From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.49]) by mx.groups.io with SMTP id smtpd.web11.861.1631557222462732596 for ; Mon, 13 Sep 2021 11:20:22 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=JbrHfYB1; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.49, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i7w24MIj+0CVXuaAZxIxjoFkPuJbRdpA2ClUSO9b0mUleoZisJFvdEtLoxDFysVJP33gT/8XOVNkwvk2iKdxPqefEzcHogLRwqUHZOX6mZ4G/i/RUuBCNtkW3c1Vy+z6S8CaJfmJrEXtFfYfXJ00rTS0vuy1Lvpolpw0I2/pLh8mXQuhdoyJBJCS8TfDM1D90LS9VjIzE5jvz+qPDYpkpWXQY7WNzIDwOYBwNT/w32umjJrgMp03boANDjIJuVNegJMiOGPFF/R1GxvYSB8fioff5jqTei1rA4i8tdzWnoUMX4ZxI/G35PdUsA2ZrS9rUnDDdphWyJhSbsKa3/lqIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3js2XRwqaNi76bzerlp8IMIEH1UCduULd0q0U2Slh7c=; b=nwcsT7iZD8RYu11RxqBu/7+uA5xbDlDEsnkabw+B1Kxtd7CDmR2dM4nIiL6sZSF3tZU07y84z39NHu+2d25hpfFS6kmuPAPE4VBN+s+ToPCrY4qP8V1nIvJARVR/CnrKqgAutFxtjzf/jPyykLbBcAtohTAqkshAcANaGADYI5js7yxkZ4yOsX4jfYL7Vdr3+b4GoIcBMgBcS1P1N6ftaW5bUilg6MAWOLzLlto6HzizCufB9bMCiMZfwO17USLJlKyDgdlFjqBebU6WrH8AmxRF7NADg28TlErqsdq5kPk7ayT044Af6JWO4C0yGcRrWbRuRLlELrtQ97q7ld/liw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3js2XRwqaNi76bzerlp8IMIEH1UCduULd0q0U2Slh7c=; b=JbrHfYB1ycIkXx9OORZUio5Ny52zCnuO6/Gob/wgl78371EJXddmf2TBfNhCUgE/52V5Kzj3w9bTMT4c83PqxrZi24/gdOn9tFwViCMc5MiJbZTxHJPcSbvt4pvrNJ5vn/E5/JAezbCw/9f2lKTQoeFVQR8c8qlm2fjk8K4syF8= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN6PR12MB2830.namprd12.prod.outlook.com (2603:10b6:805:e0::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14; Mon, 13 Sep 2021 18:20:18 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4500.019; Mon, 13 Sep 2021 18:20:18 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth , Eric Dong , Ray Ni , Rahul Kumar Subject: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Mon, 13 Sep 2021 13:19:35 -0500 Message-ID: <20210913181941.23405-26-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210913181941.23405-1-brijesh.singh@amd.com> References: <20210913181941.23405-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::17) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9P221CA0012.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14 via Frontend Transport; Mon, 13 Sep 2021 18:20:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c487ace8-e1e5-4b29-8cd3-08d976e3242a X-MS-TrafficTypeDiagnostic: SN6PR12MB2830: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AFzy7xyLioJrfsdZsGL3ah5pTibwzf7MJWItjiL9kDNdriOS7WctgwTRzgSrXLWCPwKTZI6gzxwg2cB/RRI4fx8j2rMb3qe7Tr7/Yu6d6yfld8QiR8ymg57GsrT2G0Op1f/A7bI7yv/f2JJv7a0OgGvSbAGgzMtAM/ySoe3KPPiecdZVVUwesueQItw11lfXcF7tevq+CxCKUiQkku9TcnPrfDuTYnYilmeWYsTu63GKZEWLdb8Zu8gjwz621vZjgXQygsX0fWihPSqIt+8OB3btuZT1qijfj8HvGXbVuxYSa/+1l1FpN3t+cCtZwpqEnfiUDTwtaENvZVgEuiRwRQniMN2Z49+M0u8JDFJtMtg9RbyAVkWrCvFZs5loYYR75/nbdDQU9UPe2pyYM5VlSEP4JNA6YAqxUDVktDA4D11WQxPutzFsDrb3cllzneM1PFDgDySW3JNPrAaRWfzSAwzIQDIGZZC8nut5z3TrMcRPXIMsvyE5ZPwGtkgZTdXlXkSbHYPnODg8oM5Tx48KLXJMLScoS+T9AXIz4Ly7xWvlwTjey34IaVHfxBwB5Z/pN/dNi6BPjly0TnwMqEvk44C9Ld+uhGmruHTfBWxvbcJHB70FZkqAckyrcas/TX/LNTJH9HGTibHOKn+RBVJ3qnGkq1Z/uOJhFWXH9n6drMlDYvyo/m0xz8QiDp0HznCvx/EoivYxQOhw6e23SZsDmiffZ5em2K+z1o9Dm+a+jRJy/j4F1FKa2/bNIQ3imCT6yR/Ws2qBqlUc2rKjgjHHgg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(346002)(39860400002)(366004)(136003)(396003)(376002)(38100700002)(38350700002)(54906003)(4326008)(1076003)(7416002)(186003)(6916009)(66476007)(956004)(19627235002)(2906002)(6666004)(66946007)(66556008)(2616005)(8936002)(83380400001)(478600001)(966005)(44832011)(8676002)(5660300002)(26005)(86362001)(316002)(6486002)(36756003)(52116002)(7696005);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?s8gGLAoEid3oDORKM3MnVbm0/mYngNyG5+0a/2xXw59d8AARXqCvorsX4+4j?