From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.65]) by mx.groups.io with SMTP id smtpd.web09.158.1630513074592019784 for ; Wed, 01 Sep 2021 09:17:54 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=t09RRQRf; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.65, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BwtxQqOUPOxrvFLGYYfqWeYcavp36Bmng2cYXrP+FK4rmmNTOVlcbA8Vqn8n62yNsVHSLgedVJLDc8jFo1pXX1Fq4Kq5sg7ImfWYAwLETf/Sf5Xqg4pWeIQ7A5gPUe18CiWB/G5ACFeIIO5HjZslo2nmuarCG+j5egRHh+f2jNj4ThjqqOZzXiiQRKD0/WdNtLBOIfP/3f9Lh1/Gj2MwbDr0Vfc+If02ZhfGl9E/tux1sJb2gjwOnt6GCpMSd42moETSI+CIEGEsaAUg41tFTDsR92PWXupUE+pyW5xJu5WomFddFioBoJIGZPbRAC4fYZvmWD093s+8zMKxYMnzXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tJ+TYvV0PPa4GZfYK5jXDQ9S83mjtlePxHvJtB0kQ9w=; b=R61oo5Z0OR+gcm97S4RmJkMjAyJh+fO07bWFideRN+CZuwCLdfoF9mZklsrla7/BS/8DLQ3GtY5eQW0cJ5UYYSZpqDwRSrGosXvlkTpj/rQNuRFKzN3lp5KI8bbKljQ7sVYRnQCbB0DzMQoiEvM7V1FzAr9bhZ9tiKku3Xz4Q9/7TjhbvbDz6rPoZEzFjnF7J0sfMrbJd6xUE5NIb9TMr2pgQKAPpyqV9L2N5MDb4n2y9wOgHIU+bkqd1CEo/q32rcM5CKpsY12JbOdrw7GEvpWe51JEWdBl8Bu3By7ZslkeZP4M75At8s4joQTGaSmRwPHyHD3L2GJZwK0YlA0UsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tJ+TYvV0PPa4GZfYK5jXDQ9S83mjtlePxHvJtB0kQ9w=; b=t09RRQRfXRSCAtbhDehtHhTjRUe+kfr1vUv0DJ+3F3VAVLF2IRFoI9fzzvasX7ITPIkz6iYO7CdU0fYyGaiRJ7La/zEwo6dyBOJ9dFB6LT6u8zcLqTKzktMS3GTHm1oJaSwQT12/zt1iRL9R5fU2gNa5Nl+SOC9E62TgZ8y2pgY= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4512.namprd12.prod.outlook.com (2603:10b6:806:71::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.17; Wed, 1 Sep 2021 16:17:53 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4457.025; Wed, 1 Sep 2021 16:17:52 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Michael Roth , Eric Dong , Ray Ni , Rahul Kumar , Brijesh Singh Subject: [PATCH v6 24/29] UefiCpuPkg/MpInitLib: use BSP to do extended topology check Date: Wed, 1 Sep 2021 11:16:41 -0500 Message-ID: <20210901161646.24763-25-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com> References: <20210901161646.24763-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0501CA0062.namprd05.prod.outlook.com (2603:10b6:803:41::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.12 via Frontend Transport; Wed, 1 Sep 2021 16:17:52 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cedc35fc-3120-46be-60c8-08d96d640caf X-MS-TrafficTypeDiagnostic: SA0PR12MB4512: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Wprh/31kmNoQiSZjPoWq22NcVnj/SGbYkvjhUBrn62AEoUDQhopiXe/C5P9EhOlwBeJj4ICkPukwdzEDlruRcqW3o03SZWXYhDURS9J+ik+3HfR8i9tbHR9Nr3FDYzsxNgUzpui4vD0b1Adv8Du9ijPh6k3hMyL7j/OEaa4hArw0HKjJYN/H+sJEbMwhL5nFI4ECztTPfIxvXnPyZEHSPrVJai7PnnAyPcQjKCAXKmz8uvev3qZvU0sMn8+k6atJfVy5hIWjun8B4LHADBOTSQAUv+7tPoVQA7nHIUop1QHUi1yNFZnTE1AgkdXWPpLjMRFfA4kA+fyM+k71FKRz4y7RlOjtVFXihsfK/rVDnu0z12weTER8gXOk/Egk0tTMgR0it6eiycMQ8BS8uuHeSBJIBBWQ9dbHYg9g7q6S3m3Wgg81eTsO0QXwMNJXcc1H+h6pbndO+qTK8vRMdegsH7ifLnUZssKbRW0ddtQziLkYk7o1+tQRY52K+6a8Tec5OT/XizsCIWOEDh0qVIHwwJit4hyVqz4EIVxsNYDmvjOelyXobmFYWXa8c3nWaVTviQ2wlRAM71g/9CuiSrYx95FdEuu9rP7oYomzBGIML+pXf4NvKDPXqs6PFYsZPlQBRBCzVX/M3Y94bFbSYo8VtCN3ARhd6yUHpxO6dlgB0PY7hQfhSxIT6nmQvBDZ9QB0lUu64Pktyb3Afkn2sbs/PdKPfrjEzMpcwq9uQ2BEo1E= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(396003)(376002)(346002)(366004)(39860400002)(136003)(66476007)(66946007)(66556008)(4326008)(478600001)(316002)(26005)(2616005)(956004)(186003)(83380400001)(19627235002)(44832011)(5660300002)(86362001)(54906003)(7696005)(8936002)(36756003)(2906002)(8676002)(38100700002)(38350700002)(6486002)(6666004)(52116002)(1076003)(6916009)(7416002)(309714004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?hu+vMiScIUmQ1F3aatM3VPpqKRxjT4dJM5xm+LfR570u+CO74pw/xJH53uh0?