From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.57]) by mx.groups.io with SMTP id smtpd.web08.5395.1625057678574622656 for ; Wed, 30 Jun 2021 05:54:38 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=ZrkIcgQW; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.57, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O3q2iIk75tZSjUD/F+yrP8vj6LQur7px5MmpiD2DPHHzkItjKcXBHg32X5SxYupcBZQcBWFd843E4feTm6OKvwGslxuAD6Q9kg8hym2Ky/HPByou4WXl6bZZfvCgDyqJlkwOXpRbJjvisuSnWXDrPycPti6YDsGYD7JbCGevzRxkk6sStjCd+cmihaYTg8am8gBDZ31kDgX6ZhUOD2NrZzsbeTlfcU69YvmsNpf/jTp9IQTXpOJ+3N8Y5Toxn86RRf78bUsJSMu9ckUkptJ0HiTdhTbRTr3ufBTeRvm6HTFSrK7wEiwk5dFKv5BCVeUwGCH9AIKSaGPhqvkosNQLBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jnV4wx21PfZMW9co7YNih0oU4CYUYbvSzhQbQWiairo=; b=dgkk9yLTgAsLqTia0lRZzhC/UKCwIvKqLW+kq6w8QQFd6J9dvJNJoKMnCibllK+hPwCA5aixmQvwoRUKI1mRB3Ut6NTOnkaPlYz3hhq3uqiIUXNsf1Cr3p9WpahKFPyt/M2h/f7kfQn+hz9AeuO7bAX+wRbwR8MkPaUqscWYGKtwhOK2MKF+1aG8p6cTItxg0VfpKl9FDan39WgLC4O/hRYOag37fM3+GFP2+xHIcuAUendtgEaXsRSPC6mXyYlg89xP+s8J+kqz7Y/kK+NsZcSVsgNHj69oDnGfu0LZc8xlCJaCvyOj3wEG66rwNlIHeMBS5UUJDVDVmSh8T7gFyQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jnV4wx21PfZMW9co7YNih0oU4CYUYbvSzhQbQWiairo=; b=ZrkIcgQWgJ72ldB6V0LONX2EEuUlposSDljcxoEO0SCEb/EelO2RCb+D+tCj1yjjwMOwIOlcbiPYwNTo+jJNyP62WtdLXNON0ziukfxFrJHKbraTlKnw/2e2BN9grBXwY8k1IehjRpwUfsTdwdvHeKWhsVIL9e6Q3r7V/L0vMjg= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM5PR1201MB0172.namprd12.prod.outlook.com (2603:10b6:4:51::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.21; Wed, 30 Jun 2021 12:54:36 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021 12:54:36 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v5 23/28] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Wed, 30 Jun 2021 07:53:16 -0500 Message-ID: <20210630125321.30278-24-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com> References: <20210630125321.30278-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 693cec8e-ea08-47f0-d1e9-08d93bc63635 X-MS-TrafficTypeDiagnostic: DM5PR1201MB0172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: qS+eBSrLSwCTYUL6O7SfwqwsHpwjxzKjPQJnkFbS7LGZFxzQiuxzGftRiVoN4NnKYsoKQLUnbEqc1BwnKf0EJ65mE2D0DYtiGQcSwqpw8G0U6exbZtyzJJZhpNigqHRVAoDZbikuCfoOix2zISw1yXNNvdKCCk1qCPcOuRBVTfAq0PovvgysSlrBCDGzpTvb5gVxpIYG6b7NycRCc5V3s1rrzsRWdtX9S7ObJo8WyI1xTasw1suoekhCh/dqIXP2e6G5hyoBMZrUaKF1N1X6Msjr5lePaiUN4RBksT5SwJAEDlynm9pJOTX02XQsGWoakU2Uw8NJveYB7JX2uJK5hVz4WUieO08NYg/pdFW0mMq1H0ZGy8ZARfUZueWjB/0M8bMuALgCpK8vAa3VcctWLnB1WdtCSfm/+UrgS0okk1uBTUcZxEJKMCa8RBiUUucdijv4HsD8pb0Z/+lxXFpL+xyOaX1O92EWdiIB9fum9f+5nA8uHJZ2k713/D833P2wf5TVCwWPEGMduP/sKKiQd6EO1IygkVRCb4QlduejUC0VeYCpF+PQUYQZChhBnchGy0XVTf4FNUsyH9nWt3s504Ct2v8OWYWDsIb/qzCi3mrdZfONVd0QLUgvgdMqPz4BlP1A6rp9CJcNSum/2tEN8wbsjlqbPJ7dlM45a/9l7W9BFbqI1rx+NzZxJXqk5VeIBg0R8siY3wod5otT/AAWgtPbLNGYeRzLEMKaMn+IAkhmx+TC38709evn+Qtbvi1j2KWdMV9nZerNfqlQR3/BoYEihelidYS6orrrhcPfS8mocSo0qXAc/9ULyzjaNrgz X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(376002)(366004)(39860400002)(136003)(346002)(396003)(19627235002)(7416002)(36756003)(5660300002)(8676002)(8936002)(54906003)(38100700002)(44832011)(2906002)(38350700002)(4326008)(83380400001)(7696005)(6486002)(1076003)(2616005)(956004)(66946007)(186003)(966005)(26005)(478600001)(52116002)(6666004)(316002)(66476007)(66556008)(16526019)(86362001)(6916009);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?lO2/J0cWXaoYAKQkeP4H6BP6MZna/knNpfFkBfIR7DC8xqExZq9mxmtH6FC4?