From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.40])
 by mx.groups.io with SMTP id smtpd.web11.852.1631557208892704243
 for <devel@edk2.groups.io>;
 Mon, 13 Sep 2021 11:20:09 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=2IKncNOe;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.40, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=WOZTIlprauFKtXPrkPmHdCV7EYxk7tP3dUvfcmo6DiiautrfOlamCykzuncDdhoGFL2dub4UmL/gaRm7urULdazpF55kdbfBhxUHhTzrRPDN7iyye4hA6o7Zt/lHXx2ySZn1NKkBJy45JLz3QFMoGdN19KffyIFIZZ5fAmf8cRRYQwNeVJfXl17EtMRAxsZh5okfnh7Ge0dTJOEWrUL5bVLYosIdSSOh3WwCISQMUkRmp4prC2MXgjbql9qCkAIDbEPp9x3ouE58tRv46rIZd86PISS7PCbQzCIN78SQoF13T4Iy0JmA+xx9T4MkPqzNZ6NLskY2AsXdmqX4G8YI9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=wjdqXMKYopVhPh54KPoPE/gEV6naCF7oHuK32RiVZjc=;
 b=bMpWXMAAp7kHHmNPTwZWZxG+mr5U/8SlzCI2HzebxQGFshsvLiCtkPExy8QptdGU1aWanEWiqYR+yLq0qF/2AjvtLSbuCwz2xJwzj9QsfBTe9W3NCe4DAwL7jSNk7pfLvJNnRh8iCQVrVQkSNMqVAJMYNS9BNiXSURcOeVIj0vNE3F1ECfJzinUJVD9wGdDMOmy3xHZmF+VfVOfRTLlmbhiuwE5WedHfY5tHFht74kMxtwaJo6uGa9EHD5WBNYFHi5CYi+NfxJohwFv/mIjpDdsEvasar6wNWELhCVr5b96/92iHTUuwVUu0OWANKRXpP8m4UqbIV3JGspYa1m7avQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=wjdqXMKYopVhPh54KPoPE/gEV6naCF7oHuK32RiVZjc=;
 b=2IKncNOeNCBDFd5J3pdd/71Y8nxBoENv+cNna9D/B/K83Ul49blh0e54SnWRa5g43Gftlr5yvlaUq7FSP7IVkb1EUYaVgValyhReR4eM0ey3B3DIQK9617HxqqouJTwSc00yB2imgivsh1BuSjDuDgNPG0LIpU+vpjMdiQIQwNo=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SA0PR12MB4557.namprd12.prod.outlook.com (2603:10b6:806:9d::10) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Mon, 13 Sep
 2021 18:20:07 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4500.019; Mon, 13 Sep 2021
 18:20:07 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [PATCH v7 11/31] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest
Date: Mon, 13 Sep 2021 13:19:21 -0500
Message-ID: <20210913181941.23405-12-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210913181941.23405-1-brijesh.singh@amd.com>
References: <20210913181941.23405-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM
 (2603:10b6:806:25::17) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14 via Frontend Transport; Mon, 13 Sep 2021 18:20:06 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 590f1748-e6e6-49f4-f263-08d976e31d59
