From f67ec877041b18656fb0504ce86bd05af232747e Mon Sep 17 00:00:00 2001
From: Dionna Glaze <dionnaglaze@google.com>
Date: Tue, 31 Jan 2023 19:08:37 +0000
Subject: OvmfPkg: Fix SevMemoryAcceptance memory attributes

The hard-coded attributes for the re-added memory space should instead
forward the replaced descriptor's capabilities.

Tested on Linux with efi=debug. Prior to this change, an 8GiB VM running
a kernel without unaccepted memory support shows this entry

efi: mem94: [Conventional|   |  |CC|  |  |  |  |  |  |   |  |  |  |  ]
range=[0x0000000100000000-0x000000023fffffff] (5120MB)

This does not have the cache capabilities one would expect for system
memory, UC|WC|WT|WB.

After this change, the same entry becomes

efi: mem94: [Conventional|   |  |CC|  |  |  |  |  |  |   |WB|WT|WC|UC]
range=[0x0000000100000000-0x000000023fffffff] (5120MB)

This has all the expected attributes.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
[ardb: drop the EFI_MEMORY_CPU_CRYPTO flag - it isn't used anywhere else
       in EDK2 or Linux so it doesn't actually do anything, and it is
       unclear whether it is intended for use by the guest in the first
       place]
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
---
 OvmfPkg/AmdSevDxe/AmdSevDxe.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 6391d1f775..9c4e3bb406 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -23,6 +23,10 @@
 #include <Pi/PrePiDxeCis.h>
 #include <Protocol/SevMemoryAcceptance.h>
 #include <Protocol/MemoryAccept.h>
+#include <Uefi/UefiSpec.h>
+
+// Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
+#define EFI_MEMORY_INTERNAL_MASK  0x0700000000000000ULL
 
 STATIC CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  mSnpBootDxeTable = {
   SIGNATURE_32 ('A',                                    'M', 'D', 'E'),
@@ -116,7 +120,9 @@ AcceptAllMemory (
                     EfiGcdMemoryTypeSystemMemory,
                     Desc->BaseAddress,
                     Desc->Length,
-                    EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_XP | EFI_MEMORY_RO | EFI_MEMORY_RP
+                    // Allocable system memory resource capabilities as masked
+                    // in MdeModulePkg/Core/Dxe/Mem/Page.c:PromoteMemoryResource
+                    Desc->Capabilities & ~(EFI_MEMORY_INTERNAL_MASK | EFI_MEMORY_RUNTIME)
                     );
     if (EFI_ERROR (Status)) {
       break;
-- 
cgit