From b7b88720312be7daa5a7d955f7b5816a41e87485 Mon Sep 17 00:00:00 2001 From: Brijesh Singh Date: Thu, 9 Dec 2021 11:27:57 +0800 Subject: [PATCH] OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address The SetMemoryEncDec() is used by the higher level routines to set or clear the page encryption mask for system RAM and Mmio address. When SEV-SNP is active, in addition to set/clear page mask it also updates the RMP table. The RMP table updates are required for the system RAM address and not the Mmio address. Add a new parameter in SetMemoryEncDec() to tell whether the specified address is Mmio. If its Mmio then skip the page state change in the RMP table. Cc: Michael Roth Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Acked-by: Jiewen Yao Signed-off-by: Brijesh Singh --- .../X64/PeiDxeVirtualMemory.c | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index 814f814035..b9c0a5b25a 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -671,6 +671,7 @@ Done: @param[in] Mode Set or Clear mode @param[in] CacheFlush Flush the caches before applying the encryption mask + @param[in] Mmio The physical address specified is Mmio @retval RETURN_SUCCESS The attributes were cleared for the memory region. @@ -686,7 +687,8 @@ SetMemoryEncDec ( IN PHYSICAL_ADDRESS PhysicalAddress, IN UINTN Length, IN MAP_RANGE_MODE Mode, - IN BOOLEAN CacheFlush + IN BOOLEAN CacheFlush, + IN BOOLEAN Mmio ) { PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; @@ -709,14 +711,15 @@ SetMemoryEncDec ( DEBUG (( DEBUG_VERBOSE, - "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u\n", + "%a:%a: Cr3Base=0x%Lx Physical=0x%Lx Length=0x%Lx Mode=%a CacheFlush=%u Mmio=%u\n", gEfiCallerBaseName, __FUNCTION__, Cr3BaseAddress, PhysicalAddress, (UINT64)Length, (Mode == SetCBit) ? "Encrypt" : "Decrypt", - (UINT32)CacheFlush + (UINT32)CacheFlush, + (UINT32)Mmio )); // @@ -758,7 +761,7 @@ SetMemoryEncDec ( // // The InternalSetPageState() is used for setting the page state in the RMP table. // - if ((Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) { + if (!Mmio && (Mode == ClearCBit) && MemEncryptSevSnpIsEnabled ()) { InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), SevSnpPageShared, FALSE); } @@ -996,7 +999,8 @@ InternalMemEncryptSevSetMemoryDecrypted ( PhysicalAddress, Length, ClearCBit, - TRUE + TRUE, + FALSE ); } @@ -1029,7 +1033,8 @@ InternalMemEncryptSevSetMemoryEncrypted ( PhysicalAddress, Length, SetCBit, - TRUE + TRUE, + FALSE ); } @@ -1062,6 +1067,7 @@ InternalMemEncryptSevClearMmioPageEncMask ( PhysicalAddress, Length, ClearCBit, - FALSE + FALSE, + TRUE ); }