From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (NAM04-MW2-obe.outbound.protection.outlook.com [40.107.101.84])
 by mx.groups.io with SMTP id smtpd.web08.1330.1632163593166794776
 for <devel@edk2.groups.io>;
 Mon, 20 Sep 2021 11:46:33 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=O7+MWBSw;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.101.84, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=lgT9i32vFPU9N6nZP6JyVxHO9SIzN5840shYS0pEFss1l5jAT28okQXEcD8Cz8CkKbgUTAxgAqBzmkclj1ZXmHObuzJvPPdv75CRkwqFJO91mL6booHV8gcscR6cNSNwhdCIJHZRrCDicAHGLHoEfA8FHqgTHI4vuoyXm38KJ+0PSdt+yf2/maKybuP2EUKxKA7JoJd1uoujHJdIJOvlkYRs34bhZCZf8ds6CmSkvZSZYGxDR9L7xL2dR5k3hrkXiMD+9Uu+t0KmEiu32deXaJnU97fx8IBRUDA1jB9oglkmg5J89kKvu1euwWRAQPgxnoBlJWNxATNK1IH8eU3pbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=HuhGda+6oARJ68tERacVq0XDbULIEzJt/3fCHJL4IjU=;
 b=eOF/Xs1sbUak+XX2N0LeSOhm/7E1tegJclbE/7lRvDKEeOB5D6cQRuCaRho7akvAR0h1rEYN+0pc7DWsMW3vdMJJbRRGucWJD1VCVpT3hf2rcVPfVkFLJdBV+nfc9UysZUDomOxdIsk7KZmyILDCZLCfLRcg6ut9C6XMHuqIXE9dTaueNd2U0IykdsV00H4O1tVojOHTQ1l0sVpsDcj7VloeyDD5mr7SvEUqrKG+rWByxZJDBdZXZfCLhFC5VMlfBCKoz2lmAkQcJvXjyq9kdRX9FWGxolCRL+p8VKUqO1MCveH9b1Q+OZ1oipVH5pOQ3GnkCL8ircQ+l8H+hu/KRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=HuhGda+6oARJ68tERacVq0XDbULIEzJt/3fCHJL4IjU=;
 b=O7+MWBSwD+3Tmg4TrOEgOduupe1+oRT7ktpq2vrXmvj7ft3FBxZoaxd4T1uc2TXAnGmV97UYUmepy4IqD2sWP/BanyuUN0wUbmZvJH7kDaA8gODH9EsSqz9NsYXg7ODcwBXQcodgT2j9v5GBTmFmLv2vncSGbp6K6KJBTHT2hh0=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22)
 by SN6PR12MB2768.namprd12.prod.outlook.com (2603:10b6:805:72::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Mon, 20 Sep
 2021 18:46:28 +0000
Received: from SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com
 ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4523.018; Mon, 20 Sep 2021
 18:46:28 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Michael Roth <michael.roth@amd.com>,
	Jiewen Yao <Jiewen.yao@intel.com>
Subject: [PATCH v8 12/32] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest
Date: Mon, 20 Sep 2021 13:45:44 -0500
Message-ID: <20210920184604.31590-13-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210920184604.31590-1-brijesh.singh@amd.com>
References: <20210920184604.31590-1-brijesh.singh@amd.com>
X-ClientProxiedBy: SN4PR0201CA0034.namprd02.prod.outlook.com
 (2603:10b6:803:2e::20) To SN6PR12MB2718.namprd12.prod.outlook.com
 (2603:10b6:805:6f::22)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0201CA0034.namprd02.prod.outlook.com (2603:10b6:803:2e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Mon, 20 Sep 2021 18:46:27 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a61d4085-46c2-404d-8ce4-08d97c66f492
X-MS-TrafficTypeDiagnostic: SN6PR12MB2768:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<SN6PR12MB2768B978C1368428F683C63AE5A09@SN6PR12MB2768.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	0zr7I/zsdtiSCMGAJUr+0Irqa7IHk5QMqQG7pRwrT1UJSCKLRgPoMpyy8Lio+2z5ig+FxPt1iLTfAIAJn9/FGQJncKpXYN5iT0qNVYaiH2iOjVn9+erSM4pPWbR7e59b7ZJPekql6xdTzhEnK76Za2DOx7Z4Crps0RiXF6bH3HkmHMQv/TWSPeMzWX3rccjM9klEXseideDiBGCPFiu6cLs8avuYMdDJbvOOOgxFRDgjiLccIp2sDS2lNgm0fWqpLsDpMZ+v3Erh8MaSJMe2UkquhGQKZfOy58UaayB3xj6IzAIgQJQX/IG1MMOaG2I7Ll/hqOcPY8yKC9Rq70hPoG8PkOPAymnQ/qgYYFumJhlt9xeUkJpvUo4QOikso6DZTpGrw4omgefWMSZHtZ9salwJP+BDN9fbesiHuuPrlk4L8IlLL7gvj3JgxHNHlSHIX9ttJD4BTxhmJLH11h3YbvsST35s8xzeb+fM8cYtvs+9SBWrDGkCV8ypk4rye0n1DFwBNBvcFewXnKgN1JYjaRI74oSGcEuSdbcq5eLZPRLzj/CWnYE3BmGbx5VhiSnlaVYtb/h7lRwECt2D7S4mA4MDRccQ02Oz4RNECfSBoAh7cclk7KvBWoZGW7bsw0N7UwirxHE3c+M6YxayYq1BiQGBF9c5npu3shiFjJN3/n3ZVVji+xG6eg1dvIVskVD+/qAX07re9nodHyNE284jjeYvl3jVpbgpsgkReQ5fEb1L/Mcxr096kajaYmE7eEIO84DUcDKHbtaNf5pAEd8yVa65AxnrZHc5Vzv56vnKUwY=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(366004)(136003)(39860400002)(396003)(6916009)(186003)(86362001)(2616005)(956004)(6486002)(6666004)(44832011)(26005)(38350700002)(5660300002)(8676002)(36756003)(478600001)(66946007)(1076003)(7696005)(54906003)(2906002)(316002)(966005)(66476007)(66556008)(4326008)(8936002)(38100700002)(52116002)(83380400001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?XI7LmrgiU6BulJdJpWbHG4tV5kFOBjye7kzQ7/Zq/s1R9PDO3Z6l1HSRgxVw?=
 =?us-ascii?Q?rBNqC8WPMdgyXJQpVXwrj1L+/gou5dmTHlQKex7N1vXfE2JDIvq/u/wUNK4f?=
 =?us-ascii?Q?Xpc3DayG/S86xTtX5GcOLAtgoHKmiFDgL2bkH9D8M9C8DnBWsIgQCJk7KGRZ?=
 =?us-ascii?Q?YpE2cFve99OF+56UgVEE+VWabCE8em4x4h3Vr/kXUYLK2N9+U2FmRu0GIEbg?=
 =?us-ascii?Q?4cnkij9lyPQoe0Xg6HvJE6AU/KgvrPvzOPTxpQ4Ox+G65FAlHiCoB4rC4uj7?=
 =?us-ascii?Q?9V3aukPFu0jih//tGIaxQBpppf367JQHsVpwUBK8iKhq//FlsY4fvYPHt/uB?=
 =?us-ascii?Q?w7XAtieeMGdxf0t5tFnHVvGm9ipn4RnEd+CwX2t5SryWoAd6m75G3uE3VYOF?=
 =?us-ascii?Q?7t6+/36carHCG8nfy8TlLFJXjom2n5eI3FElL2SeXj9YnzFOJatguUuyoHOP?=
 =?us-ascii?Q?mbZZVyopW9LlA0xqMtnoCgjSDwzl6EtQzKDr1uLRaxeDGFlVr5K/lr/HUaFw?=
 =?us-ascii?Q?L8tH62PAZ23z3VINkqjXx/ofZ9QJcUWeb/0FX3HG6do3Ob2kUUkeT3I7FfTJ?=
 =?us-ascii?Q?YL2Hk2jYVKgqdOIGrD5Vhag6r631TWmyTgju23K2TYAPW+m40Ndy3pyhWHR6?=
 =?us-ascii?Q?Q98u5b6HdoIE+UVGPh/eKC6kih63/Kv8adfN6FqjNTk09ghRGxI595V0F0Aw?=
 =?us-ascii?Q?oohDkireOHXsJZj7FUSBAr6J4VFFflCZZVkVBV1LuYbY+UxAlY8DlEqI6ADo?=
 =?us-ascii?Q?frxbuM3jPZe7nPcVjUoGYSfOY4yd9LmOmUrI3qpYMQy84PdeftJhyd57Ot2h?=
 =?us-ascii?Q?5B+jajaOGTCkl9R01YmxMbOEfH18KzqZ9eipIywCS2Dd5E5QBC79uwCUGBlw?=
 =?us-ascii?Q?jW7wyANuZNOWOAwkjEREIJ3sSVlbRwxCSz9qJBpJzg2w7l0hwyeWzkdB9nt/?=
 =?us-ascii?Q?r4v3bZ8YziUQmYQoEAFgNic3ckGj4nrAoHK9ICJY8PEwEullCftA0M/87C1E?=
 =?us-ascii?Q?bgK2n9EMJlA1J/BTU+9lNgtSAVIcNEGnzw2RliGE7oCWTMsZHrTm2OxnAMVS?=
 =?us-ascii?Q?SQAPBT9IY7JfZ3PT779+KrDn0oQmp3K5MWe+0TNUmyOTILS+TEYPjiuiRXFT?=
 =?us-ascii?Q?6geog2Q7VwNWxILyQZjQ4eo4VCCV+UjZYt4zj1EBjU4RprNhIV4s1eLi3q//?=
 =?us-ascii?Q?j+thnfFJbTIoatvfDZtz8n5b/FR8Dh5ew3Dp8+7f4gOEsramWQLcMCvXR+3U?=
 =?us-ascii?Q?2kDIFbrmDQEIR/xDAOi588Yl2oWIt5NzvF6eqREmfgGnSKZRft1zoOFLexvE?=
 =?us-ascii?Q?fK0soIskboEHTYdTCJ0ud5Fu?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a61d4085-46c2-404d-8ce4-08d97c66f492
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Sep 2021 18:46:28.3338
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: k/egm2fSfh5WVoErmqT0gz+Olg8Y+RMo9B1B2bv3keu9FbfQNmZNTnYMe+DKPHD/sd/8H5tBLERvtY2aEpsR4w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2768
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The SEV-SNP guest requires that GHCB GPA must be registered before using.
See the GHCB specification section 2.3.2 for more details.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 91 ++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index a8bf610022ba..de876fdb478e 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -19,9 +19,93 @@
 #include <PiPei.h>
 #include <Register/Amd/Msr.h>
 #include <Register/Intel/SmramSaveStateMap.h>
+#include <Library/VmgExitLib.h>
=20
 #include "Platform.h"
=20
+/**
+  Handle an SEV-SNP/GHCB protocol check failure.
+
+  Notify the hypervisor using the VMGEXIT instruction that the SEV-SNP gue=
st
+  wishes to be terminated.
+
+  @param[in] ReasonCode  Reason code to provide to the hypervisor for the
+                         termination request.
+
+**/
+STATIC
+VOID
+SevEsProtocolFailure (
+  IN UINT8  ReasonCode
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+
+  //
+  // Use the GHCB MSR Protocol to request termination by the hypervisor
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST;
+  Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB;
+  Msr.GhcbTerminate.ReasonCode =3D ReasonCode;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  ASSERT (FALSE);
+  CpuDeadLoop ();
+}
+
+/**
+
+  This function can be used to register the GHCB GPA.
+
+  @param[in]  Address           The physical address to be registered.
+
+**/
+STATIC
+VOID
+GhcbRegister (
+  IN  EFI_PHYSICAL_ADDRESS   Address
+  )
+{
+  MSR_SEV_ES_GHCB_REGISTER  Msr;
+  MSR_SEV_ES_GHCB_REGISTER  CurrentMsr;
+  EFI_PHYSICAL_ADDRESS      GuestFrameNumber;
+
+  GuestFrameNumber =3D Address >> EFI_PAGE_SHIFT;
+
+  //
+  // Save the current MSR Value
+  //
+  CurrentMsr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // Use the GHCB MSR Protocol to request to register the GPA.
+  //
+  Msr.GhcbPhysicalAddress =3D 0;
+  Msr.GhcbGpaRegister.Function =3D GHCB_INFO_GHCB_GPA_REGISTER_REQUEST;
+  Msr.GhcbGpaRegister.GuestFrameNumber =3D GuestFrameNumber;
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress);
+
+  AsmVmgExit ();
+
+  Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+  //
+  // If hypervisor responded with a different GPA than requested then fail=
.
+  //
+  if ((Msr.GhcbGpaRegister.Function !=3D GHCB_INFO_GHCB_GPA_REGISTER_RESPO=
NSE) ||
+      (Msr.GhcbGpaRegister.GuestFrameNumber !=3D GuestFrameNumber)) {
+    SevEsProtocolFailure (GHCB_TERMINATE_GHCB_GENERAL);
+  }
+
+  //
+  // Restore the MSR
+  //
+  AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr.GhcbPhysicalAddress);
+}
+
 /**
=20
   Initialize SEV-ES support if running as an SEV-ES guest.
@@ -109,6 +193,13 @@ AmdSevEsInitialize (
     "SEV-ES is enabled, %lu GHCB backup pages allocated starting at 0x%p\n=
",
     (UINT64)GhcbBackupPageCount, GhcbBackupBase));
=20
+  //
+  // SEV-SNP guest requires that GHCB GPA must be registered before using =
it.
+  //
+  if (MemEncryptSevSnpIsEnabled ()) {
+    GhcbRegister (GhcbBasePa);
+  }
+
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
=20
   //
--=20
2.25.1