From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.44]) by mx.groups.io with SMTP id smtpd.web08.14877.1624902228671586510 for ; Mon, 28 Jun 2021 10:43:48 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=jZjTlza9; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.44, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WLtorzXBQGhB2PDwpcCywjWuq14dkdSiudgM+/67gbo5Zbgy3Bk1wdDLwJUocvylLI1dcJLE/Z6iYDZnDkJR8TXcT0hYmom9D+FggBZojFww2Mb4AtY1YRHgaTrowpkCdWeZBXwTMZEf6KaKlz3XeISZbBFw6OQ45yHm+wuAVYHJ3d+mbZGznkXtGTFatsGkSjnZLWhHitHR3Q+dAst3kGthxHCs/pEi9mX6I/YyNxWoa5cEaV/Ta5i2iLwleYE7tmx/F0Qc+RlC8zE2MkIe/nPVZuIQBFc1TxoEnnZUkFZ5WIX4VN5B9sNit62VcIL7RhuXgfe6mLiNy1Gg5pJdjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jnV4wx21PfZMW9co7YNih0oU4CYUYbvSzhQbQWiairo=; b=R2DL73upmzSwJLiFehWaL4BOinTYEDCnmAZFKhI4Fv/W8FF6dq5gLa1Gccd3WJdObiQJbvfTX/+40czVZE61439gpxRESTB5hLYWzr0B5BOfuOji4F9FdnxVrKPubq1nnl5fQ6XRtxtwCYLN/z6V/kYwKIkW6PWZhEBO0KBoJNDblfCMVqXMyI1Zu86+S1kDeUnsfGoYsXusK0XAqOf9U1rE0OZlOZ2rpxad62YQmL/fCrX1ScjYbYNM6iAxxIg66vn/yU4R0v6w6nHfkGp6t7soJYrAMR3JRBVqPqqPsZ+Mvy8tug89y8EC3zyh9MLbUgXY/sao+ChryrCK2O8EpQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jnV4wx21PfZMW9co7YNih0oU4CYUYbvSzhQbQWiairo=; b=jZjTlza9NaqTe/A0qhihoZ/wSuzPH3h1m5lbwgLLXiPTEOsYG76JggXkAfnZs3k0XpXUb0kILADsOGlnXIa0QE6b+fQn/O6B5sYDvU9ys9zGcyzTatplAQnPSgFiAFSt6Y8j5ZJSnONDn5LSEwbuMtBNpYvE9x+7TfnepTKx83c= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4371.namprd12.prod.outlook.com (2603:10b6:5:2a3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Mon, 28 Jun 2021 17:43:47 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:47 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v4 22/27] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Mon, 28 Jun 2021 12:42:18 -0500 Message-ID: <20210628174223.1302-23-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:46 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3b4eb0a7-3b1f-41fa-bb78-08d93a5c481f X-MS-TrafficTypeDiagnostic: DM6PR12MB4371: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zKGgY6SmG+ByBC1wpg6CMDoHxV7sOj4dh9hiQs4WFn0YGmeNId1KTipiKL1EyzuYlVtaHCNydLvUuUOzcUmn5NeSxJlmf9OP9U6WdFIN0xO3Ap6158KlmqXV0fk+kQHjiFvs73SlZ93tQXRhx9yo63riUmn+lo2ylpryLndYRnGsvZqkG8IKd/S3jVeqQMEJkfUZb1TPtl2F9Z3YOlbvmRE0PNkmauP0b5vYx851e1BWtPOAf3eSlswDmecmpLVg7dzGe9BtPOvZw37zjyymp5NJ8aXKeuxH81qtqZnrSFYCs4LGx4PF3C/6Oi+0WkSPFlKMn0dzO/I/wS4wzSFvsy3N4vv8zQsV5+d/TSl6C1H2HX4ok5G88ThAB1US44BBbhfCySjNQyozDx5nAomkipsevRGY4DaBRcF8sbirIJ1Trw/Az5Q6PrvZoU4aVo/VXVU4/4ChuHXc7yxVfZPRQypTMZilRzXawiXfzP/cDK63r5jKxxwJU6Gp3i5wIRG2qTFgiBYtUu3t3yJMcKert9O5tJcP7RpTf9SjQtv3nL/n8u4Ln636yospZ/4Wkn5Ylpyh5qa71tyzGaWkE/FeABkBiKOOhT9WF3O3EAxNMrWtALz8TXQFuUuPWIc/URmPu8bocXOqQoMzjaw9n17HGzDBkwb5ixUTBAbDPTUe9Kkj8P6pOzU7QCmrInBVRJr/GZCyEX+l65bdGdGyKN5JBdvRmnfKz7d0kjhABSkCaZqSLTU2Sl8WvOIdEoiF9fKeGcpwWQUxRQsqet21rtVOJX72dq0qm3h6bsRPum/B3HI/3dL0rUme3vvo9v7GXgiy X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(39860400002)(136003)(376002)(396003)(346002)(366004)(8676002)(8936002)(83380400001)(7416002)(66946007)(1076003)(36756003)(478600001)(7696005)(19627235002)(38100700002)(186003)(38350700002)(2906002)(26005)(44832011)(52116002)(16526019)(966005)(6666004)(6916009)(4326008)(54906003)(86362001)(5660300002)(2616005)(66556008)(956004)(66476007)(6486002)(316002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?1qXDpkY/RM+SgxYS0t0C59rvO72e+mQrKZXooHpoLLfwVHjBUzR6ys38SRFg?