From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.25.1616599950939575559 for ; Wed, 24 Mar 2021 08:32:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=5GDm+fAA; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ATjR5ztlbI4zb+pv8b0t9BwimVZCQvzphkvIzf8bkcVtVOqU8FT+vaVLeNhZEanV5Xp92WLM+dkbTunBjwlmYpno3yMKmXh6XZ/gTmOBVp6WfwlG7RvMCFLxmUmqycNb3BYPXAhtFYKCylMkSqEbMXo8WCmIwSFpPgXLcjjgud/udwzaB3Ql19IIHH95skMQyFxWaZqSvxWfXGuU95Uvb3nW5xpfiiNBIpoawlYwWCB633KTNd8g9ERDSXX+pQujHF0O1i3UeYYtYwp2RXzkpwBmCE935HQk/iD/9k9E2CETiobJx/kzMm1UNG3wzHvYoWns6geqIf9q7WrMQ1AmGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XeCoIZBy8h1RhmUod9cni7CvVs6pPDLsUTWT48JIKJI=; b=hooNwG0jxf9tc4h0hvl0Z5Jy+6r/x+Mo2RbIlWiXrDzJlQOchvW0mEO83cG7MVp7Rt6G8fhbjj4HjWBz7Lhu5dI63v5xd6CE9mrN8gUyZccrF0Jq94YlWfxB8Ct1r/ncJQvEvfQCRIdXHkfadsCDveci65fwXgrcqlR/1Bzk00JKWa7sB2m4MPQyk1HjZVs1+BIWRHev5LYOwLwnT25W/s8sDkUMc86ANUWeREFTWrY2WxACvb4SaqeGUQLtv6iQc7ZUipZqD0P/cs5T0JW1oV3CaQ0iHhYroGv/0x/Wniz9g1kqQHbWC2av/49/2N83bAJzIb2cnoChHqw0tE7Few== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XeCoIZBy8h1RhmUod9cni7CvVs6pPDLsUTWT48JIKJI=; b=5GDm+fAAGZqTkALGZD+U/EXhvPoy50s8URNGDn+Ne8DACODDo9siuNMN6FJgSu/LitQyQVZ0pD3jhLEB3QmW4BmpsXkVHjmOcGJ3ncFL8cjMLBrUxvSBOd7bqFwio/WyLvl7xOLrUetGLLxJZvWAUUWRhg0pBh2XN6U25uc9CMM= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2541.namprd12.prod.outlook.com (2603:10b6:802:24::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Wed, 24 Mar 2021 15:32:32 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::30fb:2d6c:a0bf:2f1d%3]) with mapi id 15.20.3955.027; Wed, 24 Mar 2021 15:32:32 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek Subject: [RFC PATCH 06/19] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Wed, 24 Mar 2021 10:32:02 -0500 Message-Id: <20210324153215.17971-7-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210324153215.17971-1-brijesh.singh@amd.com> References: <20210324153215.17971-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR11CA0006.namprd11.prod.outlook.com (2603:10b6:806:6e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18 via Frontend Transport; Wed, 24 Mar 2021 15:32:31 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 15ab8de9-1815-4759-c16f-08d8eeda0a7e X-MS-TrafficTypeDiagnostic: SN1PR12MB2541: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qoPN5QuCnHT3ibETXgxouHJNkvlKJLyMvi7aE8V84P9y0dfbjOmAhdE02NNiyJ8yOIBzYYvGnauMDDlqU235Zsuc7SpFrd8DxVDevLGuJFzuv4Qo0WaGnZ805ZN1C0p7EigPpUbLtdQWi3HjfKg+WokZzETEWTTeapT5HjRqqVaifLkMmAMQMsvrEzp3+dP0mlcMLQzco4yjGk5rXA5hqAw7H4V6lCiqKXnDJMxPJmx4i8+Afc8klZpf+kw0eC1rJtmSEBBUFNy/wNhjmU4uDnvW2J3pO+qzrUuMwYjrRqK8teleg6W9+vbTgb5bGBpgh31SWML6mB4Z5qe22grhKWeQj3vcrdApEVX3loAsf0yFninyw2ghx9sJWogTwqFSSctsk7IS8fMN7YvO2yVKsSt+90pAtI00rlQCOZ6kbrAELiWma8hzxSBaefDi/OnhONd3xRA1Io0/CdmokCZ09GdXDNb1PmPPdLVNIzOL8qhvDINYiNXri/zqfOes0kctAin9kdxW+tcxXJRVoa7/VzwLRng21yV+/L/rhRaQo3KecMtzr4ffRi0H85x/pttSODNSgUUm+/x/o1J7BkyVh5TJctSL3HFMXmXvsYCrwuHoiW603byJGTbIdpFiDZqTGzK+gAjsSJXM+PhhNxL3+eaoDxvzuw0RVcrg643rbIgoQJD3jgLjyqp/6lmeXBQywaY0jZvxGMWmjUEJ+xC5nGDQEVY8y32uz9D7PHEpY0GjDbtfbhPorq12d24li6tb X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(136003)(376002)(396003)(39860400002)(346002)(36756003)(8676002)(316002)(52116002)(54906003)(7696005)(5660300002)(1076003)(66946007)(6916009)(8936002)(83380400001)(2906002)(86362001)(6666004)(6486002)(38100700001)(26005)(66556008)(478600001)(956004)(66476007)(2616005)(966005)(19627235002)(4326008)(44832011)(186003)(16526019);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?Y1nhG5qFEWgXOvbwkgXUAnQiL//3MddwKzHaJDYnYxYdJ0/tWaGtnYZLLG0G?= =?us-ascii?Q?NvRNbCnkicLrkVphdjtbJF+VHbbWWvilW/GFgf65jI9t/uQwe/mA7NKlS/4f?= =?us-ascii?Q?VPR3VfiJcmPKp9fpw+WIMhHJvkLF6cUGHqm5E3BEYOPW5bIXf2Sh6PB2Vqxb?= =?us-ascii?Q?DnbATZXwMZndmeQ91PyEXzjx+zrtccPMdsDEESsdY5QJajigb2J/9vMnfyhg?= =?us-ascii?Q?vZkITZpBJ/T9YRhGHJb57gPGatKwwgU/SZ84Gu6Fqkei/blYGoVdO5H+Irmx?