]>
Commit | Line | Data |
---|---|---|
f9d129e6 BS |
1 | /** @file\r |
2 | \r | |
812568fb LE |
3 | The protocol provides support to allocate, free, map and umap a DMA buffer\r |
4 | for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operations\r | |
5 | must be performed on unencrypted buffer hence we use a bounce buffer to map\r | |
6 | the guest buffer into an unencrypted DMA buffer.\r | |
f9d129e6 BS |
7 | \r |
8 | Copyright (c) 2017, AMD Inc. All rights reserved.<BR>\r | |
9 | Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>\r | |
10 | \r | |
11 | This program and the accompanying materials are licensed and made available\r | |
12 | under the terms and conditions of the BSD License which accompanies this\r | |
13 | distribution. The full text of the license may be found at\r | |
14 | http://opensource.org/licenses/bsd-license.php\r | |
15 | \r | |
16 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
17 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
18 | \r | |
19 | **/\r | |
20 | \r | |
21 | #include "AmdSevIoMmu.h"\r | |
22 | \r | |
d0c9afea LE |
23 | #define MAP_INFO_SIG SIGNATURE_64 ('M', 'A', 'P', '_', 'I', 'N', 'F', 'O')\r |
24 | \r | |
f9d129e6 | 25 | typedef struct {\r |
d0c9afea LE |
26 | UINT64 Signature;\r |
27 | LIST_ENTRY Link;\r | |
f9d129e6 BS |
28 | EDKII_IOMMU_OPERATION Operation;\r |
29 | UINTN NumberOfBytes;\r | |
30 | UINTN NumberOfPages;\r | |
c7ef2ed2 | 31 | EFI_PHYSICAL_ADDRESS CryptedAddress;\r |
dc194ce3 | 32 | EFI_PHYSICAL_ADDRESS PlainTextAddress;\r |
f9d129e6 BS |
33 | } MAP_INFO;\r |
34 | \r | |
d0c9afea | 35 | //\r |
9ed745b9 LE |
36 | // List of the MAP_INFO structures that have been set up by IoMmuMap() and not\r |
37 | // yet torn down by IoMmuUnmap(). The list represents the full set of mappings\r | |
38 | // currently in effect.\r | |
d0c9afea | 39 | //\r |
9ed745b9 | 40 | STATIC LIST_ENTRY mMapInfos = INITIALIZE_LIST_HEAD_VARIABLE (mMapInfos);\r |
d0c9afea | 41 | \r |
58e68140 LE |
42 | #define COMMON_BUFFER_SIG SIGNATURE_64 ('C', 'M', 'N', 'B', 'U', 'F', 'F', 'R')\r |
43 | \r | |
2ad6ba80 LE |
44 | //\r |
45 | // ASCII names for EDKII_IOMMU_OPERATION constants, for debug logging.\r | |
46 | //\r | |
47 | STATIC CONST CHAR8 * CONST\r | |
48 | mBusMasterOperationName[EdkiiIoMmuOperationMaximum] = {\r | |
49 | "Read",\r | |
50 | "Write",\r | |
51 | "CommonBuffer",\r | |
52 | "Read64",\r | |
53 | "Write64",\r | |
54 | "CommonBuffer64"\r | |
55 | };\r | |
56 | \r | |
58e68140 LE |
57 | //\r |
58 | // The following structure enables Map() and Unmap() to perform in-place\r | |
59 | // decryption and encryption, respectively, for BusMasterCommonBuffer[64]\r | |
60 | // operations, without dynamic memory allocation or release.\r | |
61 | //\r | |
62 | // Both COMMON_BUFFER_HEADER and COMMON_BUFFER_HEADER.StashBuffer are allocated\r | |
63 | // by AllocateBuffer() and released by FreeBuffer().\r | |
64 | //\r | |
65 | #pragma pack (1)\r | |
66 | typedef struct {\r | |
67 | UINT64 Signature;\r | |
68 | \r | |
69 | //\r | |
70 | // Always allocated from EfiBootServicesData type memory, and always\r | |
71 | // encrypted.\r | |
72 | //\r | |
73 | VOID *StashBuffer;\r | |
74 | \r | |
75 | //\r | |
76 | // Followed by the actual common buffer, starting at the next page.\r | |
77 | //\r | |
78 | } COMMON_BUFFER_HEADER;\r | |
79 | #pragma pack ()\r | |
f9d129e6 BS |
80 | \r |
81 | /**\r | |
812568fb LE |
82 | Provides the controller-specific addresses required to access system memory\r |
83 | from a DMA bus master. On SEV guest, the DMA operations must be performed on\r | |
84 | shared buffer hence we allocate a bounce buffer to map the HostAddress to a\r | |
85 | DeviceAddress. The Encryption attribute is removed from the DeviceAddress\r | |
86 | buffer.\r | |
f9d129e6 BS |
87 | \r |
88 | @param This The protocol instance pointer.\r | |
89 | @param Operation Indicates if the bus master is going to read or\r | |
90 | write to system memory.\r | |
812568fb LE |
91 | @param HostAddress The system memory address to map to the PCI\r |
92 | controller.\r | |
f9d129e6 | 93 | @param NumberOfBytes On input the number of bytes to map. On output\r |
812568fb LE |
94 | the number of bytes that were mapped.\r |
95 | @param DeviceAddress The resulting map address for the bus master\r | |
96 | PCI controller to use to access the hosts\r | |
97 | HostAddress.\r | |
f9d129e6 BS |
98 | @param Mapping A resulting value to pass to Unmap().\r |
99 | \r | |
812568fb LE |
100 | @retval EFI_SUCCESS The range was mapped for the returned\r |
101 | NumberOfBytes.\r | |
102 | @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a common\r | |
