3 The protocol provides support to allocate, free, map and umap a DMA buffer
4 for bus master (e.g PciHostBridge). When SEV is enabled, the DMA operations
5 must be performed on unencrypted buffer hence we use a bounce buffer to map
6 the guest buffer into an unencrypted DMA buffer.
8 Copyright (c) 2017, AMD Inc. All rights reserved.<BR>
9 Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
11 This program and the accompanying materials are licensed and made available
12 under the terms and conditions of the BSD License which accompanies this
13 distribution. The full text of the license may be found at
14 http://opensource.org/licenses/bsd-license.php
16 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
17 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
21 #include "AmdSevIoMmu.h"
24 EDKII_IOMMU_OPERATION Operation
;
27 EFI_PHYSICAL_ADDRESS CryptedAddress
;
28 EFI_PHYSICAL_ADDRESS PlainTextAddress
;
31 #define COMMON_BUFFER_SIG SIGNATURE_64 ('C', 'M', 'N', 'B', 'U', 'F', 'F', 'R')
34 // The following structure enables Map() and Unmap() to perform in-place
35 // decryption and encryption, respectively, for BusMasterCommonBuffer[64]
36 // operations, without dynamic memory allocation or release.
38 // Both COMMON_BUFFER_HEADER and COMMON_BUFFER_HEADER.StashBuffer are allocated
39 // by AllocateBuffer() and released by FreeBuffer().
46 // Always allocated from EfiBootServicesData type memory, and always
52 // Followed by the actual common buffer, starting at the next page.
54 } COMMON_BUFFER_HEADER
;
58 Provides the controller-specific addresses required to access system memory
59 from a DMA bus master. On SEV guest, the DMA operations must be performed on
60 shared buffer hence we allocate a bounce buffer to map the HostAddress to a
61 DeviceAddress. The Encryption attribute is removed from the DeviceAddress
64 @param This The protocol instance pointer.
65 @param Operation Indicates if the bus master is going to read or
66 write to system memory.
67 @param HostAddress The system memory address to map to the PCI
69 @param NumberOfBytes On input the number of bytes to map. On output
70 the number of bytes that were mapped.
71 @param DeviceAddress The resulting map address for the bus master
72 PCI controller to use to access the hosts
74 @param Mapping A resulting value to pass to Unmap().
76 @retval EFI_SUCCESS The range was mapped for the returned
78 @retval EFI_UNSUPPORTED The HostAddress cannot be mapped as a common
80 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
81 @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a
83 @retval EFI_DEVICE_ERROR The system hardware could not map the requested
90 IN EDKII_IOMMU_PROTOCOL
*This
,
91 IN EDKII_IOMMU_OPERATION Operation
,
93 IN OUT UINTN
*NumberOfBytes
,
94 OUT EFI_PHYSICAL_ADDRESS
*DeviceAddress
,
100 EFI_ALLOCATE_TYPE AllocateType
;
101 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
102 VOID
*DecryptionSource
;
104 if (HostAddress
== NULL
|| NumberOfBytes
== NULL
|| DeviceAddress
== NULL
||
106 return EFI_INVALID_PARAMETER
;
110 // Allocate a MAP_INFO structure to remember the mapping when Unmap() is
113 MapInfo
= AllocatePool (sizeof (MAP_INFO
));
114 if (MapInfo
== NULL
) {
115 Status
= EFI_OUT_OF_RESOURCES
;
120 // Initialize the MAP_INFO structure, except the PlainTextAddress field
122 MapInfo
->Operation
= Operation
;
123 MapInfo
->NumberOfBytes
= *NumberOfBytes
;
124 MapInfo
->NumberOfPages
= EFI_SIZE_TO_PAGES (MapInfo
->NumberOfBytes
);
125 MapInfo
->CryptedAddress
= (UINTN
)HostAddress
;
128 // In the switch statement below, we point "MapInfo->PlainTextAddress" to the
129 // plaintext buffer, according to Operation. We also set "DecryptionSource".