= =?us-ascii?Q?OQQgEFZI6JTkkiDq/CzEDbKQ0dPa+GWTVengMwIrLvbQQoMDPypsG9gD2ea5?= =?us-ascii?Q?yaq1JtqoymzevrcgRQFdD8nx8svuvKEArLU/0RQw7dEWElakhECDPMDr680H?= =?us-ascii?Q?tkyL5ghV5mu+GgT7eHokTPyMUgxYlpx9ZmxOcm98AtRhVZOZ9sr23z3qXzKp?= =?us-ascii?Q?3qkrK8y5UVolwHaUqQTt8M64hyVTufqDJ4VvGKTty2lLQaxSevZNNO1JsSFO?= =?us-ascii?Q?gTE+j9Bt+f2fily/WeHROBZgGf8JxNQExhbJdclf1w6JzzZKT6z+LQZ035ju?= =?us-ascii?Q?d4NFq/az9Dmhwx8+F8L4kVnA+iVmR8BPStOXjMg9Mr2oDbmAVUi4scYNyzpM?= =?us-ascii?Q?oEidPbu3ztemnpmkK+S7mo+9d0D4IWNU4KBsY5ryHmF54CIBNqdGUgbgILxK?= =?us-ascii?Q?sGHog6tcvp9Obz73PnHs0DgPTWIj+hrtyQjkFKXC7f6MLIojqTRgrsiAWK1O?= =?us-ascii?Q?aGioq1v+CvwRUbipIv2hxf9idgXqrA39IHzr9Z6TCI5rcJwBmQEsuwgGmI2H?= =?us-ascii?Q?el4FvqutMHKSfndldQP11ax5idSlK8vznQCXl1zPvMIrXkayVNlo61yhWRdj?= =?us-ascii?Q?eTvsJEGcjnK7u0KlG2m+PD+unTM7+pY7+9NR6TECeEgbw2f/YhjjoxtXs05p?= =?us-ascii?Q?wDpb3TQoGfuc/IerKWqCOQ9uM50O1vE/XSHKIiMuYbh9Zvqwc3Ooj5hDkxe8?= =?us-ascii?Q?3n7PqSFWThiiAmdSurFMaf5eObHkH+0Lq9XblR8ztd1YL2fc7Q4rqSyoYrb0?= =?us-ascii?Q?7XlIWJx3JnYvegGDFbvVamEven4d2Y9zWmwg+MLWArnXsgALb4YhaVOolqYS?= =?us-ascii?Q?vkI0SrWnAgQUpPZBDhDUSyhCh9kqgaGWjnCRhoFRQ2wLXN4K8DDDJUWxQUE+?= =?us-ascii?Q?NYoEogVNnIxEZ4NjLIswrkGIQ8e39lVumFfT2tg+BvO8wVZGMsSdTI9TOhWy?= =?us-ascii?Q?8ajyrcQAf8J0dRrlFXjz0iL+auiarlx9p9dwsIQl8AlgzF9Sj8U4uyoIACGi?= =?us-ascii?Q?YPAwKRWGWS1MUAXG54XbNtRn?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 15ab8de9-1815-4759-c16f-08d8eeda0a7e X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2021 15:32:32.0794 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pyIlMYgfgN07GbwFAUQX56YQ2xWgKfhrcJ9dKAemh3pJL2pm1S8/j1yJMNvdO11nLyeyirduIDQsaJPFL5dUYw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2541 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification for the futher detail. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 ++++++++++++++++++++ UefiCpuPkg/UefiCpuPkg.dec | 6 +++ 7 files changed, 64 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf index 860a9750e2..9a366ca5b1 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -75,3 +75,4 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc index 2e9368a374..01668638f2 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c index 5040053dad..da6fbbc1cc 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging = %d\n", gEfiCallerBaseName, ExchangeInfo->Enable5LevelPaging)); ExchangeInfo->SevEsIsEnabled = CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled = CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase = (UINTN) CpuMpData->GhcbBase; // @@ -2016,6 +2017,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob = (UINT64) (UINTN) (CpuMpData->CpuData + MaxLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled = PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled = PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer = (UINTN) -1; CpuMpData->GhcbBase = PcdGet64 (PcdGhcbBase); diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h index 0bd60388b1..7d3ce61d63 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -216,6 +216,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; @@ -285,6 +286,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf index 49b0ffe8be..4477dd1b9f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -64,6 +64,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONSUMES [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm index 50df802d1f..19939c093d 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index a639ce5412..51bd7a6fe2 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -393,5 +393,11 @@ # @Prompt SEV-ES Status gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|FALSE|BOOLEAN|0x60000016 + ## This dynamic PCD indicates whether SEV-SNP is enabled + # TRUE - SEV-SNP is enabled + # FALSE - SEV-SNP is not enabled + # @Prompt SEV-SNP Status + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled|FALSE|BOOLEAN|0x60000017 + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni -- 2.17.1