From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 51B76740045 for ; Thu, 22 Feb 2024 17:30:46 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=+w1DoVNoLR9E5FwK+lIYzhqivwJwAgtgD33aaLS62Pc=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1708623044; v=1; b=LXhQtCBa9x1DWJa0YCaQzkXrm5DyWS6LtYWpluqQMcxiV1WrwmkAnARzT+UQyrynfJulPPVp WbaxJqx2po3ywBuYWQdAXpzMbTM1KLa5AeEzOfWL7sVoXvEHMJQSMeD6r0nd7cPeUvhpzKM5RHC DFg1nnPe5g37KBEjiCvZ3sW4= X-Received: by 127.0.0.2 with SMTP id YJs3YY7687511xnaPW0BoG6g; Thu, 22 Feb 2024 09:30:44 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.45]) by mx.groups.io with SMTP id smtpd.web10.19088.1708623044041809896 for ; Thu, 22 Feb 2024 09:30:44 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EC2fu/Rr2xspMKw0cY2Dd1U1zi0V14wmqiTJpbjzBq3uSfpkcwufKLuTlTNBHwBVwf4SVwwJHnoz15TH6eeBqlSEYpaiW4FfSV90iFTVK6VzNSbZm+IxI5hGEd3X66592cXSPah9PHLfEm7uiNrw4fczuo407H+EgbCS7b9wdTg/KxNt7nOFD90zzsj8HXrTLyf0JbdyzkH547yyO7vUlH3UkU67I4SbRIVQIpPEZseWvZ3hE+BM/3nCEXt2PteF/TLLpJd1DjOfnN5wAuxKGIMhcZ0mHc16VcCizSJRXwQSjfsqaJ+m3N+HYxnpJG1IZAqjfWoSvce7mNd5SFspKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZCjMYNpcV+Hvv0H90vXAi42Mw3NdoAU32HhNjMD3S3M=; b=hrLDDFs3NARpaf7yD3qdo7Hkyphw1O4mw4TQhT5kIDP+6fW72hwJa1paFGQhg1JC5q6lENAJnBTWOGlQzqH5J+A5DeaguQ/J0sUz+Cx4F1RsHVlm2/b8AU03PsiGh+3iYFOSoHHFSUGqqPmPCbOiVkcBaFCT3MHJSFLNlAQNrneCLfieiOePkTvLqQNfoQkYcJFKO8rUsXUHOjqKM6FdXKnVD4MM5+DQ/qBso0PeB6p02E/xp8+nGUWXX5U0ZMjqEOksaHqMpM0UVBeZFu+9ByTVpA9+bG40eY26psSae4ziTf+fmpOrmfO81K/DDg/xV0sagV3nDNRn0f18X7JRaw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BN9PR03CA0690.namprd03.prod.outlook.com (2603:10b6:408:10e::35) by SA0PR12MB7479.namprd12.prod.outlook.com (2603:10b6:806:24b::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.24; Thu, 22 Feb 2024 17:30:41 +0000 X-Received: from BN2PEPF000044AB.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::8d) by BN9PR03CA0690.outlook.office365.com (2603:10b6:408:10e::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.43 via Frontend Transport; Thu, 22 Feb 2024 17:30:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044AB.mail.protection.outlook.com (10.167.243.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:30:41 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 22 Feb 2024 11:30:40 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v2 04/23] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Date: Thu, 22 Feb 2024 11:29:43 -0600 Message-ID: <1c4ae6c62d7389b3c7bcdee51b6a1c2487218c77.1708623001.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044AB:EE_|SA0PR12MB7479:EE_ X-MS-Office365-Filtering-Correlation-Id: e47b2b9e-c99b-4f1b-ba07-08dc33cbfe09 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: DbV+vBLOfbKFN9CsClhfuyvhaxe9DtKTlrlRI7nsZKltNghvgkv98eFBwS1Uw7OXjuermG/4lxP1VhlbGF9ncHC+NDMNHXZYFRdM0lAUbF0U3rPllVNSQ7aoEruRVlTVxokwinXioLv3DQ1F06PUVbdb4EQRYsYmMDCFuPiNje9mE67/7fGclEu3WCoB1q5IZo0W6uG4XEVwo9MR5w1rp9lV3x3h4ieFALwUEB7EB6iC9EA/hlj+lxNuAPOh2Z/YGEMMTB6tTw1q+WJXaiOtAHkQHoq1T5psKxlv7+P8AfuYaVKP0mTEZ9EHfJIw6hL04BN0/c3NeLef9/epE0jvCji8DJL5UTEtvOYfc05waa7ie7kkwiXQM0ty2JVpao0CKn9SBsbZb5aqiX9lju8kkH0rG41rDm6Z2yqljqMag1Jri0fzZeKQ9nEdDFy3VLV/7nHrcVpjwYydrjzGIegKVBrarx/PCVrbvjss2JAAXaPNVmPbYtE8nTmhobN7Rg4lnMNFy4nuvtFymEkKCzqfByJ4T1DT1+8PJkCq+aKlkFckgKS8+f068Rr1XwqVTfRau6iTq46oAfBi8Kqfsk3ThVJ96PqjtlUxV7VId+XFy68ywCmswl/xgo4NWmyMxo1FHOSn1hc0RhghsxmGnSBAHw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:30:41.2883 