From 8803960adcff56281b30eca1b8580b37a29410a1 Mon Sep 17 00:00:00 2001
From: Xin Jiang <jiangxin@hygon.cn>
Date: Thu, 11 Jan 2024 15:54:38 +0800
Subject: [PATCH] anolis: OvmfPkg/BaseMemEncryptLib: Save memory encrypt status
 in reserved memory

The MMIO routine of VC handler will get memory encrypt status to
validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
interrupt while interrupt must be disabled during VC.

During DXE stage, VC routine as below:
CcExitHandleVc->MemEncryptSevGetAddressRangeState->
MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)

Unfortunately, PcdGet64() will enable interrupt in VC context.

Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
---
 ...aseMemEncryptLib-Save-memory-encrypt.patch | 177 ++++++++++++++++++
 edk2.spec                                     |   7 +-
 2 files changed, 183 insertions(+), 1 deletion(-)
 create mode 100644 0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch

diff --git a/0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch b/0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
new file mode 100644
index 0000000..91b09e4
--- /dev/null
+++ b/0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
@@ -0,0 +1,177 @@
+From 670cde2494761894aa6308f515511685be402433 Mon Sep 17 00:00:00 2001
+From: Xin Jiang <jiangxin@hygon.cn>
+Date: Wed, 10 Jan 2024 17:34:57 +0800
+Subject: [PATCH] anolis: OvmfPkg/BaseMemEncryptLib: Save memory encrypt status
+ in reserved memory
+
+The MMIO routine of VC handler will get memory encrypt status to
+validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
+interrupt while interrupt must be disabled during VC.
+
+During DXE stage, VC routine as below:
+CcExitHandleVc->MemEncryptSevGetAddressRangeState->
+MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)
+
+Unfortunately, PcdGet64() will enable interrupt in VC context.
+
+Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
+Change-Id: I617af038d3fa1e92e33092950f694511959127c8
+---
+ OvmfPkg/AmdSev/AmdSevX64.fdf                             | 5 ++++-
+ OvmfPkg/IntelTdx/IntelTdxX64.fdf                         | 5 ++++-
+ .../Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 4 ++++
+ .../BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c   | 9 ++-------
+ OvmfPkg/OvmfPkg.dec                                      | 4 ++++
+ OvmfPkg/OvmfPkgX64.fdf                                   | 5 ++++-
+ OvmfPkg/PlatformPei/AmdSev.c                             | 2 ++
+ OvmfPkg/PlatformPei/Csv.c                                | 6 ++++++
+ OvmfPkg/PlatformPei/PlatformPei.inf                      | 2 ++
+ 9 files changed, 32 insertions(+), 10 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index dd8e511cb9..4e45bf0212 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -80,7 +80,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
+ 0x012000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ 
+-0x013000|0x00D000
++0x013000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
++
++0x014000|0x00C000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x020000|0x0E0000
+diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+index 8900524cd5..5e777a3e69 100644
+--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
++++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+@@ -100,7 +100,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
+ 0x011000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ 
+-0x012000|0x00E000
++0x012000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
++
++0x013000|0x00D000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x100000|0x700000
+diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+index 4d32fae618..6f2f69d048 100644
+--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
++++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+@@ -61,3 +61,7 @@
+ [Pcd]
+   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
+   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
++
++[FixedPcd]
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+index d80ebe2fac..a9d43237ef 100644
+--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
++++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+@@ -22,8 +22,6 @@
+ 
+ STATIC UINT64   mCurrentAttr                   = 0;
+ STATIC BOOLEAN  mCurrentAttrRead               = FALSE;
+-STATIC UINT64   mSevEncryptionMask             = 0;
+-STATIC BOOLEAN  mSevEncryptionMaskSaved        = FALSE;
+ STATIC BOOLEAN  mSevLiveMigrationStatus        = FALSE;
+ STATIC BOOLEAN  mSevLiveMigrationStatusChecked = FALSE;
+ 
+@@ -193,10 +191,7 @@ MemEncryptSevGetEncryptionMask (
+   VOID
+   )
+ {
+-  if (!mSevEncryptionMaskSaved) {
+-    mSevEncryptionMask      = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
+-    mSevEncryptionMaskSaved = TRUE;
+-  }
++  UINT64 *MemEncryptStatus = (UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase);
+ 
+-  return mSevEncryptionMask;
++  return *MemEncryptStatus;
+ }
+diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
+index 453b4ea497..a62bb9bc84 100644
+--- a/OvmfPkg/OvmfPkg.dec
++++ b/OvmfPkg/OvmfPkg.dec
+@@ -436,6 +436,10 @@
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|0|UINT32|0x72
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize|0|UINT32|0x73
+ 
++  ## the base address of memory encryption status.
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|0|UINT32|0x74
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize|0|UINT32|0x75
++
+ [PcdsDynamic, PcdsDynamicEx]
+   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 98f4e5cae3..ac3981ac58 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -100,7 +100,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
+ 0x011000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ 
+-0x012000|0x00E000
++0x012000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
++
++0x013000|0x00D000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x020000|0x0E0000
+diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
+index 553e841e55..7c4ef89990 100644
+--- a/OvmfPkg/PlatformPei/AmdSev.c
++++ b/OvmfPkg/PlatformPei/AmdSev.c
+@@ -379,6 +379,8 @@ AmdSevInitialize (
+   PcdStatus      = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);
+   ASSERT_RETURN_ERROR (PcdStatus);
+ 
++  *(UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase) = EncryptionMask;
++
+   DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
+ 
+   //
+diff --git a/OvmfPkg/PlatformPei/Csv.c b/OvmfPkg/PlatformPei/Csv.c
+index a52112d55b..fe8c059b0d 100644
+--- a/OvmfPkg/PlatformPei/Csv.c
++++ b/OvmfPkg/PlatformPei/Csv.c
+@@ -33,6 +33,12 @@ CsvInitializeMemInfo (
+   UINT64                      LowerMemorySize;
+   UINT64                      UpperMemorySize;
+ 
++  BuildMemoryAllocationHob (
++    (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusBase),
++    (UINT64)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusSize),
++    EfiReservedMemoryType
++    );
++
+   if (!CsvIsEnabled ()) {
+     return ;
+   }
+diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
+index 0cadd0a3af..a098644130 100644
+--- a/OvmfPkg/PlatformPei/PlatformPei.inf
++++ b/OvmfPkg/PlatformPei/PlatformPei.inf
+@@ -136,6 +136,8 @@
+   gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallSize
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+ 
+ [FeaturePcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable
+-- 
+2.17.1
+
diff --git a/edk2.spec b/edk2.spec
index dc5e890..ef51674 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -1,4 +1,4 @@
-%define anolis_release 5
+%define anolis_release 6
 
