From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 5263DAC0E92 for ; Thu, 22 Feb 2024 17:32:47 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=6kvL304bogb8OYm8bO2LjjL/xPn4VCy5IOXC4i/FsUg=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1708623166; v=1; b=p+DLPZSeXoBIQDpqzAsN2vpDaidzavLg666WsFja+M/SxqDfqYDtiMD0kZGNI91sZCUDsdHw GaTiyNZ0Lp3v+gMUC88zLrHZIk0ascglLXK9WCOyCIzyN4/lMVbhIu1mHy4sRHTQbPjcYOrCGry gRsIMQ2sj6paldre8GnSnArI= X-Received: by 127.0.0.2 with SMTP id XwrLYY7687511x6jbNrF8qKp; Thu, 22 Feb 2024 09:32:46 -0800 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.58]) by mx.groups.io with SMTP id smtpd.web11.18861.1708623165430446911 for ; Thu, 22 Feb 2024 09:32:45 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e5DF1Gsn9Xf0rrfsg8ibpZ5hRyQqic/0X+xv3VEfrs3ufcKS0GO1GdUYgT2PpTo38GtTPa1C2wNU9bIGoA85nZfmt+VXv/QNKvtYB1mXJVP1bq96BHyRILE47x31rI7PBnCcWvABAGVV75iJyYSDQCZDCvdZ/I6vtxHe7IejkZQVdKrl+VLBm76HPhtBPctazC/5Ndv1ZljFhNx3uJutfrx8Ib7GOa16WDmlHqtlAbuUdzKgCQUklOMl5RMAhK9kfkw4I9eX1sSlXLjVdn0HrI+XaMMNhGhYTRdA4ekqrrnUXFnDBH/Qy1s6fg9ZT2QQaOwQgikqFD8g1zlSv5Hd6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ERtQ0wXK8yTwDF28/XaynLC0JNbXqGJK+sN/shtJgLE=; b=Ylly7r7OqEceoSnnjueik7IS/o/TU5coCC1CHZutzJRuKCnrpCChtp+QsOCH7GCCoIs8TyJ72ZP77zxO6o7LsS0VgAYpfTwfjVuv0M4FK4IPfAqGkzjib5k1naE+yr6TK6WDeIRodWX0cP2qo966SIfWHnMehM4jgF6zEe+cee8M3RRbW0FPtCpte2b0ahV+TbQpMJZ2JNi5CFsJXb9Zwvxu623pheVx9/BBwMTlqt8QF9cvdpbQo0toPRSidjezv/hszOarbPX6iUy+t8UW2WZedcyb70taq9OkM+BfBW2WURMKRlJhK+RpnWjPOOkLWYiQnFUdBmITRFQnImm43g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BN9PR03CA0534.namprd03.prod.outlook.com (2603:10b6:408:131::29) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.24; Thu, 22 Feb 2024 17:32:43 +0000 X-Received: from BN2PEPF000044A7.namprd04.prod.outlook.com (2603:10b6:408:131:cafe::f) by BN9PR03CA0534.outlook.office365.com (2603:10b6:408:131::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.39 via Frontend Transport; Thu, 22 Feb 2024 17:32:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044A7.mail.protection.outlook.com (10.167.243.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:32:42 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 22 Feb 2024 11:32:41 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v2 21/23] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Date: Thu, 22 Feb 2024 11:30:00 -0600 Message-ID: <4121e50c51025dead10b27fefc813f1ab2d76b22.1708623001.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044A7:EE_|SA0PR12MB4415:EE_ X-MS-Office365-Filtering-Correlation-Id: 4e4521c1-e368-4f5c-0fc0-08dc33cc4668 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: muZhz8TTTHvc/Gjh2pDYdHcP01v/jliCjikz49q8zrvfyFrX07FwISvLk0vTqqcM8WsBiLHweFFbINesvH/9Vxm9w9MBzR4my6C14gikU890cRQX2ivZWY6YTaCXIry5nfyOkMtmxhxyJ8tL4Wkyw6/t7j1LnegiIZZIUUF0i3YoUHYH1233OMWeW6WsP+XMP7y2HnzhuFKrZAjt04P5syRqZ1YucSgRMj6Dq/VAok7MN+qVaRu8b/dtHV/4RQSa4MJSxkzNkT5ps90L6EbuCJPT7CUY00pAvQd/mAd97wOM6yekdqgmkP3RcViAmQVUan/5Y9B/RrFUCsQIpdLvh8JbJihIaI1zjzqUzEu+f8JWGTDnKqOvc7A0MFt9f11QAtXanmKOLqxIemNJpnhxuDsKGRaJ2Vgay5GDJc/Yj0r+Ttkm3zGFqkOggBVuvNwvzgmjhg4+gC83bXUKaeL6fwxwqhP1pW33Fid4ByPG2LC+kO+Pzt/av+aSUS/htGHT8wxVf99W+Yj7n4pr0/EGsBM1mgtVrLje5Nz3RQpwuivX51cw55KlSxeU7J+ze96LZMBmYFMTbvWEC4lE8B0Xsl6SNkeRrhduZ9kEZefpvuYGadyRek2OROQsohmAj1jpg43Gzjy6GCmEqPnvF/6LTw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:32:42.6868 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4e4521c1-e368-4f5c-0fc0-08dc33cc4668 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044A7.