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e47b2b9e-c99b-4f1b-ba07-08dc33cbfe09 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044AB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB7479 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: mLmI9v2b5e4HvNr1NaZWE37Zx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=LXhQtCBa; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Currently, the first time an AP is started for an SEV-SNP guest, it relies on the VMSA as set by the hypervisor. If the list of APIC IDs has been retrieved, this is not necessary. Instead, use the SEV-SNP AP Create protocol to start the AP for the first time and thereafter using the VMPL at which the BSP is running. Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 15 +++- UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 21 +++++- UefiCpuPkg/Library/MpInitLib/MpLib.c | 9 ++- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 78 ++++++++++++++++++-- 6 files changed, 112 insertions(+), 13 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 55e46d4a1fad..538a2146ff24 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -68,6 +68,7 @@ [Guids] gEfiEventExitBootServicesGuid ## CONSUMES ## Event gEfiEventLegacyBootGuid ## SOMETIMES_CONSUMES ## = Event gEdkiiMicrocodePatchHobGuid ## SOMETIMES_CONSUMES ## = HOB + gEfiApicIdsGuid ## SOMETIMES_CONSUMES ## = HOB =20 [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index bc3d716aa951..622baec45e2f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -76,3 +76,4 @@ [Ppis] [Guids] gEdkiiS3SmmInitDoneGuid gEdkiiMicrocodePatchHobGuid + gEfiApicIdsGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index a96a6389c17d..617f7401aea8 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -2,7 +2,7 @@ Common header file for MP Initialize Library. =20 Copyright (c) 2016 - 2023, Intel Corporation. All rights reserved.
- Copyright (c) 2020, AMD Inc. All rights reserved.
+ Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -911,6 +911,19 @@ SevSnpCreateAP ( IN INTN ProcessorNumber ); =20 +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +CanUseSevSnpCreateAP ( + IN CPU_MP_DATA *CpuMpData + ); + /** Get pointer to CPU MP Data structure from GUIDed HOB. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Librar= y/MpInitLib/Ia32/AmdSev.c index c83144285b68..0478e92317f1 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c @@ -2,7 +2,7 @@ =20 AMD SEV helper function. =20 - Copyright (c) 2021, AMD Incorporated. All rights reserved.
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -68,3 +68,22 @@ SevSnpRmpAdjust ( // return RETURN_UNSUPPORTED; } + +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +CanUseSevSnpCreateAP ( + IN CPU_MP_DATA *CpuMpData + ) +{ + // + // SEV-SNP is not supported on 32-bit build. + // + return FALSE; +} diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index cdfb570e61a0..dd8d00d54a15 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -2,7 +2,7 @@ CPU MP Initialize Library common functions. =20 Copyright (c) 2016 - 2022, Intel Corporation. All rights reserved.
- Copyright (c) 2020, AMD Inc. All rights reserved.
