Skip to content

Commit

Permalink
OvmfPkg: IommuDxe: Provide support for mapping BusMasterCommonBuffer …
Browse files Browse the repository at this point in the history 
…operation

The current implementation was making assumption that AllocateBuffer()
returns a buffer with C-bit cleared. Hence when we were asked to
Map() with BusMasterCommonBuffer, we do not change the C-bit on
host buffer.

In previous patch, we changed the AllocateBuffer() to not clear
C-bit during allocation. The patch adds support for handling the
BusMasterCommonBuffer operations when SEV is active.

A typical DMA Bus master Common Operation follows the below step:

1. Client calls AllocateBuffer() to allocate a common buffer
2. Client fill some data in common buffer (optional)
3. Client calls Map() with BusMasterCommonBuffer
4. Programs the DMA bus master with the device address returned by Map()
5. The common buffer can now be accessed equally by the processor and
   the DMA bus master.
6. Client calls Unmap()
7. Client calls FreeBuffer()

In order to handle steps tianocore#2 (in which common buffer may contain
data), we perform in-place encryption to ensure that device
address returned by the Map() contains the correct data after
we clear the C-bit during Map().

In my measurement I do not see any noticable perform degradation when
performing in-place encryption/decryption on common buffer.

Suggested-by: Laszlo Ersek <[email protected]>
Contributed-under: TianoCore Contribution Agreement 1.0
Cc: Laszlo Ersek <[email protected]>
Cc: Jordan Justen <[email protected]>
Signed-off-by: Brijesh Singh <[email protected]>
  • Loading branch information
@codomania
codomania committed Jul 31, 2017
1 parent c54a3ca commit 0d5c31d
Showing 1 changed file with 158 additions and 24 deletions.
182 changes: 158 additions & 24 deletions OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,123 @@ typedef struct {
EFI_PHYSICAL_ADDRESS DeviceAddress;
} MAP_INFO;

#define NO_MAPPING (VOID *) (UINTN) -1
/**
The function is used for mapping and unmapping the Host buffer with
BusMasterCommonBuffer. Since the buffer can be accessed equally by the
processor and the DMA bus master hence we can not use the bounce buffer.
The function changes the underlying encryption mask of the pages that maps the
host buffer. It also ensures that buffer contents are updated with the desired
state.
**/
STATIC
EFI_STATUS
SetBufferAsEncDec (
IN MAP_INFO *MapInfo,
IN BOOLEAN Enc
)
{
EFI_STATUS Status;
EFI_PHYSICAL_ADDRESS TempBuffer;

//
// Allocate an intermediate buffer to hold the host buffer contents
//
Status = gBS->AllocatePages (
AllocateAnyPages,
EfiBootServicesData,
MapInfo->NumberOfPages,
&TempBuffer
);
if (EFI_ERROR (Status)) {
return Status;
}

//
// If the host buffer has C-bit cleared, then make sure the intermediate
// buffer matches with same encryption mask.
//
if (!Enc) {
Status = MemEncryptSevClearPageEncMask (0, TempBuffer, MapInfo->NumberOfPages, TRUE);
ASSERT_EFI_ERROR (Status);
}

//
// Copy the data from host buffer into a temporary buffer. At this
// time both host and intermediate buffer will have same encryption
// mask.
//
CopyMem (
(VOID *) (UINTN) TempBuffer,
(VOID *) (UINTN) MapInfo->HostAddress,
MapInfo->NumberOfBytes);

//
// Now change the encryption mask of the host buffer
//
if (Enc) {
Status = MemEncryptSevSetPageEncMask (0, MapInfo->HostAddress,
MapInfo->NumberOfPages, TRUE);
ASSERT_EFI_ERROR (Status);
} else {
Status = MemEncryptSevClearPageEncMask (0, MapInfo->HostAddress,
MapInfo->NumberOfPages, TRUE);
ASSERT_EFI_ERROR (Status);
}

//
// Copy the data from intermediate buffer into host buffer. At this
// time encryption masks will be different on host and intermediate
// buffer and the hardware will perform encryption/decryption on
// accesses.
//
CopyMem (
(VOID *) (UINTN)MapInfo->HostAddress,
(VOID *) (UINTN)TempBuffer,
MapInfo->NumberOfBytes);

//
// Restore the encryption mask of the intermediate buffer
//
Status = MemEncryptSevSetPageEncMask (0, TempBuffer, MapInfo->NumberOfPages, TRUE);
ASSERT_EFI_ERROR (Status);

