8f8a38d6e0
The live migration of Hygon CSV1/2/3 guest depends on the KVM
hypercall KVM_HC_MAP_GPA_RANGE, add code to sync page enc/dec
status to KVM.
The MMIO routine of VC handler will get memory encrypt status to
validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
interrupt while interrupt must be disabled during VC. During DXE
stage, VC routine as below:
CcExitHandleVc
-> MemEncryptSevGetAddressRangeState
-> MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)
Signed-off-by: hanliyang <hanliyang@hygon.cn>
160 lines
6.5 KiB
Diff
160 lines
6.5 KiB
Diff
From d9edefe3936aecbb9640a390cd990f1771e0dac2 Mon Sep 17 00:00:00 2001
|
|
From: Xin Jiang <jiangxin@hygon.cn>
|
|
Date: Wed, 10 Jan 2024 17:34:57 +0800
|
|
Subject: [PATCH 9/9] OvmfPkg/BaseMemEncryptLib: Save memory encrypt status in
|
|
reserved memory
|
|
|
|
The MMIO routine of VC handler will get memory encrypt status to
|
|
validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
|
|
interrupt while interrupt must be disabled during VC.
|
|
|
|
During DXE stage, VC routine as below:
|
|
CcExitHandleVc->MemEncryptSevGetAddressRangeState->
|
|
MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)
|
|
|
|
Unfortunately, PcdGet64() will enable interrupt in VC context.
|
|
|
|
Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
|
|
---
|
|
OvmfPkg/AmdSev/AmdSevX64.fdf | 5 ++++-
|
|
.../Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 4 ++++
|
|
.../BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 9 ++-------
|
|
OvmfPkg/OvmfPkg.dec | 4 ++++
|
|
OvmfPkg/OvmfPkgX64.fdf | 5 ++++-
|
|
OvmfPkg/PlatformPei/AmdSev.c | 2 ++
|
|
OvmfPkg/PlatformPei/Csv.c | 6 ++++++
|
|
OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
|
|
8 files changed, 28 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
index 714ab004..b0d9033f 100644
|
|
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
@@ -80,7 +80,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
|
|
0x012000|0x001000
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
|
|
|
|
-0x013000|0x00D000
|
|
+0x013000|0x001000
|
|
+gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
|
|
+
|
|
+0x014000|0x00C000
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
|
|
|
|
0x020000|0x0E0000
|
|
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
|
|
index 4d32fae6..6f2f69d0 100644
|
|
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
|
|
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
|
|
@@ -61,3 +61,7 @@
|
|
[Pcd]
|
|
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
|
|
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
|
|
+
|
|
+[FixedPcd]
|
|
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
|
|
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
|
|
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
|
|
index d80ebe2f..a9d43237 100644
|
|
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
|
|
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
|
|
@@ -22,8 +22,6 @@
|
|
|
|
STATIC UINT64 mCurrentAttr = 0;
|
|
STATIC BOOLEAN mCurrentAttrRead = FALSE;
|
|
-STATIC UINT64 mSevEncryptionMask = 0;
|
|
-STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
|
|
STATIC BOOLEAN mSevLiveMigrationStatus = FALSE;
|
|
STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE;
|
|
|
|
@@ -193,10 +191,7 @@ MemEncryptSevGetEncryptionMask (
|
|
VOID
|
|
)
|
|
{
|
|
- if (!mSevEncryptionMaskSaved) {
|
|
- mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
|
|
- mSevEncryptionMaskSaved = TRUE;
|
|
- }
|
|
+ UINT64 *MemEncryptStatus = (UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase);
|
|
|
|
- return mSevEncryptionMask;
|
|
+ return *MemEncryptStatus;
|
|
}
|
|
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
|
|
index d50b1ae3..a6016d58 100644
|
|
--- a/OvmfPkg/OvmfPkg.dec
|
|
+++ b/OvmfPkg/OvmfPkg.dec
|
|
@@ -443,6 +443,10 @@
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|0|UINT32|0x72
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize|0|UINT32|0x73
|
|
|
|
+ ## the base address of memory encryption status.
|
|
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|0|UINT32|0x74
|
|
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize|0|UINT32|0x75
|
|
+
|
|
[PcdsDynamic, PcdsDynamicEx]
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
|
|
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
|
index b1cf0d99..a34b9f57 100644
|
|
--- a/OvmfPkg/OvmfPkgX64.fdf
|
|
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
|
@@ -100,7 +100,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
|
|
0x011000|0x001000
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
|
|
|
|
-0x012000|0x00E000
|
|
+0x012000|0x001000
|
|
+gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
|
|
+
|
|
+0x013000|0x00D000
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
|
|
|
|
0x020000|0x0E0000
|
|
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
|
|
index 553e841e..7c4ef899 100644
|
|
--- a/OvmfPkg/PlatformPei/AmdSev.c
|
|
+++ b/OvmfPkg/PlatformPei/AmdSev.c
|
|
@@ -379,6 +379,8 @@ AmdSevInitialize (
|
|
PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);
|
|
ASSERT_RETURN_ERROR (PcdStatus);
|
|
|
|
+ *(UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase) = EncryptionMask;
|
|
+
|
|
DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
|
|
|
|
//
|
|
diff --git a/OvmfPkg/PlatformPei/Csv.c b/OvmfPkg/PlatformPei/Csv.c
|
|
index a52112d5..fe8c059b 100644
|
|
--- a/OvmfPkg/PlatformPei/Csv.c
|
|
+++ b/OvmfPkg/PlatformPei/Csv.c
|
|
@@ -33,6 +33,12 @@ CsvInitializeMemInfo (
|
|
UINT64 LowerMemorySize;
|
|
UINT64 UpperMemorySize;
|
|
|
|
+ BuildMemoryAllocationHob (
|
|
+ (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusBase),
|
|
+ (UINT64)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusSize),
|
|
+ EfiReservedMemoryType
|
|
+ );
|
|
+
|
|
if (!CsvIsEnabled ()) {
|
|
return ;
|
|
}
|
|
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
|
|
index 07de179f..c2d503fa 100644
|
|
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
|
|
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
|
|
@@ -137,6 +137,8 @@
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallSize
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
|
|
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
|
|
+ gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
|
|
|
|
[FeaturePcd]
|
|
gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable
|
|
--
|
|
2.25.1
|
|
|