From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A44CF7803D8 for ; Fri, 8 Mar 2024 15:32:11 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=vwuORFllfkQnQDF7/Kfd7mJF/Q4hRMi33b20MdXLyww=; c=relaxed/simple; d=groups.io; h=Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20240206; t=1709911930; v=1; b=ARnxRagxS0CqTHBD7KC3CY2MMtbTkNk2oPegQJRo2nDmfEwJZt99NAvXVUXUNoUnTEi6mqLQ IOdMLmdNtll7HPtP0xpqzlJRnI2ErJiOGzLDUTtu3e6VsDRbU0cziRX9d89XH4YggkMUXaopC7a p4TrDgdrMUo4/EC5/80LKjakELQWh21JeqQ1cQ8cHobMrgxHaHViDWut1wHwVNIguClGODSCG6p +It3trmT7yzJVgOgkWSdtSNXLc44nxhPiR3gyiulhWxP/zcg+5qkODhT90Salpmjpk/x/kT/B1z TKSbrcv+Zu75py5Quu69OMRbT6WNz27ZlTN/dJwdXyN5w== X-Received: by 127.0.0.2 with SMTP id AXCGYY7687511xxEqPNyvlgL; Fri, 08 Mar 2024 07:32:10 -0800 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.60]) by mx.groups.io with SMTP id smtpd.web10.24822.1709911929574730035 for ; Fri, 08 Mar 2024 07:32:09 -0800 X-Received: from CYXPR02CA0012.namprd02.prod.outlook.com (2603:10b6:930:cf::27) by SJ2PR12MB8926.namprd12.prod.outlook.com (2603:10b6:a03:53b::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.24; Fri, 8 Mar 2024 15:32:02 +0000 X-Received: from CY4PEPF0000E9D5.namprd05.prod.outlook.com (2603:10b6:930:cf:cafe::2b) by CYXPR02CA0012.outlook.office365.com (2603:10b6:930:cf::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.28 via Frontend Transport; Fri, 8 Mar 2024 15:32:02 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D5.mail.protection.outlook.com (10.167.241.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7362.11 via Frontend Transport; Fri, 8 Mar 2024 15:32:02 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 8 Mar 2024 09:31:57 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA Date: Fri, 08 Mar 2024 07:32:09 -0800 Message-ID: <9816692834b839587077b74022b66f2f85fea76e.1709911792.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D5:EE_|SJ2PR12MB8926:EE_ X-MS-Office365-Filtering-Correlation-Id: 59c5e8c2-b612-4d48-eb0e-08dc3f84e71f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: hDr/iVmz5LUpL4c/PNBRwIDEFXUysQ5mHg4HAE9dhthNJgD2yC+Wb1lcE1w2wtXOM0V2EWWyEbLZyxo/i+gX/4pnYlp78zeTb1J9CyJlnvw3xWoWT4M55/rLCuvBxP6mc2NAh59GwzBliZswrm2M6rj+2ndMqa2DhnFBHamqbsn7GZZpTbOzs0fsRk0hmPAz1/e6nPKMhVWiBiPFjuonWrXxmh2Bh394znW7cOd/491R1ROMFGHi903jgcolHzu+5iJe5CSF2vX5moX5QWg234yzAZOSmZPZVngUY1UX+QfXIL7BBb4PJ9ZM/X9QoQh/WknikG9Wi+0sIP6xqW/mKL4QyMXCt3U7BrIC19/gLtDUgsY7PnKKOoQ0xkM+HGCPucwWLICc5aZr6829CcZpNBdVeTlDasmKLL5F+v4dfCZSqZOYR0iiExteuGKKO2ctu/JVvhDYdnutoveiG4BfMphIZytr4vC0wb2Sd7yOrZ8Ft0/eT9NrjBzt4Tei7XLwQIJ542m4SzUM3ij+tsN1MACNmrd/qj3wk8QZUFXzAxA8yfwOdKw2gdGsflt3f+bA4macOeoby5rp0blV4J3Epaxm3xVEcBQ8REbY01vWiVJOeIvRuL8llXKxBwrlmURQWz3tUkPD0qV4fSJ5wyIlbG5j6kV8+E3+brig+pgBs9iqcDlhdg81m5cyxlGnB8rrjUPpFJ5GptyBwR2XvmOr6g== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2024 15:32:02.4535 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 59c5e8c2-b612-4d48-eb0e-08dc3f84e71f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D5.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8926 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: guPgbgoP8trtVlS7IaXz1CDBx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=ARnxRagx; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The RMPADJUST instruction is used to change the VMSA attribute of a page, but the VMSA attribute can only be changed when running at VMPL0. To prepare for running at a less priviledged VMPL, use the AmdSvsmLib library API to perform the RMPADJUST. The AmdSvsmLib library will perform the proper operation on behalf of the caller. Cc: Gerd Hoffmann Cc: Laszlo Ersek Cc: Rahul Kumar Cc: Ray Ni Acked-by: Gerd Hoffmann Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 14 ----- UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 20 -------- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 54 +++----------------- 5 files changed, 9 insertions(+), 81 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 69950fcd1289..19745437f005 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -57,6 +57,7 @@ [LibraryClasses] SynchronizationLib PcdLib CcExitLib + AmdSvsmLib MicrocodeLib [LibraryClasses.X64] CpuPageTableLib diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 22f74a814534..679e51a1acd5 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -53,6 +53,7 @@ [LibraryClasses] PeiServicesLib PcdLib CcExitLib + AmdSvsmLib MicrocodeLib =20 [Pcd] diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 65e05c4806f5..179f8e585b5d 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -883,20 +883,6 @@ FillExchangeInfoDataSevEs ( IN volatile MP_CPU_EXCHANGE_INFO *ExchangeInfo ); =20 -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ); - /** Create an SEV-SNP AP save area (VMSA) for use in running the vCPU. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Librar= y/MpInitLib/Ia32/AmdSev.c index 0478e92317f1..963bd62494b9 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c @@ -49,26 +49,6 @@ SevSnpCreateAP ( ASSERT (FALSE); } =20 -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ) -{ - // - // RMPADJUST is not supported in 32-bit mode - // - return RETURN_UNSUPPORTED; -} - /** Determine if the SEV-SNP AP Create protocol should be used. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index bd12a5ee2fcb..981135621384 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -10,6 +10,7 @@ =20 #include "MpLib.h" #include +#include #include #include =20 @@ -38,20 +39,15 @@ SevSnpPerformApAction ( BOOLEAN InterruptState; UINT64 ExitInfo1; UINT64 ExitInfo2; - UINT32 RmpAdjustStatus; UINT64 VmgExitStatus; + EFI_STATUS VmsaStatus; =20 if (Action =3D=3D SVM_VMGEXIT_SNP_AP_CREATE) { // - // To turn the page into a recognized VMSA page, issue RMPADJUST: - // Target VMPL but numerically higher than current VMPL - // Target PermissionMask is not used + // Turn the page into a recognized VMSA page. // - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - TRUE - ); - if (RmpAdjustStatus !=3D 0) { + VmsaStatus =3D AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE); + if (EFI_ERROR (VmsaStatus)) { DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n")= ); ASSERT (FALSE); =20 @@ -94,11 +90,8 @@ SevSnpPerformApAction ( // Make the current VMSA not runnable and accessible to be // reprogrammed. // - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - FALSE - ); - if (RmpAdjustStatus !=3D 0) { + VmsaStatus =3D AmdSvsmSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE); + if (EFI_ERROR (VmsaStatus)) { DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n")); ASSERT (FALSE); =20 @@ -328,39 +321,6 @@ SevSnpCreateAP ( } } =20 -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ) -{ - UINT64 Rdx; - - // - // The RMPADJUST instruction is used to set or clear the VMSA bit for a - // page. The VMSA change is only made when running at VMPL0 and is ignor= ed - // otherwise. If too low a target VMPL is specified, the instruction can - // succeed without changing the VMSA bit when not running at VMPL0. Usin= g a - // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error= if - // not running at VMPL0, thus ensuring that the VMSA bit is set appropri= ately - // when no error is returned. - // - Rdx =3D 1; - if (VmsaPage) { - Rdx |=3D RMPADJUST_VMSA_PAGE_BIT; - } - - return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx); -} - /** Determine if the SEV-SNP AP Create protocol should be used. =20 --=20 2.43.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116541): https://edk2.groups.io/g/devel/message/116541 Mute This Topic: https://groups.io/mt/104810728/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-