103 | buffer.\r | |
f9d129e6 | 104 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r |
812568fb LE |
105 | @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a\r |
106 | lack of resources.\r | |
107 | @retval EFI_DEVICE_ERROR The system hardware could not map the requested\r | |
108 | address.\r | |
f9d129e6 BS |
109 | \r |
110 | **/\r | |
111 | EFI_STATUS\r | |
112 | EFIAPI\r | |
113 | IoMmuMap (\r | |
114 | IN EDKII_IOMMU_PROTOCOL *This,\r | |
115 | IN EDKII_IOMMU_OPERATION Operation,\r | |
116 | IN VOID *HostAddress,\r | |
117 | IN OUT UINTN *NumberOfBytes,\r | |
118 | OUT EFI_PHYSICAL_ADDRESS *DeviceAddress,\r | |
119 | OUT VOID **Mapping\r | |
120 | )\r | |
121 | {\r | |
122 | EFI_STATUS Status;\r | |
f9d129e6 | 123 | MAP_INFO *MapInfo;\r |
f9d129e6 | 124 | EFI_ALLOCATE_TYPE AllocateType;\r |
58e68140 LE |
125 | COMMON_BUFFER_HEADER *CommonBufferHeader;\r |
126 | VOID *DecryptionSource;\r | |
f9d129e6 | 127 | \r |
2ad6ba80 LE |
128 | DEBUG ((\r |
129 | DEBUG_VERBOSE,\r | |
130 | "%a: Operation=%a Host=0x%p Bytes=0x%Lx\n",\r | |
131 | __FUNCTION__,\r | |
132 | ((Operation >= 0 &&\r | |
133 | Operation < ARRAY_SIZE (mBusMasterOperationName)) ?\r | |
134 | mBusMasterOperationName[Operation] :\r | |
135 | "Invalid"),\r | |
136 | HostAddress,\r | |
137 | (UINT64)((NumberOfBytes == NULL) ? 0 : *NumberOfBytes)\r | |
138 | ));\r | |
139 | \r | |
f9d129e6 BS |
140 | if (HostAddress == NULL || NumberOfBytes == NULL || DeviceAddress == NULL ||\r |
141 | Mapping == NULL) {\r | |
142 | return EFI_INVALID_PARAMETER;\r | |
143 | }\r | |
144 | \r | |
f9d129e6 BS |
145 | //\r |
146 | // Allocate a MAP_INFO structure to remember the mapping when Unmap() is\r | |
147 | // called later.\r | |
148 | //\r | |
9ed745b9 LE |
149 | MapInfo = AllocatePool (sizeof (MAP_INFO));\r |
150 | if (MapInfo == NULL) {\r | |
151 | Status = EFI_OUT_OF_RESOURCES;\r | |
152 | goto Failed;\r | |
f9d129e6 BS |
153 | }\r |
154 | \r | |
155 | //\r | |
e130229c | 156 | // Initialize the MAP_INFO structure, except the PlainTextAddress field\r |
f9d129e6 | 157 | //\r |
d0c9afea LE |
158 | ZeroMem (&MapInfo->Link, sizeof MapInfo->Link);\r |
159 | MapInfo->Signature = MAP_INFO_SIG;\r | |
f9d129e6 BS |
160 | MapInfo->Operation = Operation;\r |
161 | MapInfo->NumberOfBytes = *NumberOfBytes;\r | |
162 | MapInfo->NumberOfPages = EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes);\r | |
e130229c | 163 | MapInfo->CryptedAddress = (UINTN)HostAddress;\r |
f9d129e6 BS |
164 | \r |
165 | //\r | |
e130229c | 166 | // In the switch statement below, we point "MapInfo->PlainTextAddress" to the\r |
58e68140 | 167 | // plaintext buffer, according to Operation. We also set "DecryptionSource".\r |
e130229c LE |
168 | //\r |
169 | MapInfo->PlainTextAddress = MAX_ADDRESS;\r | |
170 | AllocateType = AllocateAnyPages;\r | |
58e68140 | 171 | DecryptionSource = (VOID *)(UINTN)MapInfo->CryptedAddress;\r |
e130229c LE |
172 | switch (Operation) {\r |
173 | //\r | |
174 | // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buffer\r | |
175 | // is necessary regardless of whether the original (crypted) buffer crosses\r | |
176 | // the 4GB limit or not -- we have to allocate a separate plaintext buffer.\r | |
177 | // The only variable is whether the plaintext buffer should be under 4GB.\r | |
f9d129e6 | 178 | //\r |
e130229c LE |
179 | case EdkiiIoMmuOperationBusMasterRead:\r |
180 | case EdkiiIoMmuOperationBusMasterWrite:\r | |
181 | MapInfo->PlainTextAddress = BASE_4GB - 1;\r | |
182 | AllocateType = AllocateMaxAddress;\r | |
183 | //\r | |
184 | // fall through\r | |
185 | //\r | |
186 | case EdkiiIoMmuOperationBusMasterRead64:\r | |
187 | case EdkiiIoMmuOperationBusMasterWrite64:\r | |
188 | //\r | |
189 | // Allocate the implicit plaintext bounce buffer.\r | |
190 | //\r | |
191 | Status = gBS->AllocatePages (\r | |
192 | AllocateType,\r | |
193 | EfiBootServicesData,\r | |
194 | MapInfo->NumberOfPages,\r | |
195 | &MapInfo->PlainTextAddress\r | |
196 | );\r | |
197 | if (EFI_ERROR (Status)) {\r | |
198 | goto FreeMapInfo;\r | |
199 | }\r | |
200 | break;\r | |
201 | \r | |
202 | //\r | |
58e68140 LE |
203 | // For BusMasterCommonBuffer[64] operations, a to-be-plaintext buffer and a\r |
204 | // stash buffer (for in-place decryption) have been allocated already, with\r | |
205 | // AllocateBuffer(). We only check whether the address of the to-be-plaintext\r | |
206 | // buffer is low enough for the requested operation.\r | |
e130229c LE |
207 | //\r |
208 | case EdkiiIoMmuOperationBusMasterCommonBuffer:\r | |
209 | if ((MapInfo->CryptedAddress > BASE_4GB) ||\r | |
210 | (EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) >\r | |