 %undefine _auto_set_build_flags
 ExclusiveArch: x86_64 aarch64 loongarch64
@@ -80,6 +80,7 @@ Patch0017: 0016-OvmfPkg-PlatformPei-Mark-SEC-GHCB-page-as-unencrypte.patch
 Patch0018: 0017-OvmfPkg-AmdSevDxe-Add-support-for-SEV-live-migration.patch
 Patch0019: 0018-anolis-OvmfPkg-BaseMemcryptSevLib-Correct-the-calcul.patch
 Patch0020: 0019-anolis-OvmfPkg-BaseMemEncryptLib-Return-SUCCESS-if-n.patch
+Patch0021: 0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
 
 BuildRequires:  python3-devel
 BuildRequires:  libuuid-devel
@@ -474,6 +475,10 @@ install -m 0644 \
 
 
 %changelog
+* Thu Jan 11 2024 Xin Jiang <jiangxin@hygon.cn> - 202302-6
+- 0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
+- Fix the isue that interrupt is enabled in MMIO VC handler
+
 * Thu Nov 30 2023 Xin Jiang <jiangxin@hygon.cn> - 202302-5
 - 0012-OvmfPkg-BaseMemEncryptLib-Detect-SEV-live-migration-.patch
 - 0013-OvmfPkg-BaseMemEncryptLib-Hypercall-API-for-page-enc.patch
-- 
Gitee