3 The protocol provides support to allocate, free, map and umap a DMA buffer
4 for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operations
5 must be performed on unencrypted buffer hence we use a bounce buffer to map
6 the guest buffer into an unencrypted DMA buffer.
8 Copyright (c) 2017, AMD Inc. All rights reserved.<BR>
9 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
11 This program and the accompanying materials are licensed and made available
12 under the terms and conditions of the BSD License which accompanies this
13 distribution. The full text of the license may be found at
14 http://opensource.org/licenses/bsd-license.php
16 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
17 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
21 #include "AmdSevIoMmu.h"
23 #define MAP_INFO_SIG SIGNATURE_64 ('M', 'A', 'P', '_', 'I', 'N', 'F', 'O')
28 EDKII_IOMMU_OPERATION Operation
;
31 EFI_PHYSICAL_ADDRESS CryptedAddress
;
32 EFI_PHYSICAL_ADDRESS PlainTextAddress
;
36 // List of MAP_INFO structures recycled by Unmap().
38 // Recycled MAP_INFO structures are equally good for future recycling and
41 STATIC LIST_ENTRY mRecycledMapInfos
= INITIALIZE_LIST_HEAD_VARIABLE (
45 #define COMMON_BUFFER_SIG SIGNATURE_64 ('C', 'M', 'N', 'B', 'U', 'F', 'F', 'R')
48 // ASCII names for EDKII_IOMMU_OPERATION constants, for debug logging.
50 STATIC CONST CHAR8
* CONST
51 mBusMasterOperationName
[EdkiiIoMmuOperationMaximum
] = {
61 // The following structure enables Map() and Unmap() to perform in-place
62 // decryption and encryption, respectively, for BusMasterCommonBuffer[64]
63 // operations, without dynamic memory allocation or release.
65 // Both COMMON_BUFFER_HEADER and COMMON_BUFFER_HEADER.StashBuffer are allocated
66 // by AllocateBuffer() and released by FreeBuffer().
73 // Always allocated from EfiBootServicesData type memory, and always
79 // Followed by the actual common buffer, starting at the next page.
81 } COMMON_BUFFER_HEADER
;
85 Provides the controller-specific addresses required to access system memory
86 from a DMA bus master. On SEV guest, the DMA operations must be performed on
87 shared buffer hence we allocate a bounce buffer to map the HostAddress to a
88 DeviceAddress. The Encryption attribute is removed from the DeviceAddress
91 @param This The protocol instance pointer.
92 @param Operation Indicates if the bus master is going to read or
93 write to system memory.
94 @param HostAddress The system memory address to map to the PCI
96 @param NumberOfBytes On input the number of bytes to map. On output
97 the number of bytes that were mapped.
98 @param DeviceAddress The resulting map address for the bus master
99 PCI controller to use to access the hosts
101 @param Mapping A resulting value to pass to Unmap().
103 @retval EFI_SUCCESS The range was mapped for the returned
105 @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a common
107 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
108 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a
110 @retval EFI_DEVICE_ERROR The system hardware could not map the requested
117 IN EDKII_IOMMU_PROTOCOL
*This
,
118 IN EDKII_IOMMU_OPERATION Operation
,
119 IN VOID
*HostAddress
,
120 IN OUT UINTN
*NumberOfBytes
,
121 OUT EFI_PHYSICAL_ADDRESS
*DeviceAddress
,
126 LIST_ENTRY
*RecycledMapInfo
;
128 EFI_ALLOCATE_TYPE AllocateType
;
129 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
130 VOID
*DecryptionSource
;
134 "%a: Operation=%a Host=0x%p Bytes=0x%Lx\n",
137 Operation
< ARRAY_SIZE (mBusMasterOperationName
)) ?
138 mBusMasterOperationName
[Operation
] :
141 (UINT64
)((NumberOfBytes
== NULL
) ? 0 : *NumberOfBytes
)
144 if (HostAddress
== NULL
|| NumberOfBytes
== NULL
|| DeviceAddress
== NULL
||
146 return EFI_INVALID_PARAMETER
;
150 // Allocate a MAP_INFO structure to remember the mapping when Unmap() is
153 RecycledMapInfo
= GetFirstNode (&mRecycledMapInfos
);
154 if (RecycledMapInfo
== &mRecycledMapInfos
) {
156 // No recycled MAP_INFO structure, allocate a new one.
