Wang, Shane
2011-Jan-10 03:32 UTC
[Xen-devel] [PATCH] to put dmar hidding/restoring into Xen to fix S3 w/ TXT (Resend)
Put the code for hidding and restoring DMAR table from tboot into Xen in order
to fix S3 broken issue with TXT launch.
Signed-off-by: Shane Wang <shane.wang@intel.com>
diff -r 946d84529a07 xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c Sat Jan 08 11:07:18 2011 +0000
+++ b/xen/arch/x86/tboot.c Wed Jan 12 01:37:14 2011 +0800
@@ -352,6 +352,9 @@ void tboot_shutdown(uint32_t shutdown_ty
/* if this is S3 then set regions to MAC */
if ( shutdown_type == TB_SHUTDOWN_S3 ) {
+ /* restore DMAR table */
+ acpi_dmar_reinstate();
+
/*
* Xen regions for tboot to MAC
*/
@@ -484,6 +487,7 @@ int tboot_s3_resume(void)
int tboot_s3_resume(void)
{
vmac_t mac;
+ int ret = 0;
if ( !tboot_in_measured_env() )
return 0;
@@ -492,22 +496,30 @@ int tboot_s3_resume(void)
tboot_gen_xenheap_integrity(g_tboot_shared->s3_key, &mac);
printk("MAC for xenheap before S3 is: 0x%08"PRIx64"\n",
xenheap_mac);
printk("MAC for xenheap after S3 is: 0x%08"PRIx64"\n",
mac);
- if ( mac != xenheap_mac )
- return -1;
+ if ( mac != xenheap_mac ) {
+ ret = -1;
+ goto exit;
+ }
tboot_gen_frametable_integrity(g_tboot_shared->s3_key, &mac);
printk("MAC for frametable before S3 is:
0x%08"PRIx64"\n", frametable_mac);
printk("MAC for frametable after S3 is:
0x%08"PRIx64"\n", mac);
- if ( mac != frametable_mac )
- return -2;
+ if ( mac != frametable_mac ) {
+ ret = -2;
+ goto exit;
+ }
tboot_gen_domain_integrity(g_tboot_shared->s3_key, &mac);
printk("MAC for domains before S3 is: 0x%08"PRIx64"\n",
domain_mac);
printk("MAC for domains after S3 is: 0x%08"PRIx64"\n",
mac);
- if ( mac != domain_mac )
- return -3;
+ if ( mac != domain_mac ) {
+ ret = -3;
+ goto exit;
+ }
- return 0;
+exit:
+ acpi_dmar_zap();
+ return ret;
}
/*
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Keir Fraser
2011-Jan-10 08:37 UTC
[Xen-devel] Re: [PATCH] to put dmar hidding/restoring into Xen to fix S3 w/ TXT (Resend)
On 10/01/2011 03:32, "Wang, Shane" <shane.wang@intel.com> wrote:> Put the code for hidding and restoring DMAR table from tboot into Xen in order > to fix S3 broken issue with TXT launch.We already do this in arch/x86/acpi/power.c:enter_state(). Since enter_state() is in the call stack of tboot_shutdown(), via tboot_sleep(), this patch is unnecessary. In fact acpi_dmar_reinstate() is not idempotent, so I actually think this patch takes a reinstated DMAR and breaks its checksum! -- Keir> Signed-off-by: Shane Wang <shane.wang@intel.com> > > diff -r 946d84529a07 xen/arch/x86/tboot.c > --- a/xen/arch/x86/tboot.c Sat Jan 08 11:07:18 2011 +0000 > +++ b/xen/arch/x86/tboot.c Wed Jan 12 01:37:14 2011 +0800 > @@ -352,6 +352,9 @@ void tboot_shutdown(uint32_t shutdown_ty > > /* if this is S3 then set regions to MAC */ > if ( shutdown_type == TB_SHUTDOWN_S3 ) { > + /* restore DMAR table */ > + acpi_dmar_reinstate(); > + > /* > * Xen regions for tboot to MAC > */ > @@ -484,6 +487,7 @@ int tboot_s3_resume(void) > int tboot_s3_resume(void) > { > vmac_t mac; > + int ret = 0; > > if ( !tboot_in_measured_env() ) > return 0; > @@ -492,22 +496,30 @@ int tboot_s3_resume(void) > tboot_gen_xenheap_integrity(g_tboot_shared->s3_key, &mac); > printk("MAC