X-MS-TrafficTypeDiagnostic: SA0PR12MB4557:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SA0PR12MB4557D9BA34080C339D07FB59E5D99@SA0PR12MB4557.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	PmtfiJcgBPiaXTA3tJhduAqS6LSwZo0DKJvtGwyn/5NF+2ZE8ig6IHtKmPg7KhEd5iqBa4QJbhzdG1g81x80DEZHgZr68hht++50Tc12xgjP+6BAYgK8h+/jV0XxiSsgJDnS+pXEo6EfiVgbUyFFVPy/T36i0T3Vpjyo+H6cyZPy//Pg8agg6S6n47U0Kqg80CVUgy1OJiXBsExrQpZlYPvk3FuFEsJm19TjyHqsrxk6a3C9twM3dk3wp2KkY0FDPrbNpBsuKS2CyDYJEYIV8bWhKlGyf1G5O9d9trs5HqW3qxJbNnw0y61uS/7mcVSYdwzIr4X+tzhVtf1QJoH5g+bKKe32fnroZJxWi/kIlHUBO6Lan3OIWvsTjJqcfYJK2BmnehFmry2wH5D3lAmNC2Aujc9NuV2Rh2hcFq/ErhECKZP/iP4nzaVFJkn35CaSKl9KulQqR4CkVcaIWMj9xyV533PUtXdR+ktr7Q+7r/r05wb8T7x/6p6FCK1JtAuVsMwV+4WJKY207eypo3cddHa5Hcve0ytCWjnueF8zpMBdmTskjlcHU4xRY0axAlGHvZo7FxeCcsQMwKjixDDl9rHLtkATG0xE5pwBrqtY+z0yBNMt+VAqmXN3dUgWZiMf0wOFWfZZtuhn6DzbGDgWGShDXB+Vjq/bbyV9SehX9/085wvP+j/ZPGIH4W8FqOk+98BIdlUzu0XrlTorXEij7tmq7mDfkScforoTxunt0IKcEedpvASkjmLXYDJQY7wfWSvEqxUvoBbG67ImIJyEERe1gAofdlioPkzqnFt4kfs=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(136003)(366004)(346002)(39860400002)(376002)(478600001)(86362001)(7696005)(6916009)(966005)(316002)(52116002)(54906003)(44832011)(83380400001)(38350700002)(66556008)(5660300002)(36756003)(1076003)(4326008)(2906002)(186003)(956004)(26005)(8936002)(8676002)(2616005)(6486002)(38100700002)(6666004)(66476007)(66946007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?vTffyrAY2E9ccDQ+YIvAdyarjpjJuJ941hGbgNtonbH/eCA+de6+XRwWrHJs?=
 =?us-ascii?Q?adb7yOKx0Rfq8tutFj16qXvGr7naJZNToCkiq+oCdLJQqGzCNk6EaKV9KezN?=
 =?us-ascii?Q?l1ccx7qyFplef29M+QEkagYSz0+LIVmWoaCRn5xzLBDCn2+uxzRgbDBwVdvw?=
 =?us-ascii?Q?y2616A/X0SZDOk8ibSO1lUWUAPnQG39/86dyPvzAmUoQ1d5gyp7cxFubVbWA?=
 =?us-ascii?Q?GiXNHvnGPCuJjAl58/61kjx+RHK+BV2jBqgKp2hz4B2czMi49pnoP6mYgtYY?=
 =?us-ascii?Q?itkeqKqLyxPlxN7d0WsPHJcSPPiOOEV/RGZ6TZgXEhjMvniwXNy7BDOzY8MJ?=
 =?us-ascii?Q?cWs59PrRjBRbAuRk01mD8f2Prh4BxZItouX7RFFPnuCMcbwetzzZCyAiL7RC?=
 =?us-ascii?Q?YOoCg+xsRugsaDFXBtywSciPwnqZnOeZXLYxtEQL6SuSy0S8gOLPIT0qjO2K?=
 =?us-ascii?Q?G20XkHEmZwOGJBH9UtlAEQeLYJTQGsNdUckgQpplDY2ulqga6ZgkrjcOnHhK?=
 =?us-ascii?Q?n9a/82nkpaEqWnnewZD0VhMPJtTziXvyd5N++redyKQpq6DtBbkKGi0e79+O?=
 =?us-ascii?Q?f8tQtDfAX1ib9VldKF7tLlHro9s85OXNubw8RkebHDk52p8UwprwuOdnpAIq?=
 =?us-ascii?Q?SYOj/AqkH46p5bHiM4lyInTQsr6M/YkuAL6Gdt0GJBqrpxkG1Vq8AjqU0AKe?=
 =?us-ascii?Q?dhRp5wzjkXOD8sB7d1QyQunQBJ7VxTS/QgExFh8FnL7c6OOPLC952KB8z4kh?=
 =?us-ascii?Q?7Tw02vc2/aUQwTng0ppYnBBNziF6KQyzbMLRphcKvKHsZsTpSKM+VrwPBIDp?=
 =?us-ascii?Q?On5SShdcWd9z2byHOfhWjtlyW/EPSntXWlhAOrRvoCetDOROQ5IY8Y05yZwi?=
 =?us-ascii?Q?I/U+rTty1h0H5pvWS/VmQOHuLnNk7/1x8UOZJh9JbqAWumTCSb7/o5Ckk9Zl?=
 =?us-ascii?Q?+r4qahZX6t/puLCrfnufMFNXlfzQesk7gh+UGXkaJu1tw8J4fH+zDM1phQnD?=
 =?us-ascii?Q?0aPtCdOdbcMtUvIMAXyp6NjFzvDnhFlmleMVxdBWe/3m7um6nmZ9m26BsWe7?=
