OvmfPkg/IoMmuDxe: abort harder on memory encryption mask failures

Upon a MemEncryptSevClearPageEncMask() failure in Map(), it wouldn't be
difficult to release the bounce buffer that was implicitly allocated for
BusMasterRead[64] and BusMasterWrite[64] operations. However, undoing any
partial memory encryption mask changes -- partial page splitting and PTE
modifications -- is practically impossible. (For example, restoring the
encryption mask on the entire range has no reason to fare any better than
the MemEncryptSevClearPageEncMask() call itself.)

For this reason, keep ASSERT_EFI_ERROR(), but hang in RELEASE builds too,
if MemEncryptSevClearPageEncMask() or MemEncryptSevSetPageEncMask() fails.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>

1 files changed, 8 insertions, 2 deletions

diff --git a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
index 1dafe0df11..452d5c4775 100644
--- a/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
+++ b/OvmfPkg/IoMmuDxe/AmdSevIoMmu.c
@@ -223,7 +223,10 @@ IoMmuMap (
              MapInfo->NumberOfPages,

              TRUE

              );

-  ASSERT_EFI_ERROR(Status);

+  ASSERT_EFI_ERROR (Status);

+  if (EFI_ERROR (Status)) {

+    CpuDeadLoop ();

+  }

 

   //

   // If this is a read operation from the Bus Master's point of view,

@@ -365,7 +368,10 @@ IoMmuUnmap (
              MapInfo->NumberOfPages,

              TRUE

              );

-  ASSERT_EFI_ERROR(Status);

+  ASSERT_EFI_ERROR (Status);

+  if (EFI_ERROR (Status)) {

+    CpuDeadLoop ();

+  }

 

   //

   // For BusMasterCommonBuffer[64] operations, copy the stashed data to the