for xenheap before S3 is: 0x%08"PRIx64"\n", xenheap_mac); > printk("MAC for xenheap after S3 is: 0x%08"PRIx64"\n", mac); > - if ( mac != xenheap_mac ) > - return -1; > + if ( mac != xenheap_mac ) { > + ret = -1; > + goto exit; > + } > > tboot_gen_frametable_integrity(g_tboot_shared->s3_key, &mac); > printk("MAC for frametable before S3 is: 0x%08"PRIx64"\n", > frametable_mac); > printk("MAC for frametable after S3 is: 0x%08"PRIx64"\n", mac); > - if ( mac != frametable_mac ) > - return -2; > + if ( mac != frametable_mac ) { > + ret = -2; > + goto exit; > + } > > tboot_gen_domain_integrity(g_tboot_shared->s3_key, &mac); > printk("MAC for domains before S3 is: 0x%08"PRIx64"\n", domain_mac); > printk("MAC for domains after S3 is: 0x%08"PRIx64"\n", mac); > - if ( mac != domain_mac ) > - return -3; > + if ( mac != domain_mac ) { > + ret = -3; > + goto exit; > + } > > - return 0; > +exit: > + acpi_dmar_zap(); > + return ret; > } > > /*_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Wang, Shane
2011-Jan-11 00:14 UTC
[Xen-devel] RE: [PATCH] to put dmar hidding/restoring into Xen to fix S3 w/ TXT (Resend)
OK. Then restoring DMAR is not necessary before S3. But I am thinking whether we need to hide DMAR again after S3 resume. Thanks. Shane Keir Fraser wrote on 2011-01-10:> On 10/01/2011 03:32, "Wang, Shane" <shane.wang@intel.com> wrote: > >> Put the code for hidding and restoring DMAR table from tboot into >> Xen in order to fix S3 broken issue with TXT launch. > > We already do this in arch/x86/acpi/power.c:enter_state(). Since > enter_state() is in the call stack of tboot_shutdown(), via > tboot_sleep(), this patch is unnecessary. In fact > acpi_dmar_reinstate() is not idempotent, so I actually think this patch takes a reinstated DMAR and breaks its checksum! > > -- Keir > >> Signed-off-by: Shane Wang <shane.wang@intel.com> >> >> diff -r 946d84529a07 xen/arch/x86/tboot.c >> --- a/xen/arch/x86/tboot.c Sat Jan 08 11:07:18 2011 +0000 >> +++ b/xen/arch/x86/tboot.c Wed Jan 12 01:37:14 2011 +0800 >> @@ -352,6 +352,9 @@ void tboot_shutdown(uint32_t shutdown_ty >> >> /* if this is S3 then set regions to MAC */ >> if ( shutdown_type == TB_SHUTDOWN_S3 ) { >> + /* restore DMAR table */ >> + acpi_dmar_reinstate(); >> + >> /* >> * Xen regions for tboot to MAC >> */ >> @@ -484,6 +487,7 @@ int tboot_s3_resume(void) int >> tboot_s3_resume(void) { >> vmac_t mac; >> + int ret = 0; >> >> if ( !tboot_in_measured_env() ) >> return 0; >> @@ -492,22 +496,30 @@ int tboot_s3_resume(void) >> tboot_gen_xenheap_integrity(g_tboot_shared->s3_key, &mac); >> printk("MAC for xenheap before S3 is: 0x%08"PRIx64"\n", >> xenheap_mac); printk("MAC for xenheap after S3 is: >> 0x%08"PRIx64"\n", mac); >> - if ( mac != xenheap_mac ) >> - return -1; >> + if ( mac != xenheap_mac ) { >> + ret = -1; >> + goto exit; >> + } >> >> tboot_gen_frametable_integrity(g_tboot_shared->s3_key, &mac); >> printk("MAC for frametable before S3 is: 0x%08"PRIx64"\n", >> frametable_mac); printk("MAC for frametable after S3 is: >> 0x%08"PRIx64"\n", mac); >> - if ( mac != frametable_mac ) >> - return -2; >> + if ( mac != frametable_mac ) { >> + ret = -2; >> + goto exit; >> + } >> >> tboot_gen_domain_integrity(g_tboot_shared->s3_key, &mac); >> printk("MAC for domains before S3 is: 0x%08"PRIx64"\n", >> domain_mac); printk("MAC for domains after S3 is: >> 0x%08"PRIx64"\n", mac); >> - if ( mac != domain_mac ) >> - return -3; >> + if ( mac != domain_mac ) { >> + ret = -3; >> + goto exit; >> + } >> >> - return 0; >> +exit: >> + acpi_dmar_zap(); >> + return ret; >> } >> >> /* >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Wang, Shane
