From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+115850+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 7CC9C74003A
	for <rebecca@openfw.io>; Thu, 22 Feb 2024 17:32:12 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=KN2ng8SRKQcR3KwsEeGpF+93W6/4ZcTYTrbVhJTLW8g=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1708623131; v=1;
 b=h3G0FPP0m4BqpRYzwTlz0lmCuthss3Uw/plFc7d3C8sqC6umIPRhX2eFS625UZYPAr/wNjic
 ati68vA3j307B8yYUElIymvkYRgCC5vK5/s1r68nvgoytQITbiBbECpu6JEHi6gYnoie5RMtuHF
 sBudUBAjeA1lMltOc2IMK5vg=
X-Received: by 127.0.0.2 with SMTP id 99EBYY7687511xq5lTEiboWT; Thu, 22 Feb 2024 09:32:11 -0800
X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.84])
 by mx.groups.io with SMTP id smtpd.web11.18840.1708623125413316864
 for <devel@edk2.groups.io>;
 Thu, 22 Feb 2024 09:32:05 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=OFYFP/1JdpR2ju5bcNuN85xjTpiH/OPRVQ/c3CoISFGK7bNPC6KyzklGu+GujeUID6SGkxUoGetIKHFCZvhSi13qEmiejvJVCh4LFTVAOJaohB5ET1xnczkWLO4rhIQjrR+urqi5zOWjl15LSlyTbuyyVI0x7eDGe6BCoF3nCRWZRxjxXWv+VYXHCIT8sTUBhaSb4e/eUzvp1iFdWOBL4jPbjm9f2sLwmd5icOLxBrdzQ+eeIAWIHLmYpLRKveh5xmUEqJmZVIefUJh7cxpeyG3WTG8QO9KWd1CSr/yPfJl73XLl4SX5Eor3KhoR/PqWyHcgxGZkaJl0MkPTLWn2yQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=QCENkBJ+IjSOpzqkuO3/lxLV/i1yCTZBKYxxS+M6K8A=;
 b=Qz2MnX4WaYgNlRpBPJK1Ilr2Q56LwnKc9AM1Zn2Ndufk5TGHGdGxYt4NcFLfOS4qGFGL71raTHH45RULmituGsd98xeKNhwFyIntE4S/DkrervRlzvZhZT+gudRQGVjAfIGOIUga/sulCOBtAnV2g8Rck6u0bCg8q3e6XBfZpxzuC23j+fqT0UQERmxtEQyzKojJRZEriquTjn0TPyN5+2J2utX8EPfYKvNNoe1cyrPfFjb7JO7V5s9McZzBsAO9l7Vw+BvYznTJSL5n+Eoh/1zgOJ6zWFYuf2VOFCUSvDyyZg9lvj9WAppXJfAcnrwnQOp5LvwTPPlk0MfvllOHXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none (0)
X-Received: from BN9PR03CA0684.namprd03.prod.outlook.com (2603:10b6:408:10e::29)
 by SJ0PR12MB7475.namprd12.prod.outlook.com (2603:10b6:a03:48d::10) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.24; Thu, 22 Feb
 2024 17:32:00 +0000
X-Received: from BN2PEPF000044AB.namprd04.prod.outlook.com
 (2603:10b6:408:10e:cafe::ca) by BN9PR03CA0684.outlook.office365.com
 (2603:10b6:408:10e::29) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.43 via Frontend
 Transport; Thu, 22 Feb 2024 17:32:00 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 BN2PEPF000044AB.mail.protection.outlook.com (10.167.243.106) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:32:00 +0000
X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by
 SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Thu, 22 Feb 2024 11:31:58 -0600
From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Ard Biesheuvel <ardb+tianocore@kernel.org>, Erdem Aktas
	<erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>, Jiewen Yao
	<jiewen.yao@intel.com>, Laszlo Ersek <lersek@redhat.com>, Liming Gao
	<gaoliming@byosoft.com.cn>, Michael D Kinney <michael.d.kinney@intel.com>,
	Min Xu <min.m.xu@intel.com>, Zhiguang Liu <zhiguang.liu@intel.com>, "Rahul
 Kumar" <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>, Michael Roth
	<michael.roth@amd.com>
Subject: [edk2-devel] [PATCH v2 15/23] UefiCpuPkg/MpInitLib: Use CcSvsmSnpVmsaRmpAdjust() to set/clear VMSA
Date: Thu, 22 Feb 2024 11:29:54 -0600
Message-ID: <382475a0ea64319e93aa4fe4b8e8a9e0d11d2ed1.1708623001.git.thomas.lendacky@amd.com>
In-Reply-To: <cover.1708623001.git.thomas.lendacky@amd.com>
References: <cover.1708623001.git.thomas.lendacky@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN2PEPF000044AB:EE_|SJ0PR12MB7475:EE_
X-MS-Office365-Filtering-Correlation-Id: d6a58f7b-4701-4d48-a808-08dc33cc2d48
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
	TAq3dKJikg85gvRXH2b7wJrQHW7NppPAjzSeLtbMTekwkHPk9qlwHwQVvDAbfThD58xNJLCS4Bs7U9r5BvBZxvKYrFVB4nwMNbrSvHdKSk7WdSP6tnWWWgXy1+y19oCBiznoTiK/zodiwL6Tfzkot77XvoKcF9oU35iiOfGg/66SYFUnWKkBd2G90v44mYj/G37HFfSx6SkBJEN/3oGKVGAEr1k27XiZRKO75SZMj3Xd0aGe1c0JQTNwV4X3C/+UlJ1qqUeXP67iwiWs6oQSTPPNYgLo3QZCUAs32Jc2eJuVsHRU5bAXLm6ivUpLtnZ3HTxHuqgQhF9VWKxS0AAMa4wiPwTxubCnxhwTMqsQPmAlFGBaaxeXS+p2HThe2XwFK9KMRTgGE+4xyQ4jyQ/MtZZDF8EV+vm4H1eZ4daDTHB84OuKnas7ube6PmW7Js0D2dp+ecVidJEp+bJz8WBUEsVArfSoLGtkbH5RkYJ7ZDL0fDJv05hkjUHMzGFu7A/ln1EvRkHWJVFzvsGlfP9uPG6ydn/fnHCjTTc3tzyd+/xk56MaSZmd6CMNFzkBMaX5cKm3hW1vQS7ezEvGAW5Leb56MWPq5+tnQqyFNCVw2X2p7p9D37aX4JDgfwtGhkTFY0RMIDs5R2sC6up7fxRgcg==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:32:00.5224
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d6a58f7b-4701-4d48-a808-08dc33cc2d48
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN2PEPF000044AB.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB7475
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: K1gg9rVS3tBNWv0StPv3Y7QJx7686176AA=
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=h3G0FPP0;
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}")

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654

The RMPADJUST instruction is used to change the VMSA attribute of a page,
but the VMSA attribute can only be changed when running at VMPL0. To
prepare for running at a less priviledged VMPL, use the CcSvsmLib library
API to perform the RMPADJUST. The CcSvsmLib library will perform the
proper operation on behalf of the caller.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf |  1 +
 UefiCpuPkg/Library/MpInitLib/MpLib.h          | 14 -----
 UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c    | 20 --------
 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c     | 54 +++-----------------
 5 files changed, 9 insertions(+), 81 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib=
rary/MpInitLib/DxeMpInitLib.inf
index 538a2146ff24..1b6abc4440cb 100644
--- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
@@ -57,6 +57,7 @@ [LibraryClasses]
   SynchronizationLib
   PcdLib
   CcExitLib
+  CcSvsmLib
   MicrocodeLib
 [LibraryClasses.X64]
   CpuPageTableLib
diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib=
rary/MpInitLib/PeiMpInitLib.inf
index 622baec45e2f..9077114b1e6d 100644
--- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
+++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf
@@ -53,6 +53,7 @@ [LibraryClasses]
   PeiServicesLib
   PcdLib
   CcExitLib
+  CcSvsmLib
   MicrocodeLib
=20
 [Pcd]
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn=
itLib/MpLib.h
index 617f7401aea8..53a25c4634a1 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.h
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h
@@ -870,20 +870,6 @@ FillExchangeInfoDataSevEs (
   IN volatile MP_CPU_EXCHANGE_INFO  *ExchangeInfo
   );
=20
-/**
-  Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
-  @param[in]  PageAddress
-  @param[in]  VmsaPage
-
-  @return  RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
-  IN  EFI_PHYSICAL_ADDRESS  PageAddress,
-  IN  BOOLEAN               VmsaPage
-  );
-
 /**
   Create an SEV-SNP AP save area (VMSA) for use in running the vCPU.