158 MapInfo
= AllocatePool (sizeof (MAP_INFO
));
159 if (MapInfo
== NULL
) {
160 Status
= EFI_OUT_OF_RESOURCES
;
164 MapInfo
= CR (RecycledMapInfo
, MAP_INFO
, Link
, MAP_INFO_SIG
);
165 RemoveEntryList (RecycledMapInfo
);
169 // Initialize the MAP_INFO structure, except the PlainTextAddress field
171 ZeroMem (&MapInfo
->Link
, sizeof MapInfo
->Link
);
172 MapInfo
->Signature
= MAP_INFO_SIG
;
173 MapInfo
->Operation
= Operation
;
174 MapInfo
->NumberOfBytes
= *NumberOfBytes
;
175 MapInfo
->NumberOfPages
= EFI_SIZE_TO_PAGES (MapInfo
->NumberOfBytes
);
176 MapInfo
->CryptedAddress
= (UINTN
)HostAddress
;
179 // In the switch statement below, we point "MapInfo->PlainTextAddress" to the
180 // plaintext buffer, according to Operation. We also set "DecryptionSource".
182 MapInfo
->PlainTextAddress
= MAX_ADDRESS
;
183 AllocateType
= AllocateAnyPages
;
184 DecryptionSource
= (VOID
*)(UINTN
)MapInfo
->CryptedAddress
;
187 // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buffer
188 // is necessary regardless of whether the original (crypted) buffer crosses
189 // the 4GB limit or not -- we have to allocate a separate plaintext buffer.
190 // The only variable is whether the plaintext buffer should be under 4GB.
192 case EdkiiIoMmuOperationBusMasterRead
:
193 case EdkiiIoMmuOperationBusMasterWrite
:
194 MapInfo
->PlainTextAddress
= BASE_4GB
- 1;
195 AllocateType
= AllocateMaxAddress
;
199 case EdkiiIoMmuOperationBusMasterRead64
:
200 case EdkiiIoMmuOperationBusMasterWrite64
:
202 // Allocate the implicit plaintext bounce buffer.
204 Status
= gBS
->AllocatePages (
207 MapInfo
->NumberOfPages
,
208 &MapInfo
->PlainTextAddress
210 if (EFI_ERROR (Status
)) {
216 // For BusMasterCommonBuffer[64] operations, a to-be-plaintext buffer and a
217 // stash buffer (for in-place decryption) have been allocated already, with
218 // AllocateBuffer(). We only check whether the address of the to-be-plaintext
219 // buffer is low enough for the requested operation.
221 case EdkiiIoMmuOperationBusMasterCommonBuffer
:
222 if ((MapInfo
->CryptedAddress
> BASE_4GB
) ||
223 (EFI_PAGES_TO_SIZE (MapInfo
->NumberOfPages
) >
224 BASE_4GB
- MapInfo
->CryptedAddress
)) {
226 // CommonBuffer operations cannot be remapped. If the common buffer is
227 // above 4GB, then it is not possible to generate a mapping, so return an
230 Status
= EFI_UNSUPPORTED
;
236 case EdkiiIoMmuOperationBusMasterCommonBuffer64
:
238 // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer().
240 MapInfo
->PlainTextAddress
= MapInfo
->CryptedAddress
;
242 // Stash the crypted data.
244 CommonBufferHeader
= (COMMON_BUFFER_HEADER
*)(
245 (UINTN
)MapInfo
->CryptedAddress
- EFI_PAGE_SIZE
247 ASSERT (CommonBufferHeader
->Signature
== COMMON_BUFFER_SIG
);
249 CommonBufferHeader
->StashBuffer
,
250 (VOID
*)(UINTN
)MapInfo
->CryptedAddress
,
251 MapInfo
->NumberOfBytes
254 // Point "DecryptionSource" to the stash buffer so that we decrypt
255 // it to the original location, after the switch statement.
