From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 9BE44AC18DC for ; Fri, 26 Jan 2024 22:14:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=3zcPBthPbFFtzA/3Zg0pEV2/16WmxL2nnHSmRb2FbPM=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307280; v=1; b=wOS1epxh1dLsTW5dGRCvk+4fRdUtILleSBscBcyim2rDQLe3+0+eTihyMyDG7v5a6BOzC/tA oBACcSQ4SDlH3gNEB/7hKKLgOXThmwytXHohcTnseNwADNZ0NrIwUWJzjZ64zKr2lnCit9+R9V4 +HQJWrtzD26EWcLxadwNfo0s= X-Received: by 127.0.0.2 with SMTP id 2NvfYY7687511xXbX09uPMua; Fri, 26 Jan 2024 14:14:40 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.40]) by mx.groups.io with SMTP id smtpd.web10.2881.1706307279641462010 for ; Fri, 26 Jan 2024 14:14:39 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nYSsHbHAlxUK38xCcg10i2pjmMJ1vBQ6O2anGggeUfwgjguU/HTT+cDt5Bo/WlKathduXo3br7ElQnffNuxLWLuHOY7h0a79RGVDVdfxXMIyi160dZ/1XOpl5j/HCNSKa2kZYFS2T0uA1e4y7ta56rmdrTY0PVz12PZkI4x0sr7NaZVgBRE7UH70n5XTPQpVZXqSRNErZCDIoK7iuy8SyLLkLqclKLg+CwpCZY7z/BPnsNv5d0pw9IpAJUfw9q5Z4mPm7WntoN3yIvbmGqD3vXjgRPWSGq/mHabSCnBntoY5cjjlgi/jPVHjgUfrwTUSC/itSJAlZ/EXBwYSdUYg+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e6vLdhtbp+kpUeZaUOk+R+XT63V/WJ3g+UKmRLjmLCE=; b=fDMvaUXoy1DChMRaBeBT4cTNaFus+J1H8i1wPai1hgfsuDfQfQM+VYU5wp/K2wN+qZLUVYgcmMaPFI5pol4MBAMEcAL64Ni6z+bd+DHF3wQaPy46Aivr0M806WAfrC8/vyxA/1cO6BEd00JTNFM53zxxlV6kRmkOYF5coAsD9ZmJvTp3R2CSzptKp/WVRYCk0VOXcIzdv0n1ECmV/G+UTBCYZDUyiXOG7Vvr0Yy0CYenpIOl+aOVrbJr9UYJDdTghPqavdnq3K2JhWfyN76GMgD2D9c6UiIETODwWXfKlUX4usB8aFzJ/EnfOuZdzhZSKLyHRkpZhqpC++JjHsuRCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from SJ0PR03CA0034.namprd03.prod.outlook.com (2603:10b6:a03:33e::9) by LV3PR12MB9167.namprd12.prod.outlook.com (2603:10b6:408:196::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.23; Fri, 26 Jan 2024 22:14:37 +0000 X-Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:a03:33e:cafe::b6) by SJ0PR03CA0034.outlook.office365.com (2603:10b6:a03:33e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22 via Frontend Transport; Fri, 26 Jan 2024 22:14:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:34 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:33 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 09/16] UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA Date: Fri, 26 Jan 2024 16:13:08 -0600 Message-ID: <8054a730de53debf85cace82346ed1ecab8daa66.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|LV3PR12MB9167:EE_ X-MS-Office365-Filtering-Correlation-Id: 657cac29-9604-4087-0a12-08dc1ebc2dc7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: lCGWorB5K+vxZVoI3vGL38ROXRrb3aW29BOCxYKLXC+bo5T0GfqJYUIVAI8At7KB0vH/4IEgWk/y3KHzF0VtdNWhmgOiErIl7mklASN06RQbswOmSgl9vBkIP6mm79PDe6X+UKvxMMZTZOnGLVV/Xnsrqwvg+bnn94QyhFn+0FpJO0HCi8qaIEC5fKuCPRwh7zMDO+JHKhxHZs4TAHG66lUot7TVihxYnzQ7qVBtzwe4PGLZEUKP3HV9yxosWTL0SCHkZroags2+saYQKE9iOU9qOGy7RKpaB6L774ruDc5iWC/C5kBvXWYgijkfvwncrNKXUIwaN+aq/7RUC2E3PtGCNr+G8U7eqxo40vosuTou4pJRJtyatdEvQARDWiWxW07AJSeKa6iFEoYj3xQlqaDklyjJHhO1HU8gVtFF+zsStA6SxElStE74vDvo1cNpv+CP+6peveLwAvtJOhRoCU10fk+WMrUlWthNZQkyshAKoU6MxGh8vxnZk3Y+VBFxwBfTwHZtMAfzBPyeaHlXccn8r1IGef6Q8Y+End6xG1WKPJCmiviaeUuCgAZlB2V7wzFz5i1vLdUCeW16Sa+o/c8IqNO3f/2ezVpBvjTrw2Z8okoaGheNHDwiLBo+ylRjMrGidoKzJFpu5hP8iNttwLY00FRQcvMqBNsmnVme+e8kd+pc6niMR/8W4n8irM/ffvJecMQzu4M90TEB0Am2Xyna4iwV6CMsDXKaaQ1L6LKwtVTl3C3t1qcGQfvHq8KUw4ppioUP6fUIK3TCCI7DJtSQs7vX8n+0pbY8uBFYqAs= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:34.9846 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 657cac29-9604-4087-0a12-08dc1ebc2dc7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9167 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: UIJqOgJHpkmCXBzV39zjjjNGx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=wOS1epxh; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The RMPADJUST instruction is used to change the VMSA attribute of a page, but the VMSA attribute can only be changed when running at VMPL0. When an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU calls to change the VMSA attribute on a page instead of issuing the RMPADJUST instruction directly. Implement the CcExitSnpVmsaRmpAdjust() API to perform the appropriate operation to change the VMSA attribute based on the presence of an SVSM. Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/MpLib.h | 14 ------ UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 20 -------- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 53 +++----------------- 3 files changed, 6 insertions(+), 81 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index a96a6389c17d..6e2137cb17cd 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -870,20 +870,6 @@ FillExchangeInfoDataSevEs ( IN volatile MP_CPU_EXCHANGE_INFO *ExchangeInfo ); =20 -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ); - /** Create an SEV-SNP AP save area (VMSA) for use in running the vCPU. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Librar= y/MpInitLib/Ia32/AmdSev.c index c83144285b68..a2b8a5b3f516 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c @@ -48,23 +48,3 @@ SevSnpCreateAP ( // ASSERT (FALSE); } - -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ) -{ - // - // RMPADJUST is not supported in 32-bit mode - // - return RETURN_UNSUPPORTED; -} diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index c9f0984f41a2..db9a37fbbd19 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -38,20 +38,15 @@ SevSnpPerformApAction ( BOOLEAN InterruptState; UINT64 ExitInfo1; UINT64 ExitInfo2; - UINT32 RmpAdjustStatus; UINT64 VmgExitStatus; + EFI_STATUS VmsaStatus; =20 if (Action =3D=3D SVM_VMGEXIT_SNP_AP_CREATE) { // - // To turn the page into a recognized VMSA page, issue RMPADJUST: - // Target VMPL but numerically higher than current VMPL - // Target PermissionMask is not used + // Turn the page into a recognized VMSA page. // - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - TRUE - ); - if (RmpAdjustStatus !=3D 0) { + VmsaStatus =3D CcExitSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE); + if (EFI_ERROR (VmsaStatus)) { DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n")= ); ASSERT (FALSE); =20 @@ -94,11 +89,8 @@ SevSnpPerformApAction ( // Make the current VMSA not runnable and accessible to be // reprogrammed. // - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - FALSE - ); - if (RmpAdjustStatus !=3D 0) { + VmsaStatus =3D CcExitSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE); + if (EFI_ERROR (VmsaStatus)) { DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n")); ASSERT (FALSE); =20 @@ -292,36 +284,3 @@ SevSnpCreateAP ( SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); } } - -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ) -{ - UINT64 Rdx; - - // - // The RMPADJUST instruction is used to set or clear the VMSA bit for a - // page. The VMSA change is only made when running at VMPL0 and is ignor= ed - // otherwise. If too low a target VMPL is specified, the instruction can - // succeed without changing the VMSA bit when not running at VMPL0. Usin= g a - // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error= if - // not running at VMPL0, thus ensuring that the VMSA bit is set appropri= ately - // when no error is returned. - // - Rdx =3D 1; - if (VmsaPage) { - Rdx |=3D RMPADJUST_VMSA_PAGE_BIT; - } - - return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx); -} --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114635): https://edk2.groups.io/g/devel/message/114635 Mute This Topic: https://groups.io/mt/103986460/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-