131 MapInfo
->PlainTextAddress
= MAX_ADDRESS
;
132 AllocateType
= AllocateAnyPages
;
133 DecryptionSource
= (VOID
*)(UINTN
)MapInfo
->CryptedAddress
;
136 // For BusMasterRead[64] and BusMasterWrite[64] operations, a bounce buffer
137 // is necessary regardless of whether the original (crypted) buffer crosses
138 // the 4GB limit or not -- we have to allocate a separate plaintext buffer.
139 // The only variable is whether the plaintext buffer should be under 4GB.
141 case EdkiiIoMmuOperationBusMasterRead
:
142 case EdkiiIoMmuOperationBusMasterWrite
:
143 MapInfo
->PlainTextAddress
= BASE_4GB
- 1;
144 AllocateType
= AllocateMaxAddress
;
148 case EdkiiIoMmuOperationBusMasterRead64
:
149 case EdkiiIoMmuOperationBusMasterWrite64
:
151 // Allocate the implicit plaintext bounce buffer.
153 Status
= gBS
->AllocatePages (
156 MapInfo
->NumberOfPages
,
157 &MapInfo
->PlainTextAddress
159 if (EFI_ERROR (Status
)) {
165 // For BusMasterCommonBuffer[64] operations, a to-be-plaintext buffer and a
166 // stash buffer (for in-place decryption) have been allocated already, with
167 // AllocateBuffer(). We only check whether the address of the to-be-plaintext
168 // buffer is low enough for the requested operation.
170 case EdkiiIoMmuOperationBusMasterCommonBuffer
:
171 if ((MapInfo
->CryptedAddress
> BASE_4GB
) ||
172 (EFI_PAGES_TO_SIZE (MapInfo
->NumberOfPages
) >
173 BASE_4GB
- MapInfo
->CryptedAddress
)) {
175 // CommonBuffer operations cannot be remapped. If the common buffer is
176 // above 4GB, then it is not possible to generate a mapping, so return an
179 Status
= EFI_UNSUPPORTED
;
185 case EdkiiIoMmuOperationBusMasterCommonBuffer64
:
187 // The buffer at MapInfo->CryptedAddress comes from AllocateBuffer().
189 MapInfo
->PlainTextAddress
= MapInfo
->CryptedAddress
;
191 // Stash the crypted data.
193 CommonBufferHeader
= (COMMON_BUFFER_HEADER
*)(
194 (UINTN
)MapInfo
->CryptedAddress
- EFI_PAGE_SIZE
196 ASSERT (CommonBufferHeader
->Signature
== COMMON_BUFFER_SIG
);
198 CommonBufferHeader
->StashBuffer
,
199 (VOID
*)(UINTN
)MapInfo
->CryptedAddress
,
200 MapInfo
->NumberOfBytes
203 // Point "DecryptionSource" to the stash buffer so that we decrypt
204 // it to the original location, after the switch statement.
206 DecryptionSource
= CommonBufferHeader
->StashBuffer
;
211 // Operation is invalid
213 Status
= EFI_INVALID_PARAMETER
;
218 // Clear the memory encryption mask on the plaintext buffer.
220 Status
= MemEncryptSevClearPageEncMask (
222 MapInfo
->PlainTextAddress
,
223 MapInfo
->NumberOfPages
,
226 ASSERT_EFI_ERROR(Status
);
229 // If this is a read operation from the Bus Master's point of view,
230 // then copy the contents of the real buffer into the mapped buffer
231 // so the Bus Master can read the contents of the real buffer.
233 // For BusMasterCommonBuffer[64] operations, the CopyMem() below will decrypt
234 // the original data (from the stash buffer) back to the original location.
236 if (Operation
== EdkiiIoMmuOperationBusMasterRead
||
237 Operation
== EdkiiIoMmuOperationBusMasterRead64
||
238 Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer
||
239 Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer64
) {
241 (VOID
*) (UINTN
) MapInfo
->PlainTextAddress
,
243 MapInfo
->NumberOfBytes
248 // Populate output parameters.