+ Copyright (c) 2020 - 2024, AMD Inc. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -1302,9 +1302,10 @@ WakeUpAP ( // // Wakeup all APs // Must use the INIT-SIPI-SIPI method for initial configuration in - // order to obtain the APIC ID. + // order to obtain the APIC ID if not an SEV-SNP guest and the + // list of APIC IDs is not available. // - if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag !=3D ApInitCo= nfig)) { + if (CanUseSevSnpCreateAP (CpuMpData)) { SevSnpCreateAP (CpuMpData, -1); } else { if ((CpuMpData->InitFlag =3D=3D ApInitConfig) && FixedPcdGetBool (= PcdFirstTimeWakeUpAPsBySipi)) { @@ -1414,7 +1415,7 @@ WakeUpAP ( SetSevEsJumpTable (ExchangeInfo->BufferStart); } =20 - if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag !=3D ApInitCo= nfig)) { + if (CanUseSevSnpCreateAP (CpuMpData)) { SevSnpCreateAP (CpuMpData, (INTN)ProcessorNumber); } else { SendInitSipiSipi ( diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index c9f0984f41a2..5d92c441adcd 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -2,7 +2,7 @@ =20 AMD SEV helper function. =20 - Copyright (c) 2021, AMD Incorporated. All rights reserved.
+ Copyright (c) 2021 - 2024, AMD Incorporated. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -268,20 +268,55 @@ SevSnpCreateAP ( IN INTN ProcessorNumber ) { - CPU_INFO_IN_HOB *CpuInfoInHob; - CPU_AP_DATA *CpuData; - UINTN Index; - UINT32 ApicId; + CPU_INFO_IN_HOB *CpuInfoInHob; + CPU_AP_DATA *CpuData; + UINTN Index; + UINTN MaxIndex; + UINT32 ApicId; + EFI_HOB_GUID_TYPE *GuidHob; + GHCB_APIC_IDS *GhcbApicIds; =20 ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000); =20 CpuInfoInHob =3D (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; =20 if (ProcessorNumber < 0) { - for (Index =3D 0; Index < CpuMpData->CpuCount; Index++) { + if (CpuMpData->InitFlag =3D=3D ApInitConfig) { + // + // APs have not been started, so CpuCount is not "known" yet. Use th= e + // retrieved APIC IDs to start the APs and fill out the MpLib CPU + // information properly. CanUseSevSnpCreateAP() guarantees we have a + // HOB when InitFlag is ApInitConfig. + // + GuidHob =3D GetFirstGuidHob (&gEfiApicIdsGuid); + GhcbApicIds =3D (GHCB_APIC_IDS *)(*(UINTN *)GET_GUID_HOB_DATA (GuidH= ob)); + MaxIndex =3D MIN (GhcbApicIds->NumEntries, PcdGet32 (PcdCpuMaxLog= icalProcessorNumber)); + } else { + // + // APs have been previously started. + // + MaxIndex =3D CpuMpData->CpuCount; + } + + for (Index =3D 0; Index < MaxIndex; Index++) { if (Index !=3D CpuMpData->BspNumber) { CpuData =3D &CpuMpData->CpuData[Index]; - ApicId =3D CpuInfoInHob[Index].ApicId, + + if (CpuMpData->InitFlag =3D=3D ApInitConfig) { + ApicId =3D GhcbApicIds->ApicIds[Index]; + + // + // For the first boot, use the BSP register information. + // + CopyMem ( + &CpuData->VolatileRegisters, + &CpuMpData->CpuData[0].VolatileRegisters, + sizeof (CpuData->VolatileRegisters) + ); + } else { + ApicId =3D CpuInfoInHob[Index].ApicId; + } + SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); } } @@ -325,3 +360,32 @@ SevSnpRmpAdjust ( =20 return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx); } + +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +CanUseSevSnpCreateAP ( + IN CPU_MP_DATA *CpuMpData + ) +{ + // + // The AP Create protocol is used for an SEV-SNP guest if + // - The initial configuration has been performed already or + // - The APIC IDs GUIDed HOB is non-zero. + // + if (!CpuMpData->SevSnpIsEnabled) { + return FALSE; + } + + if ((CpuMpData->InitFlag =3D=3D ApInitConfig) && (GetFirstGuidHob (&gEfi= ApicIdsGuid) =3D=3D NULL)) { + return FALSE; + } + + return TRUE; +} --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115839): https://edk2.groups.io/g/devel/message/115839 Mute This Topic: https://groups.io/mt/104512938/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-