//
// Free the intermediate buffer
//
gBS->FreePages (TempBuffer, MapInfo->NumberOfPages);
return EFI_SUCCESS;
}

/**
This function will be called by Map() when mapping the buffer buffer to
BusMasterCommonBuffer type.
**/
STATIC
EFI_STATUS
SetHostBufferAsEncrypted (
IN MAP_INFO *MapInfo
)
{
return SetBufferAsEncDec (MapInfo, TRUE);
}

/**
This function will be called by Unmap() when unmapping host buffer
from the BusMasterCommonBuffer type.
**/
STATIC
EFI_STATUS
SetHostBufferAsDecrypted (
IN MAP_INFO *MapInfo
)
{
return SetBufferAsEncDec (MapInfo, FALSE);
}

/**
Provides the controller-specific addresses required to access system memory from a
Expand Down Expand Up @@ -112,18 +228,6 @@ IoMmuMap (
}
}

//
// CommandBuffer was allocated by us (AllocateBuffer) and is already in
// unencryted buffer so no need to create bounce buffer
//
if (Operation == EdkiiIoMmuOperationBusMasterCommonBuffer ||
Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64) {
*Mapping = NO_MAPPING;
*DeviceAddress = PhysicalAddress;

return EFI_SUCCESS;
}

//
// Allocate a MAP_INFO structure to remember the mapping when Unmap() is
// called later.
Expand All @@ -143,6 +247,25 @@ IoMmuMap (
MapInfo->HostAddress = PhysicalAddress;
MapInfo->DeviceAddress = DmaMemoryTop;

//
// If the requested Map() operation is BusMasterCommandBuffer then map
// using internal function otherwise allocate a bounce buffer to map
// the host buffer to device buffer
//
if (Operation == EdkiiIoMmuOperationBusMasterCommonBuffer ||
Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64) {

Status = SetHostBufferAsDecrypted (MapInfo);
if (EFI_ERROR (Status)) {
FreePool (MapInfo);
*NumberOfBytes = 0;
return Status;
}

MapInfo->DeviceAddress = MapInfo->HostAddress;
goto Done;
}

//
// Allocate a buffer to map the transfer to.
//
Expand Down Expand Up @@ -178,6 +301,7 @@ IoMmuMap (
);
}

Done:
//
// The DeviceAddress is the address of the maped buffer below 4GB
//
Expand Down Expand Up @@ -219,16 +343,23 @@ IoMmuUnmap (
return EFI_INVALID_PARAMETER;
}

MapInfo = (MAP_INFO *)Mapping;

//
// See if the Map() operation associated with this Unmap() required a mapping
// buffer. If a mapping buffer was not required, then this function simply
// buffer. If a mapping buffer was not required, then this function simply
// If this is a CommonBuffer operation from the Bus Master's point of
// view then Map() have cleared the memory encryption mask from Host
// buffer. Lets restore the memory encryption mask before returning
//
if (Mapping == NO_MAPPING) {
return EFI_SUCCESS;
}
if (MapInfo->Operation == EdkiiIoMmuOperationBusMasterCommonBuffer ||
MapInfo->Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64) {

MapInfo = (MAP_INFO *)Mapping;
Status = SetHostBufferAsEncrypted (MapInfo);
if (EFI_ERROR (Status)) {
return Status;
}

goto Done;
}

//
// If this is a write operation from the Bus Master's point of view,
Expand All @@ -244,19 +375,22 @@ IoMmuUnmap (
);
}

DEBUG ((DEBUG_VERBOSE, "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n",
__FUNCTION__, MapInfo->DeviceAddress, MapInfo->HostAddress,
MapInfo->NumberOfPages, MapInfo->NumberOfBytes));
//
// Restore the memory encryption mask
//
Status = MemEncryptSevSetPageEncMask (0, MapInfo->DeviceAddress, MapInfo->NumberOfPages, TRUE);
ASSERT_EFI_ERROR(Status);

//
// Free the mapped buffer and the MAP_INFO structure.
// Free the bounce buffer
//
gBS->FreePages (MapInfo->DeviceAddress, MapInfo->NumberOfPages);

Done:
DEBUG ((DEBUG_VERBOSE, "%a Device 0x%Lx Host 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n",
__FUNCTION__, MapInfo->DeviceAddress, MapInfo->HostAddress,
MapInfo->NumberOfPages, MapInfo->NumberOfBytes));

FreePool (Mapping);
return EFI_SUCCESS;
}
Expand Down

0 comments on commit 0d5c31d

Please sign in to comment.