= =?us-ascii?Q?XsB9tYVVtk4dFnIasZooKSe5Vb1X8KJZ78QlDegn7ZBQgc9/NypezOEofjsR?= =?us-ascii?Q?/Tl8y4GiLVKgiXMr9ISVGBWAD3r65IqgzsNnarUZUaxZVZ69oOoRqSfS+OVY?= =?us-ascii?Q?AmcyB0fn4jlMi0TIojn7GAA0uhtQ9vehg4iOj1zl/9TR0fvKiZENU9w6R1M1?= =?us-ascii?Q?vL89ct4jTHqb/vvFvCeXduZb17F7rWySFyZi7Ev9zaZJs9mVTsRr02kJAz8e?= =?us-ascii?Q?xtiQqRn9meNS/HjdFGHa/ApOKBIkMUlCORGOLl5/Uoou1QjjVvzHo1Ygh7AR?= =?us-ascii?Q?G37GBZNci82WR7TvdZPzJTW6K4Ze5mAEFLg0sQzzCI5tJNanZYBO/1ytC8bM?= =?us-ascii?Q?1IeNHlrVBkmL9KWmFulNtvHpmwRztDRr2kbvv0rBGYwufuGxn+IlxHHt2P+e?= =?us-ascii?Q?Ve5ZrOJT5Xxb9BBiJmraHkL1pC5EKKF5Fu+95Clu1uuli78M909K9o1Cu8Ft?= =?us-ascii?Q?Qs7eNzHnHRQrhTKue8z1CIkPKDk0EqGMJvCR+TLAgq7vXB3Ga4GU67gavyF+?= =?us-ascii?Q?+htyxpYa9Zn9rnbQaitEXyqppT0CAZCIEgDNee5bGxkBrHIYNogy9KK9dsFU?= =?us-ascii?Q?mhrDz1UGI0T/FlzBs7LWRuOJZuSZgwWHIiq2EHqrlOj8oCxpEmjcbHovkyFX?= =?us-ascii?Q?iSQu6tmLzjoi7WN1Ey5ShXzOLtByWgYLj0fMrz6zMPzYAsPaDjmVckad6BPn?= =?us-ascii?Q?AOkGSvjP2CefcSgE5BXnQoI8ayq8H8kSLYhYJ1eP+ay8wysURjI2kVVuzTOk?= =?us-ascii?Q?Mf20H+4YUuZotBaG6U4EpkO7TuoIlF/+6pDUU5xqDmFFJ6y3Js63SAbYyqdV?= =?us-ascii?Q?ZQjoHC9/Yy+GaA/6LtC5K9PD2MKPA2/M3Hi2NMcUOQIpKHMO4cBREc+Rpgzx?= =?us-ascii?Q?It1sbDLu39PIUNhlKDIiw05Jhe3N0V/Fhpeg5/uSRv5cL5MXAqhVtLTkMwyr?= =?us-ascii?Q?ShFPuR8EHInKD2yXcE66PFokL1W64brRulOBoqY+SnnwiXFT1ZRkUyjlFt9N?= =?us-ascii?Q?zxaRdMO7ljclQvWqGWFzXUUdrnnI1nyQ7tV0uFXwx7V3KhG0V6iimuZA4FsD?= =?us-ascii?Q?pHvp+4qi5V9Lfq5O0PN7yoQ+wesfsHdwybK3N+zaLQiYzviirH6+51jdKwe8?= =?us-ascii?Q?R3icz/ziGqehlSgAe45JdzVF0yPZVofBSe1NnpsXs4TMYIdgqcxTer/aKDxM?= =?us-ascii?Q?DgCxaTzwctrO2jAUfhD0ImfzHgRPE13x4PJeMiSWaz/b5XsDliysk8AlDnYp?= =?us-ascii?Q?mQ/Gvr3iG5Z+BcNbT34r+Aeh?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cedc35fc-3120-46be-60c8-08d96d640caf X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Sep 2021 16:17:52.8362 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 09QGg7CkQhNvehJU5WqCf74bVL0WCaR9mnPn7ZNVhZft971/vvX/RmSnbQagFV3JIZJ1JcULJuart6vhFjUAGw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4512 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain From: Michael Roth During AP bringup, just after switching to long mode, APs will do some cpuid calls to verify that the extended topology leaf (0xB) is available so they can fetch their x2 APIC IDs from it. In the case of SEV-ES, these cpuid instructions must be handled by direct use of the GHCB MSR protocol to fetch the values from the hypervisor, since a #VC handler is not yet available due to the AP's stack not being set up yet. For SEV-SNP, rather than relying on the GHCB MSR protocol, it is expected that these values would be obtained from the SEV-SNP CPUID table instead. The actual x2 APIC ID (and 8-bit APIC IDs) would still be fetched from hypervisor using the GHCB MSR protocol however, so introducing support for the SEV-SNP CPUID table in that part of the AP bring-up code would only be to handle the checks/validation of the extended topology leaf. Rather than introducing all the added complexity needed to handle these checks via the CPUID table, instead let the BSP do the check in advance, since it can make use of the #VC handler to avoid the need to scan the SNP CPUID table directly, and add a flag in ExchangeInfo to communicate the result of this check to APs. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Suggested-by: Brijesh Singh Signed-off-by: Michael Roth Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/MpLib.h | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 11 ++++++++ UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 27 +++++++++++++++++++ 4 files changed, 40 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 4abaa2243d0a..19e91bf7d74e 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -220,6 +220,7 @@ typedef struct { BOOLEAN SevEsIsEnabled; BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; + BOOLEAN ExtTopoAvail; } MP_CPU_EXCHANGE_INFO; =20 #pragma pack() diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index 586cff2f6813..c2b00a1f04ff 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1004,6 +1004,7 @@ FillExchangeInfoData ( UINTN Size; IA32_SEGMENT_DESCRIPTOR *Selector; IA32_CR4 Cr4; + UINT32 StdRangeMax; =20 ExchangeInfo =3D CpuMpData->MpCpuExchangeInfo; ExchangeInfo->StackStart =3D CpuMpData->Buffer; @@ -1043,6 +1044,16 @@ FillExchangeInfoData ( ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 + if (ExchangeInfo->SevSnpIsEnabled) { + AsmCpuid (CPUID_SIGNATURE, &StdRangeMax, NULL, NULL, NULL); + if (StdRangeMax >=3D CPUID_EXTENDED_TOPOLOGY) { + CPUID_EXTENDED_TOPOLOGY_EBX ExtTopoEbx; + + AsmCpuid (CPUID_EXTENDED_TOPOLOGY, NULL, &ExtTopoEbx.Uint32, NULL, N= ULL); + ExchangeInfo->ExtTopoAvail =3D !!ExtTopoEbx.Bits.LogicalProcessors; + } + } + // // Get the BSP's data of GDT and IDT // diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 01668638f245..aba53f57201c 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -94,6 +94,7 @@ struc MP_CPU_EXCHANGE_INFO .SevEsIsEnabled: CTYPE_BOOLEAN 1 .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 + .ExtTopoAvail: CTYPE_BOOLEAN 1 endstruc =20 MP_CPU_EXCHANGE_INFO_OFFSET equ (SwitchToRealProcEnd - RendezvousFunnelPro= cStart) diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 19939c093d2e..76d07a275c7b 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -264,6 +264,32 @@ GetApicId: or rax, rdx mov rdi, rax ; RDI now holds the original GHCB GPA =20 + ; + ; For SEV-SNP, the recommended handling for getting the x2APIC ID + ; would be to use the SNP CPUID table to fetch CPUID.00H:EAX and + ; CPUID:0BH:EBX[15:0] instead of the GHCB MSR protocol vmgexits + ; below. + ; + ; To avoid the unecessary ugliness to accomplish that here, the BSP + ; has performed these checks in advance (where #VC handler handles + ; the CPUID table lookups automatically) and cached them in a flag + ; so those checks can be skipped here. + ; + mov eax, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp al, 1 + jne CheckExtTopoAvail + + ; + ; Even with SEV-SNP, the actual x2APIC ID in CPUID.0BH:EDX + ; fetched from the hypervisor the same way SEV-ES does it. + ; + mov eax, [esi + MP_CPU_EXCHANGE_INFO_FIELD (ExtTopoAvail)] + cmp al, 1 + je GetApicIdSevEs + ; The 8-bit APIC ID fallback is also the same as with SEV-ES + jmp NoX2ApicSevEs + +CheckExtTopoAvail: mov rdx, 0 ; CPUID function 0 mov rax, 0 ; RAX register requested or rax, 4 @@ -282,6 +308,7 @@ GetApicId: test edx, 0ffffh jz NoX2ApicSevEs ; CPUID.0BH:EBX[15:0] is zero =20 +GetApicIdSevEs: mov rdx, 0bh ; CPUID function 0x0b mov rax, 0c0000000h ; RDX register requested or rax, 4 --=20 2.17.1