250 *DeviceAddress
= MapInfo
->PlainTextAddress
;
255 "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n",
257 MapInfo
->PlainTextAddress
,
258 MapInfo
->CryptedAddress
,
259 (UINT64
)MapInfo
->NumberOfPages
,
260 (UINT64
)MapInfo
->NumberOfBytes
274 Completes the Map() operation and releases any corresponding resources.
276 @param This The protocol instance pointer.
277 @param Mapping The mapping value returned from Map().
279 @retval EFI_SUCCESS The range was unmapped.
280 @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by
282 @retval EFI_DEVICE_ERROR The data was not committed to the target system
288 IN EDKII_IOMMU_PROTOCOL
*This
,
294 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
295 VOID
*EncryptionTarget
;
297 if (Mapping
== NULL
) {
298 return EFI_INVALID_PARAMETER
;
301 MapInfo
= (MAP_INFO
*)Mapping
;
304 // set CommonBufferHeader to suppress incorrect compiler/analyzer warnings
306 CommonBufferHeader
= NULL
;
309 // For BusMasterWrite[64] operations and BusMasterCommonBuffer[64] operations
310 // we have to encrypt the results, ultimately to the original place (i.e.,
311 // "MapInfo->CryptedAddress").
313 // For BusMasterCommonBuffer[64] operations however, this encryption has to
314 // land in-place, so divert the encryption to the stash buffer first.
316 EncryptionTarget
= (VOID
*)(UINTN
)MapInfo
->CryptedAddress
;
318 switch (MapInfo
->Operation
) {
319 case EdkiiIoMmuOperationBusMasterCommonBuffer
:
320 case EdkiiIoMmuOperationBusMasterCommonBuffer64
:
321 ASSERT (MapInfo
->PlainTextAddress
== MapInfo
->CryptedAddress
);
323 CommonBufferHeader
= (COMMON_BUFFER_HEADER
*)(
324 (UINTN
)MapInfo
->PlainTextAddress
- EFI_PAGE_SIZE
326 ASSERT (CommonBufferHeader
->Signature
== COMMON_BUFFER_SIG
);
327 EncryptionTarget
= CommonBufferHeader
->StashBuffer
;
332 case EdkiiIoMmuOperationBusMasterWrite
:
333 case EdkiiIoMmuOperationBusMasterWrite64
:
336 (VOID
*) (UINTN
) MapInfo
->PlainTextAddress
,
337 MapInfo
->NumberOfBytes
343 // nothing to encrypt after BusMasterRead[64] operations
350 "%a PlainText 0x%Lx Crypted 0x%Lx Pages 0x%Lx Bytes 0x%Lx\n",
352 MapInfo
->PlainTextAddress
,
353 MapInfo
->CryptedAddress
,
354 (UINT64
)MapInfo
->NumberOfPages
,
355 (UINT64
)MapInfo
->NumberOfBytes
359 // Restore the memory encryption mask on the area we used to hold the
362 Status
= MemEncryptSevSetPageEncMask (
364 MapInfo
->PlainTextAddress
,
365 MapInfo
->NumberOfPages
,
368 ASSERT_EFI_ERROR(Status
);
371 // For BusMasterCommonBuffer[64] operations, copy the stashed data to the
372 // original (now encrypted) location.
374 // For all other operations, fill the late bounce buffer (which existed as
375 // plaintext at some point) with zeros, and then release it.
377 if (MapInfo
->Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer
||
378 MapInfo
->Operation
== EdkiiIoMmuOperationBusMasterCommonBuffer64
) {
380 (VOID
*)(UINTN
)MapInfo
->CryptedAddress
,
381 CommonBufferHeader
->StashBuffer
,
382 MapInfo
->NumberOfBytes
386 (VOID
*)(UINTN
)MapInfo
->PlainTextAddress
,
387 EFI_PAGES_TO_SIZE (MapInfo
->NumberOfPages
)
389 gBS
->FreePages (MapInfo
->PlainTextAddress
, MapInfo
->NumberOfPages
);
393 // Free the MAP_INFO structure.
400 Allocates pages that are suitable for an OperationBusMasterCommonBuffer or
401 OperationBusMasterCommonBuffer64 mapping.
403 @param This The protocol instance pointer.
404 @param Type This parameter is not used and must be ignored.
405 @param MemoryType The type of memory to allocate,
406 EfiBootServicesData or EfiRuntimeServicesData.
407 @param Pages The number of pages to allocate.
408 @param HostAddress A pointer to store the base system memory
409 address of the allocated range.
410 @param Attributes The requested bit mask of attributes for the
413 @retval EFI_SUCCESS The requested memory pages were allocated.
414 @retval EFI_UNSUPPORTED Attributes is unsupported. The only legal
415 attribute bits are MEMORY_WRITE_COMBINE and
417 @retval EFI_INVALID_PARAMETER One or more parameters are invalid.
418 @retval EFI_OUT_OF_RESOURCES The memory pages could not be allocated.
423 IoMmuAllocateBuffer (
424 IN EDKII_IOMMU_PROTOCOL
*This
,
425 IN EFI_ALLOCATE_TYPE Type
,
426 IN EFI_MEMORY_TYPE MemoryType
,
428 IN OUT VOID
**HostAddress
,
433 EFI_PHYSICAL_ADDRESS PhysicalAddress
;
435 UINTN CommonBufferPages
;
436 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
439 // Validate Attributes
441 if ((Attributes
& EDKII_IOMMU_ATTRIBUTE_INVALID_FOR_ALLOCATE_BUFFER
) != 0) {
442 return EFI_UNSUPPORTED
;
446 // Check for invalid inputs
448 if (HostAddress
== NULL
) {
449 return EFI_INVALID_PARAMETER
;
453 // The only valid memory types are EfiBootServicesData and
454 // EfiRuntimeServicesData
456 if (MemoryType
!= EfiBootServicesData
&&
457 MemoryType
!= EfiRuntimeServicesData
) {
458 return EFI_INVALID_PARAMETER
;
462 // We'll need a header page for the COMMON_BUFFER_HEADER structure.
464 if (Pages
> MAX_UINTN
- 1) {
465 return EFI_OUT_OF_RESOURCES
;
467 CommonBufferPages
= Pages
+ 1;
470 // Allocate the stash in EfiBootServicesData type memory.
472 // Map() will temporarily save encrypted data in the stash for
473 // BusMasterCommonBuffer[64] operations, so the data can be decrypted to the
474 // original location.
476 // Unmap() will temporarily save plaintext data in the stash for
477 // BusMasterCommonBuffer[64] operations, so the data can be encrypted to the
478 // original location.
480 // StashBuffer always resides in encrypted memory.
482 StashBuffer
= AllocatePages (Pages
);
483 if (StashBuffer
== NULL
) {
484 return EFI_OUT_OF_RESOURCES
;
487 PhysicalAddress
= (UINTN
)-1;
488 if ((Attributes
& EDKII_IOMMU_ATTRIBUTE_DUAL_ADDRESS_CYCLE
) == 0) {
490 // Limit allocations to memory below 4GB
492 PhysicalAddress
= SIZE_4GB
- 1;
494 Status
= gBS
->AllocatePages (
500 if (EFI_ERROR (Status
)) {
501 goto FreeStashBuffer
;
504 CommonBufferHeader
= (VOID
*)(UINTN
)PhysicalAddress
;
505 PhysicalAddress
+= EFI_PAGE_SIZE
;
507 CommonBufferHeader
->Signature
= COMMON_BUFFER_SIG
;
508 CommonBufferHeader
->StashBuffer
= StashBuffer
;
510 *HostAddress
= (VOID
*)(UINTN
)PhysicalAddress
;
514 "%a Address 0x%Lx Pages 0x%Lx\n",
522 FreePages (StashBuffer
, Pages
);
527 Frees memory that was allocated with AllocateBuffer().
529 @param This The protocol instance pointer.
530 @param Pages The number of pages to free.
531 @param HostAddress The base system memory address of the allocated
534 @retval EFI_SUCCESS The requested memory pages were freed.
