From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.10214.1619783548337545009 for ; Fri, 30 Apr 2021 04:52:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=IRSML3yT; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=erDWAtA0dWmwGfZtnpG3jPKrCcYpHvpYfqKDFK2Cav/BX2uTk++b84QmG1hzqq/7KXOQbpx9rcOFiKykcFN8UMYHSfUPuClGKPddi+5lpYOfJvSWGa2r0LEAG6dHXgZtCoMMQ5bp7MjkEd2igt8jXvGSXIqoEzva9EkMomrKCwNwwuC3EhBL3KmKF9t+rNzHJ7hg44LfYqsOQtMmFaQ0//7hhfid79pvp3NWeMLKYaEMz2ZPs9OIeXLv1wEfNG/VihgvXnA9eDHvFo7DCUbJfjAloyXzIrKW8q5VOt+UXyufL/UX7jJ4ZuHYKtoRoylRngHH5YU6q3KhEBotYxmVYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+eaFDBHcxTXdu7BbiL2txUueAZTC2NRH7otZw8Y7Eao=; b=Oev7HpztSqrtNEj0rsQf0OsD0pamb8bgV9rSo0JfiDbEckP7yz+DL7R+E6UMUhawvaY/Uv924F7vurLEItAoQ+yeBWCZNoDwU5DGnFFtUJ8WeJuZgf44ThGXcXWfaZ5SPfWwWk3AebCTmMcDJLDVPQ8PgPlhFUG4Dye3DM+55LRqfpvgSjI6RQUja/6hYtz9rg7l8DrItBZOXiz3gBtp3Pg3oyjNrTg31ZL2L7ZGDN3ZMXynmrd3CfPtNw/oz7jKLi/kjWbc9wJITKDmUmoJb3KPAg4F9d1ubo4U23q013CMWtsRTG9HQo7j+0vYuKYsms+P30S/YvwvwJh5CsHqRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+eaFDBHcxTXdu7BbiL2txUueAZTC2NRH7otZw8Y7Eao=; b=IRSML3yTgFAgR0hPD3L6wbRocF5z24JjArX4Nh5B+0jwNy3SVHry0msZn+0dqUk9pBRZ07srfOhbAwvvWGfVZL4l4TtwHhNgzsJnO82IvNPg3T3zxw0rlgDJ0XxLiO2P+1rgdBde4qx8Oe2JMvt6CKMMFl8Pdtbp/+XC8cRr2XY= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2783.namprd12.prod.outlook.com (2603:10b6:805:78::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.25; Fri, 30 Apr 2021 11:52:28 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4065.027; Fri, 30 Apr 2021 11:52:28 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [PATCH RFC v2 20/28] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Fri, 30 Apr 2021 06:51:40 -0500 Message-Id: <20210430115148.22267-21-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210430115148.22267-1-brijesh.singh@amd.com> References: <20210430115148.22267-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR12CA0006.namprd12.prod.outlook.com (2603:10b6:806:6f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.27 via Frontend Transport; Fri, 30 Apr 2021 11:52:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 270dd125-43bc-4270-39c6-08d90bce6dde X-MS-TrafficTypeDiagnostic: SN6PR12MB2783: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: xv+L/iNLci5KRXG3084NhyHRuoqr/MaXBHMykWHKnusYKUj0mFl8AOLleXut6ozsOSFiK6YApBbpQ1le4gWxqe1LpbxJ1iW+M8hJ/cB59umIzR7TNVvTli/FYangFe6tkeLmI29+VF4Y+F9HIHNegsF8obyNWsm/GG5mbEwEQDX4k4j/8cCk94VpGScQoLzJUivnzj2ulH/sRXykFM+XQPBVtziMLSIVUtqJw0qhS9lVBQ6npfSQD7cF9rVItq+o4E2Nh89DNU6VOn6EWDWyXSXvXS3vditQ1XYlXBdXqHt6z9OcvMtAIN5c2+UzOU0rJ/SjluMe82cRpLUnaDVR3XfWpd9wbiOLhcORYDvMTBQuPFyca1697eu/ifxhE96NokKcqEM0+olJMFQrtOP/OQ55I2y4VOZRESdKK9jc5JpJSrIp/8wvHRlpbpbArqhmcR1xAXyLO1uV0z56m2YRkdf60MO18Mzj04tdMhbElJ8W/TOJGbA/FzQ3zx4gMfbMVd9p/hVMwmsePf0o7rDLB3xxTrrqlydr6weZ0FpgYqU7eqLq5zNOIFbYI8Vd9/KlJ7vN3AnCteNQFR9fhSvQDVA2UIKhE3tk6+ClWD3ipR9sjsaVBtjENE10wipe2vkZqYZ32HcsA2mDWITP+BrNZkpU6A5IYMUOTmWPATOCwb+3bQ9tuHE7oNC+iFOMAV3+atYS+upnOQKR8yv6wzHtG5b3htl6IZvBedJD7Hq57PQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(39860400002)(396003)(136003)(366004)(376002)(346002)(36756003)(44832011)(16526019)(52116002)(2616005)(956004)(66556008)(26005)(38100700002)(54906003)(966005)(1076003)(66476007)(186003)(7696005)(66946007)(5660300002)(6486002)(38350700002)(6916009)(86362001)(19627235002)(316002)(83380400001)(2906002)(6666004)(8936002)(478600001)(8676002)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?7XNTFxhcJeSQDE0qZPDgr8JhpIgSH+gnXwzDW4mxDO7sfl5KFXdvuQU+DY5C?