211 | BASE_4GB - MapInfo->CryptedAddress)) {\r | |
212 | //\r | |
213 | // CommonBuffer operations cannot be remapped. If the common buffer is\r | |
214 | // above 4GB, then it is not possible to generate a mapping, so return an\r | |
215 | // error.\r | |
216 | //\r | |
217 | Status = EFI_UNSUPPORTED;\r | |
218 | goto FreeMapInfo;\r | |
219 | }\r | |
220 | //\r | |
221 | // fall through\r | |
222 | //\r | |
223 | case EdkiiIoMmuOperationBusMasterCommonBuffer64:\r | |
224 | //\r | |
58e68140 | 225 | // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer().\r |
e130229c LE |
226 | //\r |
227 | MapInfo->PlainTextAddress = MapInfo->CryptedAddress;\r | |
e130229c | 228 | //\r |
58e68140 LE |
229 | // Stash the crypted data.\r |
230 | //\r | |
231 | CommonBufferHeader = (COMMON_BUFFER_HEADER *)(\r | |
232 | (UINTN)MapInfo->CryptedAddress - EFI_PAGE_SIZE\r | |
233 | );\r | |
234 | ASSERT (CommonBufferHeader->Signature == COMMON_BUFFER_SIG);\r | |
235 | CopyMem (\r | |
236 | CommonBufferHeader->StashBuffer,\r | |
237 | (VOID *)(UINTN)MapInfo->CryptedAddress,\r | |
238 | MapInfo->NumberOfBytes\r | |
239 | );\r | |
240 | //\r | |
241 | // Point "DecryptionSource" to the stash buffer so that we decrypt\r | |
242 | // it to the original location, after the switch statement.\r | |
e130229c | 243 | //\r |
58e68140 LE |
244 | DecryptionSource = CommonBufferHeader->StashBuffer;\r |
245 | break;\r | |
e130229c LE |
246 | \r |
247 | default:\r | |
248 | //\r | |
249 | // Operation is invalid\r | |
250 | //\r | |
251 | Status = EFI_INVALID_PARAMETER;\r | |
252 | goto FreeMapInfo;\r | |
f9d129e6 BS |
253 | }\r |
254 | \r | |
255 | //\r | |
e130229c | 256 | // Clear the memory encryption mask on the plaintext buffer.\r |
f9d129e6 | 257 | //\r |
812568fb LE |
258 | Status = MemEncryptSevClearPageEncMask (\r |
259 | 0,\r | |
dc194ce3 | 260 | MapInfo->PlainTextAddress,\r |
812568fb LE |
261 | MapInfo->NumberOfPages,\r |
262 | TRUE\r | |
263 | );\r | |
f1658838 LE |
264 | ASSERT_EFI_ERROR (Status);\r |
265 | if (EFI_ERROR (Status)) {\r | |
266 | CpuDeadLoop ();\r | |
267 | }\r | |
f9d129e6 BS |
268 | \r |
269 | //\r | |
270 | // If this is a read operation from the Bus Master's point of view,\r | |
271 | // then copy the contents of the real buffer into the mapped buffer\r | |
272 | // so the Bus Master can read the contents of the real buffer.\r | |
273 | //\r | |
58e68140 LE |
274 | // For BusMasterCommonBuffer[64] operations, the CopyMem() below will decrypt\r |
275 | // the original data (from the stash buffer) back to the original location.\r | |
276 | //\r | |
f9d129e6 | 277 | if (Operation == EdkiiIoMmuOperationBusMasterRead ||\r |
58e68140 LE |
278 | Operation == EdkiiIoMmuOperationBusMasterRead64 ||\r |
279 | Operation == EdkiiIoMmuOperationBusMasterCommonBuffer ||\r | |
280 | Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64) {\r | |
f9d129e6 | 281 | CopyMem (\r |
dc194ce3 | 282 | (VOID *) (UINTN) MapInfo->PlainTextAddress,\r |
58e68140 | 283 | DecryptionSource,\r |
f9d129e6 BS |
284 | MapInfo->NumberOfBytes\r |
285 | );\r | |
286 | }\r | |
287 | \r | |
9ed745b9 LE |
288 | //\r |
289 | // Track all MAP_INFO structures.\r | |
290 | //\r | |
291 | InsertHeadList (&mMapInfos, &MapInfo->Link);\r | |
f9d129e6 | 292 | //\r |
e130229c | 293 | // Populate output parameters.\r |
f9d129e6 | 294 | //\r |
dc194ce3 | 295 | *DeviceAddress = MapInfo->PlainTextAddress;\r |
f9d129e6 BS |
296 | *Mapping = MapInfo;\r |
297 | \r | |
812568fb LE |
298 | DEBUG ((\r |
299 | DEBUG_VERBOSE,\r | |
2ad6ba80 | 300 | "%a: Mapping=0x%p Device(PlainText)=0x%Lx Crypted=0x%Lx Pages=0x%Lx\n",\r |
812568fb | 301 | __FUNCTION__,\r |
2ad6ba80 | 302 | MapInfo,\r |
dc194ce3 | 303 | MapInfo->PlainTextAddress,\r |
c7ef2ed2 | 304 | MapInfo->CryptedAddress,\r |
2ad6ba80 | 305 | (UINT64)MapInfo->NumberOfPages\r |
812568fb | 306 | ));\r |
f9d129e6 BS |
307 | \r |
308 | return EFI_SUCCESS;\r | |
e130229c LE |
309 | \r |
310 | FreeMapInfo:\r | |
311 | FreePool (MapInfo);\r | |
312 | \r | |
313 | Failed:\r | |
314 | *NumberOfBytes = 0;\r | |
315 | return Status;\r | |
f9d129e6 BS |
316 | }\r |
317 | \r | |
318 | /**\r | |
319 | Completes the Map() operation and releases any corresponding resources.\r | |
320 | \r | |
550acd08 LE |
321 | This is an internal worker function that only extends the Map() API with\r |
322 | the MemoryMapLocked parameter.\r | |
323 | \r | |
f9d129e6 BS |
324 | @param This The protocol instance pointer.\r |
325 | @param Mapping The mapping value returned from Map().\r | |
550acd08 LE |
326 | @param MemoryMapLocked The function is executing on the stack of\r |
327 | gBS->ExitBootServices(); changes to the UEFI\r | |
