From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id D6ABCAC11CF for ; Tue, 30 Jan 2024 13:04:51 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ZLZVHr90SCz33Zuc98kkdu+ZR++Cp42yEiThKzFbgFs=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706619890; v=1; b=BeEfvC+hk2oJ+y7kdsmdQEzO8VVkCJGZxSGSa9q/yUqmIwzMCrsIYCj3ctKvjvcvuSUVD2kg 0IO1FPvo87kXeSsewlW1GUuIyYXmzxrukgBZRtvSUTIhlGmI72ML6n61vSG7hbYvbclFSsNrR5h u/7/uoJhru5TZ950N0SRLQTU= X-Received: by 127.0.0.2 with SMTP id T8nlYY7687511x54rGgpXSS9; Tue, 30 Jan 2024 05:04:50 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.17786.1706619888367072772 for ; Tue, 30 Jan 2024 05:04:48 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-456-qsa2dAGyN4-LeXhWeISj2A-1; Tue, 30 Jan 2024 08:04:44 -0500 X-MC-Unique: qsa2dAGyN4-LeXhWeISj2A-1 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CB9721064FB6; Tue, 30 Jan 2024 13:04:43 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.180]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 58A622026D66; Tue, 30 Jan 2024 13:04:43 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 0558018009BE; Tue, 30 Jan 2024 14:04:41 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Michael Roth , Oliver Steffen , Jiewen Yao , Gerd Hoffmann , Tom Lendacky , Laszlo Ersek , Min Xu , Ard Biesheuvel , Erdem Aktas Subject: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process. Date: Tue, 30 Jan 2024 14:04:38 +0100 Message-ID: <20240130130441.772484-2-kraxel@redhat.com> In-Reply-To: <20240130130441.772484-1-kraxel@redhat.com> References: <20240130130441.772484-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ZPSwOuket2hrbis0PSTjY6c2x7686176AA= Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=BeEfvC+h; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Specifically before running lzma uncompress of the main firmware volume. This is needed to make sure caching is enabled, otherwise the uncompress can be extremely slow. Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes. Background: Depending on virtual machine configuration kvm may uses EPT memory types to apply guest MTRR settings. In case MTRRs are disabled kvm will use the uncachable memory type for all mappings. The vmx_get_mt_mask() function in the linux kernel handles this and can be found here: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580 In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In case the VM has a mdev device assigned that is not the case though. Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable should not be set by default in CR0") kvm also ended up using MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit kvm evaluates guest mtrr settings, which why setting up MTRRs early is important now. Signed-off-by: Gerd Hoffmann --- OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++ OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++---- OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++ 3 files changed, 69 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c index 42a587adfa57..a218ca17a01a 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.c +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -27,6 +27,8 @@ #include #include #include +#include +#include #define SEC_IDT_ENTRY_COUNT 34 @@ -48,6 +50,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = { } }; +// +// Enable MTRR early, set default type to write back. +// Needed to make sure caching is enabled, +// without this lzma decompress can be very slow. +// +STATIC +VOID +SecMtrrSetup ( + VOID + ) +{ + CPUID_VERSION_INFO_EDX Edx; + MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; + + AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); + if (!Edx.Bits.MTRR) { + return; + } + + DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); + DefType.Bits.Type = 6; /* write back */ + DefType.Bits.E = 1; /* enable */ + AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -204,6 +231,11 @@ SecCoreStartupWithStack ( InitializeApicTimer (0, MAX_UINT32, TRUE, 5); DisableApicTimerInterrupt (); + // + // Initialize MTRR + // + SecMtrrSetup (); + PeilessStartup (&SecCoreData); ASSERT (FALSE); diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c index f042517bb64a..e89f63eee054 100644 --- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c +++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c @@ -1082,18 +1082,18 @@ PlatformQemuInitializeRam ( MtrrGetAllMtrrs (&MtrrSettings); // - // MTRRs disabled, fixed MTRRs disabled, default type is uncached + // See SecMtrrSetup(), default type should be write back // - ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0); + ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0); ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0); - ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0); + ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK); // // flip default type to writeback // - SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06); + SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK); ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables); - MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6; + MtrrSettings.MtrrDefType |= BIT10; MtrrSetAllMtrrs (&MtrrSettings); // diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 31da5d0ace51..46c54f2984ff 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -30,6 +30,8 @@ #include #include #include +#include +#include #include "AmdSev.h" #define SEC_IDT_ENTRY_COUNT 34 @@ -744,6 +746,31 @@ FindAndReportEntryPoints ( return; } +// +// Enable MTRR early, set default type to write back. +// Needed to make sure caching is enabled, +// without this lzma decompress can be very slow. +// +STATIC +VOID +SecMtrrSetup ( + VOID + ) +{ + CPUID_VERSION_INFO_EDX Edx; + MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; + + AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); + if (!Edx.Bits.MTRR) { + return; + } + + DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); + DefType.Bits.Type = 6; /* write back */ + DefType.Bits.E = 1; /* enable */ + AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -942,6 +969,11 @@ SecCoreStartupWithStack ( InitializeApicTimer (0, MAX_UINT32, TRUE, 5); DisableApicTimerInterrupt (); + // + // Initialize MTRR + // + SecMtrrSetup (); + // // Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready. // -- 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114782): https://edk2.groups.io/g/devel/message/114782 Mute This Topic: https://groups.io/mt/104052591/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-