535 @retval EFI_INVALID_PARAMETER The memory range specified by HostAddress and
536 Pages was not allocated with AllocateBuffer().
542 IN EDKII_IOMMU_PROTOCOL
*This
,
547 UINTN CommonBufferPages
;
548 COMMON_BUFFER_HEADER
*CommonBufferHeader
;
550 CommonBufferPages
= Pages
+ 1;
551 CommonBufferHeader
= (COMMON_BUFFER_HEADER
*)(
552 (UINTN
)HostAddress
- EFI_PAGE_SIZE
556 // Check the signature.
558 ASSERT (CommonBufferHeader
->Signature
== COMMON_BUFFER_SIG
);
559 if (CommonBufferHeader
->Signature
!= COMMON_BUFFER_SIG
) {
560 return EFI_INVALID_PARAMETER
;
564 // Free the stash buffer. This buffer was always encrypted, so no need to
567 FreePages (CommonBufferHeader
->StashBuffer
, Pages
);
571 "%a Address 0x%Lx Pages 0x%Lx\n",
573 (UINT64
)(UINTN
)HostAddress
,
578 // Release the common buffer itself. Unmap() has re-encrypted it in-place, so
579 // no need to zero it.
581 return gBS
->FreePages ((UINTN
)CommonBufferHeader
, CommonBufferPages
);
586 Set IOMMU attribute for a system memory.
588 If the IOMMU protocol exists, the system memory cannot be used
591 When a device requests a DMA access for a system memory,
592 the device driver need use SetAttribute() to update the IOMMU
593 attribute to request DMA access (read and/or write).
595 The DeviceHandle is used to identify which device submits the request.
596 The IOMMU implementation need translate the device path to an IOMMU device
597 ID, and set IOMMU hardware register accordingly.
598 1) DeviceHandle can be a standard PCI device.
599 The memory for BusMasterRead need set EDKII_IOMMU_ACCESS_READ.
600 The memory for BusMasterWrite need set EDKII_IOMMU_ACCESS_WRITE.
601 The memory for BusMasterCommonBuffer need set
602 EDKII_IOMMU_ACCESS_READ|EDKII_IOMMU_ACCESS_WRITE.
603 After the memory is used, the memory need set 0 to keep it being
605 2) DeviceHandle can be an ACPI device (ISA, I2C, SPI, etc).
606 The memory for DMA access need set EDKII_IOMMU_ACCESS_READ and/or
607 EDKII_IOMMU_ACCESS_WRITE.
609 @param[in] This The protocol instance pointer.
610 @param[in] DeviceHandle The device who initiates the DMA access
612 @param[in] Mapping The mapping value returned from Map().
613 @param[in] IoMmuAccess The IOMMU access.
615 @retval EFI_SUCCESS The IoMmuAccess is set for the memory range
616 specified by DeviceAddress and Length.
617 @retval EFI_INVALID_PARAMETER DeviceHandle is an invalid handle.
618 @retval EFI_INVALID_PARAMETER Mapping is not a value that was returned by
620 @retval EFI_INVALID_PARAMETER IoMmuAccess specified an illegal combination
622 @retval EFI_UNSUPPORTED DeviceHandle is unknown by the IOMMU.
623 @retval EFI_UNSUPPORTED The bit mask of IoMmuAccess is not supported
625 @retval EFI_UNSUPPORTED The IOMMU does not support the memory range
626 specified by Mapping.
627 @retval EFI_OUT_OF_RESOURCES There are not enough resources available to
628 modify the IOMMU access.
629 @retval EFI_DEVICE_ERROR The IOMMU device reported an error while
630 attempting the operation.
636 IN EDKII_IOMMU_PROTOCOL
*This
,
637 IN EFI_HANDLE DeviceHandle
,
639 IN UINT64 IoMmuAccess
642 return EFI_UNSUPPORTED
;
645 EDKII_IOMMU_PROTOCOL mAmdSev
= {
646 EDKII_IOMMU_PROTOCOL_REVISION
,
655 Initialize Iommu Protocol.
660 AmdSevInstallIoMmuProtocol (
668 Status
= gBS
->InstallMultipleProtocolInterfaces (
670 &gEdkiiIoMmuProtocolGuid
, &mAmdSev
,