= =?us-ascii?Q?vxB561vzEi/c/ETy8py5+7wcSev+t8/ZaGvzbjI8gLX7qQZ2aVoJRJrbcI+r?= =?us-ascii?Q?83iDxrpvO+4T2E8Y9Ob4d4Xm9BvtGsUWj0v9m2F6mQWhFgry3/nBFDvfK1UU?= =?us-ascii?Q?j3WdMlJHn0PdWYVDRpOUici1lDIDuYVhqU531rKkJOLRQnLdgtqVRWHRDkOe?= =?us-ascii?Q?y4jB4bBQryUIbkMG6RoLfpjXyNTaQ3Wqb+QlZzr6jcWMdYHfzHe2+xcfZXJ0?= =?us-ascii?Q?7sLdJfcmyz6gT/xuRdbEu25X0fBuzqjfMYiLfhpaH9wsN51+GHkjiupu/CAc?= =?us-ascii?Q?byFuqPuycptVv7zmoIvjr3ZEZ4MFDDrA85uapBK3sPthQiL4JN3iFxQbY8Em?= =?us-ascii?Q?zvSeJPrGMFXakMS7k2Z/O6GbEaEVkyRGRrfnz3WD/RVxs8kmLcC3MUgCwQTr?= =?us-ascii?Q?9QDrB1VcZqht5I5we0BlboJmKifgV50PQfhf20CXecuETmr+75kKkEltnG3O?= =?us-ascii?Q?PMIjqVhgmjugY2+NxuB3GmQ1aJzJi2iLUhfdNqzTOcGxd+OWpiyc8XGqnHr9?= =?us-ascii?Q?0arx0qaSi2mtxAtVcv15MetcTS9eNT/K5bju7Al0FooybdrQmCUSBNNtdpIQ?= =?us-ascii?Q?dduQhJOc8vD1SSeSe+CJSTTgspFPxcKxWk/JlhQuCu2XQkpOoDVsaI2dASzp?= =?us-ascii?Q?muQ5PPhjaJPlEZLfDeazLOVtm8Gyb/ngSltl9adECciyN9jkawl9CZofLCi0?= =?us-ascii?Q?AQilRKJ99MUBqbHW5fJfDdKPMxrFINQb6jy6HAO811cyDcr8eu0O+PAM4WMH?= =?us-ascii?Q?UTY1tLVsrBz4p88rG4XZ+fyPqsE2c3k7KyphWShu3t7JvWFTAkjwSbEPRYr+?= =?us-ascii?Q?n3vGz/5z+1dAcSgVLZ4/PDv9O4VzgP2o2fmVe4FRDMQ1W9MYx1ZQC53UtvqQ?= =?us-ascii?Q?mfPWR3dk8GZGE+jbYUEKW4oeE0oy/MStfih22pwpIMipBNJW2Kd06SfPmUup?= =?us-ascii?Q?33TSL2qB9QQFqpI38nxvrNak5eRsDhXRQ5nq+cM9BieaJInG0I4FEcFQXCIN?= =?us-ascii?Q?ZgvoqI1sKkClp3P4wpZmIskiPoWWfj/Y+Pegchx1s5Qjhc2XOQlzaNChcy8P?= =?us-ascii?Q?RJMRmBs23YhJSqjl1w224Obiic9jli6W9p41X55g3ZCg4oqUUnCgEnq4NLcL?= =?us-ascii?Q?O2MA7SUi7dCuj6fsYXfMLuUztZia56cAIg7gQbJnmMbPBgc/ZtEo23dzcqf/?= =?us-ascii?Q?wiiw85HVed4A6Zqd04HrfE1X5chwMH9v7VBlaN1Cyi/ssqrPB/Tvd2ERWPgm?= =?us-ascii?Q?5q9JpqaUSiuoQTbUf9ZUEpDL?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 693cec8e-ea08-47f0-d1e9-08d93bc63635 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:36.5816 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: btqkNpmhR2Li7bQKfwNf3IdhZphlB3rw58A/Ng1y5sRs+H/TAeCUiItZ6B5bM+AeG/fi+h9dKeMhhTw3u1xzjg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0172 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification section 2.3.2 for more details. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a524..48d7dfa4450f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b5852..ab8279df596f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c983..4abaa2243d0a 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index b9a06747edbf..586cff2f6813 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2033,6 +2034,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..19939c093d2e 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke =20 + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled --=20 2.17.1