From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1298FAC1BF7 for ; Fri, 26 Jan 2024 22:15:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=3lAzxi8sBWNSKptwFNlNK/sFs+WgZeRXQz+leD21ew8=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307307; v=1; b=os90dpJxSoSQVF0Ux1V5fqY70qOBjXCLjaD8dWZaGC5oIh5kMEG5K4LXyofoTZ+O8rUwcrzO WygFfUjf3KnMExkZUwEYRx9C0Jn8VCVPmNcpQujgt2Pw0UhHk2KprgVNQxpeOtfcFfhD2BXt/F/ KJ8VWrc/t62MJKl37RSJQL4M= X-Received: by 127.0.0.2 with SMTP id hyc9YY7687511x1uEJyv4njN; Fri, 26 Jan 2024 14:15:07 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.41]) by mx.groups.io with SMTP id smtpd.web10.2899.1706307307018087457 for ; Fri, 26 Jan 2024 14:15:07 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VkTnbrJaVL9grKPbK/ZXMCbdDw4fFHEiEJ0ptTn12Ig14vA0QWLXea4ScmVUGaKbiEFAEUaFJCblU3BftiRYf/Q37N46InrQwMwhe6IeI/lJxyME8Ky01vA2SAcR+xnLsmwEptyjsubgDKegpjN1ufALSH+REfX5sJzxqJwIlD6T5GIIcGacshd9L+S2W2e4W1yO9tWYu/FlYMAaPXH04wYyXZyaqdFcaWUmP/I2zXaCMmeMXBVRh8ShppkgkqjD7r6w71GOwIlfSEpw0Yl7rfXgZXbN2CYUMdFCr8PocBf81IiY1ecGZ1cKydFdLpkwnoQkhkMoqU2KVQbnFRkBqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6IBjrBRoPXMHRDtpFgmmUb4SMKdZD+b0VhmNYlZsMx4=; b=Bf8WADlM2bgf2p0RH23SvXamgqC6vaDMcUdApQRr5oHNcVBmNOHpfsYZNxovNUFaU+uIV5MPAgGmQXPTyLAH4LU3sjFt0HKgxSm9FSVqIm8hjFfZSyYhfpbgknXbqM5x7MCxuSg8Tc3hgL5PcJZRJq7PZgUm9wYodB9SDD0wptAnPw76vkWZZV4eRzqlTGrgNX+NiaPdPb2Cc0qKJbKOrQVUwARjdx0+9RjyP5qDMkomVWhesDKFnAkoXpoaORPdz1PDMMXY9TtK5zsycz4b9eNOt/8IzIHr3gnqNXUaL+dsMhtv1Fqi6kG8R6xXBSvDvBHCGOlpx50ObEeACfrCJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DM6PR04CA0003.namprd04.prod.outlook.com (2603:10b6:5:334::8) by SJ1PR12MB6218.namprd12.prod.outlook.com (2603:10b6:a03:457::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 22:15:04 +0000 X-Received: from DS2PEPF0000343F.namprd02.prod.outlook.com (2603:10b6:5:334:cafe::cd) by DM6PR04CA0003.outlook.office365.com (2603:10b6:5:334::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:15:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343F.mail.protection.outlook.com (10.167.18.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:15:03 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:15:02 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 13/16] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Date: Fri, 26 Jan 2024 16:13:12 -0600 Message-ID: <1948e02ed8167f9b9f8a71dd2d3216896720aa30.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343F:EE_|SJ1PR12MB6218:EE_ X-MS-Office365-Filtering-Correlation-Id: 6e5366c8-1c53-4be6-4894-08dc1ebc3f04 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: S7rniaJPPTisJGZnIL1vyUyv5TJtGxRaS+I50j1NgCJzCFkEQ1TrYTQqBwFv267c7HNCRb08suPXYdaIc7WpyxUnuacDcQIgGs6dC+ZdG9gI1vsbnQwJ5ay6Yxig8cFgV7WWVV99bk7IowI5PfC0BAeRmShwvyLrWhBXbuQhMwQuS1ZW0eT1/rpq8fSK6wzcAA9YXwVUfMr595AUnd+2+MlsB2RmAH73OLR0nadlDRel8A8Te73eVMsqXEsYnXvS3m7xcTLkbj4HbfMUx0nMS9Z/bom3sV4teI+3J92NEdu+YzGewLHt6bfk2M/9DpbwECZV9mmzqyjpYTs9YBTwqmAXpFlzUq3OO6tkZT9h0wGbERioRQqw4HmeuhblCpOXGXegmbi+m10SVzmMngLfMOEmKQmjh86r2aRKk/fHNZEVo+pIF+ri7vTS7b0BJh9mIxUiDXfL06CP0YLeK0TYw1Xl/MIaCVoE20tZ+jnF6H1+c8PUWvZWzKBzDfyQ3NyEz3mJ05J3L8MjSavDEMQL0qb/Lrn+p/ljBfhF7PWOWp4BXE10xkaXFXS79QPKysFEMhX772VmjnvPhJ0fDXw7S1ujoKVKiCodA1UMhGx+jViUGjAeIlQ1VitgBksXRPq+vwDlnJErgY6wZnzXqicY0eH5tOKhBAey2CJqoYgl1z34RUGVD5xdHCNNZFsr8FiCO53yZ47fF5OiWCEq+lgjmG8mumhf1GfaFcC3UwSWsbNIo8L0fv6gtltT2EJmlovf9wHmUYDYuWWwEDP9Aou4NryyEBlXRd1/T2mkP08g4cM= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:15:03.8916 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6e5366c8-1c53-4be6-4894-08dc1ebc3f04 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6218 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 2Ht3LFUWwzbwf5tu914OUtHkx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=os90dpJx; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Currently, the first time an AP is started for an SEV-SNP guest, it relies on the VMSA as set by the hypervisor. If the list of APIC IDs has been retrieved, this is not necessary. Instead, use the SEV-SNP AP Create protocol to start the AP for the first time and thereafter using the VMPL at which the BSP is running. Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 +- UefiCpuPkg/Library/MpInitLib/MpLib.h | 13 ++++ UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 19 +++++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 79 +++++++++++++++++++- 6 files changed, 116 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 55e46d4a1fad..1ec50481f0d4 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -82,6 +82,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index bc3d716aa951..f0af07d3bdfb 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -66,7 +66,8 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONS= UMES - gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CON= SUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds ## CONS= UMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONS= UMES =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 6e2137cb17cd..f1a5fa98d425 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -897,6 +897,19 @@ SevSnpCreateAP ( IN INTN ProcessorNumber ); =20 +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +SevSnpUseCreateAP ( + IN CPU_MP_DATA *CpuMpData + ); + /** Get pointer to CPU MP Data structure from GUIDed HOB. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Librar= y/MpInitLib/Ia32/AmdSev.c index a2b8a5b3f516..f9f24bee09de 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c @@ -48,3 +48,22 @@ SevSnpCreateAP ( // ASSERT (FALSE); } + +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +SevSnpUseCreateAP ( + IN CPU_MP_DATA *CpuMpData + ) +{ + // + // SEV-SNP is not supported on 32-bit build. + // + return FALSE; +} diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index cdfb570e61a0..5e017bcf9018 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1302,9 +1302,10 @@ WakeUpAP ( // // Wakeup all APs // Must use the INIT-SIPI-SIPI method for initial configuration in - // order to obtain the APIC ID. + // order to obtain the APIC ID if not an SEV-SNP guest and the + // list of APIC IDs is not available. // - if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag !=3D ApInitCo= nfig)) { + if (SevSnpUseCreateAP (CpuMpData)) { SevSnpCreateAP (CpuMpData, -1); } else { if ((CpuMpData->InitFlag =3D=3D ApInitConfig) && FixedPcdGetBool (= PcdFirstTimeWakeUpAPsBySipi)) { @@ -1414,7 +1415,7 @@ WakeUpAP ( SetSevEsJumpTable (ExchangeInfo->BufferStart); } =20 - if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag !=3D ApInitCo= nfig)) { + if (SevSnpUseCreateAP (CpuMpData)) { SevSnpCreateAP (CpuMpData, (INTN)ProcessorNumber); } else { SendInitSipiSipi ( diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index db9a37fbbd19..6186a8d71521 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -263,17 +263,63 @@ SevSnpCreateAP ( CPU_INFO_IN_HOB *CpuInfoInHob; CPU_AP_DATA *CpuData; UINTN Index; + UINTN MaxIndex; UINT32 ApicId; + GHCB_APIC_IDS *GhcbApicIds; =20 ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000); =20 CpuInfoInHob =3D (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; =20 if (ProcessorNumber < 0) { - for (Index =3D 0; Index < CpuMpData->CpuCount; Index++) { + GhcbApicIds =3D (GHCB_APIC_IDS *)(UINTN)PcdGet64 (PcdSevSnpApicIds); + + if (CpuMpData->InitFlag =3D=3D ApInitConfig) { + // + // APs have not been started, so CpuCount is not "known" yet. + // Use the retrieved APIC IDs to start the APs and fill out the + // MpLib CPU information properly. + // + ASSERT (GhcbApicIds !=3D NULL); + if (GhcbApicIds =3D=3D NULL) { + return; + } + + MaxIndex =3D MIN (GhcbApicIds->NumEntries, PcdGet32 (PcdCpuMaxLogica= lProcessorNumber)); + } else { + // + // APs have been previously started. + // + MaxIndex =3D CpuMpData->CpuCount; + } + + for (Index =3D 0; Index < MaxIndex; Index++) { if (Index !=3D CpuMpData->BspNumber) { CpuData =3D &CpuMpData->CpuData[Index]; - ApicId =3D CpuInfoInHob[Index].ApicId, + + if (CpuMpData->InitFlag =3D=3D ApInitConfig) { + // + // CodeQL doesn't understand that a check for NULL was already d= one + // above, so check again. + // + if (GhcbApicIds =3D=3D NULL) { + return; + } + + ApicId =3D GhcbApicIds->ApicIds[Index]; + + // + // For the first boot, use the BSP register information. + // + CopyMem ( + &CpuData->VolatileRegisters, + &CpuMpData->CpuData[0].VolatileRegisters, + sizeof (CpuData->VolatileRegisters) + ); + } else { + ApicId =3D CpuInfoInHob[Index].ApicId; + } + SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); } } @@ -284,3 +330,32 @@ SevSnpCreateAP ( SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); } } + +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +SevSnpUseCreateAP ( + IN CPU_MP_DATA *CpuMpData + ) +{ + // + // The AP Create protocol is used for an SEV-SNP guest if + // - The initial configuration has been performed already or + // - PcdSevSnpApicIds is non-zero. + // + if (!CpuMpData->SevSnpIsEnabled) { + return FALSE; + } + + if ((CpuMpData->InitFlag =3D=3D ApInitConfig) && (PcdGet64 (PcdSevSnpApi= cIds) =3D=3D 0)) { + return FALSE; + } + + return TRUE; +} --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114639): https://edk2.groups.io/g/devel/message/114639 Mute This Topic: https://groups.io/mt/103986469/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-