328 | memory map are forbidden.\r | |
f9d129e6 BS |
329 | \r |
330 | @retval EFI_SUCCESS The range was unmapped.\r | |
812568fb LE |
331 | @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by\r |
332 | Map().\r | |
333 | @retval EFI_DEVICE_ERROR The data was not committed to the target system\r | |
334 | memory.\r | |
f9d129e6 | 335 | **/\r |
550acd08 | 336 | STATIC\r |
f9d129e6 BS |
337 | EFI_STATUS\r |
338 | EFIAPI\r | |
550acd08 | 339 | IoMmuUnmapWorker (\r |
f9d129e6 | 340 | IN EDKII_IOMMU_PROTOCOL *This,\r |
550acd08 LE |
341 | IN VOID *Mapping,\r |
342 | IN BOOLEAN MemoryMapLocked\r | |
f9d129e6 BS |
343 | )\r |
344 | {\r | |
345 | MAP_INFO *MapInfo;\r | |
346 | EFI_STATUS Status;\r | |
58e68140 LE |
347 | COMMON_BUFFER_HEADER *CommonBufferHeader;\r |
348 | VOID *EncryptionTarget;\r | |
f9d129e6 | 349 | \r |
550acd08 LE |
350 | DEBUG ((\r |
351 | DEBUG_VERBOSE,\r | |
352 | "%a: Mapping=0x%p MemoryMapLocked=%d\n",\r | |
353 | __FUNCTION__,\r | |
354 | Mapping,\r | |
355 | MemoryMapLocked\r | |
356 | ));\r | |
a1d6a9dc | 357 | \r |
f9d129e6 BS |
358 | if (Mapping == NULL) {\r |
359 | return EFI_INVALID_PARAMETER;\r | |
360 | }\r | |
361 | \r | |
58e68140 LE |
362 | MapInfo = (MAP_INFO *)Mapping;\r |
363 | \r | |
f9d129e6 | 364 | //\r |
58e68140 | 365 | // set CommonBufferHeader to suppress incorrect compiler/analyzer warnings\r |
f9d129e6 | 366 | //\r |
58e68140 | 367 | CommonBufferHeader = NULL;\r |
f9d129e6 BS |
368 | \r |
369 | //\r | |
58e68140 LE |
370 | // For BusMasterWrite[64] operations and BusMasterCommonBuffer[64] operations\r |
371 | // we have to encrypt the results, ultimately to the original place (i.e.,\r | |
372 | // "MapInfo->CryptedAddress").\r | |
f9d129e6 | 373 | //\r |
58e68140 LE |
374 | // For BusMasterCommonBuffer[64] operations however, this encryption has to\r |
375 | // land in-place, so divert the encryption to the stash buffer first.\r | |
376 | //\r | |
377 | EncryptionTarget = (VOID *)(UINTN)MapInfo->CryptedAddress;\r | |
378 | \r | |
379 | switch (MapInfo->Operation) {\r | |
380 | case EdkiiIoMmuOperationBusMasterCommonBuffer:\r | |
381 | case EdkiiIoMmuOperationBusMasterCommonBuffer64:\r | |
382 | ASSERT (MapInfo->PlainTextAddress == MapInfo->CryptedAddress);\r | |
383 | \r | |
384 | CommonBufferHeader = (COMMON_BUFFER_HEADER *)(\r | |
385 | (UINTN)MapInfo->PlainTextAddress - EFI_PAGE_SIZE\r | |
386 | );\r | |
387 | ASSERT (CommonBufferHeader->Signature == COMMON_BUFFER_SIG);\r | |
388 | EncryptionTarget = CommonBufferHeader->StashBuffer;\r | |
389 | //\r | |
390 | // fall through\r | |
391 | //\r | |
392 | \r | |
393 | case EdkiiIoMmuOperationBusMasterWrite:\r | |
394 | case EdkiiIoMmuOperationBusMasterWrite64:\r | |
f9d129e6 | 395 | CopyMem (\r |
58e68140 | 396 | EncryptionTarget,\r |
dc194ce3 | 397 | (VOID *) (UINTN) MapInfo->PlainTextAddress,\r |
f9d129e6 BS |
398 | MapInfo->NumberOfBytes\r |
399 | );\r | |
58e68140 LE |
400 | break;\r |
401 | \r | |
402 | default:\r | |
403 | //\r | |
404 | // nothing to encrypt after BusMasterRead[64] operations\r | |
405 | //\r | |
406 | break;\r | |
f9d129e6 BS |
407 | }\r |
408 | \r | |
f9d129e6 | 409 | //\r |
58e68140 LE |
410 | // Restore the memory encryption mask on the area we used to hold the\r |
411 | // plaintext.\r | |
f9d129e6 | 412 | //\r |
812568fb LE |
413 | Status = MemEncryptSevSetPageEncMask (\r |
414 | 0,\r | |
dc194ce3 | 415 | MapInfo->PlainTextAddress,\r |
812568fb LE |
416 | MapInfo->NumberOfPages,\r |
417 | TRUE\r | |
418 | );\r | |
f1658838 LE |
419 | ASSERT_EFI_ERROR (Status);\r |
420 | if (EFI_ERROR (Status)) {\r | |
421 | CpuDeadLoop ();\r | |
422 | }\r | |
f9d129e6 BS |
423 | \r |
424 | //\r | |
58e68140 LE |
425 | // For BusMasterCommonBuffer[64] operations, copy the stashed data to the\r |
426 | // original (now encrypted) location.\r | |
427 | //\r | |
428 | // For all other operations, fill the late bounce buffer (which existed as\r | |
550acd08 LE |
429 | // plaintext at some point) with zeros, and then release it (unless the UEFI\r |
430 | // memory map is locked).\r | |
58e68140 LE |
431 | //\r |
432 | if (MapInfo->Operation == EdkiiIoMmuOperationBusMasterCommonBuffer ||\r | |
433 | MapInfo->Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64) {\r | |
434 | CopyMem (\r | |
435 | (VOID *)(UINTN)MapInfo->CryptedAddress,\r | |
436 | CommonBufferHeader->StashBuffer,\r | |
437 | MapInfo->NumberOfBytes\r | |
438 | );\r | |
439 | } else {\r | |
440 | ZeroMem (\r | |
441 | (VOID *)(UINTN)MapInfo->PlainTextAddress,\r | |
442 | EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages)\r | |
443 | );\r | |
550acd08 LE |