257 DecryptionSource
= CommonBufferHeader
->StashBuffer
;
262 // Operation is invalid
264 Status
= EFI_INVALID_PARAMETER
;
269 // Clear the memory encryption mask on the plaintext buffer.
271 Status
= MemEncryptSevClearPageEncMask (
273 MapInfo
->PlainTextAddress
,
274 MapInfo
->NumberOfPages
,
277 ASSERT_EFI_ERROR (Status
);
278 if (EFI_ERROR (Status
)) {
283 // If this is a read operation from the Bus Master's point of view,
284 // then copy the contents of the real buffer into the mapped buffer
285 // so the Bus Master can read the contents of the real buffer.
287 // For BusMasterCommonBuffer[64] operations, the CopyMem() below will decrypt
288 // the original data (from the stash buffer) back to the original location.
290 if (Operation
== EdkiiIoMmuOperationBusMasterRead
||
291 Operation
== EdkiiIoMmuOperationBusMasterRead64
||
292 Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer
||
293 Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer64
) {
295 (VOID
*) (UINTN
) MapInfo
->PlainTextAddress
,
297 MapInfo
->NumberOfBytes
302 // Populate output parameters.
304 *DeviceAddress
= MapInfo
->PlainTextAddress
;
309 "%a: Mapping=0x%p Device(PlainText)=0x%Lx Crypted=0x%Lx Pages=0x%Lx\n",
312 MapInfo
->PlainTextAddress
,
313 MapInfo
->CryptedAddress
,
314 (UINT64
)MapInfo
->NumberOfPages
328 Completes the Map() operation and releases any corresponding resources.
330 @param This The protocol instance pointer.
331 @param Mapping The mapping value returned from Map().
333 @retval EFI_SUCCESS The range was unmapped.
334 @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by
336 @retval EFI_DEVICE_ERROR The data was not committed to the target system
342 IN EDKII_IOMMU_PROTOCOL
*This
,
348 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
349 VOID
*EncryptionTarget
;
351 if (Mapping
== NULL
) {
352 return EFI_INVALID_PARAMETER
;
355 MapInfo
= (MAP_INFO
*)Mapping
;
358 // set CommonBufferHeader to suppress incorrect compiler/analyzer warnings
360 CommonBufferHeader
= NULL
;
363 // For BusMasterWrite[64] operations and BusMasterCommonBuffer[64] operations
364 // we have to encrypt the results, ultimately to the original place (i.e.,
365 // "MapInfo->CryptedAddress").
367 // For BusMasterCommonBuffer[64] operations however, this encryption has to
368 // land in-place, so divert the encryption to the stash buffer first.
370 EncryptionTarget
= (VOID
*)(UINTN
)MapInfo
->CryptedAddress
;
372 switch (MapInfo
->Operation
) {
373 case EdkiiIoMmuOperationBusMasterCommonBuffer
:
374 case EdkiiIoMmuOperationBusMasterCommonBuffer64
:
375 ASSERT (MapInfo
->PlainTextAddress
== MapInfo
->CryptedAddress
);
377 CommonBufferHeader
= (COMMON_BUFFER_HEADER
*)(
378 (UINTN
)MapInfo
->PlainTextAddress
- EFI_PAGE_SIZE
380 ASSERT (CommonBufferHeader
->Signature
== COMMON_BUFFER_SIG
);
381 EncryptionTarget
= CommonBufferHeader
->StashBuffer
;
386 case EdkiiIoMmuOperationBusMasterWrite
:
387 case EdkiiIoMmuOperationBusMasterWrite64
:
390 (VOID
*) (UINTN
) MapInfo
->PlainTextAddress
,
391 MapInfo
->NumberOfBytes
397 // nothing to encrypt after BusMasterRead[64] operations
404 "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n",
406 MapInfo
->PlainTextAddress
,
407 MapInfo
->CryptedAddress
,
408 (UINT64
)MapInfo
->NumberOfPages
,
409 (UINT64
)MapInfo
->NumberOfBytes
413 // Restore the memory encryption mask on the area we used to hold the
416 Status
= MemEncryptSevSetPageEncMask (
418 MapInfo
->PlainTextAddress
,
419 MapInfo
->NumberOfPages
,
422 ASSERT_EFI_ERROR (Status
);
423 if (EFI_ERROR (Status
)) {
428 // For BusMasterCommonBuffer[64] operations, copy the stashed data to the
429 // original (now encrypted) location.
431 // For all other operations, fill the late bounce buffer (which existed as
432 // plaintext at some point) with zeros, and then release it.
434 if (MapInfo
->Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer
||
435 MapInfo
->Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer64
) {
437 (VOID
*)(UINTN
)MapInfo
->CryptedAddress
,
438 CommonBufferHeader
->StashBuffer
,
439 MapInfo
->NumberOfBytes
443 // Recycle the MAP_INFO structure.
445 InsertTailList (&mRecycledMapInfos
, &MapInfo
->Link
);
448 (VOID
*)(UINTN
)MapInfo
->PlainTextAddress
,
449 EFI_PAGES_TO_SIZE (MapInfo
->NumberOfPages
)
451 gBS
->FreePages (MapInfo
->PlainTextAddress
, MapInfo
->NumberOfPages
);
454 // Free the MAP_INFO structure.
463 Allocates pages that are suitable for an OperationBusMasterCommonBuffer or
464 OperationBusMasterCommonBuffer64 mapping.
466 @param This The protocol instance pointer.
467 @param Type This parameter is not used and must be ignored.
468 @param MemoryType The type of memory to allocate,
469 EfiBootServicesData or EfiRuntimeServicesData.
470 @param Pages The number of pages to allocate.
471 @param HostAddress A pointer to store the base system memory
472 address of the allocated range.
473 @param Attributes The requested bit mask of attributes for the
476 @retval EFI_SUCCESS The requested memory pages were allocated.
477 @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal
478 attribute bits are MEMORY_WRITE_COMBINE and
480 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
481 @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated.
486 IoMmuAllocateBuffer (
487 IN EDKII_IOMMU_PROTOCOL
*This
,
488 IN EFI_ALLOCATE_TYPE Type
,
489 IN EFI_MEMORY_TYPE MemoryType
,
491 IN OUT VOID
**HostAddress
,
496 EFI_PHYSICAL_ADDRESS PhysicalAddress
;
498 UINTN CommonBufferPages
;
499 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
502 // Validate Attributes
504 if ((Attributes
& EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER
) != 0) {
505 return EFI_UNSUPPORTED
;
509 // Check for invalid inputs
511 if (HostAddress
== NULL
) {
512 return EFI_INVALID_PARAMETER
;
516 // The only valid memory types are EfiBootServicesData and
517 // EfiRuntimeServicesData
519 if (MemoryType
!= EfiBootServicesData
&&
520 MemoryType
!= EfiRuntimeServicesData
) {
521 return EFI_INVALID_PARAMETER
;
525 // We'll need a header page for the COMMON_BUFFER_HEADER structure.
527 if (Pages
> MAX_UINTN
- 1) {
528 return EFI_OUT_OF_RESOURCES
;
530 CommonBufferPages
= Pages
+ 1;
533 // Allocate the stash in EfiBootServicesData type memory.
535 // Map() will temporarily save encrypted data in the stash for
536 // BusMasterCommonBuffer[64] operations, so the data can be decrypted to the
537 // original location.
539 // Unmap() will temporarily save plaintext data in the stash for
540 // BusMasterCommonBuffer[64] operations, so the data can be encrypted to the
541 // original location.
543 // StashBuffer always resides in encrypted memory.