= =?us-ascii?Q?74eW/aySqD7IqvDCW4rU2mPktO6SnmvyqGC09Ex5MyQFxcpRgEe1oL2Yqjde?= =?us-ascii?Q?u1TPO61NNskRBnEsNhILy5CZmcHRRU8eXEk+t7uMZfuoTWJlMx6ChgVcdcDr?= =?us-ascii?Q?qyQWGf8p7dh/iOkl9FjYmi3SN+2UyvnuZUCRdC2IWiXRzMj9ubIGXihs+/K5?= =?us-ascii?Q?VjBrWYUeFYIQ+ZJKkkX6SL9bArk2ajhXMrrHuAJwGi3Ywj50c8+6T1q22UFJ?= =?us-ascii?Q?CBiXq7CUtwggfPVoQ2fqlrz1D1E2YUDwYHhR9GqXxB+1ACP+s28KBTDfg7+o?= =?us-ascii?Q?cjPkqeU2x82255WgL6cOuwtuoqTgWlIjC9+zSBEhMgnDcCn+mpcwp11NTGBe?= =?us-ascii?Q?h7QE8Sn9WX/guhX/2RmuHvXk4RPJUI51C4ZSlT9S3c/LzvbgfY0DC7GHgxYy?= =?us-ascii?Q?8hpEKRArqQslSdledRgtqc8r3nxC2U0sdMJevjZFgXWuOR/tVlU9WmXlHswF?= =?us-ascii?Q?SpTmVfXOBb0DmwXCY+USsHWLbfz/Bbr2OC42Hdg6isSpD45AFJH1jchnODgn?= =?us-ascii?Q?+kxVOArZWtkyLHvrs9OtGJuW7y+wvl3KKjQ8bii0Zodo+3n1dKTz0pyNxGWY?= =?us-ascii?Q?Xjf47cUtmJ4VNbznkCSFRXFIXlXI0CvwoxEPRlSDoVv2VA6v4T1zqpeORNAu?= =?us-ascii?Q?inJhihL2fRhQlQeoKk8ed6/BWzY2Sd4HBw9yVcwsqtaYo1BUB5e4fD0baQEL?= =?us-ascii?Q?1gjCY0uqRPD/nlb8V6OW093pN6WS4E1PVVuVTzK0JqWlJrUXd9xSMQmjHnFN?= =?us-ascii?Q?XwpcecHzy7qvsjT6TfumY0lrEVS21mrYwBbLlyT8hh7TzAJC2sSXnbbhgjbL?= =?us-ascii?Q?1vLYrB6IVPxavpOLrT9onMueoIICoRvCA0GSw709uLhTh7uc7ksH4mmLcvRE?= =?us-ascii?Q?TkD8pQQHxTdn1dYDRfaeQbIkBfWBhT+6I4S38hUsayEfwQYSR/h4CZxOTEgb?= =?us-ascii?Q?0pHkhqfv6qzF8x3y4NlLJJFtpB2+aCZi7y2zIqCc8ahbXplUgnQkmsGApL7v?= =?us-ascii?Q?KPYTYXfA/HwkJfI4+qXhgcJ2na0jfHo164cBHo+V+38hhoLAMeVWKfezzBSU?= =?us-ascii?Q?cCU9AFmQeXiWpgW0mSQemTBS9SUFYBBa542rKpAu4/XjyS1wfUxzDvwONdlN?= =?us-ascii?Q?Wm9A32zl7Qx+hVWarVfudHSvdgxf92WhG3lbvvBOwj2Tsh3yowavxeZXoe7X?= =?us-ascii?Q?p1mBokB1426eeo1pdIBuysuQd0peN+wus6EZ8Giw74r6d+ubINvUMUMnk9Yf?= =?us-ascii?Q?VaS1uQFQlKvKINzGM6X7c8J3?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3b4eb0a7-3b1f-41fa-bb78-08d93a5c481f X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:47.2226 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jZjzAyfLDS5HV3UmjYK8iozBn1cKH6M1XyezkCa9dVe///cF5CiG/iCwvB3Rc//8/LTwofEkKFSpgl1CxVDSVA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4371 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification section 2.3.2 for more details. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a524..48d7dfa4450f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b5852..ab8279df596f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c983..4abaa2243d0a 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index b9a06747edbf..586cff2f6813 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2033,6 +2034,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..19939c093d2e 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke =20 + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled --=20 2.17.1