT UINTN *BaseAddress, + OUT UINTN *NumberOfPages + ) +{ + UINTN MapStart; + UINTN MapEnd; + UINTN MapPagesStart; // MapStart rounded down to page boundary + UINTN MapPagesEnd; // MapEnd rounded up to page boundary + UINTN MapPagesSize; // difference between MapPagesStart and MapPagesEnd + + if (!FeaturePcdGet (PcdSmmSmramRequire)) { + return RETURN_UNSUPPORTED; + } + + MapStart =3D SMM_DEFAULT_SMBASE + SMRAM_SAVE_STATE_MAP_OFFSET; + MapEnd =3D MapStart + sizeof (QEMU_SMRAM_SAVE_STATE_MAP); + MapPagesStart =3D MapStart & ~(UINTN)EFI_PAGE_MASK; + MapPagesEnd =3D ALIGN_VALUE (MapEnd, EFI_PAGE_SIZE); + MapPagesSize =3D MapPagesEnd - MapPagesStart; + + ASSERT ((MapPagesSize & EFI_PAGE_MASK) =3D=3D 0); + + *BaseAddress =3D MapPagesStart; + *NumberOfPages =3D MapPagesSize >> EFI_PAGE_SHIFT; + + return RETURN_SUCCESS; +} --=20 2.14.1.3.gb7cf6e02401b _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel