From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.47]) by mx.groups.io with SMTP id smtpd.web08.1335.1632163606435968284 for ; Mon, 20 Sep 2021 11:46:46 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=fvQHdea1; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.47, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eZRNBf3hi3/C87LLHcrDHCsoCs6V7is07YA54OZwksyMOSkeeeWQvghnVNuOzW8Zvld68VTmQloXGPMWhKRewsVNucfCWUkPOMcHOOxH2wUuJh2s4UpfwXwUl0HIADvbtzlTkz6+lb93MPGu83ajSdw1vmaecPHgudEpascQHhmxPrgb8cco8hQhORgqSbzZsJZuhTTNTgfXcyRK0SI2L4Bgm+uDmDsg6N9HegOmNkU/MY1Gn1UgdZj7J6n47XGYVYOpEzfYyRh0C7WI18TRuZR3DPi0Ws7I/ucYL04bElIXxempvicJg3PjTBKZucw/F86fcgr5vfX9wyhAKYpEuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2IiKCDvAqKcocRZl/OdAsy9gH/vmMzl7W5B29X+DGZo=; b=BPX29TM3Kem0L8Di0FpVCsJ2mPZZWv+VRab4YJSoxeaMdPfovtuXrxJB9NitvjkLjmaA7srKPP0SbbWCpJFrvv0vFLyckR8f5Wt46HFkeZFMK8eNSZbdulPp9S8OiEu5WrgOBynQUW2tNyQyOr0p1BKrEvoYqAu9fbOb2j3SEpB5MTE+B9Y3oh+S4mbFDiupn2q2F50h76M2roTtX0TIKRu6JVi2rWGZPsmaX0X9hdqIHKeh27tBY11qUVYkU33Z+1hnjfoBWnVOz09iNGICROCNRUHdltHbSFNLmUV3HwnWERr15/X2aDTVxy16gF74cDhfXFumKFCU/N1w98GMvw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2IiKCDvAqKcocRZl/OdAsy9gH/vmMzl7W5B29X+DGZo=; b=fvQHdea1fqJQdXuQLgivHxC6rnJmOb/Uq1eXnErZGcePLEovOsAlWDva5LNGdg/QQgbbYQ9kwh1rJjYJHoqn1cwL91NLLTEWKF0W+WFJMOpG1ZRmquPCn3lrY2MZwMLQydC7YEb8W+Qrf6DADT/1ZNEtRyDJWVOaHnmWeoJM8ro= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4575.namprd12.prod.outlook.com (2603:10b6:806:73::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Mon, 20 Sep 2021 18:46:42 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::78b7:7336:d363:9be3%6]) with mapi id 15.20.4523.018; Mon, 20 Sep 2021 18:46:41 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael Roth , Gerd Hoffmann , Brijesh Singh , Michael Roth , Eric Dong , Ray Ni , Rahul Kumar Subject: [PATCH v8 26/32] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Date: Mon, 20 Sep 2021 13:45:58 -0500 Message-ID: <20210920184604.31590-27-brijesh.singh@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210920184604.31590-1-brijesh.singh@amd.com> References: <20210920184604.31590-1-brijesh.singh@amd.com> X-ClientProxiedBy: SN4PR0201CA0034.namprd02.prod.outlook.com (2603:10b6:803:2e::20) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0201CA0034.namprd02.prod.outlook.com (2603:10b6:803:2e::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Mon, 20 Sep 2021 18:46:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7120696b-4070-4b35-8f15-08d97c66fc9a X-MS-TrafficTypeDiagnostic: SA0PR12MB4575: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ftgh7KCjV9lA6tUWPno81dv7XXTFmN1n+tz9OnqCRS4fQNXDwJCUAUqEkJrEkZD6ifzUPgmq0Q4i+3aZsYIb27CHo5i0XJhO+831YJkMJyz6OxVs9hPerKg3Ow7qRfVfjjM0B7748J3rzQrdCk1RoCfL465Vg64rRonuJ/z6yLM3y0WtrxrAmnENcJm3UUWlytRALzW4CbZ6TldNSeHhgt1mODqFSMTM1saleI7ShfVfJAFaWJguYksj7WVk4D/gyozEgkGLwtAkaQAXuJ+cdqNn8QNMBi643wJxMZxpMqHcCRc0BFxambVOhtp4bvhocHVT5pMCwPruZkdce6nj6xTyP9OdWcQ2ZFe/qc18PESW16p8eZVFYdCcmV+BOJwgnhyNzIpkt3OBzFcQjsQ5tmLlQnVTnkrLID6USL0SarNG+9P5ZIqs/sW7NIv6eq3CEFjz17LL41ydCK0BjK+eyrIa7ZJptlkHD34z6TvvP8ZqVhfmmza7l3rPwiC/UVv3GXbJ1tJNe9+TJ0w1GusQUr+rGMaiMLuWcbQUhPPPCs2ijTf26orZPcbGUttjy+5u+BocAepFSs7qZAEiwELkQb5SukwNmagUAwQC1a1uwbwcGVTtdd9tsJCxiyOZ/JVJZLsQxqZirEuC+dG/6CBmIJOUz5A13Q5wC1B1R6ocnEWE88XR8ZbdeklruTKAEl3lmJKsVkHo5O55DSJ+Ip4oY1hC97p05kfpphQfJikSMFttJRbhT+6c6bARgJ9ibghNmuLMp/1j2N/EpbhxVXhqxQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(38350700002)(44832011)(5660300002)(36756003)(83380400001)(38100700002)(8936002)(66946007)(508600001)(6916009)(7696005)(52116002)(1076003)(6666004)(956004)(8676002)(186003)(54906003)(2616005)(7416002)(2906002)(6486002)(26005)(19627235002)(316002)(66556008)(66476007)(966005)(86362001)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?l5HTwN2Wq1ni7lbwH0C/nV7ydSrJZbRA2stda+zEmm9SIJBjqs44z4LBKD3o?= =?us-ascii?Q?CdT2mKkfXLj19s2ZDQlCsWZLuQbup3Oh/XrnlfER/DhViqC3Fazu7n5PQ6ym?= =?us-ascii?Q?l/ItM7ap88yWrCdwsLraqGBF5Itd3Wuk1II2KyYpYWITymSrNKGwQkgL5G7I?= =?us-ascii?Q?tO2zka8S/OjCxMjWzRkKEl0Wy69wWRD8QVfqZoRru2mgBMbFcFlVrPYMvqwe?= =?us-ascii?Q?VHiI3DM9x12wSMWhdKZcFKdUDIE47bD1QsK7Ck8C6yrrAbsF3zo9hGozCx/0?= =?us-ascii?Q?IkdvWq9pPzlmDu/a+Id2HCdJqwnKjIHmxlsIjh/mMpnA+Cg4pL/HBU43mtK5?= =?us-ascii?Q?hCfC/ZV6hTPg8w2uiuSr8DcLXXVgwsZfiFykLRMB7MdD+VIoo9RAdF7Ig1Sw?= =?us-ascii?Q?boW7fhaq5tsjm9nc52e8XDK95DscsMXjgWZQMf9DnGCgi/iv8+BRVxJpOAPt?= =?us-ascii?Q?MW3oH8poVe1bznoHul5PtF7BpprhS+n1f3HmLoqDQ1m7LlkdYkq5IYgsTi74?= =?us-ascii?Q?yMPEnGYAHFRsIB9HXy2Ev/xv96qzN0c2bwDHaxpvcXY4PvIEIQ/JoG+eU0eD?= =?us-ascii?Q?ArP9UKr9wnmdhKJcecvqx6g0rgjiD5lmYjRQ7zNvRqZ5HV6NmTAST6h2lt7J?= =?us-ascii?Q?jYdsXZzyWcb+GEMDJuauzC7YkFQimjfxQmkov5bQ3fKWSHtjQ89r889aQkLd?= =?us-ascii?Q?aYXEUVOWJxSYfSt6kCIkkgxhSTVgtGfkQ5udE6FVBvaJrsktgwWbvEjaqrA3?= =?us-ascii?Q?fwvWs8UlxnNCrA+ulfxFuyAZx8NWRn02AFZAerz3bRcJhJ5bobwDfxwXM4MT?= =?us-ascii?Q?TlR0Iu0xDHEKY8sxCsvTKJbmZfR43HnqO2eRJLLQFaqxQ+jIFoJDUMYff9id?= =?us-ascii?Q?ybpkXPZpfCndRdZZR8ggykng49UFPxKulawgsLK/7dc30AMBCyF4fXQWk0YG?= =?us-ascii?Q?vJKn0E3Mg9RDfDsjyjH46tZZMkLERCSySTqS1+WQwp9G6rN5mQuwvFe56lwt?= =?us-ascii?Q?d+I2DtykP30x7gqnHUL1x9pElj/RHg2dtCjmPEKLmMusA6etwggl6vcBNCOD?= =?us-ascii?Q?zorwt9zAAsFONpkMfLM5Vp9D/TD9QeTQk2gnHtoDpXX+O8zT0fXi6sNZptDo?= =?us-ascii?Q?4wO2uBostIzkoT1kE39Zw4fkudyzS4YJbkv7nxLyyDBcArzvg76JtqLUKl88?= =?us-ascii?Q?Se0ceNpBqTWbJW/fmQc4sEUgT5B/8Sqrh8iUqx27e3IY8DaZoJyWhlda6Wlp?= =?us-ascii?Q?NwhQ8ZqxrINgAtzEbXXA0rC0BRq9b1wUBcx/vwjq7TlOvpnnXx7FB+sKzes0?= =?us-ascii?Q?AV/giGOjGAfRIWsC5GXZJPRs?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7120696b-4070-4b35-8f15-08d97c66fc9a X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Sep 2021 18:46:41.7611 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tZIe7GWl1ioZ2wGHrQrvUHVdklJozdfSvLLHpPZbBhotTiQReK/j6/8juCSBkrmVSwYa/vQomfA4kSBZTLkcyQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4575 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be registered with the hypervisor before using it. See the GHCB specification section 2.3.2 for more details. Cc: Michael Roth Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm | 54 ++++++++++++++++++++ 4 files changed, 59 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 2107f3f705a2..45bc1de23e3c 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -222,6 +222,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -291,6 +292,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index ad71724d29f3..5b473de9d38c 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -889,6 +889,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -1817,6 +1818,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D ConfidentialComputingGuestHas (CCAttrAmdSe= vEs); + CpuMpData->SevSnpIsEnabled =3D ConfidentialComputingGuestHas (CCAttrAmdS= evSnp); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm b/UefiCpuPkg/Libr= ary/MpInitLib/X64/AmdSev.nasm index 0ccafe25eca4..0034920b2f6b 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.nasm @@ -15,6 +15,57 @@ =20 %define SIZE_4KB 0x1000 =20 +RegisterGhcbGpa: + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne RegisterGhcbGpaDone + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + jmp RegisterGhcbGpaDone + + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + +RegisterGhcbGpaDone: + OneTimeCallRet RegisterGhcbGpa + ; ; The function checks whether SEV-ES is enabled, if enabled ; then setup the GHCB page. @@ -39,6 +90,9 @@ SevEsSetupGhcb: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + OneTimeCall RegisterGhcbGpa + wrmsr =20 SevEsSetupGhcbExit: --=20 2.25.1