From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.47]) by mx.groups.io with SMTP id smtpd.web09.156.1630513070864767401 for ; Wed, 01 Sep 2021 09:17:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=kfgX6DIv; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.47, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fOQjrHzPVpZ5HUSbMab5XkylSpAn/xs+CBph2bLPrT3nSgASUwQ/A0buVv21hAJjO0/ixhfujN3zDSwt01lvcYVW2CZ8inXaL2zOjIuFmUeyFii6UOr+Yz6CGMoFrfSxH5baRdtcNPhw4CCgRCD26saJLPRMbFU29CKurNvVoWEQ3HxzKj8iU14Z6RiD+wCrE6GiKWJgvH6XIiDqxla/6mX22y9KxS8ZLDuXFlFD5VH4e8B2ZE1xiiTazf7Gv8J9IBD9T4Qn+A+nU3D34/S+8J8OUDyOiOaPlh8n35MrM3jcdVAZOLiapo3CBi8AoSL0fNvUbyzZBF44e+FGX/JT/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6HQooJuv4ElGFgC8Gfz8SnPFi+exp0cxln3WUcoIru8=; b=H0yFXiQPoZfKABzpXH/Uls2aXbw1a76jJ+cLPiy4q7B6nZAAR03zus8MN/bOPuKQwPAEDNuqqKw9YJuVeNj/bkGWV09502CEyrPtUm2H/9SrCICf3gfl24P7GdvMTmutxjM1Sfkz9byUZ94t2/MCvvphSA1Qk2KIkdRvRzZujM6xmXpDsEI2dC7W49jhc9weZs9Yt0EjNx/ZBNacDLL9Oo0AjzuSg2QGALl3fe24dKm7r4LqP2JrXp1AZSTAeH4wZTVCrzLujLOrz7/al8lloxqX54tegYUICVTMBkDU3BYTrLZUOCq+dHmSAZ4Y3F9AuXT4p0ALMjubhxZLFbJCVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6HQooJuv4ElGFgC8Gfz8SnPFi+exp0cxln3WUcoIru8=; b=kfgX6DIv+X/13LU4ZyipBtlom5suPmB9EoWscBASOFA/l/M+BniyMQ8UK47KajcKShT89ntrQMmMDHo6dMpm1/ZJRFXkz2EpDbTvz1YiC06g989eU024tT6goCtYwdbnlu51DI/LdLgBWBwaDDfSlXLnrnJQ2VgEfNqb38DT5I0= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4512.namprd12.prod.outlook.com (2603:10b6:806:71::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Wed, 1 Sep 2021 16:17:52 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:52 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth , Eric Dong , Ray Ni , Rahul Kumar Subject: [PATCH v6 23/29] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Wed, 1 Sep 2021 11:16:40 -0500 Message-ID: <20210901161646.24763-24-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:51 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ac54d332-579a-4e10-87c1-08d96d640c35 X-MS-TrafficTypeDiagnostic: SA0PR12MB4512: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: FAlpwvirQUkzizRA5dhhydJtsz97ehY1Wz5j5w5ZgArwb/YJdOCgw+wtiaLkuhmQecSG2vpVYMTokq4qEgqVzFlUKrYmd62rWCAeT9NK8DH7aA3cUnbxjnMZrvC200AOSwl/tZjuEyxl171WDtqEHI9cLXueuqLQfhS9yLoR7v9pIr5AdT+GZlKl5iZ4CYZuEAROOOu7qrcFGZ3PixcFg9BECr6oaEI4nMkvY/LNYAAIRAJW0i9k5mB92naCkVS44R2IQ3qASzWI2a8bQpd8oVQ5rWMmsXI/2d69/24dIxtojd2REYfwKPyW9AiOTiWEhW32usKxPJoPD3AtS9Egoh9cj1/8vcQocxxMSRFENOu7erSU3ilMVqwtoApj9M1RkTSIkNUxrhj5c/n70agzJXj8lfFMXjc/dPr272h4esggXqi/knV5EKx/hdV7N5tfmbY4eDdxnsecnrHmmADwvaCi0motj60y4vZF3jwWOaYdIsoYvSrpJ+tpR13nzj+voh8GMV2g2venGV8s4Ba8iKwPBiBh9E/E19ArV2/DxorJaQnJfckmCQk9QsUA3DvLZqb59bn+Q3SURwBSmSa9Z3TRvxFJo5DIr4k5b4cOiqwzpHGyL2lmjW9BG7GOysrNZKQj3N6mZf5JwjQjUI/UE7XYnAn4BKhpHZPNv1TnAfpfztKw2WleA3gnTZs8W+5wrt/W0V1YRqppTQjJMTEeSvU35IXsAWOGY/GFQb30ZcRk1wVoD4h5vadzeqYGOlREPLpGhzjVqF7SSObLaJu0FGHJTLr55q/bKEHBg/e2y3M= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(396003)(376002)(346002)(366004)(39860400002)(136003)(66476007)(66946007)(66556008)(4326008)(478600001)(316002)(26005)(2616005)(956004)(186003)(83380400001)(19627235002)(44832011)(5660300002)(966005)(86362001)(54906003)(7696005)(8936002)(36756003)(2906002)(8676002)(38100700002)(38350700002)(6486002)(6666004)(52116002)(1076003)(6916009)(7416002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?q2M1xHrKMxoQpxlYS4vszLUFe0g0E6KPWjU8bAVWhLng1uRxA8xfZ2OOk1ty?= =?us-ascii?Q?ad8fSkLOqfMi0hHmJdaGin7PkfRh10P6d7cEoRZOTpMgczVVH9hXn97bmS9e?