444 | if (!MemoryMapLocked) {\r |
445 | gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages);\r | |
446 | }\r | |
58e68140 LE |
447 | }\r |
448 | \r | |
9ed745b9 | 449 | //\r |
550acd08 LE |
450 | // Forget the MAP_INFO structure, then free it (unless the UEFI memory map is\r |
451 | // locked).\r | |
9ed745b9 LE |
452 | //\r |
453 | RemoveEntryList (&MapInfo->Link);\r | |
550acd08 LE |
454 | if (!MemoryMapLocked) {\r |
455 | FreePool (MapInfo);\r | |
456 | }\r | |
9ed745b9 | 457 | \r |
f9d129e6 BS |
458 | return EFI_SUCCESS;\r |
459 | }\r | |
460 | \r | |
550acd08 LE |
461 | /**\r |
462 | Completes the Map() operation and releases any corresponding resources.\r | |
463 | \r | |
464 | @param This The protocol instance pointer.\r | |
465 | @param Mapping The mapping value returned from Map().\r | |
466 | \r | |
467 | @retval EFI_SUCCESS The range was unmapped.\r | |
468 | @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by\r | |
469 | Map().\r | |
470 | @retval EFI_DEVICE_ERROR The data was not committed to the target system\r | |
471 | memory.\r | |
472 | **/\r | |
473 | EFI_STATUS\r | |
474 | EFIAPI\r | |
475 | IoMmuUnmap (\r | |
476 | IN EDKII_IOMMU_PROTOCOL *This,\r | |
477 | IN VOID *Mapping\r | |
478 | )\r | |
479 | {\r | |
480 | return IoMmuUnmapWorker (\r | |
481 | This,\r | |
482 | Mapping,\r | |
483 | FALSE // MemoryMapLocked\r | |
484 | );\r | |
485 | }\r | |
486 | \r | |
f9d129e6 BS |
487 | /**\r |
488 | Allocates pages that are suitable for an OperationBusMasterCommonBuffer or\r | |
489 | OperationBusMasterCommonBuffer64 mapping.\r | |
490 | \r | |
491 | @param This The protocol instance pointer.\r | |
492 | @param Type This parameter is not used and must be ignored.\r | |
812568fb LE |
493 | @param MemoryType The type of memory to allocate,\r |
494 | EfiBootServicesData or EfiRuntimeServicesData.\r | |
f9d129e6 | 495 | @param Pages The number of pages to allocate.\r |
812568fb LE |
496 | @param HostAddress A pointer to store the base system memory\r |
497 | address of the allocated range.\r | |
498 | @param Attributes The requested bit mask of attributes for the\r | |
499 | allocated range.\r | |
f9d129e6 BS |
500 | \r |
501 | @retval EFI_SUCCESS The requested memory pages were allocated.\r | |
812568fb LE |
502 | @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal\r |
503 | attribute bits are MEMORY_WRITE_COMBINE and\r | |
504 | MEMORY_CACHED.\r | |
f9d129e6 BS |
505 | @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r |
506 | @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated.\r | |
507 | \r | |
508 | **/\r | |
509 | EFI_STATUS\r | |
510 | EFIAPI\r | |
511 | IoMmuAllocateBuffer (\r | |
512 | IN EDKII_IOMMU_PROTOCOL *This,\r | |
513 | IN EFI_ALLOCATE_TYPE Type,\r | |
514 | IN EFI_MEMORY_TYPE MemoryType,\r | |
515 | IN UINTN Pages,\r | |
516 | IN OUT VOID **HostAddress,\r | |
517 | IN UINT64 Attributes\r | |
518 | )\r | |
519 | {\r | |
520 | EFI_STATUS Status;\r | |
521 | EFI_PHYSICAL_ADDRESS PhysicalAddress;\r | |
58e68140 LE |
522 | VOID *StashBuffer;\r |
523 | UINTN CommonBufferPages;\r | |
524 | COMMON_BUFFER_HEADER *CommonBufferHeader;\r | |
f9d129e6 | 525 | \r |
80ddd336 LE |
526 | DEBUG ((\r |
527 | DEBUG_VERBOSE,\r | |
528 | "%a: MemoryType=%u Pages=0x%Lx Attributes=0x%Lx\n",\r | |
529 | __FUNCTION__,\r | |
530 | (UINT32)MemoryType,\r | |
531 | (UINT64)Pages,\r | |
532 | Attributes\r | |
533 | ));\r | |
534 | \r | |
f9d129e6 BS |
535 | //\r |
536 | // Validate Attributes\r | |
537 | //\r | |
538 | if ((Attributes & EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER) != 0) {\r | |
539 | return EFI_UNSUPPORTED;\r | |
540 | }\r | |
541 | \r | |
542 | //\r | |
543 | // Check for invalid inputs\r | |
544 | //\r | |
545 | if (HostAddress == NULL) {\r | |
546 | return EFI_INVALID_PARAMETER;\r | |
547 | }\r | |
548 | \r | |
549 | //\r | |
550 | // The only valid memory types are EfiBootServicesData and\r | |
551 | // EfiRuntimeServicesData\r | |
552 | //\r | |
553 | if (MemoryType != EfiBootServicesData &&\r | |
554 | MemoryType != EfiRuntimeServicesData) {\r | |
555 | return EFI_INVALID_PARAMETER;\r | |
556 | }\r | |
557 | \r | |
58e68140 LE |
558 | //\r |
559 | // We'll need a header page for the COMMON_BUFFER_HEADER structure.\r | |
560 | //\r | |
561 | if (Pages > MAX_UINTN - 1) {\r | |
562 | return EFI_OUT_OF_RESOURCES;\r | |
563 | }\r | |
564 | CommonBufferPages = Pages + 1;\r | |
565 | \r | |
566 | //\r | |
567 | // Allocate the stash in EfiBootServicesData type memory.\r | |
568 | //\r | |
569 | // Map() will temporarily save encrypted data in the stash for\r | |
570 | // BusMasterCommonBuffer[64] operations, so the data can be decrypted to the\r | |
571 | // original location.\r | |
572 | //\r | |
573 | // Unmap() will temporarily save plaintext data in the stash for\r | |
574 | // BusMasterCommonBuffer[64] operations, so the data can be encrypted to the\r | |
575 | // original location.\r | |
576 | //\r | |
577 | // StashBuffer always resides in encrypted memory.\r | |
578 | //\r | |
579 | StashBuffer = AllocatePages (Pages);\r | |
580 | if (StashBuffer == NULL) {\r | |
581 | return EFI_OUT_OF_RESOURCES;\r | |
582 | }\r | |
583 | \r | |
f9d129e6 BS |
584 | PhysicalAddress = (UINTN)-1;\r |
585 | if ((Attributes & EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE) == 0) {\r | |
586 | //\r | |
587 | // Limit allocations to memory below 4GB\r | |
588 | //\r | |
589 | PhysicalAddress = SIZE_4GB - 1;\r | |
590 | }\r | |
591 | Status = gBS->AllocatePages (\r | |
592 | AllocateMaxAddress,\r | |
593 | MemoryType,\r | |
58e68140 | 594 | CommonBufferPages,\r |
f9d129e6 BS |
595 | &PhysicalAddress\r |
596 | );\r | |
58e68140 LE |
597 | if (EFI_ERROR (Status)) {\r |
598 | goto FreeStashBuffer;\r | |
f9d129e6 BS |
599 | }\r |
600 | \r | |
58e68140 LE |
601 | CommonBufferHeader = (VOID *)(UINTN)PhysicalAddress;\r |
602 | PhysicalAddress += EFI_PAGE_SIZE;\r | |
603 | \r | |
604 | CommonBufferHeader->Signature = COMMON_BUFFER_SIG;\r | |
605 | CommonBufferHeader->StashBuffer = StashBuffer;\r | |
606 | \r | |
607 | *HostAddress = (VOID *)(UINTN)PhysicalAddress;\r | |
608 | \r | |
812568fb LE |
609 | DEBUG ((\r |
610 | DEBUG_VERBOSE,\r | |
80ddd336 | 611 | "%a: Host=0x%Lx Stash=0x%p\n",\r |
812568fb LE |
612 | __FUNCTION__,\r |
613 | PhysicalAddress,\r | |
80ddd336 | 614 | StashBuffer\r |
812568fb | 615 | ));\r |
58e68140 LE |
616 | return EFI_SUCCESS;\r |
617 | \r | |
618 | FreeStashBuffer:\r | |
619 | FreePages (StashBuffer, Pages);\r | |
f9d129e6 BS |
620 | return Status;\r |
621 | }\r | |
622 | \r | |
623 | /**\r | |
624 | Frees memory that was allocated with AllocateBuffer().\r | |
625 | \r | |
626 | @param This The protocol instance pointer.\r | |
627 | @param Pages The number of pages to free.\r | |
812568fb LE |
628 | @param HostAddress The base system memory address of the allocated\r |
629 | range.\r | |
f9d129e6 BS |
630 | \r |
631 | @retval EFI_SUCCESS The requested memory pages were freed.\r | |
812568fb LE |
632 | @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress and\r |
633 | Pages was not allocated with AllocateBuffer().\r | |
f9d129e6 BS |
634 | \r |
635 | **/\r | |
636 | EFI_STATUS\r | |
637 | EFIAPI\r | |
638 | IoMmuFreeBuffer (\r | |
639 | IN EDKII_IOMMU_PROTOCOL *This,\r | |
640 | IN UINTN Pages,\r | |
641 | IN VOID *HostAddress\r | |
642 | )\r | |
643 | {\r | |
58e68140 LE |
644 | UINTN CommonBufferPages;\r |
645 | COMMON_BUFFER_HEADER *CommonBufferHeader;\r | |
646 | \r | |
1afbb85f LE |
647 | DEBUG ((\r |
648 | DEBUG_VERBOSE,\r | |
649 | "%a: Host=0x%p Pages=0x%Lx\n",\r | |
650 | __FUNCTION__,\r | |
651 | HostAddress,\r | |
652 | (UINT64)Pages\r | |
653 | ));\r | |
654 | \r | |
58e68140 LE |
655 | CommonBufferPages = Pages + 1;\r |
656 | CommonBufferHeader = (COMMON_BUFFER_HEADER *)(\r | |
657 | (UINTN)HostAddress - EFI_PAGE_SIZE\r | |
658 | );\r | |
f9d129e6 BS |
659 | \r |
660 | //\r | |
58e68140 | 661 | // Check the signature.\r |
f9d129e6 | 662 | //\r |
58e68140 LE |
663 | ASSERT (CommonBufferHeader->Signature == COMMON_BUFFER_SIG);\r |
664 | if (CommonBufferHeader->Signature != COMMON_BUFFER_SIG) {\r | |
665 | return EFI_INVALID_PARAMETER;\r | |
666 | }\r | |
667 | \r | |
668 | //\r | |
669 | // Free the stash buffer. This buffer was always encrypted, so no need to\r | |
670 | // zero it.\r | |
671 | //\r | |
672 | FreePages (CommonBufferHeader->StashBuffer, Pages);\r | |
f9d129e6 | 673 | \r |
58e68140 LE |
674 | //\r |
675 | // Release the common buffer itself. Unmap() has re-encrypted it in-place, so\r | |
676 | // no need to zero it.\r | |
677 | //\r | |
678 | return gBS->FreePages ((UINTN)CommonBufferHeader, CommonBufferPages);\r | |
f9d129e6 BS |
679 | }\r |
680 | \r | |
681 | \r | |
682 | /**\r | |
683 | Set IOMMU attribute for a system memory.\r | |
684 | \r | |
685 | If the IOMMU protocol exists, the system memory cannot be used\r | |
686 | for DMA by default.\r | |
687 | \r | |
688 | When a device requests a DMA access for a system memory,\r | |
689 | the device driver need use SetAttribute() to update the IOMMU\r | |
690 | attribute to request DMA access (read and/or write).\r | |
691 | \r | |
692 | The DeviceHandle is used to identify which device submits the request.\r | |
812568fb LE |
693 | The IOMMU implementation need translate the device path to an IOMMU device\r |
