OvmfPkg: Fix SevMemoryAcceptance memory attributes

The hard-coded attributes for the re-added memory space should instead
forward the replaced descriptor's capabilities.

Tested on Linux with efi=debug. Prior to this change, an 8GiB VM running
a kernel without unaccepted memory support shows this entry

efi: mem94: [Conventional|   |  |CC|  |  |  |  |  |  |   |  |  |  |  ]
range=[0x0000000100000000-0x000000023fffffff] (5120MB)

This does not have the cache capabilities one would expect for system
memory, UC|WC|WT|WB.

After this change, the same entry becomes

efi: mem94: [Conventional|   |  |CC|  |  |  |  |  |  |   |WB|WT|WC|UC]
range=[0x0000000100000000-0x000000023fffffff] (5120MB)

This has all the expected attributes.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
[ardb: drop the EFI_MEMORY_CPU_CRYPTO flag - it isn't used anywhere else
       in EDK2 or Linux so it doesn't actually do anything, and it is
       unclear whether it is intended for use by the guest in the first
       place]
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 6391d1f775d571966275a9f082b17a4f53b09e32..9c4e3bb40638139a8783112a9eba03e43bc74065 100644 (file)
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -23,6 +23,10 @@
 #include <Pi/PrePiDxeCis.h>\r
 #include <Protocol/SevMemoryAcceptance.h>\r
 #include <Protocol/MemoryAccept.h>\r
+#include <Uefi/UefiSpec.h>\r
+\r
+// Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h\r
+#define EFI_MEMORY_INTERNAL_MASK  0x0700000000000000ULL\r
 \r
 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {\r
   SIGNATURE_32 ('A',                                    'M', 'D', 'E'),\r
@@ -116,7 +120,9 @@ AcceptAllMemory (
                     EfiGcdMemoryTypeSystemMemory,\r
                     Desc->BaseAddress,\r
                     Desc->Length,\r
-                    EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_RP\r
+                    // Allocable system memory resource capabilities as masked\r
+                    // in MdeModulePkg/Core/Dxe/Mem/Page.c:PromoteMemoryResource\r
+                    Desc->Capabilities & ~(EFI_MEMORY_INTERNAL_MASK | EFI_MEMORY_RUNTIME)\r
                     );\r
     if (EFI_ERROR (Status)) {\r
       break;\r