= =?us-ascii?Q?ConCh7mzizBtV4huT/UrdC9B8Q38C6NT3hE2INRBCDI6sRSfT1ommMRQNJgr?= =?us-ascii?Q?TLb+f4QuHl8DV1sVSSWnNsxIlFsKqaVuETgOk48EnL1w9lGr24OezrT0orvT?= =?us-ascii?Q?VD9C+QcJsQe+ACHY+jG40rOUSCX0F2qiye2LA896UjsePSzQIPBNNsxIR9TV?= =?us-ascii?Q?V4qeFhkDXs1hO2imcFd8+NziadyMKRmsqFXNs1MAZxNpJGPy+vMBsaxRUN16?= =?us-ascii?Q?4Jk+dgbVwXlCKiy1B92SGvuKjmTBinqethosSYTH6cW0DQpMpU12A9DyKSwM?= =?us-ascii?Q?nQDmL3QUcQ3A7OtEHlt49DUN2hsCobk688JpjOVv4fkpWKxpsLNByfLF72dB?= =?us-ascii?Q?8qJdv4ujFcRnlICOwhkGGSr8W1fXWnXd1keKWL9mACsskXRv0sJmNqWSdSCV?= =?us-ascii?Q?VLMzdTmK6D77nkXLhQjdT2ySESTJALiFfMSq3anhd01VDt4J48mjK8SteFTS?= =?us-ascii?Q?0i0V8LQHlVoO4UdyloOu/sX5DbX/x/s6gKJ9S3i+l5noYaayI0yABbLx20Xe?= =?us-ascii?Q?N0BB7nUE5gC7INQKm2ASuGd5djUY3AghEmj8xhtg1VotAlwu8q+WEZacssYD?= =?us-ascii?Q?BSczZuSkqiK1DBVj/Mi/spc455O8AP8u6XNSbExpAIhojmonToGl20Mv7RlP?= =?us-ascii?Q?pPTxored2uM8MldTzdQrfgUrk+U/fIj+4z0giGsBous9fOahJZY1VcRKNCzh?= =?us-ascii?Q?NInHJC2mm5LmBMHjUHe4aInQRQc/d98h9a/GiPvGvtsfBZm1Z1nQ8o998Pix?= =?us-ascii?Q?HUdPZNU+XY1/I5cKTHO3zC4uvKGs67mPnEFlTre2LtQVZDF1KMxzrr/etmE1?= =?us-ascii?Q?NGbyRMsJf5GYct+fAygg6NckkkRaUJBtmThTMFBnWS6NjGB2zUoLJX0XN/Id?= =?us-ascii?Q?vbyUWbbDEn8XFpmMmLN03glo6JuplxHOIaHoaVvf4GZJxgADDku4WKZp7Dge?= =?us-ascii?Q?LU1OP7qFpq5wr+snWFgN5XwrT6wT3763Vgxk6nIyRa/RVl2QU6k93EdI24w9?= =?us-ascii?Q?hauCDiLhDcM+D+yRRZRQ9CQlPXGLhA0hQBeq9sYzbkpAZPxXhXuN8qw0nqMZ?= =?us-ascii?Q?2s4ZhuHum5+FF/LokildLJblgfcS5smr52i9Y+OUTHPGx5pjOuTOil1/mL+j?= =?us-ascii?Q?nReJLIYqaIcbz2o7icjbsL/d2DAKsppoQpJEL82Mc8sQm/NHqWZwZV2D4/W+?= =?us-ascii?Q?VatgpmkZod9y0cLZsQBc5M6Y?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ac54d332-579a-4e10-87c1-08d96d640c35 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:52.0356 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cK3J1gfHeHXopsN87mKajF+6VSA5H4snEEz3iWDFYN9RCZl+B019/RtCmBPJ2N+4bstfBYoqnxVcAt5rRXVHbg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4512 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification section 2.3.2 for more details. Cc: Michael Roth Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 51 +++++++++++++++++++ 6 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index d34419c2a524..48d7dfa4450f 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -76,3 +76,4 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 36fcb96b5852..ab8279df596f 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -65,6 +65,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpIsEnabled ## CONS= UMES =20 [Ppis] gEdkiiPeiShadowMicrocodePpiGuid ## SOMETIMES_CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index e88a5355c983..4abaa2243d0a 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -218,6 +218,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -287,6 +288,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index b9a06747edbf..586cff2f6813 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2033,6 +2034,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D PcdGetBool (PcdSevEsIsEnabled); + CpuMpData->SevSnpIsEnabled =3D PcdGetBool (PcdSevSnpIsEnabled); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..19939c093d2e 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,9 +194,60 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne SetGhcbAddress + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + + ; + ; Program GHCB + ; +SetGhcbAddress: wrmsr jmp CProcedureInvoke =20 + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + GetApicId: lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevEsIsEnabled)] cmp byte [edi], 1 ; SevEsIsEnabled --=20 2.17.1