=20
diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Librar=
y/MpInitLib/Ia32/AmdSev.c
index 0478e92317f1..963bd62494b9 100644
--- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c
@@ -49,26 +49,6 @@ SevSnpCreateAP (
   ASSERT (FALSE);
 }
=20
-/**
-  Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
-  @param[in]  PageAddress
-  @param[in]  VmsaPage
-
-  @return  RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
-  IN  EFI_PHYSICAL_ADDRESS  PageAddress,
-  IN  BOOLEAN               VmsaPage
-  )
-{
-  //
-  // RMPADJUST is not supported in 32-bit mode
-  //
-  return RETURN_UNSUPPORTED;
-}
-
 /**
   Determine if the SEV-SNP AP Create protocol should be used.
=20
diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library=
/MpInitLib/X64/AmdSev.c
index 5d92c441adcd..bb4a52b25cd2 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -10,6 +10,7 @@
=20
 #include "MpLib.h"
 #include <Library/CcExitLib.h>
+#include <Library/CcSvsmLib.h>
 #include <Register/Amd/Fam17Msr.h>
 #include <Register/Amd/Ghcb.h>
=20
@@ -38,20 +39,15 @@ SevSnpPerformApAction (
   BOOLEAN                   InterruptState;
   UINT64                    ExitInfo1;
   UINT64                    ExitInfo2;
-  UINT32                    RmpAdjustStatus;
   UINT64                    VmgExitStatus;
+  EFI_STATUS                VmsaStatus;
=20
   if (Action =3D=3D SVM_VMGEXIT_SNP_AP_CREATE) {
     //
-    // To turn the page into a recognized VMSA page, issue RMPADJUST:
-    //   Target VMPL but numerically higher than current VMPL
-    //   Target PermissionMask is not used
+    // Turn the page into a recognized VMSA page.
     //
-    RmpAdjustStatus =3D SevSnpRmpAdjust (
-                        (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
-                        TRUE
-                        );
-    if (RmpAdjustStatus !=3D 0) {
+    VmsaStatus =3D CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE);
+    if (EFI_ERROR (VmsaStatus)) {
       DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n")=
);
       ASSERT (FALSE);
=20
@@ -94,11 +90,8 @@ SevSnpPerformApAction (
     // Make the current VMSA not runnable and accessible to be
     // reprogrammed.
     //
-    RmpAdjustStatus =3D SevSnpRmpAdjust (
-                        (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea,
-                        FALSE
-                        );
-    if (RmpAdjustStatus !=3D 0) {
+    VmsaStatus =3D CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE);
+    if (EFI_ERROR (VmsaStatus)) {
       DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n"));
       ASSERT (FALSE);
=20
@@ -328,39 +321,6 @@ SevSnpCreateAP (
   }
 }
=20
-/**
-  Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page.
-
-  @param[in]  PageAddress
-  @param[in]  VmsaPage
-
-  @return  RMPADJUST return value
-**/
-UINT32
-SevSnpRmpAdjust (
-  IN  EFI_PHYSICAL_ADDRESS  PageAddress,
-  IN  BOOLEAN               VmsaPage
-  )
-{
-  UINT64  Rdx;
-
-  //
-  // The RMPADJUST instruction is used to set or clear the VMSA bit for a
-  // page. The VMSA change is only made when running at VMPL0 and is ignor=
ed
-  // otherwise. If too low a target VMPL is specified, the instruction can
-  // succeed without changing the VMSA bit when not running at VMPL0. Usin=
g a
-  // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error=
 if
-  // not running at VMPL0, thus ensuring that the VMSA bit is set appropri=
ately
-  // when no error is returned.
-  //
-  Rdx =3D 1;
-  if (VmsaPage) {
-    Rdx |=3D RMPADJUST_VMSA_PAGE_BIT;
-  }
-
-  return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx);
-}
-
 /**
   Determine if the SEV-SNP AP Create protocol should be used.
=20
--=20
2.42.0



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115850): https://edk2.groups.io/g/devel/message/115850
Mute This Topic: https://groups.io/mt/104512965/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-