= =?us-ascii?Q?LzaCsGr4cnjo/X/K+B7d711Wprih1NbRsa31Pa+lM1rxJsdgtxrBAei9a61V?= =?us-ascii?Q?i36sCV/a/0S8c4iEm4mrv0Ytouu7I+ap4q1z/ml80N18Ic5GlsYst1iv2TMv?= =?us-ascii?Q?W1jLEChrG9zDelWKp39sdr6YrhutRozIMSjKH1EUkU75wynHWHeWsQmv8Yu2?= =?us-ascii?Q?iWd6R89FJEMhcptorpGjfzZWJssMlqoLQ6PI7Irqc7faeHlRiNAfyorQBKvW?= =?us-ascii?Q?bM4ihI5T99bDx7eXPnlOpJ0K+jg/PaLOPYf9KbXU1iPjA9hxD7e0jcFtYXKz?= =?us-ascii?Q?TqZblqoZSlDte3mKcz25ujtKkT2STgWLJYGoF+s0XViYpk0jGYpzFrFdKfHV?= =?us-ascii?Q?ytdF1U7F0kbbGjhfgqCF+QwnBMm45tRVW1WyrHKXS96Rh3MmHCLezryIjxqt?= =?us-ascii?Q?t/uLQePBWEkbeO0SNpxlF1H32JTzP7ikqAqI/1Qq/46nVnPu+AdcopRorLH5?= =?us-ascii?Q?8GzrnLmSQO8157v+1eE7L+i6vbB1QrH4NJ+TH2umMEOj3Z/yVRBPm/6gQtVr?= =?us-ascii?Q?XKdS5cYGUubUBuXGFtwdLOIUPxyHEQEONqDLGd5jKHG3zUgdIVxiVzPfoSHj?= =?us-ascii?Q?zhnWXLw9bn3bwBc1Xd8LXiaokfQW1ZOFThuP2uaCZNR/n7LgeuWfUWIZKRLN?= =?us-ascii?Q?CVkgcmdmLVvK0KY+WVFDaDHO9v7ms2Mc2SbluhVSP/ukFTQRJSPvnEejaLVe?= =?us-ascii?Q?d8sefDBUsoGY+58akeBVJJULAtTC579IRjzL8AcyoIhLVoZ/rYp2SUGetENI?= =?us-ascii?Q?nNahxXKZiIBOlhMdMXMIMSUEYTtKCsGvaUM2CqSGgxRsPv3+fiiZrRgQRlNn?= =?us-ascii?Q?eRnEu3HMkeC5z8VqEZTgI9F/Qtc4k9BlnLjO/0YyzxytLAA5YRrab9YjY2aE?= =?us-ascii?Q?0EFBD01XJF9YOcwwvPVg/3Qq1EF1VdivK15mMJSDBkVjhE2tmRpgHYYkbnB4?= =?us-ascii?Q?k/TEB69brZ7DrHhmzz/B4nxljwLzIOhDuwJGZG68USP1+34qtPpOp5OMmOt+?= =?us-ascii?Q?XHXPoRX8ubo8EZRTCTpU2zvnLgrtj5iEhCCm5P/p1RHwHSDhVQ+eve96K3Wk?= =?us-ascii?Q?3Tny41k1GzHDbrVo+fXo5GE7USgd4+huiEMbqFGUPNORo6claKdgPPnZC+8T?= =?us-ascii?Q?8lX7MmgJHk3DorKztogvbSKxuth4UxUTy9Bgpn4uLXAN5aD9Zn8dMYJ/kbKj?= =?us-ascii?Q?lK9yLrGcKrb737yVccMmHLkEjfBElxLuemsyWOH3zDREvRtvJk0Dw7zADOSw?= =?us-ascii?Q?9e5vaDSOxCCMUHea/b0/wHl9?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 270dd125-43bc-4270-39c6-08d90bce6dde X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2021 11:52:28.5743 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XxU+oWGxbbSbBSnJlQFheECt7gRtkjGGSwL62oCskgqYVmDWRgj7liVElcxugsZeJkma6mwQH1MISVaavC63zg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2783 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification for the futher detail. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 ++++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf index d34419c2a5..48d7dfa445 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc index 2e9368a374..01668638f2 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c index 3d945972a0..c5a5da3984 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging = %d\n", gEfiCallerBaseName, ExchangeInfo->Enable5LevelPaging)); ExchangeInfo->SevEsIsEnabled = CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled = CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase = (UINTN) CpuMpData->GhcbBase; // @@ -2016,6 +2017,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob = (UINT64) (UINTN) (CpuMpData->CpuData + MaxLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled = PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled = PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer = (UINTN) -1; CpuMpData->GhcbBase = PcdGet64 (PcdGhcbBase); diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpInitLib/MpLib.h index e88a5355c9..4abaa2243d 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf index 36fcb96b58..ab8279df59 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONSUMES [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm index 50df802d1f..19939c093d 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled -- 2.17.1