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: S599hCT1Qkxdo7m2Mod8Etaix7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=p+DLPZSe; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 When running under an SVSM, the VMPL level of the APs that are started must match the VMPL level provided by the SVSM. Additionally, each AP must have a Calling Area for use with the SVSM protocol. Update the AP creation to properly support running under an SVSM. Acked-by: Ray Ni Acked-by: Gerd Hoffmann Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 28 +++++++++++++------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index bb4a52b25cd2..681a47669a47 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -44,7 +44,8 @@ SevSnpPerformApAction ( =20 if (Action =3D=3D SVM_VMGEXIT_SNP_AP_CREATE) { // - // Turn the page into a recognized VMSA page. + // Turn the page into a recognized VMSA page. When an SVSM is present + // the page following the VMSA is the Calling Area page. // VmsaStatus =3D CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE); if (EFI_ERROR (VmsaStatus)) { @@ -56,6 +57,7 @@ SevSnpPerformApAction ( } =20 ExitInfo1 =3D (UINT64)ApicId << 32; + ExitInfo1 |=3D (UINT64)SaveArea->Vmpl << 16; ExitInfo1 |=3D Action; ExitInfo2 =3D (UINT64)(UINTN)SaveArea; =20 @@ -87,8 +89,9 @@ SevSnpPerformApAction ( =20 if (Action =3D=3D SVM_VMGEXIT_SNP_AP_DESTROY) { // - // Make the current VMSA not runnable and accessible to be - // reprogrammed. + // Make the current VMSA not runnable and accessible to be reprogramme= d. + // When an SVSM is present the page following the VMSA is the Calling = Area + // page. // VmsaStatus =3D CcSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE); if (EFI_ERROR (VmsaStatus)) { @@ -116,6 +119,7 @@ SevSnpCreateSaveArea ( UINT32 ApicId ) { + UINTN PageCount; UINT8 *Pages; SEV_ES_SAVE_AREA *SaveArea; IA32_CR0 ApCr0; @@ -125,13 +129,19 @@ SevSnpCreateSaveArea ( UINTN StartIp; UINT8 SipiVector; =20 + // + // When running under an SVSM, a Calling Area page is also needed and is + // always the page following the VMSA. + // + PageCount =3D CcSvsmIsSvsmPresent () ? 2 : 1; + if (CpuData->SevEsSaveArea =3D=3D NULL) { // // Allocate a page for the SEV-ES Save Area and initialize it. Due to = AMD // erratum #1467 (VMSA cannot be on a 2MB boundary), allocate an extra= page // to choose from to work around the issue. // - Pages =3D AllocateReservedPages (2); + Pages =3D AllocateReservedPages (PageCount + 1); if (!Pages) { return; } @@ -140,12 +150,12 @@ SevSnpCreateSaveArea ( // Since page allocation works by allocating downward in the address s= pace, // try to always free the first (lower address) page to limit possible= holes // in the memory map. So, if the address of the second page is 2MB ali= gned, - // then use the first page and free the second page. Otherwise, free t= he + // then use the first page and free the last page. Otherwise, free the // first page and use the second page. // if (_IS_ALIGNED (Pages + EFI_PAGE_SIZE, SIZE_2MB)) { SaveArea =3D (SEV_ES_SAVE_AREA *)Pages; - FreePages (Pages + EFI_PAGE_SIZE, 1); + FreePages (Pages + (EFI_PAGE_SIZE * PageCount), 1); } else { SaveArea =3D (SEV_ES_SAVE_AREA *)(Pages + EFI_PAGE_SIZE); FreePages (Pages, 1); @@ -163,7 +173,7 @@ SevSnpCreateSaveArea ( } } =20 - ZeroMem (SaveArea, EFI_PAGE_SIZE); + ZeroMem (SaveArea, EFI_PAGE_SIZE * PageCount); =20 // // Propogate the CR0.NW and CR0.CD setting to the AP @@ -239,10 +249,10 @@ SevSnpCreateSaveArea ( =20 // // Set the SEV-SNP specific fields for the save area: - // VMPL - always VMPL0 + // VMPL - based on current mode // SEV_FEATURES - equivalent to the SEV_STATUS MSR right shifted 2 bit= s // - SaveArea->Vmpl =3D 0; + SaveArea->Vmpl =3D CcSvsmSnpGetVmpl (); SaveArea->SevFeatures =3D AsmReadMsr64 (MSR_SEV_STATUS) >> 2; =20 SevSnpPerformApAction (SaveArea, ApicId, SVM_VMGEXIT_SNP_AP_CREATE); --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115856): https://edk2.groups.io/g/devel/message/115856 Mute This Topic: https://groups.io/mt/104512980/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-