 =?us-ascii?Q?zoqV9cZ3ovPBIwIoV8Ooh0J8ddIvFnQ2r2OwJG77AnRRqz2KScUlrywO89fA?=
 =?us-ascii?Q?rEcrUgez01pblz8B7tewJYojAtM2hgN3N6gvdpUPwc1flcHrUZVaevDcBNST?=
 =?us-ascii?Q?HpA8N/IJotjXIQ+AN/zihI0UsiRe0zvDChDi6hPnCBGJ0nsLNkukajEfIv0x?=
 =?us-ascii?Q?oH5Gh68NaSr09gfX0VCdszdx6FRBeROrIuH9HnBjHRJ0+geMxrp5VP4esWqs?=
 =?us-ascii?Q?Gswqs8Wn69kaVfeJOW9jO5w1?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 590f1748-e6e6-49f4-f263-08d976e31d59
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2021 18:20:07.3412
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: UBp+2gE2MEAUq748iGsEEy8Xm6TNVdqNGuDoBp3cof6/8RUmOJyjYykALhNY5DdxFYr4pzCkNF22DL2OyzM2cA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4557
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 91 ++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022ba..de876fdb478e 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -19,9 +19,93 @@
 #include <PiPei.h>
 #include <Register/Amd/Msr.h>
 #include <Register/Intel/SmramSaveStateMap.h>
+#include <Library/VmgExitLib.h>
=20
 #include "Platform.h"
=20
+/**
+  Handle an SEV-SNP/GHCB protocol check failure.
+
+  Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue=
st
+  wishes to be terminated.
+
+  @param[in] ReasonCode  Reason code to provide to the hypervisor for the
+                         termination request.
+
+**/
+STATIC
+VOID
+SevEsProtocolFailure (
+  IN UINT8  ReasonCode
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+
+  //
+  // Use the GHCB MSR Protocol to request termination by the hypervisor
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST;
+  Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB;
+  Msr.GhcbTerminate.ReasonCode =3D ReasonCode;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
+
+/**
+
+  This function can be used to register the GHCB GPA.
+
+  @param[in]  Address           The physical address to be registered.
+
+**/
+STATIC
+VOID
+GhcbRegister (
+  IN  EFI_PHYSICAL_ADDRESS   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail=
.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
=20
   Initialize SEV-ES support if running as an SEV-ES guest.
@@ -109,6 +193,13 @@ AmdSevEsInitialize (
     "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n=
",
     (UINT64)GhcbBackupPageCount, GhcbBackupBase));
=20
+  //
+  // SEV-SNP guest requires that GHCB GPA must be registered before using =
it.
+  //
+  if (MemEncryptSevSnpIsEnabled ()) {
+    GhcbRegister (GhcbBasePa);
+  }
+
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
=20
   //
--=20
2.17.1