]> git.proxmox.com Git - mirror_edk2.git/blame - OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
OvmfPkg: Apply uncrustify changes
[mirror_edk2.git] / OvmfPkg / IoMmuDxe / AmdSevIoMmu.c
CommitLineData
f9d129e6
BS		 1/** @file\r
2\r
812568fb
LE		 3 The protocol provides support to allocate, free, map and umap a DMA buffer\r
4 for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operations\r
5 must be performed on unencrypted buffer hence we use a bounce buffer to map\r
6 the guest buffer into an unencrypted DMA buffer.\r
f9d129e6
BS		 7\r
8 Copyright (c) 2017, AMD Inc. All rights reserved.<BR>\r
9 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>\r
10\r
b26f0cf9 11 SPDX-License-Identifier: BSD-2-Clause-Patent\r
f9d129e6
BS		 12\r
13**/\r
14\r
15#include "AmdSevIoMmu.h"\r
16\r
ac0a286f 17#define MAP_INFO_SIG SIGNATURE_64 ('M', 'A', 'P', '_', 'I', 'N', 'F', 'O')\r
d0c9afea 18\r
f9d129e6 19typedef struct {\r
ac0a286f
MK		 20 UINT64 Signature;\r
21 LIST_ENTRY Link;\r
22 EDKII_IOMMU_OPERATION Operation;\r
23 UINTN NumberOfBytes;\r
24 UINTN NumberOfPages;\r
25 EFI_PHYSICAL_ADDRESS CryptedAddress;\r
26 EFI_PHYSICAL_ADDRESS PlainTextAddress;\r
f9d129e6
BS		 27} MAP_INFO;\r
28\r
d0c9afea 29//\r
9ed745b9
LE		 30// List of the MAP_INFO structures that have been set up by IoMmuMap() and not\r
31// yet torn down by IoMmuUnmap(). The list represents the full set of mappings\r
32// currently in effect.\r
d0c9afea 33//\r
ac0a286f 34STATIC LIST_ENTRY mMapInfos = INITIALIZE_LIST_HEAD_VARIABLE (mMapInfos);\r
d0c9afea 35\r
ac0a286f 36#define COMMON_BUFFER_SIG SIGNATURE_64 ('C', 'M', 'N', 'B', 'U', 'F', 'F', 'R')\r
58e68140 37\r
2ad6ba80
LE		 38//\r
39// ASCII names for EDKII_IOMMU_OPERATION constants, for debug logging.\r
40//\r
ac0a286f 41STATIC CONST CHAR8 *CONST\r
2ad6ba80
LE		 42mBusMasterOperationName[EdkiiIoMmuOperationMaximum] = {\r
43 "Read",\r
44 "Write",\r
45 "CommonBuffer",\r
46 "Read64",\r
47 "Write64",\r
48 "CommonBuffer64"\r
49};\r
50\r
58e68140
LE		 51//\r
52// The following structure enables Map() and Unmap() to perform in-place\r
53// decryption and encryption, respectively, for BusMasterCommonBuffer[64]\r
54// operations, without dynamic memory allocation or release.\r
55//\r
56// Both COMMON_BUFFER_HEADER and COMMON_BUFFER_HEADER.StashBuffer are allocated\r
57// by AllocateBuffer() and released by FreeBuffer().\r
58//\r
59#pragma pack (1)\r
60typedef struct {\r
ac0a286f 61 UINT64 Signature;\r
58e68140
LE		 62\r
63 //\r
64 // Always allocated from EfiBootServicesData type memory, and always\r
65 // encrypted.\r
66 //\r
ac0a286f 67 VOID *StashBuffer;\r
58e68140
LE		 68\r
69 //\r
70 // Followed by the actual common buffer, starting at the next page.\r
71 //\r
72} COMMON_BUFFER_HEADER;\r
73#pragma pack ()\r
f9d129e6
BS		 74\r
75/**\r
812568fb
LE		 76 Provides the controller-specific addresses required to access system memory\r
77 from a DMA bus master. On SEV guest, the DMA operations must be performed on\r
78 shared buffer hence we allocate a bounce buffer to map the HostAddress to a\r
79 DeviceAddress. The Encryption attribute is removed from the DeviceAddress\r
80 buffer.\r
f9d129e6
BS		 81\r
82 @param This The protocol instance pointer.\r
83 @param Operation Indicates if the bus master is going to read or\r
84 write to system memory.\r
812568fb
LE		 85 @param HostAddress The system memory address to map to the PCI\r
86 controller.\r
f9d129e6 87 @param NumberOfBytes On input the number of bytes to map. On output\r
812568fb
LE		 88 the number of bytes that were mapped.\r
89 @param DeviceAddress The resulting map address for the bus master\r
90 PCI controller to use to access the hosts\r
91 HostAddress.\r
f9d129e6
BS		 92 @param Mapping A resulting value to pass to Unmap().\r
93\r
812568fb
LE		 94 @retval EFI_SUCCESS The range was mapped for the returned\r
95 NumberOfBytes.\r
96 @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a common\r
97 buffer.\r
f9d129e6 98 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
812568fb
LE		 99 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a\r
100 lack of resources.\r
101 @retval EFI_DEVICE_ERROR The system hardware could not map the requested\r
102 address.\r
f9d129e6
BS		 103\r
104**/\r
105EFI_STATUS\r
106EFIAPI\r
107IoMmuMap (\r
ac0a286f
MK		 108 IN EDKII_IOMMU_PROTOCOL *This,\r
109 IN EDKII_IOMMU_OPERATION Operation,\r
110 IN VOID *HostAddress,\r
111 IN OUT UINTN *NumberOfBytes,\r
112 OUT EFI_PHYSICAL_ADDRESS *DeviceAddress,\r
113 OUT VOID **Mapping\r
f9d129e6
BS		 114 )\r
115{\r
ac0a286f
MK		 116 EFI_STATUS Status;\r
117 MAP_INFO *MapInfo;\r
118 EFI_ALLOCATE_TYPE AllocateType;\r
119 COMMON_BUFFER_HEADER *CommonBufferHeader;\r
120 VOID *DecryptionSource;\r
f9d129e6 121\r
2ad6ba80
LE		 122 DEBUG ((\r
123 DEBUG_VERBOSE,\r
124 "%a: Operation=%a Host=0x%p Bytes=0x%Lx\n",\r
125 __FUNCTION__,\r
126 ((Operation >= 0 &&\r
127 Operation < ARRAY_SIZE (mBusMasterOperationName)) ?\r
128 mBusMasterOperationName[Operation] :\r
129 "Invalid"),\r
130 HostAddress,\r
131 (UINT64)((NumberOfBytes == NULL) ? 0 : *NumberOfBytes)\r
132 ));\r
133\r
ac0a286f
MK		 134 if ((HostAddress == NULL) || (NumberOfBytes == NULL) || (DeviceAddress == NULL) ||\r
135 (Mapping == NULL))\r
136 {\r
f9d129e6
BS		 137 return EFI_INVALID_PARAMETER;\r
138 }\r
139\r
f9d129e6
BS		 140 //\r
141 // Allocate a MAP_INFO structure to remember the mapping when Unmap() is\r
142 // called later.\r
143 //\r
9ed745b9
LE		 144 MapInfo = AllocatePool (sizeof (MAP_INFO));\r
145 if (MapInfo == NULL) {\r
146 Status = EFI_OUT_OF_RESOURCES;\r
147 goto Failed;\r
f9d129e6
BS		 148 }\r
149\r
150 //\r
e130229c 151 // Initialize the MAP_INFO structure, except the PlainTextAddress field\r
f9d129e6 152 //\r
d0c9afea 153 ZeroMem (&MapInfo->Link, sizeof MapInfo->Link);\r
ac0a286f
MK		 154 MapInfo->Signature = MAP_INFO_SIG;\r
155 MapInfo->Operation = Operation;\r
156 MapInfo->NumberOfBytes = *NumberOfBytes;\r
157 MapInfo->NumberOfPages = EFI_SIZE_TO_PAGES (MapInfo->NumberOfBytes);\r
158 MapInfo->CryptedAddress = (UINTN)HostAddress;\r
f9d129e6
BS		 159\r
160 //\r
e130229c 161 // In the switch statement below, we point "MapInfo->PlainTextAddress" to the\r
58e68140 162 // plaintext buffer, according to Operation. We also set "DecryptionSource".\r
e130229c
LE		 163 //\r
164 MapInfo->PlainTextAddress = MAX_ADDRESS;\r
ac0a286f
MK		 165 AllocateType = AllocateAnyPages;\r
166 DecryptionSource = (VOID *)(UINTN)MapInfo->CryptedAddress;\r
e130229c 167 switch (Operation) {\r
e130229c 168 //\r
ac0a286f
MK		 169 // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buffer\r
170 // is necessary regardless of whether the original (crypted) buffer crosses\r
171 // the 4GB limit or not -- we have to allocate a separate plaintext buffer.\r
172 // The only variable is whether the plaintext buffer should be under 4GB.\r
e130229c 173 //\r
ac0a286f
MK		 174 case EdkiiIoMmuOperationBusMasterRead:\r
175 case EdkiiIoMmuOperationBusMasterWrite:\r
176 MapInfo->PlainTextAddress = BASE_4GB - 1;\r
177 AllocateType = AllocateMaxAddress;\r
e130229c 178 //\r
ac0a286f 179 // fall through\r
e130229c 180 //\r
ac0a286f
MK		 181 case EdkiiIoMmuOperationBusMasterRead64:\r
182 case EdkiiIoMmuOperationBusMasterWrite64:\r
e130229c 183 //\r
ac0a286f 184 // Allocate the implicit plaintext bounce buffer.\r
e130229c 185 //\r
ac0a286f
MK		 186 Status = gBS->AllocatePages (\r
187 AllocateType,\r
188 EfiBootServicesData,\r
189 MapInfo->NumberOfPages,\r
190 &MapInfo->PlainTextAddress\r
191 );\r
192 if (EFI_ERROR (Status)) {\r
193 goto FreeMapInfo;\r
194 }\r
195\r
196 break;\r
197\r
58e68140 198 //\r
ac0a286f
MK		 199 // For BusMasterCommonBuffer[64] operations, a to-be-plaintext buffer and a\r
200 // stash buffer (for in-place decryption) have been allocated already, with\r
201 // AllocateBuffer(). We only check whether the address of the to-be-plaintext\r
202 // buffer is low enough for the requested operation.\r
e130229c 203 //\r
ac0a286f
MK		 204 case EdkiiIoMmuOperationBusMasterCommonBuffer:\r
205 if ((MapInfo->CryptedAddress > BASE_4GB) ||\r
206 (EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages) >\r
207 BASE_4GB - MapInfo->CryptedAddress))\r
208 {\r
209 //\r
210 // CommonBuffer operations cannot be remapped. If the common buffer is\r
211 // above 4GB, then it is not possible to generate a mapping, so return an\r
212 // error.\r
213 //\r
214 Status = EFI_UNSUPPORTED;\r
215 goto FreeMapInfo;\r
216 }\r
e130229c 217\r
e130229c 218 //\r
ac0a286f 219 // fall through\r
e130229c 220 //\r
ac0a286f
MK		 221 case EdkiiIoMmuOperationBusMasterCommonBuffer64:\r
222 //\r
223 // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer().\r
224 //\r
225 MapInfo->PlainTextAddress = MapInfo->CryptedAddress;\r
226 //\r
227 // Stash the crypted data.\r
228 //\r
229 CommonBufferHeader = (COMMON_BUFFER_HEADER *)(\r
230 (UINTN)MapInfo->CryptedAddress - EFI_PAGE_SIZE\r
231 );\r
232 ASSERT (CommonBufferHeader->Signature == COMMON_BUFFER_SIG);\r
233 CopyMem (\r
234 CommonBufferHeader->StashBuffer,\r
235 (VOID *)(UINTN)MapInfo->CryptedAddress,\r
236 MapInfo->NumberOfBytes\r
237 );\r
238 //\r
239 // Point "DecryptionSource" to the stash buffer so that we decrypt\r
240 // it to the original location, after the switch statement.\r
241 //\r
242 DecryptionSource = CommonBufferHeader->StashBuffer;\r
243 break;\r
244\r
245 default:\r
246 //\r
247 // Operation is invalid\r
248 //\r
249 Status = EFI_INVALID_PARAMETER;\r
250 goto FreeMapInfo;\r
f9d129e6
BS		 251 }\r
252\r
253 //\r
e130229c 254 // Clear the memory encryption mask on the plaintext buffer.\r
f9d129e6 255 //\r
812568fb
LE		 256 Status = MemEncryptSevClearPageEncMask (\r
257 0,\r
dc194ce3 258 MapInfo->PlainTextAddress,\r
adfa3327 259 MapInfo->NumberOfPages\r
812568fb 260 );\r
f1658838
LE		 261 ASSERT_EFI_ERROR (Status);\r
262 if (EFI_ERROR (Status)) {\r
263 CpuDeadLoop ();\r
264 }\r
f9d129e6
BS		 265\r
266 //\r
267 // If this is a read operation from the Bus Master's point of view,\r
268 // then copy the contents of the real buffer into the mapped buffer\r
269 // so the Bus Master can read the contents of the real buffer.\r
270 //\r
58e68140
LE		 271 // For BusMasterCommonBuffer[64] operations, the CopyMem() below will decrypt\r
272 // the original data (from the stash buffer) back to the original location.\r
273 //\r
ac0a286f
MK		 274 if ((Operation == EdkiiIoMmuOperationBusMasterRead) ||\r
275 (Operation == EdkiiIoMmuOperationBusMasterRead64) ||\r
276 (Operation == EdkiiIoMmuOperationBusMasterCommonBuffer) ||\r
277 (Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64))\r
278 {\r
f9d129e6 279 CopyMem (\r
ac0a286f 280 (VOID *)(UINTN)MapInfo->PlainTextAddress,\r
58e68140 281 DecryptionSource,\r
f9d129e6
BS		 282 MapInfo->NumberOfBytes\r
283 );\r
284 }\r
285\r
9ed745b9
LE		 286 //\r
287 // Track all MAP_INFO structures.\r
288 //\r
289 InsertHeadList (&mMapInfos, &MapInfo->Link);\r
f9d129e6 290 //\r
e130229c 291 // Populate output parameters.\r
f9d129e6 292 //\r
dc194ce3 293 *DeviceAddress = MapInfo->PlainTextAddress;\r
f9d129e6
BS		 294 *Mapping = MapInfo;\r
295\r
812568fb
LE		 296 DEBUG ((\r
297 DEBUG_VERBOSE,\r
2ad6ba80 298 "%a: Mapping=0x%p Device(PlainText)=0x%Lx Crypted=0x%Lx Pages=0x%Lx\n",\r
812568fb 299 __FUNCTION__,\r
2ad6ba80 300 MapInfo,\r
dc194ce3 301 MapInfo->PlainTextAddress,\r
c7ef2ed2 302 MapInfo->CryptedAddress,\r
2ad6ba80 303 (UINT64)MapInfo->NumberOfPages\r
812568fb 304 ));\r
f9d129e6
BS		 305\r
306 return EFI_SUCCESS;\r
e130229c
LE		 307\r
308FreeMapInfo:\r
309 FreePool (MapInfo);\r
310\r
311Failed:\r
312 *NumberOfBytes = 0;\r
313 return Status;\r
f9d129e6
BS		 314}\r
315\r
316/**\r
317 Completes the Map() operation and releases any corresponding resources.\r
318\r
550acd08
LE		 319 This is an internal worker function that only extends the Map() API with\r
320 the MemoryMapLocked parameter.\r
321\r
f9d129e6
BS		 322 @param This The protocol instance pointer.\r
323 @param Mapping The mapping value returned from Map().\r
550acd08
LE		 324 @param MemoryMapLocked The function is executing on the stack of\r
325 gBS->ExitBootServices(); changes to the UEFI\r
326 memory map are forbidden.\r