= =?us-ascii?Q?dIrJjZVrEtOgSV9gEYuD0TsBzUbhGMba+tnxEE+gHmbcXEfSIgIrFPgrYebR?= =?us-ascii?Q?mAI41Skxfl1GgzSFnLdUY2QHOgLGl6326pu2CDxk1yCgdnQbb0JouiLa9TsR?= =?us-ascii?Q?sihJGedg+hBNnDaOr+MMP6tLLYdmqn9jLCuzwByO2e6+fYFm+zSdkVcnn4l8?= =?us-ascii?Q?sQG01TtfDgENDHn9PejUJo65ii0r0iZOpEDf5zRB1rVUNs8MXi52L3/0DWGX?= =?us-ascii?Q?EDB/EoMhRKO5mkPx4w4UAzJ5LERQAfN1VGTeu13MALIrXMWTiL+SLaBN7Oxn?= =?us-ascii?Q?SD3S6wofj0FdIirfmCP2c+a85YRMycziprSWe+x0B6pm8BH4DUUFlyBAvXoy?= =?us-ascii?Q?payUw8mclwsBNUB+YTdkVvcssYQ9UzZmQwIZzyF/WiX0bUPjwr2JW8Eubuy4?= =?us-ascii?Q?GDEtrx3Evfu2O0mVWFqFnpI8LN+B8LLeXJ9anBNDPSfrmiFxn++6hcRo5VEj?= =?us-ascii?Q?RPe3xxjXK7GQ8125fboO0E0QTYGRZVaqxllwEu0OZlHo8SCAUqxLZM0QZAkw?= =?us-ascii?Q?3uSonrLyk5ee8pCNDjKA8Ako5ecTJBPY+I4tQ+5tbkYAe0uHqbDFphWJbhKn?= =?us-ascii?Q?0o23FAAyEpXOifvGtkV1i6xEf2P6Ezn5u33Y46QBk5S+9HAfD14fiZ2IPGJS?= =?us-ascii?Q?4PhE1Qr2oNqjUbWYo58ACzyO/37pFjSVuLxgyo64CPhuX9hNvZTCTyzzWmHy?= =?us-ascii?Q?OGCh27QmSbtdzftkrUFBEs+xI/wfGRxRRf51tIMfufIj3crWt1B596+YjOOR?= =?us-ascii?Q?5UgmQu0eyqwNEG/ET8taYd/vulGOPbrLsRbPTU736jxIxp8PcwYCZb+6Jleo?= =?us-ascii?Q?zifP4LBbV1jNPphin52CFQgNjVRGjLR/U31Oym11DC8OKOn5JS2w5yYOHtQm?= =?us-ascii?Q?pcxqvRd5OqtrLbaF8b2GKSwtOhZjMdRwClvt1kcQWe+ekFxbjRTh1CyPV9GF?= =?us-ascii?Q?4iFdGx8L96/bNqELRbKEB83+6gKF9iOAf8/7A1Epi5GAKEi1V+YWvCBP8kLl?= =?us-ascii?Q?R6owirPBxP0XlZI9uEifCQHGVZ4oymJRhPPPSw2uljIPc65ITpDj8QsmwnIw?= =?us-ascii?Q?BPnGQKNwhtcmj6MAG6tIZbK/sjM2z5sH0+HtJDYQ64j+/oS0SxpuFaGQn0JN?= =?us-ascii?Q?4fuFy4nJw4Ld6f4aCDkvOGNSpT8P+cjKOVMyDr6iczO75wLpsjgoMGgg2xac?= =?us-ascii?Q?NZ9wuImH2j5ubAovYY5UO0wJjTUJ2mrlq32zUwnzGYznpH3ww4lvjtL/J40/?= =?us-ascii?Q?2bXdRbFMA+Drh2lx2IdLo3wP?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c487ace8-e1e5-4b29-8cd3-08d976e3242a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2021 18:20:18.7307 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Qe0hQiNY6PqSJ/0Asps9xwbcUrN6EPw5TP1TrXQIbIxRHi1pBg13NwCRD+q3DNBm51g+GMOUQ0qmodyz7DyU/g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2830 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification section 2.3.2 for more details. Cc: Michael Roth Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 53 +++++++++++++++++++ 4 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 388ebef7b0dc..56d6d703d8b0 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -219,6 +219,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -288,6 +289,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index bfef1237f452..365c0ff24ebe 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2033,6 +2034,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D ConfidentialComputingGuestHas (CCAttrAmdSe= vEs); + CpuMpData->SevSnpIsEnabled =3D ConfidentialComputingGuestHas (CCAttrAmdS= evSnp); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..018ebe74bf5f 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,6 +194,59 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; If its an SEV-SNP guest then register the GHCB GPA + ; +RegisterGhcbGpa: + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne RegisterGhcbGpaDone + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + jmp RegisterGhcbGpaDone + + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + +RegisterGhcbGpaDone: wrmsr jmp CProcedureInvoke =20 --=20 2.17.1