From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.32.1622070708723236284 for ; Wed, 26 May 2021 16:11:49 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=fAZIX5Py; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CHnchzRvZhqeJpgSTtZEgqOhbFLo3tCQogpOYBVpKaT7olODQqukQjTGdXkPAnNxOCOT2V4vNk+Y57WPqLa9kVQGv8lAloJ0Zs4MFgspDk2kB1AAbnjhJHyFMWjJSg7/wf+d8z4ruKG30VE364YRH96iXqbjG0u2Pfqr6dZlMxApTWvthYkJJzvIwNarkNM+gfOBdHvBBFkXzTj7Mw9NfRs7/AIsPhgFBd+/UZqY0M7eMoHtEJfq8TApz8RVChFFqHFvC37JsJGGwvgqAyqkbztiB8PyezeOOGZ8aZ0TwXyNGGIlDBvA+XocYGb+l3bqwR6/sNjXFYqJLu+v3WJGhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ru3iyh812CZKTApGTuY+hLZG3ngHxulr7V9rnhD6J/w=; b=giMWLclBaY1gJre4YmG80JnIRq3wGIgcsbVmQSwbcsVaad5ewWhpZJZMvJRCLf8OUHjiDlPgVQJdne+vQl/KrwuApcEts+LfbMak0RxudJepCAPrAPHMfbGY2SfE8siaVN/YRZs5T6U3QqcImpYR6gF2v2lDd0chlFDf0b/EjHKzkzfeqnf+b/SfWRoG5HAYXYn/nsyr5PTmDYNSJq+KRqi4NyuoTJM4wQOnEs3YA31vL8hhPdPONobWaC3j1/b3kdCNR37mHFvVgu/UT9YMS9JXI5fF/Y3jMIOv8ICLee7oCt1Oo4kitZAAyfmAcLPwz+gyqvnlVYmyt057FUsREQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ru3iyh812CZKTApGTuY+hLZG3ngHxulr7V9rnhD6J/w=; b=fAZIX5PyZEm3NStepOin2WpYt0YAYNzbXJglkkOGUR7rKAPFJR+ilGTOrQhWfAx7ezBT7xqQyCV+rbnpsdo/FYJ9lAPUZmAnfo2P+tlJUUapm2O3ERuW0AzaYs1Ge20TTAKAFb2Ci1/g8rAU1BAY8HvKjOl4O3LMurfMMHN8oxU= Authentication-Results: linux.ibm.com; dkim=none (message not signed) header.d=none;linux.ibm.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2782.namprd12.prod.outlook.com (2603:10b6:805:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4129.28; Wed, 26 May 2021 23:11:46 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4150.023; Wed, 26 May 2021 23:11:46 +0000 From: "Brijesh Singh" To: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , devel@edk2.groups.io CC: Brijesh Singh , Ard Biesheuvel Subject: [PATCH RFC v3 11/22] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Wed, 26 May 2021 18:11:07 -0500 Message-ID: <20210526231118.12946-12-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210526231118.12946-1-brijesh.singh@amd.com> References: <20210526231118.12946-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA0PR11CA0202.namprd11.prod.outlook.com (2603:10b6:806:1bc::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.21 via Frontend Transport; Wed, 26 May 2021 23:11:45 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 17e2ac83-3b35-4d59-13a9-08d9209ba1c8 X-MS-TrafficTypeDiagnostic: SN6PR12MB2782: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YgN4iacZfvbScYaqTwJMNvA4GG6KEfkdGJGiWwoyooJ2/1sEn0l3bVVd94qcl7WA6DP6th2wTpivwwC6l+8DclJUELELO/nayY9Kd5X3sVCOZqaFSgZONYiibPTQojCSnJidh3F2iice8+jbNQmITulDBE+wvF4VnTlCYajebyfuiZ+Kk+73Uv50/Qv2em4CHlhgQvhmrK21EfspnJr6ft1aWyHwM3/D9H6GsITUHNAWarFWSA17JyQJAYrGc7Cyz6m+C14bmBXAbI86Abf7Udj2qfAjOdfN/jXH5FuakkcsPVsqEBxs90phJxNJewf7FjPDXZbmtc3Qm+Z7HRcBoY4ga84D7dtnhKgW4lMG1HWvWughyRCxHO9krrcKoYKA1aAjvhn2Q7MhxPhMTnAQ7X3nUkFHg16TLNZVuzM3n8R/2X1AwaEMXOGqwCQ/wYTkTZvaelzqq0HRhnTLfWFtxJejpBcRwUxTaKs66ZVmxULRTSpXvZatHfe1fQcIVN6URTzrc5OJ+agaT5THypYGmGKjLMmMHgCzml7kWPbMBXHhTfA6id6afHDwpqo2a9dvEbLQm438vPlMboYnOv+hLBFroaJaLzf+BwzTLN6W+0ltSvAuwKbxdyXngEQRe8yTMdqUVtVlNVdrgwqrUSL3SGbHdOl8ta993iOdKqVBqdZHwifcQci6Zh2RmoDk+GCvGzf3CiUedHTuvRJ9DZxlbbfjAR7q2p915K456gFwnQO9cnEp35iULye5OgugkTYxXOQ9lloIEGkE6IsnKQgGmdR7RmatXlmcQy3ivV5Tnrc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(39860400002)(346002)(396003)(376002)(136003)(26005)(316002)(5660300002)(8676002)(83380400001)(186003)(38350700002)(16526019)(478600001)(54906003)(36756003)(4326008)(86362001)(6666004)(7416002)(2616005)(110136005)(44832011)(2906002)(52116002)(66476007)(66556008)(7696005)(921005)(19627235002)(6486002)(8936002)(38100700002)(66946007)(1076003)(956004)(966005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?p3nzNnneU2BpNd/cXLxff0M2dtbzAOBsF8IeiPqD7ihwLqFKwFrakp7dP7lL?= =?us-ascii?Q?RchncjGlahKaQOlIlppOrlA2igC+dpRpZBy7sDz+z1EFMPKJouz3QNJHAgdu?= =?us-ascii?Q?oXu1ErzR4CB5I9xSkYJA4Wo+1+M2ShVmpcnDmd+pwlvYqwUtPHwwQPOfg0XA?= =?us-ascii?Q?Fcyel9j40eTsjEPw3BvtyJFOImOIwqJY/XZzxREQS2rDdiauUDeEhpFFRPD+?= =?us-ascii?Q?qPp2Kj17bKoj+L8DZVzKdRtpey8t+q+qxMa9D51JBThBlhFHLEY1iFYPaCpm?= =?us-ascii?Q?e/m0qOaC/AMuPHjFTMcfqvdG9lytYbRPqC0sPFOZjWECQZWyAK7GA84cMPCD?= =?us-ascii?Q?1jg/0XcNNMNcGMKOEmVtalhEb6evWC4X9dJt+d81M/iJzwdcFAwgFRXchsaw?= =?us-ascii?Q?3S41Q+GHd0bKnrdTW8O/8+tBpnGbgIwktC1EE4jUCI+k/voUmWPgv2AIeox9?= =?us-ascii?Q?r9UvMBrRb9NZMILvCFqdfZ3uGiQcFH9c7Pb8YNvnUbkVMCXdCqgb8gCSqgYA?= =?us-ascii?Q?434KTqjgErqfajZQkC4jldl2lRdaVjCJud6Ibdrr9cdFu/zP9C/KYe9E2G1C?= =?us-ascii?Q?tI+hiYVlhCfpAb7ltITmAC6ME0v5iWCz0/j9tvBTO4WuwQPIX2/6T0TIwvWP?= =?us-ascii?Q?VZ4EavZbC7wqidiIxPBfQstZZcc96RfVq0MinbU/WNKvjqq1JS5LFb1Yv7gw?= =?us-ascii?Q?mX5Rvf8MrUwfGedyqhL0dL87je+esfUTJ4048ahwzWIAjHB+wracP0ZGcfc3?= =?us-ascii?Q?JWJ7TqvrCCY10tRubZeWdUzxrTxvfvbrfxSxaMGqF4xyR1zLB6EJMCJ7pgpQ?= =?us-ascii?Q?xPDSB0EGh7bF4pJMGMhoFBwh7tjOP5URsDLa/Rpxk0elbR/DpM1uxqQfsyGY?= =?us-ascii?Q?Xkq2tvyNwkynBSmLqZeOMM9eb1cex+ab/hZfXDZm3e8TVDziDRY1zj56UUA0?= =?us-ascii?Q?Kv1hlL05bTwpudz1oWWsXrJVScrT4ddtcxxVr9IaISb7KivDagQ6V1LS0f+K?= =?us-ascii?Q?ye8UmCxnq8mZYYe0kriIXvyxHhCr20VCrCr8CyhK9k9iu3aBmF5SMKcGlyei?= =?us-ascii?Q?+7oX/77X0w+mJxBhflJSWtJu2sv+klPmnRfUWZKRb/bXDE+ANrQnwVHH9dd8?= =?us-ascii?Q?Jr505q33QJ6IDU4cdlLwfFXx5On8qEuM7TlyiglQeNtasKouPHo5MprLKlul?= =?us-ascii?Q?9qVX4USmFvfn8HCR+MeKRD+PQ1Yh+5IZzbsv6c6DEwU5vsztbld2+HoMbSCl?= =?us-ascii?Q?qQxbJ61rRMDTvFxGUX1lPGLnkH0XWC6bMC0f01VPRDZtG+Wls8nO/yL80FHQ?= =?us-ascii?Q?7/vrKWqoMY7tolXA3IJEPRFp?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 17e2ac83-3b35-4d59-13a9-08d9209ba1c8 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 23:11:45.8927 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oAWonV0GpUE/lIpBuWszYZmYpeuHkeHymAiQH41YMyLpCkACwobxJS2ELveMG0tflAt/PDWCZadfOZ/GFBI2gg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2782 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification for the futher detail. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a524..48d7dfa4450f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b5852..ab8279df596f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c983..4abaa2243d0a 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index dc2a54aa31e8..7cbcce101414 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2016,6 +2017,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..19939c093d2e 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke =20 + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled --=20 2.17.1