[edk2-devel] [PATCH 2/2] IntelVTdPmrPei: Fix PMR enabling setting confilct

Sheng Wei Wed, 29 Jul 2020 03:01:25 -0700

PMR enabling set by pre-boot DMA protection is cleared by RC
when boot guard is enabled. Pre-boot DMA protection should only
reset VT-d BAR when it is 0 and reset PMR region when it is
not programmed to protect all memory address.


REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2867

Cc: Ray Ni <ray...@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaga...@intel.com>
Signed-off-by: Sheng Wei <w.sh...@intel.com>
---
 .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c    | 14 ++++++
 .../Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h    | 15 +++++++
 .../Feature/VTd/IntelVTdPmrPei/VtdReg.c            | 50 ++++++++++++++++++++++
 3 files changed, 79 insertions(+)

diff --git 
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c 
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
index ea944aa40c..31a14f2852 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.c
@@ -745,7 +745,21 @@ VTdInfoNotify (
     // Protect all system memory
     //
     InitVTdInfo ();
+
+    Hob = GetFirstGuidHob (&mVTdInfoGuid);
+    VTdInfo = GET_GUID_HOB_DATA(Hob);
+
+    //
+    // NOTE: We need check if PMR is enabled or not.
+    //
+    EnabledEngineMask = GetDmaProtectionEnabledEngineMask (VTdInfo, 
VTdInfo->EngineMask);
+    if (EnabledEngineMask != 0) {
+      Status = PreMemoryEnableVTdTranslationProtection (VTdInfo, 
EnabledEngineMask);
+    }
     InitVTdPmrForAll ();
+    if (((EnabledEngineMask != 0) && (!EFI_ERROR (Status)))) {
+      DisableVTdTranslationProtection (VTdInfo, EnabledEngineMask);
+    }
 
     //
     // Install PPI.
diff --git 
a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h 
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
index 58e6afad08..ffed2c5b6c 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/IntelVTdPmrPei.h
@@ -97,6 +97,21 @@ GetHighMemoryAlignment (
   IN UINT64        EngineMask
   );
 
+/**
+  Enable VTd translation table protection in pre-memory phase.
+
+  @param VTdInfo            The VTd engine context information.
+  @param EngineMask         The mask of the VTd engine to be accessed.
+
+  @retval EFI_SUCCESS       DMAR translation protection is enabled.
+  @retval EFI_UNSUPPORTED   Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+  IN VTD_INFO      *VTdInfo,
+  IN UINT64        EngineMask
+  );
+
 /**
   Enable VTd translation table protection.
 
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c 
b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
index c9669426aa..e4b027ac57 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/VTd/IntelVTdPmrPei/VtdReg.c
@@ -13,11 +13,16 @@
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/CacheMaintenanceLib.h>
+#include <Library/PeiServicesLib.h>
 #include <IndustryStandard/Vtd.h>
 #include <Ppi/VtdInfo.h>
 
 #include "IntelVTdPmrPei.h"
 
+EFI_GUID gVTdNullRootEntryTableGuid = {
+  0x3de0593f, 0x6e3e, 0x4542, { 0xa1, 0xcb, 0xcb, 0xb2, 0xdb, 0xeb, 0xd8, 0xff 
}
+};
+
 /**
   Flush VTD page table and context table memory.
 
@@ -246,6 +251,51 @@ DisableDmar (
   return EFI_SUCCESS;
 }
 
+/**
+  Enable VTd translation table protection in pre-memory phase.
+
+  @param VTdInfo            The VTd engine context information.
+  @param EngineMask         The mask of the VTd engine to be accessed.
+
+  @retval EFI_SUCCESS       DMAR translation protection is enabled.
+  @retval EFI_UNSUPPORTED   Null Root Entry Table is not supported.
+**/
+EFI_STATUS
+PreMemoryEnableVTdTranslationProtection (
+  IN VTD_INFO      *VTdInfo,
+  IN UINT64        EngineMask
+  )
+{
+  EFI_STATUS                  Status;
+  UINTN                       Index;
+  UINT64                      *RootEntryTable;
+
+  DEBUG ((DEBUG_INFO, "PreMemoryEnableVTdTranslationProtection - 0x%lx\n", 
EngineMask));
+
+  Status = PeiServicesLocatePpi (
+                 &gVTdNullRootEntryTableGuid,
+                 0,
+                 NULL,
+                 (VOID **)&RootEntryTable
+                 );
+
+  if (EFI_ERROR(Status)) {
+    DEBUG((DEBUG_ERROR, "Locate NullRootEntryTable Ppi : %r\n", Status));
+    return EFI_UNSUPPORTED;
+  }
+
+  DEBUG ((DEBUG_INFO, "NullRootEntryTable - 0x%lx\n", *RootEntryTable));
+
+  for (Index = 0; Index < VTdInfo->VTdEngineCount; Index++) {
+    if ((EngineMask & LShiftU64(1, Index)) == 0) {
+      continue;
+    }
+    EnableDmar ((UINTN)VTdInfo->VTdEngineAddress[Index], 
(UINTN)*RootEntryTable);
+  }
+
+  return EFI_SUCCESS;
+}
+
 /**
   Enable VTd translation table protection.
 
-- 
2.16.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#63442): https://edk2.groups.io/g/devel/message/63442
Mute This Topic: https://groups.io/mt/75861788/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 2/2] IntelVTdPmrPei: Fix PMR enabling setting confilct

Reply via email to