f9d129e6
BS		 327\r
328 @retval EFI_SUCCESS The range was unmapped.\r
812568fb
LE		 329 @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by\r
330 Map().\r
331 @retval EFI_DEVICE_ERROR The data was not committed to the target system\r
332 memory.\r
f9d129e6 333**/\r
550acd08 334STATIC\r
f9d129e6
BS		 335EFI_STATUS\r
336EFIAPI\r
550acd08 337IoMmuUnmapWorker (\r
ac0a286f
MK		 338 IN EDKII_IOMMU_PROTOCOL *This,\r
339 IN VOID *Mapping,\r
340 IN BOOLEAN MemoryMapLocked\r
f9d129e6
BS		 341 )\r
342{\r
ac0a286f
MK		 343 MAP_INFO *MapInfo;\r
344 EFI_STATUS Status;\r
345 COMMON_BUFFER_HEADER *CommonBufferHeader;\r
346 VOID *EncryptionTarget;\r
f9d129e6 347\r
550acd08
LE		 348 DEBUG ((\r
349 DEBUG_VERBOSE,\r
350 "%a: Mapping=0x%p MemoryMapLocked=%d\n",\r
351 __FUNCTION__,\r
352 Mapping,\r
353 MemoryMapLocked\r
354 ));\r
a1d6a9dc 355\r
f9d129e6
BS		 356 if (Mapping == NULL) {\r
357 return EFI_INVALID_PARAMETER;\r
358 }\r
359\r
58e68140
LE		 360 MapInfo = (MAP_INFO *)Mapping;\r
361\r
f9d129e6 362 //\r
58e68140 363 // set CommonBufferHeader to suppress incorrect compiler/analyzer warnings\r
f9d129e6 364 //\r
58e68140 365 CommonBufferHeader = NULL;\r
f9d129e6
BS		 366\r
367 //\r
58e68140
LE		 368 // For BusMasterWrite[64] operations and BusMasterCommonBuffer[64] operations\r
369 // we have to encrypt the results, ultimately to the original place (i.e.,\r
370 // "MapInfo->CryptedAddress").\r
f9d129e6 371 //\r
58e68140
LE		 372 // For BusMasterCommonBuffer[64] operations however, this encryption has to\r
373 // land in-place, so divert the encryption to the stash buffer first.\r
374 //\r
375 EncryptionTarget = (VOID *)(UINTN)MapInfo->CryptedAddress;\r
376\r
377 switch (MapInfo->Operation) {\r
ac0a286f
MK		 378 case EdkiiIoMmuOperationBusMasterCommonBuffer:\r
379 case EdkiiIoMmuOperationBusMasterCommonBuffer64:\r
380 ASSERT (MapInfo->PlainTextAddress == MapInfo->CryptedAddress);\r
381\r
382 CommonBufferHeader = (COMMON_BUFFER_HEADER *)(\r
383 (UINTN)MapInfo->PlainTextAddress - EFI_PAGE_SIZE\r
384 );\r
385 ASSERT (CommonBufferHeader->Signature == COMMON_BUFFER_SIG);\r
386 EncryptionTarget = CommonBufferHeader->StashBuffer;\r
58e68140
LE		 387 //\r
388 // fall through\r
389 //\r
390\r
ac0a286f
MK		 391 case EdkiiIoMmuOperationBusMasterWrite:\r
392 case EdkiiIoMmuOperationBusMasterWrite64:\r
393 CopyMem (\r
394 EncryptionTarget,\r
395 (VOID *)(UINTN)MapInfo->PlainTextAddress,\r
396 MapInfo->NumberOfBytes\r
397 );\r
398 break;\r
58e68140 399\r
ac0a286f
MK		 400 default:\r
401 //\r
402 // nothing to encrypt after BusMasterRead[64] operations\r
403 //\r
404 break;\r
f9d129e6
BS		 405 }\r
406\r
f9d129e6 407 //\r
58e68140
LE		 408 // Restore the memory encryption mask on the area we used to hold the\r
409 // plaintext.\r
f9d129e6 410 //\r
812568fb
LE		 411 Status = MemEncryptSevSetPageEncMask (\r
412 0,\r
dc194ce3 413 MapInfo->PlainTextAddress,\r
adfa3327 414 MapInfo->NumberOfPages\r
812568fb 415 );\r
f1658838
LE		 416 ASSERT_EFI_ERROR (Status);\r
417 if (EFI_ERROR (Status)) {\r
418 CpuDeadLoop ();\r
419 }\r
f9d129e6
BS		 420\r
421 //\r
58e68140
LE		 422 // For BusMasterCommonBuffer[64] operations, copy the stashed data to the\r
423 // original (now encrypted) location.\r
424 //\r
425 // For all other operations, fill the late bounce buffer (which existed as\r
550acd08
LE		 426 // plaintext at some point) with zeros, and then release it (unless the UEFI\r
427 // memory map is locked).\r
58e68140 428 //\r
ac0a286f
MK		 429 if ((MapInfo->Operation == EdkiiIoMmuOperationBusMasterCommonBuffer) ||\r
430 (MapInfo->Operation == EdkiiIoMmuOperationBusMasterCommonBuffer64))\r
431 {\r
58e68140
LE		 432 CopyMem (\r
433 (VOID *)(UINTN)MapInfo->CryptedAddress,\r
434 CommonBufferHeader->StashBuffer,\r
435 MapInfo->NumberOfBytes\r
436 );\r
437 } else {\r
438 ZeroMem (\r
439 (VOID *)(UINTN)MapInfo->PlainTextAddress,\r
440 EFI_PAGES_TO_SIZE (MapInfo->NumberOfPages)\r
441 );\r
550acd08
LE		 442 if (!MemoryMapLocked) {\r
443 gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages);\r
444 }\r
58e68140
LE		 445 }\r
446\r
9ed745b9 447 //\r
550acd08
LE		 448 // Forget the MAP_INFO structure, then free it (unless the UEFI memory map is\r
449 // locked).\r
9ed745b9
LE		 450 //\r
451 RemoveEntryList (&MapInfo->Link);\r
550acd08
LE		 452 if (!MemoryMapLocked) {\r
453 FreePool (MapInfo);\r
454 }\r
9ed745b9 455\r
f9d129e6
BS		 456 return EFI_SUCCESS;\r
457}\r
458\r
550acd08
LE		 459/**\r
460 Completes the Map() operation and releases any corresponding resources.\r
461\r
462 @param This The protocol instance pointer.\r
463 @param Mapping The mapping value returned from Map().\r
464\r
465 @retval EFI_SUCCESS The range was unmapped.\r
466 @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by\r
467 Map().\r
468 @retval EFI_DEVICE_ERROR The data was not committed to the target system\r
469 memory.\r
470**/\r
471EFI_STATUS\r
472EFIAPI\r
473IoMmuUnmap (\r
ac0a286f
MK		 474 IN EDKII_IOMMU_PROTOCOL *This,\r
475 IN VOID *Mapping\r
550acd08
LE		 476 )\r
477{\r
478 return IoMmuUnmapWorker (\r
479 This,\r
480 Mapping,\r
481 FALSE // MemoryMapLocked\r
482 );\r
483}\r
484\r
f9d129e6
BS		 485/**\r
486 Allocates pages that are suitable for an OperationBusMasterCommonBuffer or\r
487 OperationBusMasterCommonBuffer64 mapping.\r
488\r
489 @param This The protocol instance pointer.\r
490 @param Type This parameter is not used and must be ignored.\r
812568fb
LE		 491 @param MemoryType The type of memory to allocate,\r
492 EfiBootServicesData or EfiRuntimeServicesData.\r
f9d129e6 493 @param Pages The number of pages to allocate.\r
812568fb
LE		 494 @param HostAddress A pointer to store the base system memory\r
495 address of the allocated range.\r
496 @param Attributes The requested bit mask of attributes for the\r
497 allocated range.\r
f9d129e6
BS		 498\r
499 @retval EFI_SUCCESS The requested memory pages were allocated.\r
812568fb
LE		 500 @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal\r
501 attribute bits are MEMORY_WRITE_COMBINE and\r
502 MEMORY_CACHED.\r
f9d129e6
BS		 503 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.\r
504 @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated.\r
505\r
506**/\r
507EFI_STATUS\r
508EFIAPI\r
509IoMmuAllocateBuffer (\r
ac0a286f
MK		 510 IN EDKII_IOMMU_PROTOCOL *This,\r
511 IN EFI_ALLOCATE_TYPE Type,\r
512 IN EFI_MEMORY_TYPE MemoryType,\r
513 IN UINTN Pages,\r
514 IN OUT VOID **HostAddress,\r
515 IN UINT64 Attributes\r
f9d129e6
BS		 516 )\r
517{\r
ac0a286f
MK		 518 EFI_STATUS Status;\r
519 EFI_PHYSICAL_ADDRESS PhysicalAddress;\r
520 VOID *StashBuffer;\r
521 UINTN CommonBufferPages;\r
522 COMMON_BUFFER_HEADER *CommonBufferHeader;\r
f9d129e6 523\r
80ddd336
LE		 524 DEBUG ((\r
525 DEBUG_VERBOSE,\r
526 "%a: MemoryType=%u Pages=0x%Lx Attributes=0x%Lx\n",\r
527 __FUNCTION__,\r
528 (UINT32)MemoryType,\r
529 (UINT64)Pages,\r
530 Attributes\r
531 ));\r
532\r
f9d129e6
BS		 533 //\r
534 // Validate Attributes\r
535 //\r
536 if ((Attributes & EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER) != 0) {\r
537 return EFI_UNSUPPORTED;\r
538 }\r
539\r
540 //\r
541 // Check for invalid inputs\r
542 //\r
543 if (HostAddress == NULL) {\r
544 return EFI_INVALID_PARAMETER;\r
545 }\r
546\r
547 //\r
548 // The only valid memory types are EfiBootServicesData and\r
549 // EfiRuntimeServicesData\r
550 //\r
ac0a286f
MK		 551 if ((MemoryType != EfiBootServicesData) &&\r
552 (MemoryType != EfiRuntimeServicesData))\r
553 {\r
f9d129e6
BS		 554 return EFI_INVALID_PARAMETER;\r
555 }\r
556\r
58e68140
LE		 557 //\r
558 // We'll need a header page for the COMMON_BUFFER_HEADER structure.\r
559 //\r
560 if (Pages > MAX_UINTN - 1) {\r
561 return EFI_OUT_OF_RESOURCES;\r
562 }\r
ac0a286f 563\r
58e68140
LE		 564 CommonBufferPages = Pages + 1;\r
565\r
566 //\r
567 // Allocate the stash in EfiBootServicesData type memory.\r
568 //\r
569 // Map() will temporarily save encrypted data in the stash for\r
570 // BusMasterCommonBuffer[64] operations, so the data can be decrypted to the\r
571 // original location.\r
572 //\r
573 // Unmap() will temporarily save plaintext data in the stash for\r
574 // BusMasterCommonBuffer[64] operations, so the data can be encrypted to the\r
575 // original location.\r
576 //\r
577 // StashBuffer always resides in encrypted memory.\r
578 //\r
579 StashBuffer = AllocatePages (Pages);\r
580 if (StashBuffer == NULL) {\r
581 return EFI_OUT_OF_RESOURCES;\r
582 }\r
583\r
f9d129e6
BS		 584 PhysicalAddress = (UINTN)-1;\r
585 if ((Attributes & EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE) == 0) {\r
586 //\r
587 // Limit allocations to memory below 4GB\r
588 //\r
589 PhysicalAddress = SIZE_4GB - 1;\r
590 }\r
ac0a286f 591\r
f9d129e6
BS		 592 Status = gBS->AllocatePages (\r
593 AllocateMaxAddress,\r
594 MemoryType,\r
58e68140 595 CommonBufferPages,\r
f9d129e6
BS		 596 &PhysicalAddress\r
597 );\r
58e68140
LE		 598 if (EFI_ERROR (Status)) {\r
599 goto FreeStashBuffer;\r
f9d129e6
BS		 600 }\r
601\r
58e68140 602 CommonBufferHeader = (VOID *)(UINTN)PhysicalAddress;\r
ac0a286f 603 PhysicalAddress += EFI_PAGE_SIZE;\r
58e68140 604\r
ac0a286f 605 CommonBufferHeader->Signature = COMMON_BUFFER_SIG;\r
58e68140
LE		 606 CommonBufferHeader->StashBuffer = StashBuffer;\r
607\r
608 *HostAddress = (VOID *)(UINTN)PhysicalAddress;\r
609\r
812568fb
LE		 610 DEBUG ((\r
611 DEBUG_VERBOSE,\r
80ddd336 612 "%a: Host=0x%Lx Stash=0x%p\n",\r
812568fb
LE		 613 __FUNCTION__,\r
614 PhysicalAddress,\r
80ddd336 615 StashBuffer\r
812568fb 616 ));\r
58e68140
LE		 617 return EFI_SUCCESS;\r
618\r
619FreeStashBuffer:\r
620 FreePages (StashBuffer, Pages);\r
f9d129e6
BS		 621 return Status;\r
622}\r
623\r
624/**\r
625 Frees memory that was allocated with AllocateBuffer().\r
626\r
627 @param This The protocol instance pointer.\r
628 @param Pages The number of pages to free.\r
812568fb
LE		 629 @param HostAddress The base system memory address of the allocated\r
630 range.\r
f9d129e6
BS		 631\r
632 @retval EFI_SUCCESS The requested memory pages were freed.\r
812568fb
LE		 633 @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress and\r
634 Pages was not allocated with AllocateBuffer().\r
f9d129e6
BS		 635\r
636**/\r
637EFI_STATUS\r
638EFIAPI\r
639IoMmuFreeBuffer (\r
ac0a286f
MK		 640 IN EDKII_IOMMU_PROTOCOL *This,\r
641 IN UINTN Pages,\r
642 IN VOID *HostAddress\r
f9d129e6
BS		 643 )\r
644{\r
ac0a286f
MK		 645 UINTN CommonBufferPages;\r
646 COMMON_BUFFER_HEADER *CommonBufferHeader;\r
58e68140 647\r
1afbb85f
LE		 648 DEBUG ((\r
649 DEBUG_VERBOSE,\r
650 "%a: Host=0x%p Pages=0x%Lx\n",\r
651 __FUNCTION__,\r
652 HostAddress,\r
653 (UINT64)Pages\r
654 ));\r
655\r
ac0a286f 656 CommonBufferPages = Pages + 1;\r
58e68140 657 CommonBufferHeader = (COMMON_BUFFER_HEADER *)(\r
ac0a286f
MK		 658 (UINTN)HostAddress - EFI_PAGE_SIZE\r
659 );\r
f9d129e6
BS		 660\r
661 //\r
58e68140 662 // Check the signature.\r
f9d129e6 663 //\r
58e68140
LE		 664 ASSERT (CommonBufferHeader->Signature == COMMON_BUFFER_SIG);\r
665 if (CommonBufferHeader->Signature != COMMON_BUFFER_SIG) {\r
666 return EFI_INVALID_PARAMETER;\r
667 }\r
668\r
669 //\r
670 // Free the stash buffer. This buffer was always encrypted, so no need to\r
671 // zero it.\r
672 //\r
673 FreePages (CommonBufferHeader->StashBuffer, Pages);\r
f9d129e6 674\r
58e68140
LE		 675 //\r
676 // Release the common buffer itself. Unmap() has re-encrypted it in-place, so\r
677 // no need to zero it.\r
678 //\r
679 return gBS->FreePages ((UINTN)CommonBufferHeader, CommonBufferPages);\r
f9d129e6
BS		 680}\r
681\r
f9d129e6
BS		 682/**\r
683 Set IOMMU attribute for a system memory.\r
684\r
685 If the IOMMU protocol exists, the system memory cannot be used\r
686 for DMA by default.\r
687\r
688 When a device requests a DMA access for a system memory,\r
689 the device driver need use SetAttribute() to update the IOMMU\r
690 attribute to request DMA access (read and/or write).\r
691\r
692 The DeviceHandle is used to identify which device submits the request.\r
812568fb
LE		 693 The IOMMU implementation need translate the device path to an IOMMU device\r
694 ID, and set IOMMU hardware register accordingly.\r
f9d129e6
BS		 695 1) DeviceHandle can be a standard PCI device.\r
696 The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ.\r
697 The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE.\r
812568fb
LE		 698 The memory for BusMasterCommonBuffer need set\r
699 EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE.\r
700 After the memory is used, the memory need set 0 to keep it being\r
701 protected.\r
f9d129e6 702 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc).\r
812568fb
LE		 703 The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or\r
704 EDKII_IOMMU_ACCESS_WRITE.\r
f9d129e6
BS		 705\r
706 @param[in] This The protocol instance pointer.\r
812568fb
LE		 707 @param[in] DeviceHandle The device who initiates the DMA access\r
708 request.\r
f9d129e6
BS		 709 @param[in] Mapping The mapping value returned from Map().\r
710 @param[in] IoMmuAccess The IOMMU access.\r
711\r
812568fb
LE		 712 @retval EFI_SUCCESS The IoMmuAccess is set for the memory range\r
713 specified by DeviceAddress and Length.\r
f9d129e6 714 @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle.\r
812568fb
LE		 715 @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by\r
716 Map().\r
717 @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combination\r
718 of access.\r
f9d129e6 719 @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU.\r
812568fb
LE		 720 @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not supported\r
721 by the IOMMU.\r
722 @retval EFI_UNSUPPORTED The IOMMU does not support the memory range\r
723 specified by Mapping.\r
724 @retval EFI_OUT_OF_RESOURCES There are not enough resources available to\r
725 modify the IOMMU access.\r
726 @retval EFI_DEVICE_ERROR The IOMMU device reported an error while\r
727 attempting the operation.\r
f9d129e6
BS		 728\r
729**/\r
730EFI_STATUS\r
731EFIAPI\r
732IoMmuSetAttribute (\r
733 IN EDKII_IOMMU_PROTOCOL *This,\r
734 IN EFI_HANDLE DeviceHandle,\r
735 IN VOID *Mapping,\r
736 IN UINT64 IoMmuAccess\r
737 )\r
738{\r
739 return EFI_UNSUPPORTED;\r
740}\r
741\r
742EDKII_IOMMU_PROTOCOL mAmdSev = {\r
743 EDKII_IOMMU_PROTOCOL_REVISION,\r
744 IoMmuSetAttribute,\r
745 IoMmuMap,\r
746 IoMmuUnmap,\r
747 IoMmuAllocateBuffer,\r
748 IoMmuFreeBuffer,\r
749};\r
750\r
7aee391f
LE		 751/**\r
752 Notification function that is queued when gBS->ExitBootServices() signals the\r
753 EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. This function signals another\r
754 event, received as Context, and returns.\r
755\r
756 Signaling an event in this context is safe. The UEFI spec allows\r
757 gBS->SignalEvent() to return EFI_SUCCESS only; EFI_OUT_OF_RESOURCES is not\r
758 listed, hence memory is not allocated. The edk2 implementation also does not\r
759 release memory (and we only have to care about the edk2 implementation\r
760 because EDKII_IOMMU_PROTOCOL is edk2-specific anyway).\r
761\r
762 @param[in] Event Event whose notification function is being invoked.\r
763 Event is permitted to request the queueing of this\r
764 function at TPL_CALLBACK or TPL_NOTIFY task\r
765 priority level.\r
766\r
767 @param[in] EventToSignal Identifies the EFI_EVENT to signal. EventToSignal\r
768 is permitted to request the queueing of its\r
769 notification function only at TPL_CALLBACK level.\r
770**/\r
771STATIC\r
772VOID\r
773EFIAPI\r
774AmdSevExitBoot (\r
ac0a286f
MK		 775 IN EFI_EVENT Event,\r
776 IN VOID *EventToSignal\r
7aee391f
LE		 777 )\r
778{\r
779 //\r
780 // (1) The NotifyFunctions of all the events in\r
781 // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES will have been queued before\r
782 // AmdSevExitBoot() is entered.\r
783 //\r
784 // (2) AmdSevExitBoot() is executing minimally at TPL_CALLBACK.\r
785 //\r
786 // (3) AmdSevExitBoot() has been queued in unspecified order relative to the\r
787 // NotifyFunctions of all the other events in\r
788 // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES whose NotifyTpl is the same as\r
789 // Event's.\r
790 //\r
791 // Consequences:\r
792 //\r
