From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.61])
 by mx.groups.io with SMTP id smtpd.web10.176.1630513061970038126
 for <devel@edk2.groups.io>;
 Wed, 01 Sep 2021 09:17:50 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=LMdylv0F;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.61, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=b38Qp7Uvy0QlvvZUERAj20KL/3PnztczE9wSC035FRTar9mHq5uOsuoyIy/9FjYTyWDE7eYIWBypQPZ9TiHDErwIlln6r9ZDVw/YwLGFNdTjSS5uK31nB/UH25bLVt5Y3qADn4Qf3ILzImiDH/lwhoKpM7KPme7tWkfh7IeSq2HlnNj94eoVSakAl5whwwdxNzKz4XxAlc6NkMuQiWVrzpFb5Y4V8JpO3sbYk/YIsOGGi0O8gyAohXa8mP4yr9HUy2DZ0X5iPzu7Rb8CkitG4yyQt9qpCjnkZUjngb4LUXPXCq/ZTaPlETLsf10wPeYR0XGbh7Rye6GUQdgZ8u3gBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=VP5cvLMmaWE4UfhsfQLIakbLAemleNRF2jPTdqSM2MM=;
 b=UCvrGOSHUAjcFdJE9IEhXIkkXIEFoDcGrw6mfztE/E0swl1a1P4RSycXsHuCTmWD23zzrByv/fYpnlfpLGbEPvqbCuORVz/vAEnOMKCRB4pIMk5Fzl1NKPe1eDc6tBKTLXx6kNVf03ow8YN6jbyfQfzCelbs8GaUyOOXoyh103TWq7pdmwc8hcKOIfv8kcI1UsZFtCORlYXTfgdz5/zmE8nNEauUG7a9Nh+VjKYwKO454zUCqIfuL4v/4TtTo2pbi1fTrdVwdUJ0yy6rTUqzsRG1H01vTO8lCQJnA29hmAZR/5VZtzp1Ce84Hw52dLWD5GDhRPTmd51wJKF3Y1JFmg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=VP5cvLMmaWE4UfhsfQLIakbLAemleNRF2jPTdqSM2MM=;
 b=LMdylv0F8sRqj7dkGa+qhfhrSNlaMGEWBfDZykBtTH+S/VoN875Ky8cSyNHGlpFbmIzZLeHZHKo/SmIknVVo1I9/YOsh2USgdapkrf7E9fBHvs4RnbPu6pWtrJyP1VQNo2GGGVl/Nn05A8Kr3mHxzbotHq7v1MoyxmMdKX3Xb2s=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Wed, 1 Sep
 2021 16:17:44 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021
 16:17:44 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [PATCH v6 13/29] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest
Date: Wed,  1 Sep 2021 11:16:30 -0500
Message-ID: <20210901161646.24763-14-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com>
References: <20210901161646.24763-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com
 (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:44 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5029d713-2d9d-4ed5-bd93-08d96d6407ca
X-MS-TrafficTypeDiagnostic: SA0PR12MB4415:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB4415FF5E4D5E6BE62E4CA8EFE5CD9@SA0PR12MB4415.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	HUKF1JJoF824OOJCfxM/v9AyQaJl7Ji6LgNAd95cZyEKT3v8al5TBsdnjSKUVQ4m/zNzEeCuPc9WkSCJjJdEnpCp76E9iVf4k68lbJtkRU1MJmSPwnDen5DzhkJFjcN3L9qFI8KNR9hn7nKVi71p2xv1uFF5/Xr6ZXwLsMwIANADFy6ykoZRebV8ZwBKUTQo3PEbbxRmVcwO7pmyC6Ab51HpeCsd/AvtAuUjxFdVx/JOBNZv4wyUoWqR2uBh4CXVndBL5Ho08YMWBA9tgeWgDgCfgeRDM0qVbnXzkd4uZojBFhf7G3O3IqB3cew1A0LUCVm3jia4oBqGG1kQnCAwg1Tr/ZgDSpQIbcsPwr2tVrpnDTq7AwERmZHfpScmAmbX6u5eDXclBTjIKzZ3vCnBYTgw6aKQ0UM5lbx9cKDsLP38uX3Yo+C7GYEc3m+9wSV8MU9h2LvMNp7nB/3NgAsARfVKmAkAQkw3CVXbwLs6I9NeMZtlvurjOPPDc5TzT5IQJ4jw9/1GF92blg6EzKUjTyULbS6Zr4W+idmR41T5T4kUrMdrbUeQ8IsWV3XhVi4KKoEiFGPeaQq3VHI177aI8pSuiz+5DPPFQeNMwf0vjT57jBX04Omfg/5z7SKvpJMZMpQRJOaGrV7KBp6ULq65kxl/p1mRajMRMVrI0dUbUZq0kqJaP3ZhlF+fj8VyHK9oNWEjCSYTGxFJ+qcbvFcUT20xJQu8nSFfsK4cWuaa68uTn0Kmzvfp6ngHdX/iQZjO/0xreI5kHwxOIcYrwQphMmb5rQrimTQsppguMUu/pKA=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(376002)(136003)(396003)(346002)(366004)(66476007)(1076003)(83380400001)(6916009)(2906002)(8936002)(8676002)(186003)(26005)(66946007)(86362001)(66556008)(316002)(478600001)(966005)(44832011)(2616005)(54906003)(6486002)(5660300002)(36756003)(956004)(4326008)(6666004)(7696005)(52116002)(38350700002)(38100700002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?TXq2DzVegvE3ZboyPT52JIRfeMgg2nRgXdlupew2oKk1+IuruOxJ9GJGN8ZL?=
 =?us-ascii?Q?04FYv6QPS/RM5NulCMSWKSvKCzDpT3K07uJl13ANcASDpECf74chdMufLtzY?=
 =?us-ascii?Q?+6198Bx/OsVYMltJHUiPOfIfQ1t26zIfP7DZ9CQKovNTJFbZKfA4QmZP23iq?=