694 | ID, and set IOMMU hardware register accordingly.\r | |
f9d129e6 BS |
695 | 1) DeviceHandle can be a standard PCI device.\r |
696 | The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ.\r | |
697 | The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE.\r | |
812568fb LE |
698 | The memory for BusMasterCommonBuffer need set\r |
699 | EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE.\r | |
700 | After the memory is used, the memory need set 0 to keep it being\r | |
701 | protected.\r | |
f9d129e6 | 702 | 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc).\r |
812568fb LE |
703 | The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or\r |
704 | EDKII_IOMMU_ACCESS_WRITE.\r | |
f9d129e6 BS |
705 | \r |
706 | @param[in] This The protocol instance pointer.\r | |
812568fb LE |
707 | @param[in] DeviceHandle The device who initiates the DMA access\r |
708 | request.\r | |
f9d129e6 BS |
709 | @param[in] Mapping The mapping value returned from Map().\r |
710 | @param[in] IoMmuAccess The IOMMU access.\r | |
711 | \r | |
812568fb LE |
712 | @retval EFI_SUCCESS The IoMmuAccess is set for the memory range\r |
713 | specified by DeviceAddress and Length.\r | |
f9d129e6 | 714 | @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle.\r |
812568fb LE |
715 | @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by\r |
716 | Map().\r | |
717 | @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combination\r | |
718 | of access.\r | |
f9d129e6 | 719 | @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU.\r |
812568fb LE |
720 | @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not supported\r |
721 | by the IOMMU.\r | |
722 | @retval EFI_UNSUPPORTED The IOMMU does not support the memory range\r | |
723 | specified by Mapping.\r | |
724 | @retval EFI_OUT_OF_RESOURCES There are not enough resources available to\r | |
725 | modify the IOMMU access.\r | |
726 | @retval EFI_DEVICE_ERROR The IOMMU device reported an error while\r | |
727 | attempting the operation.\r | |
f9d129e6 BS |
728 | \r |
729 | **/\r | |
730 | EFI_STATUS\r | |
731 | EFIAPI\r | |
732 | IoMmuSetAttribute (\r | |
733 | IN EDKII_IOMMU_PROTOCOL *This,\r | |
734 | IN EFI_HANDLE DeviceHandle,\r | |
735 | IN VOID *Mapping,\r | |
736 | IN UINT64 IoMmuAccess\r | |
737 | )\r | |
738 | {\r | |
739 | return EFI_UNSUPPORTED;\r | |
740 | }\r | |
741 | \r | |
742 | EDKII_IOMMU_PROTOCOL mAmdSev = {\r | |
743 | EDKII_IOMMU_PROTOCOL_REVISION,\r | |
744 | IoMmuSetAttribute,\r | |
745 | IoMmuMap,\r | |
746 | IoMmuUnmap,\r | |
747 | IoMmuAllocateBuffer,\r | |
748 | IoMmuFreeBuffer,\r | |
749 | };\r | |
750 | \r | |
7aee391f LE |
751 | /**\r |
752 | Notification function that is queued when gBS->ExitBootServices() signals the\r | |
753 | EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. This function signals another\r | |
754 | event, received as Context, and returns.\r | |
755 | \r | |
756 | Signaling an event in this context is safe. The UEFI spec allows\r | |
757 | gBS->SignalEvent() to return EFI_SUCCESS only; EFI_OUT_OF_RESOURCES is not\r | |
758 | listed, hence memory is not allocated. The edk2 implementation also does not\r | |
759 | release memory (and we only have to care about the edk2 implementation\r | |
760 | because EDKII_IOMMU_PROTOCOL is edk2-specific anyway).\r | |
761 | \r | |
762 | @param[in] Event Event whose notification function is being invoked.\r | |
763 | Event is permitted to request the queueing of this\r | |
764 | function at TPL_CALLBACK or TPL_NOTIFY task\r | |
765 | priority level.\r | |
766 | \r | |
767 | @param[in] EventToSignal Identifies the EFI_EVENT to signal. EventToSignal\r | |
768 | is permitted to request the queueing of its\r | |
769 | notification function only at TPL_CALLBACK level.\r | |
770 | **/\r | |
771 | STATIC\r | |
772 | VOID\r | |
773 | EFIAPI\r | |
774 | AmdSevExitBoot (\r | |
775 | IN EFI_EVENT Event,\r | |
776 | IN VOID *EventToSignal\r | |
777 | )\r | |
778 | {\r | |
779 | //\r | |
780 | // (1) The NotifyFunctions of all the events in\r | |
781 | // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES will have been queued before\r | |
782 | // AmdSevExitBoot() is entered.\r | |
783 | //\r | |
784 | // (2) AmdSevExitBoot() is executing minimally at TPL_CALLBACK.\r | |
785 | //\r | |
786 | // (3) AmdSevExitBoot() has been queued in unspecified order relative to the\r | |
787 | // NotifyFunctions of all the other events in\r | |
788 | // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES whose NotifyTpl is the same as\r | |
789 | // Event's.\r | |
790 | //\r | |
791 | // Consequences:\r | |
792 | //\r | |