545 StashBuffer
= AllocatePages (Pages
);
546 if (StashBuffer
== NULL
) {
547 return EFI_OUT_OF_RESOURCES
;
550 PhysicalAddress
= (UINTN
)-1;
551 if ((Attributes
& EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE
) == 0) {
553 // Limit allocations to memory below 4GB
555 PhysicalAddress
= SIZE_4GB
- 1;
557 Status
= gBS
->AllocatePages (
563 if (EFI_ERROR (Status
)) {
564 goto FreeStashBuffer
;
567 CommonBufferHeader
= (VOID
*)(UINTN
)PhysicalAddress
;
568 PhysicalAddress
+= EFI_PAGE_SIZE
;
570 CommonBufferHeader
->Signature
= COMMON_BUFFER_SIG
;
571 CommonBufferHeader
->StashBuffer
= StashBuffer
;
573 *HostAddress
= (VOID
*)(UINTN
)PhysicalAddress
;
577 "%a Address 0x%Lx Pages 0x%Lx\n",
585 FreePages (StashBuffer
, Pages
);
590 Frees memory that was allocated with AllocateBuffer().
592 @param This The protocol instance pointer.
593 @param Pages The number of pages to free.
594 @param HostAddress The base system memory address of the allocated
597 @retval EFI_SUCCESS The requested memory pages were freed.
598 @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress and
599 Pages was not allocated with AllocateBuffer().
605 IN EDKII_IOMMU_PROTOCOL
*This
,
610 UINTN CommonBufferPages
;
611 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
613 CommonBufferPages
= Pages
+ 1;
614 CommonBufferHeader
= (COMMON_BUFFER_HEADER
*)(
615 (UINTN
)HostAddress
- EFI_PAGE_SIZE
619 // Check the signature.
621 ASSERT (CommonBufferHeader
->Signature
== COMMON_BUFFER_SIG
);
622 if (CommonBufferHeader
->Signature
!= COMMON_BUFFER_SIG
) {
623 return EFI_INVALID_PARAMETER
;
627 // Free the stash buffer. This buffer was always encrypted, so no need to
630 FreePages (CommonBufferHeader
->StashBuffer
, Pages
);
634 "%a Address 0x%Lx Pages 0x%Lx\n",
636 (UINT64
)(UINTN
)HostAddress
,
641 // Release the common buffer itself. Unmap() has re-encrypted it in-place, so
642 // no need to zero it.
644 return gBS
->FreePages ((UINTN
)CommonBufferHeader
, CommonBufferPages
);
649 Set IOMMU attribute for a system memory.
651 If the IOMMU protocol exists, the system memory cannot be used
654 When a device requests a DMA access for a system memory,
655 the device driver need use SetAttribute() to update the IOMMU
656 attribute to request DMA access (read and/or write).
658 The DeviceHandle is used to identify which device submits the request.
659 The IOMMU implementation need translate the device path to an IOMMU device
660 ID, and set IOMMU hardware register accordingly.
661 1) DeviceHandle can be a standard PCI device.
662 The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ.
663 The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE.
664 The memory for BusMasterCommonBuffer need set
665 EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE.
666 After the memory is used, the memory need set 0 to keep it being
668 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc).
669 The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or
670 EDKII_IOMMU_ACCESS_WRITE.
672 @param[in] This The protocol instance pointer.
673 @param[in] DeviceHandle The device who initiates the DMA access
675 @param[in] Mapping The mapping value returned from Map().
676 @param[in] IoMmuAccess The IOMMU access.
678 @retval EFI_SUCCESS The IoMmuAccess is set for the memory range
679 specified by DeviceAddress and Length.
680 @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle.
681 @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by
683 @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combination
685 @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU.
686 @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not supported
688 @retval EFI_UNSUPPORTED The IOMMU does not support the memory range
689 specified by Mapping.
690 @retval EFI_OUT_OF_RESOURCES There are not enough resources available to
691 modify the IOMMU access.
692 @retval EFI_DEVICE_ERROR The IOMMU device reported an error while
693 attempting the operation.
699 IN EDKII_IOMMU_PROTOCOL
*This
,
700 IN EFI_HANDLE DeviceHandle
,
702 IN UINT64 IoMmuAccess
705 return EFI_UNSUPPORTED
;
708 EDKII_IOMMU_PROTOCOL mAmdSev
= {
709 EDKII_IOMMU_PROTOCOL_REVISION
,
718 Initialize Iommu Protocol.
723 AmdSevInstallIoMmuProtocol (
731 Status
= gBS
->InstallMultipleProtocolInterfaces (
733 &gEdkiiIoMmuProtocolGuid
, &mAmdSev
,