[edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages

Fri, 08 Mar 2024 07:32:18 -0800 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654

The PVALIDATE instruction is used to change the SNP validation of a page,
but that can only be done when running at VMPL0. To prepare for running at
a less priviledged VMPL, use the AmdSvsmLib library API to perform the
PVALIDATE. The AmdSvsmLib library will perform the proper operation on
behalf of the caller.

Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Laszlo Ersek <ler...@redhat.com>
Cc: Michael Roth <michael.r...@amd.com>
Cc: Min Xu <min.m...@intel.com>
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf          |  3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf          |  3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf          |  3 +-
 OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 74 
+-------------------
 4 files changed, 9 insertions(+), 74 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf 
b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index cc24961c9265..312ee73e5474 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Library provides the helper functions for SEV guest
 #
-# Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -52,6 +52,7 @@ [LibraryClasses]
   MemoryAllocationLib
   PcdLib
   CcExitLib
+  AmdSvsmLib
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf 
b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 8f56783da55e..1e0b5600eb1d 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Library provides the helper functions for SEV guest
 #
-# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -52,6 +52,7 @@ [LibraryClasses]
   MemoryAllocationLib
   PcdLib
   CcExitLib
+  AmdSvsmLib
 
 [FeaturePcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf 
b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
index b6d76e7e630f..a06ea6188eab 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
@@ -1,7 +1,7 @@
 ## @file
 #  Library provides the helper functions for SEV guest
 #
-# Copyright (c) 2020 Advanced Micro Devices. All rights reserved.<BR>
+# Copyright (c) 2020 - 2024, Advanced Micro Devices. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -49,6 +49,7 @@ [LibraryClasses]
   DebugLib
   PcdLib
   CcExitLib
+  AmdSvsmLib
 
 [FixedPcd]
   gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
diff --git 
a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c 
b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index f1883239a661..c8c0c4ef0e95 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -14,14 +14,13 @@
 #include <Library/MemEncryptSevLib.h>
 #include <Library/DebugLib.h>
 #include <Library/CcExitLib.h>
+#include <Library/AmdSvsmLib.h>
 
 #include <Register/Amd/Ghcb.h>
 #include <Register/Amd/Msr.h>
 
 #include "SnpPageStateChange.h"
 
-#define PAGES_PER_LARGE_ENTRY  512
-
 STATIC
 UINTN
 MemoryStateToGhcbOp (
@@ -63,73 +62,6 @@ SnpPageStateFailureTerminate (
   CpuDeadLoop ();
 }
 
-/**
- This function issues the PVALIDATE instruction to validate or invalidate the 
memory
- range specified. If PVALIDATE returns size mismatch then it retry validating 
with
- smaller page size.
-
- */
-STATIC
-VOID
-PvalidateRange (
-  IN  SNP_PAGE_STATE_CHANGE_INFO  *Info
-  )
-{
-  UINTN                 RmpPageSize;
-  UINTN                 StartIndex;
-  UINTN                 EndIndex;
-  UINTN                 Index;
-  UINTN                 Ret;
-  EFI_PHYSICAL_ADDRESS  Address;
-  BOOLEAN               Validate;
-
-  StartIndex = Info->Header.CurrentEntry;
-  EndIndex   = Info->Header.EndEntry;
-
-  for ( ; StartIndex <= EndIndex; StartIndex++) {
-    //
-    // Get the address and the page size from the Info.
-    //
-    Address     = 
((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFrameNumber) << 
EFI_PAGE_SHIFT;
-    RmpPageSize = Info->Entry[StartIndex].PageSize;
-    Validate    = Info->Entry[StartIndex].Operation == SNP_PAGE_STATE_PRIVATE;
-
-    Ret = AsmPvalidate (RmpPageSize, Validate, Address);
-
-    //
-    // If we fail to validate due to size mismatch then try with the
-    // smaller page size. This senario will occur if the backing page in
-    // the RMP entry is 4K and we are validating it as a 2MB.
-    //
-    if ((Ret == PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize == 
PvalidatePageSize2MB)) {
-      for (Index = 0; Index < PAGES_PER_LARGE_ENTRY; Index++) {
-        Ret = AsmPvalidate (PvalidatePageSize4K, Validate, Address);
-        if (Ret) {
-          break;
-        }
-
-        Address = Address + EFI_PAGE_SIZE;
-      }
-    }
-
-    //
-    // If validation failed then do not continue.
-    //
-    if (Ret) {
-      DEBUG ((
-        DEBUG_ERROR,
-        "%a:%a: Failed to %a address 0x%Lx Error code %d\n",
-        gEfiCallerBaseName,
-        __func__,
-        Validate ? "Validate" : "Invalidate",
-        Address,
-        Ret
-        ));
-      SnpPageStateFailureTerminate ();
-    }
-  }
-}
-
 STATIC
 EFI_PHYSICAL_ADDRESS
 BuildPageStateBuffer (
@@ -328,7 +260,7 @@ InternalSetPageState (
     // invalidate the pages before making the page shared in the RMP table.
     //
     if (State == SevSnpPageShared) {
-      PvalidateRange (Info);
+      AmdSvsmSnpPvalidate (Info);
     }
 
     //
@@ -341,7 +273,7 @@ InternalSetPageState (
     // validate the pages after it has been added in the RMP table.
     //
     if (State == SevSnpPagePrivate) {
-      PvalidateRange (Info);
+      AmdSvsmSnpPvalidate (Info);
     }
   }
 }
-- 
2.43.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116542): https://edk2.groups.io/g/devel/message/116542
Mute This Topic: https://groups.io/mt/104810729/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to