 =?us-ascii?Q?3rX22yZnOqVS5ypmc/ZLsr6VaCgOkgPH8kKFLGAQ+bF7dYXlD4oeQ0p0O+Rf?=
 =?us-ascii?Q?4X1ydjeHrGqQPpwfMBxfWDNqn4txr7VSHlC53h4A1z5YR3dWBvJ47usQSLvL?=
 =?us-ascii?Q?rW25a5RtLHyDD/hD1wxoR9DZKsfvOgJDpu+T8BsESV8MfeEwEflcvy0MzX+R?=
 =?us-ascii?Q?5hxfTtAna5iQU5qWqRhwmPyggdoZev7k9lTg5Ww3XMfqhKdJ9xAk0M2ri9iy?=
 =?us-ascii?Q?dyvZMSmBEkRVPWegU3+HCEmln244CdWGdqLB+fWYmBLnkPrIAo5ImwU6fdhH?=
 =?us-ascii?Q?zESPpgiD8XzqaEAgsPUDb+S0T3NtuQFJZ0CI8evORP/4I9m0a1x2YRogYVCU?=
 =?us-ascii?Q?kYLevmm77FvdrbbdTSDhlQiJbwjYk1szTf0Xi7kA0p/ggrECGnrA4MpPosn3?=
 =?us-ascii?Q?IzBAXlKUpw7WWFZv7UDvL+LZj3KexX7T28QG+Ad0T3AK8hqdGm8YtJrvo3BO?=
 =?us-ascii?Q?c5eHpbb2hhdhE12BEnpllBMXn8BwLPHiLHiDwIwg8AIT+4M6eYRVo3YPpqzJ?=
 =?us-ascii?Q?gKi2K8PBX5/FDHeKf3lugQ2TjAmCxJmk/qG1lbe2+d7D0wbPaaFotIvvtEF5?=
 =?us-ascii?Q?bXDk4DkTO30O9b/SQITtb/8B3UsSeVcqp+OAblDXIuNSWT9uh1lMLHI2D+4h?=
 =?us-ascii?Q?qCWtLjQwOUofOFAxxgNXc/E1NsZ+ISvKnrrkWRa7ao1YEk7SliFn8tzl08LB?=
 =?us-ascii?Q?zVPzl24/ZOeU0B2oWmKi5353Y7JdiQF27yQO5xbaoVDzWtTU22VgcTqWQ+75?=
 =?us-ascii?Q?x3F1S76w19VCjhN38/5lVtCiJLOgZWMvCsIDp45YX94QwliJIil7VuEE5sQj?=
 =?us-ascii?Q?bM00X9Dt/b/KzCvblLE3e+DN71hqQIg26fY74g3WOjSiZUbajN/nT77QCs0D?=
 =?us-ascii?Q?aFKpqD0lYMf4JwvFjxPt54IuKs0FZpL4XB5y5vF63EG9+0dzLPKl9SjdDeLv?=
 =?us-ascii?Q?uLZdumH7xIhoWQi47zR3DMugHKe+lOFKNE4mwcdnC5db0xhRd3/C0y6K1Fmy?=
 =?us-ascii?Q?2DKz9UoRQzoxeU7+0rhIB5OA9o40GqAhw1nBRZLfbeaeYi38bzh6MnlztlaT?=
 =?us-ascii?Q?6fGfPusUpkXTHV8YzPOunNE4A5LL8rA3CUQlKAqw1tkGLb+iVdojbjrlCwwP?=
 =?us-ascii?Q?HsWXi1gu8QR6Zwkj4dXovOxb?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5029d713-2d9d-4ed5-bd93-08d96d6407ca
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:44.6039
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: tT81gh5eU6aoBBUyWdzYntGLDGj7CdA+h8Ym43s1tPciKZuuyG6xaVlO49hKdLsexxh0JT9NKBePShmEMER+Uw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 91 ++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022ba..de876fdb478e 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -19,9 +19,93 @@
 #include <PiPei.h>
 #include <Register/Amd/Msr.h>
 #include <Register/Intel/SmramSaveStateMap.h>
+#include <Library/VmgExitLib.h>
=20
 #include "Platform.h"
=20
+/**
+  Handle an SEV-SNP/GHCB protocol check failure.
+
+  Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue=
st
+  wishes to be terminated.
+
+  @param[in] ReasonCode  Reason code to provide to the hypervisor for the
+                         termination request.
+
+**/
+STATIC
+VOID
+SevEsProtocolFailure (
+  IN UINT8  ReasonCode
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+
+  //
+  // Use the GHCB MSR Protocol to request termination by the hypervisor
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST;
+  Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB;
+  Msr.GhcbTerminate.ReasonCode =3D ReasonCode;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
+
+/**
+
+  This function can be used to register the GHCB GPA.
+
+  @param[in]  Address           The physical address to be registered.
+
+**/
+STATIC
+VOID
+GhcbRegister (
+  IN  EFI_PHYSICAL_ADDRESS   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail=
.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
=20
   Initialize SEV-ES support if running as an SEV-ES guest.
@@ -109,6 +193,13 @@ AmdSevEsInitialize (
     "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n=
",
     (UINT64)GhcbBackupPageCount, GhcbBackupBase));
=20
+  //
+  // SEV-SNP guest requires that GHCB GPA must be registered before using =
it.
+  //
+  if (MemEncryptSevSnpIsEnabled ()) {
+    GhcbRegister (GhcbBasePa);
+  }
+
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
=20
   //
--=20
2.17.1