2011-Jan-11 00:36 UTC
[Xen-devel] RE: [PATCH] to put dmar hidding/restoring into Xen to fix S3 w/ TXT (Resend)
Oh, forget that. I saw acpi_dmar_zap() in enter_state(). Thanks. Shane Wang, Shane wrote on 2011-01-11:> OK. Then restoring DMAR is not necessary before S3. > But I am thinking whether we need to hide DMAR again after S3 resume. > > Thanks. > Shane > > Keir Fraser wrote on 2011-01-10: > >> On 10/01/2011 03:32, "Wang, Shane" <shane.wang@intel.com> wrote: >> >>> Put the code for hidding and restoring DMAR table from tboot into >>> Xen in order to fix S3 broken issue with TXT launch. >> >> We already do this in arch/x86/acpi/power.c:enter_state(). Since >> enter_state() is in the call stack of tboot_shutdown(), via >> tboot_sleep(), this patch is unnecessary. In fact acpi_dmar_reinstate() >> is not idempotent, so I actually think this patch takes a reinstated >> DMAR and breaks its checksum! >> >> -- Keir >> >>> Signed-off-by: Shane Wang <shane.wang@intel.com> >>> >>> diff -r 946d84529a07 xen/arch/x86/tboot.c >>> --- a/xen/arch/x86/tboot.c Sat Jan 08 11:07:18 2011 +0000 >>> +++ b/xen/arch/x86/tboot.c Wed Jan 12 01:37:14 2011 +0800 >>> @@ -352,6 +352,9 @@ void tboot_shutdown(uint32_t shutdown_ty >>> >>> /* if this is S3 then set regions to MAC */ >>> if ( shutdown_type == TB_SHUTDOWN_S3 ) { >>> + /* restore DMAR table */ >>> + acpi_dmar_reinstate(); >>> + >>> /* >>> * Xen regions for tboot to MAC >>> */ >>> @@ -484,6 +487,7 @@ int tboot_s3_resume(void) int >>> tboot_s3_resume(void) { >>> vmac_t mac; >>> + int ret = 0; >>> >>> if ( !tboot_in_measured_env() ) >>> return 0; >>> @@ -492,22 +496,30 @@ int tboot_s3_resume(void) >>> tboot_gen_xenheap_integrity(g_tboot_shared->s3_key, &mac); >>> printk("MAC for xenheap before S3 is: 0x%08"PRIx64"\n", >>> xenheap_mac); printk("MAC for xenheap after S3 is: >>> 0x%08"PRIx64"\n", mac); >>> - if ( mac != xenheap_mac ) >>> - return -1; >>> + if ( mac != xenheap_mac ) { >>> + ret = -1; >>> + goto exit; >>> + } >>> >>> tboot_gen_frametable_integrity(g_tboot_shared->s3_key, &mac); >>> printk("MAC for frametable before S3 is: 0x%08"PRIx64"\n", >>> frametable_mac); printk("MAC for frametable after S3 is: >>> 0x%08"PRIx64"\n", mac); >>> - if ( mac != frametable_mac ) >>> - return -2; >>> + if ( mac != frametable_mac ) { >>> + ret = -2; >>> + goto exit; >>> + } >>> >>> tboot_gen_domain_integrity(g_tboot_shared->s3_key, &mac); >>> printk("MAC for domains before S3 is: 0x%08"PRIx64"\n", >>> domain_mac); printk("MAC for domains after S3 is: >>> 0x%08"PRIx64"\n", mac); >>> - if ( mac != domain_mac ) >>> - return -3; >>> + if ( mac != domain_mac ) { >>> + ret = -3; >>> + goto exit; >>> + } >>> >>> - return 0; >>> +exit: >>> + acpi_dmar_zap(); >>> + return ret; >>> } >>> >>> /* >> >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel