From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.4621.1631586230008767014 for ; Mon, 13 Sep 2021 19:23:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=xb0q21Js; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: ray.ni@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10106"; a="285542827" X-IronPort-AV: E=Sophos;i="5.85,291,1624345200"; d="scan'208";a="285542827" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2021 19:23:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,291,1624345200"; d="scan'208";a="469876449" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmsmga007.fm.intel.com with ESMTP; 13 Sep 2021 19:23:49 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 13 Sep 2021 19:23:47 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 13 Sep 2021 19:23:47 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 13 Sep 2021 19:23:47 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e8UsaM+lzM5lrPzFOU3Ibznhg2GM562Xo55IKqad0nZaV41+fGYojc5YVdPvlmk0btIIW6KGTkeIOYk90qltEb17rd+fnH/XjIc3YjivmoyVDNYK1+x4+oQxThTdcVnUdjNsdzAVRPfNzeiNk+bvuQtfPvhO16ReOELZw/J9XnwyCTvmqs/HvYncsshTbPXmqejOPGLU9/nGq3bXG1rn2fXFmPiujx6bYBEcbjMv/UFROyuutAB40YV1Tss0AsOuhQzsdrlncm55wL/mI+TXCWB+n2ZsM35RyQyZemjAAgBsVEqBDX0nW4a2gl29giUmCAbcpm1c7GaldN6e1QqtDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XW+Oh74+yMbn3ROqb1WKDsABsujFm0wFkupSemOqzY4=; b=kOxSrR3KKbV/XLM1u5IKFc2aL//MRgBh7xMIaUeBVaJEfoAZp+wR8yn4kif3JyKiZUgaDIu72jB/caHaEbIy3kEiNpFPmZh59QQ15qsha3r5vrqnkdBcOwNMkbBBvhuU0UqcbU/zrBMBe1TBmKRSgtdJzYdkRZWqS8lMfu39Xm2xVhOLQ0h9IXmOMzXSNBhN1/+e/mLLdKhcIWCc0BmBQM2b6SJyIsU0ZZw1M2PpKQx1bjDN5OecZCa6Nz1M4bG7nxuN65ZZ2XBE/6gCquAmKAyAYOzQEpYzOYEFj03VuFWfFNEBeyyNz2Yu5va6MKevsE3div0Cm1U6EFtzrK6WfA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XW+Oh74+yMbn3ROqb1WKDsABsujFm0wFkupSemOqzY4=; b=xb0q21Js06TlfQ5tYGoZ1pUKClGa7p6JPh3H7gTqvV+uL4ZiFH/OtMhUL93mhX68F7bskN8SPuRM6TDDs9f3y76rNzEBixpVkaEi2Xc88Hy7BFnFnsPvUwRdF41sw889wWmFEop+FzNLDoSHXnKuxPna/ISTiJqm888eHRgqWUI= Received: from CO1PR11MB4930.namprd11.prod.outlook.com (2603:10b6:303:9b::11) by MW3PR11MB4700.namprd11.prod.outlook.com (2603:10b6:303:2d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Tue, 14 Sep 2021 02:23:41 +0000 Received: from CO1PR11MB4930.namprd11.prod.outlook.com ([fe80::50ce:c9a3:ab37:9fac]) by CO1PR11MB4930.namprd11.prod.outlook.com ([fe80::50ce:c9a3:ab37:9fac%9]) with mapi id 15.20.4500.019; Tue, 14 Sep 2021 02:23:41 +0000 From: "Ni, Ray" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Xu, Min M" , "Yao, Jiewen" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , Michael Roth , "Dong, Eric" , "Kumar, Rahul1" Subject: Re: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Thread-Topic: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Thread-Index: AQHXqMwiNCCIxL4NKkitPE8nuJU0X6uizGUQ Date: Tue, 14 Sep 2021 02:23:41 +0000 Message-ID: References: <20210913181941.23405-1-brijesh.singh@amd.com> <20210913181941.23405-26-brijesh.singh@amd.com> In-Reply-To: <20210913181941.23405-26-brijesh.singh@amd.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 69e57366-7074-4d0b-0ae1-08d97726ab32 x-ms-traffictypediagnostic: MW3PR11MB4700: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JzlLdMb/eRyRaCcGAx0WrwxMxp4b0bMR4BiB8sfmghUW4vMlqMDjfGEtNAbClMbdpGSUHIXI7HiBtGqyVbVZxcZAyr/aGYtilghfUulyj8+PwQ9LCAx35Ful5eUKsHuW2UQMNyowqoMDJJrzIcjAJyBeM8cZMIz4414MJRaI122DfP+rTojWaocD7bfaNHeKgVgrTJLzVVwqGwiApjSMH6F6vgCh9wOzoXSwi9QNbXsV+x2UO4o1XvScWlVxWeQ7Pk38QPUX+KO16ixzc4F4d0Jwh7M3BmpaG9/Kup4ZEfU/wfQCZ5JvwxIvFKpjO5AYzNxQcR8WDQSiEYJHe0Csk0BA5eH7DQ95V/kz18DAT/wkd7bHXDzInhum0axXQzVnBo1IC2Dt48rNmhiNMVGZWXygaL9DWaSarEe4sNf269xu1g4aN67Jx2D4Xm9/Misgi8kvJhBq4Csp4yxdatosRpPBnROT45XbPbyns/QoUcr8wtLZs14xa31q0pVO/CeRBjxBGSvHMNGIPZRWiaIs2hWIZYZE8flTwZswPznUsID7mGbi/O1/wVsFlu/9JRVwRTfEBsgM+B/i8qykVyPRGn83HdmUViB30WtKb2E2xUpQf4A8LxNfiHdOOw7LfRHVqfYiz2B9Sd0N49IjVFEH8s790Hl0IDC4F0a1Pn1JAXXHJJgtGwddVrJBFmZIh0fGpOoLpzUL/bx6qfOnwlztbESAXF3xJWReDnZskW1IAuWSeq/km/vNGbCYuLptN0vaF6DqKSdIOjG49MDK3tJah8wIND/GPHTvmmE7vyEmJE0= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4930.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(396003)(366004)(346002)(136003)(39860400002)(376002)(478600001)(2906002)(9686003)(54906003)(8676002)(6506007)(83380400001)(5660300002)(966005)(53546011)(64756008)(66476007)(33656002)(55016002)(66556008)(76116006)(71200400001)(186003)(19627235002)(52536014)(7696005)(66946007)(8936002)(316002)(4326008)(107886003)(38070700005)(38100700002)(110136005)(66446008)(86362001)(122000001)(26005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?yRVuQUsgklDJiJmNLx4bSfGdXdXMM6XsqMFcoAkgfNhCst34Xl2dQyTabmpQ?= =?us-ascii?Q?OtipVlbsoh0j9VqVELkyCqo8VfC+eJ28XmZpgkocpnzI5LauS/XRxhDT81Uj?= =?us-ascii?Q?8/GXt6VehRcyiSTPW5+95jdykEwfuqYb4tDgmCoz2ohs9l6i1Q4ZCZF5tjEu?= =?us-ascii?Q?qukyXmj/J/+JOIo9whYD1RK0HmIiUYlKIFmfMHt2YMhuq9SLilhx0g5+dEzc?= =?us-ascii?Q?J/xH1CSj5xO8lDFkGvS1isoZ8Za6dz595/jN28RhO1GzCK/gh5Q/vishqC2G?= =?us-ascii?Q?vk/+WX6c8OFm2ndp0UiTel4UBDWkBmKUAOY653CQhta05mHzNmUxj05Ocggu?= =?us-ascii?Q?gjsEy1XtmBdNBezZnO5WT7v0Zp8gugUdkPU/rSlpk9jBJJSy8o6y82UANG33?= =?us-ascii?Q?QTY+K6WmQV8Mqtf73KuZ3opZ/y9hyL2P6t/kmyEWCxx9l2yZcUaskun5SOcM?= =?us-ascii?Q?IWLAfQm3jhgMG+OevEYFems6qz5gtbOmo0dPAfDQ2BIqv/FDf8NkjYoWN6ME?= =?us-ascii?Q?dL8X6wRKs7F2OqmABoTS3BGshwqa35hrgJd3GG8jeWGicJmvJmgUjMtePg6n?= =?us-ascii?Q?DDOjR7dbvX6OiffZx7wFNqsR2Jct9iDGfkTUqvIS1afqbakHOW6LTuyOGmkF?= =?us-ascii?Q?SPtXkfYpbR9Q39aaZSO19V8YzXUKRTHNFS9L97gMWdiVa20qWA5BK25Pnyrq?= =?us-ascii?Q?6MWqjfPAsGXmd0fQvx6DS0fKFkB5L2zww80jDCtaTcyi38hrke/GfZd6qdq+?= =?us-ascii?Q?J4sarhP5Bic5kUT94S79Ad4tYP7JdREXApYLsw/DEauvfxlLvqqBJXeei0Ib?= =?us-ascii?Q?T4tIucQ6K8g2DEXPucTez980WUbI/D/D4XT4Je0ak7yfgoSHrXSwI25Seomd?= =?us-ascii?Q?HtqIiykJpNCErPghJKOv9xCsxxYC0IchNEiApSfaH1/m9Kbzrl3ecxE+abuH?= =?us-ascii?Q?co+Cwa7DFCHsQ+e2W7jMIMpaDbZVi5diHxk6/DCwP/rUtC9bOwc5ipQZbgmG?= =?us-ascii?Q?EQk+Q4X04gcN88g+WhLL21AhEAz4/OhfetYFr8KpjEKOP8F1naRD34rh8slZ?= =?us-ascii?Q?ZGJyApRiPkHaI3ATUuB8rLi49zRgZ3BDa0/M+O3KnrEEM/fTqvaklCVUckGS?= =?us-ascii?Q?ok3HpXWMn70OqIqBd2tX65s4fCGJZQqukZi2xGoJcGjO5cQOusKHLOO/VO53?= =?us-ascii?Q?2/1caAO0ucYCexsArKj0JYb60fwCero6k6VRopn1/S1ZLm5+ld63GsV7MEBw?= =?us-ascii?Q?suDfF+mhUX4jPvHTKVdwLfcx6he0/mob0+gyTXQRPGhlSpbRKFZ5IzDfTYOv?= =?us-ascii?Q?cntvOqylyolZtXxPPEAvv7QV?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4930.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 69e57366-7074-4d0b-0ae1-08d97726ab32 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2021 02:23:41.2469 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: R8zzz0PvNf31nEWIpLNe2nLpixWzcVJzXO4uLa+PT0/b9/vAubS+a66SkXz1Zh5GEnF8kWDkZaryuc2xsrcPaw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4700 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Brijesh, Can you please separate the SEV logic in separate functions in separate fil= es? These are not x86 common logics. With more and more SEV specific logics add= ed, I want to keep the common flow clean. Thanks, Ray -----Original Message----- From: Brijesh Singh =20 Sent: Tuesday, September 14, 2021 2:20 AM To: devel@edk2.groups.io Cc: James Bottomley ; Xu, Min M ; Y= ao, Jiewen ; Tom Lendacky ; = Justen, Jordan L ; Ard Biesheuvel ; Erdem Aktas ; Michael Roth ; Gerd Hoffmann ; Brijesh Singh ; Michael Roth ; Dong, Eric ; Ni, Ray ; Kumar, Rahul1 Subject: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHCB GP= A when SEV-SNP is enabled BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be reg= istered with the hypervisor before using it. See the GHCB specification sec= tion 2.3.2 for more details. Cc: Michael Roth Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 53 +++++++++++++++++++ 4 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 388ebef7b0dc..56d6d703d8b0 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -219,6 +219,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -288,6 +289,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index bfef1237f452..365c0ff24ebe 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2033,6 +2034,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D ConfidentialComputingGuestHas (CCAttrAmdSe= vEs); + CpuMpData->SevSnpIsEnabled =3D ConfidentialComputingGuestHas=20 + (CCAttrAmdSevSnp); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..018ebe74bf5f 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,6 +194,59 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; If its an SEV-SNP guest then register the GHCB GPA + ; +RegisterGhcbGpa: + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne RegisterGhcbGpaDone + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + jmp RegisterGhcbGpaDone + + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + +RegisterGhcbGpaDone: wrmsr jmp CProcedureInvoke =20 -- 2.17.1