793 // - If Event's NotifyTpl is TPL_CALLBACK, then some other NotifyFunctions\r
794 // queued at TPL_CALLBACK may be invoked after AmdSevExitBoot() returns.\r
795 //\r
796 // - If Event's NotifyTpl is TPL_NOTIFY, then some other NotifyFunctions\r
797 // queued at TPL_NOTIFY may be invoked after AmdSevExitBoot() returns; plus\r
798 // *all* NotifyFunctions queued at TPL_CALLBACK will be invoked strictly\r
799 // after all NotifyFunctions queued at TPL_NOTIFY, including\r
800 // AmdSevExitBoot(), have been invoked.\r
801 //\r
802 // - By signaling EventToSignal here, whose NotifyTpl is TPL_CALLBACK, we\r
803 // queue EventToSignal's NotifyFunction after the NotifyFunctions of *all*\r
804 // events in EFI_EVENT_GROUP_EXIT_BOOT_SERVICES.\r
805 //\r
806 DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__));\r
807 gBS->SignalEvent (EventToSignal);\r
808}\r
809\r
810/**\r
811 Notification function that is queued after the notification functions of all\r
812 events in the EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. The same memory\r
813 map restrictions apply.\r
814\r
815 This function unmaps all currently existing IOMMU mappings.\r
816\r
817 @param[in] Event Event whose notification function is being invoked. Event\r
818 is permitted to request the queueing of this function\r
819 only at TPL_CALLBACK task priority level.\r
820\r
821 @param[in] Context Ignored.\r
822**/\r
823STATIC\r
824VOID\r
825EFIAPI\r
826AmdSevUnmapAllMappings (\r
ac0a286f
MK		 827 IN EFI_EVENT Event,\r
828 IN VOID *Context\r
7aee391f
LE		 829 )\r
830{\r
ac0a286f
MK		 831 LIST_ENTRY *Node;\r
832 LIST_ENTRY *NextNode;\r
833 MAP_INFO *MapInfo;\r
7aee391f
LE		 834\r
835 DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__));\r
836\r
837 //\r
838 // All drivers that had set up IOMMU mappings have halted their respective\r
839 // controllers by now; tear down the mappings.\r
840 //\r
841 for (Node = GetFirstNode (&mMapInfos); Node != &mMapInfos; Node = NextNode) {\r
842 NextNode = GetNextNode (&mMapInfos, Node);\r
ac0a286f 843 MapInfo = CR (Node, MAP_INFO, Link, MAP_INFO_SIG);\r
7aee391f
LE		 844 IoMmuUnmapWorker (\r
845 &mAmdSev, // This\r
846 MapInfo, // Mapping\r
847 TRUE // MemoryMapLocked\r
848 );\r
849 }\r
850}\r
851\r
f9d129e6
BS		 852/**\r
853 Initialize Iommu Protocol.\r
854\r
855**/\r
db125079 856EFI_STATUS\r
f9d129e6
BS		 857EFIAPI\r
858AmdSevInstallIoMmuProtocol (\r
859 VOID\r
860 )\r
861{\r
862 EFI_STATUS Status;\r
7aee391f
LE		 863 EFI_EVENT UnmapAllMappingsEvent;\r
864 EFI_EVENT ExitBootEvent;\r
f9d129e6
BS		 865 EFI_HANDLE Handle;\r
866\r
7aee391f
LE		 867 //\r
868 // Create the "late" event whose notification function will tear down all\r
869 // left-over IOMMU mappings.\r
870 //\r
871 Status = gBS->CreateEvent (\r
872 EVT_NOTIFY_SIGNAL, // Type\r
873 TPL_CALLBACK, // NotifyTpl\r
874 AmdSevUnmapAllMappings, // NotifyFunction\r
875 NULL, // NotifyContext\r
876 &UnmapAllMappingsEvent // Event\r
877 );\r
878 if (EFI_ERROR (Status)) {\r
879 return Status;\r
880 }\r
881\r
882 //\r
883 // Create the event whose notification function will be queued by\r
884 // gBS->ExitBootServices() and will signal the event created above.\r
885 //\r
886 Status = gBS->CreateEvent (\r
887 EVT_SIGNAL_EXIT_BOOT_SERVICES, // Type\r
888 TPL_CALLBACK, // NotifyTpl\r
889 AmdSevExitBoot, // NotifyFunction\r
890 UnmapAllMappingsEvent, // NotifyContext\r
891 &ExitBootEvent // Event\r
892 );\r
893 if (EFI_ERROR (Status)) {\r
894 goto CloseUnmapAllMappingsEvent;\r
895 }\r
896\r
f9d129e6
BS		 897 Handle = NULL;\r
898 Status = gBS->InstallMultipleProtocolInterfaces (\r
899 &Handle,\r
ac0a286f
MK		 900 &gEdkiiIoMmuProtocolGuid,\r
901 &mAmdSev,\r
f9d129e6
BS		 902 NULL\r
903 );\r
7aee391f
LE		 904 if (EFI_ERROR (Status)) {\r
905 goto CloseExitBootEvent;\r
906 }\r
907\r
908 return EFI_SUCCESS;\r
909\r
910CloseExitBootEvent:\r
911 gBS->CloseEvent (ExitBootEvent);\r
912\r
913CloseUnmapAllMappingsEvent:\r
914 gBS->CloseEvent (UnmapAllMappingsEvent);\r
915\r
db125079 916 return Status;\r
f9d129e6 917}\r
EFI Development Kit II mirror for PVE