793 | // - If Event's NotifyTpl is TPL_CALLBACK, then some other NotifyFunctions\r | |
794 | // queued at TPL_CALLBACK may be invoked after AmdSevExitBoot() returns.\r | |
795 | //\r | |
796 | // - If Event's NotifyTpl is TPL_NOTIFY, then some other NotifyFunctions\r | |
797 | // queued at TPL_NOTIFY may be invoked after AmdSevExitBoot() returns; plus\r | |
798 | // *all* NotifyFunctions queued at TPL_CALLBACK will be invoked strictly\r | |
799 | // after all NotifyFunctions queued at TPL_NOTIFY, including\r | |
800 | // AmdSevExitBoot(), have been invoked.\r | |
801 | //\r | |
802 | // - By signaling EventToSignal here, whose NotifyTpl is TPL_CALLBACK, we\r | |
803 | // queue EventToSignal's NotifyFunction after the NotifyFunctions of *all*\r | |
804 | // events in EFI_EVENT_GROUP_EXIT_BOOT_SERVICES.\r | |
805 | //\r | |
806 | DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__));\r | |
807 | gBS->SignalEvent (EventToSignal);\r | |
808 | }\r | |
809 | \r | |
810 | /**\r | |
811 | Notification function that is queued after the notification functions of all\r | |
812 | events in the EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. The same memory\r | |
813 | map restrictions apply.\r | |
814 | \r | |
815 | This function unmaps all currently existing IOMMU mappings.\r | |
816 | \r | |
817 | @param[in] Event Event whose notification function is being invoked. Event\r | |
818 | is permitted to request the queueing of this function\r | |
819 | only at TPL_CALLBACK task priority level.\r | |
820 | \r | |
821 | @param[in] Context Ignored.\r | |
822 | **/\r | |
823 | STATIC\r | |
824 | VOID\r | |
825 | EFIAPI\r | |
826 | AmdSevUnmapAllMappings (\r | |
827 | IN EFI_EVENT Event,\r | |
828 | IN VOID *Context\r | |
829 | )\r | |
830 | {\r | |
831 | LIST_ENTRY *Node;\r | |
832 | LIST_ENTRY *NextNode;\r | |
833 | MAP_INFO *MapInfo;\r | |
834 | \r | |
835 | DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__));\r | |
836 | \r | |
837 | //\r | |
838 | // All drivers that had set up IOMMU mappings have halted their respective\r | |
839 | // controllers by now; tear down the mappings.\r | |
840 | //\r | |
841 | for (Node = GetFirstNode (&mMapInfos); Node != &mMapInfos; Node = NextNode) {\r | |
842 | NextNode = GetNextNode (&mMapInfos, Node);\r | |
843 | MapInfo = CR (Node, MAP_INFO, Link, MAP_INFO_SIG);\r | |
844 | IoMmuUnmapWorker (\r | |
845 | &mAmdSev, // This\r | |
846 | MapInfo, // Mapping\r | |
847 | TRUE // MemoryMapLocked\r | |
848 | );\r | |
849 | }\r | |
850 | }\r | |
851 | \r | |
f9d129e6 BS |
852 | /**\r |
853 | Initialize Iommu Protocol.\r | |
854 | \r | |
855 | **/\r | |
db125079 | 856 | EFI_STATUS\r |
f9d129e6 BS |
857 | EFIAPI\r |
858 | AmdSevInstallIoMmuProtocol (\r | |
859 | VOID\r | |
860 | )\r | |
861 | {\r | |
862 | EFI_STATUS Status;\r | |
7aee391f LE |
863 | EFI_EVENT UnmapAllMappingsEvent;\r |
864 | EFI_EVENT ExitBootEvent;\r | |
f9d129e6 BS |
865 | EFI_HANDLE Handle;\r |
866 | \r | |
7aee391f LE |
867 | //\r |
868 | // Create the "late" event whose notification function will tear down all\r | |
869 | // left-over IOMMU mappings.\r | |
870 | //\r | |
871 | Status = gBS->CreateEvent (\r | |
872 | EVT_NOTIFY_SIGNAL, // Type\r | |
873 | TPL_CALLBACK, // NotifyTpl\r | |
874 | AmdSevUnmapAllMappings, // NotifyFunction\r | |
875 | NULL, // NotifyContext\r | |
876 | &UnmapAllMappingsEvent // Event\r | |
877 | );\r | |
878 | if (EFI_ERROR (Status)) {\r | |
879 | return Status;\r | |
880 | }\r | |
881 | \r | |
882 | //\r | |
883 | // Create the event whose notification function will be queued by\r | |
884 | // gBS->ExitBootServices() and will signal the event created above.\r | |
885 | //\r | |
886 | Status = gBS->CreateEvent (\r | |
887 | EVT_SIGNAL_EXIT_BOOT_SERVICES, // Type\r | |
888 | TPL_CALLBACK, // NotifyTpl\r | |
889 | AmdSevExitBoot, // NotifyFunction\r | |
890 | UnmapAllMappingsEvent, // NotifyContext\r | |
891 | &ExitBootEvent // Event\r | |
892 | );\r | |
893 | if (EFI_ERROR (Status)) {\r | |
894 | goto CloseUnmapAllMappingsEvent;\r | |
895 | }\r | |
896 | \r | |
f9d129e6 BS |
897 | Handle = NULL;\r |
898 | Status = gBS->InstallMultipleProtocolInterfaces (\r | |
899 | &Handle,\r | |
900 | &gEdkiiIoMmuProtocolGuid, &mAmdSev,\r | |
901 | NULL\r | |
902 | );\r | |
7aee391f LE |
903 | if (EFI_ERROR (Status)) {\r |
904 | goto CloseExitBootEvent;\r | |
905 | }\r | |
906 | \r | |
907 | return EFI_SUCCESS;\r | |
908 | \r | |
909 | CloseExitBootEvent:\r | |
910 | gBS->CloseEvent (ExitBootEvent);\r | |
911 | \r | |
912 | CloseUnmapAllMappingsEvent:\r | |
913 | gBS->CloseEvent (UnmapAllMappingsEvent);\r | |
914 | \r | |
db125079 | 915 | return Status;\r |
f9d129e6 | 916 | }\r |