From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web12.4618.1631586322524465162 for ; Mon, 13 Sep 2021 19:25:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=DT8d7sp3; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: ray.ni@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10106"; a="221902595" X-IronPort-AV: E=Sophos;i="5.85,291,1624345200"; d="scan'208";a="221902595" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Sep 2021 19:25:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,291,1624345200"; d="scan'208";a="543612830" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by FMSMGA003.fm.intel.com with ESMTP; 13 Sep 2021 19:25:21 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 13 Sep 2021 19:25:20 -0700 Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 13 Sep 2021 19:25:20 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 13 Sep 2021 19:25:20 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.103) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 13 Sep 2021 19:25:19 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JCHRED1OA53QeHlVTRv+tsVHP0ocavXdRyYcZeIpzVavDefd+T2SrN2/WyW58V4Co+iez9EaUK78HLWpdchzk4wrTJP6ky0mi7pAkCguOClTqjinCAhnEv/OuUR1vNXSNRtHi9OQUvx/W99zIdypBKUZYS0uHvMUUc/WYKaNXr44DogJZaxWLIv1iRjIcoinkQ03y37DYQ19WNxRLwA2h1kd393m2mwAVAdumeJA43kNo7gfP/z8q0J/C/Xp9YbRmZpdwyTb0UdUL7MXcM9m2WIp2jMfmfkfcwJNaPAnNqlYPdWL5NMmLImJHjmJJmW8PWbt7aluOnLrl1YMOKRSmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=42i5ol45Q+G+dOrKdrbOA1hImsRt9OYrFAYPFko9/hE=; b=Ez/ChoWGu9LRn0o0qOjCbEF1VNTOAiQgNmRnbD/5kvg+9xP3G3q0X4KbPp4euGqqOWnvoyBG6yZ27NE218lRnEZ6FlwZaDPGxUO2xH6NFk6cY/hcPxldHx0+zNIn+Fu+XfQIvYESzQrFHAS2v45Vg7icOy1prwH0BJZofTNJ7tS7Pgm8wUJZrGWWaXuTjf98kiG4wKsFhXmLo0ZCnB1NrxoCLvb801EiXue+4tyKagVrhYjpIPAuseM0DQbAlLOvXPe/uIfMoa+I1+rtSV0vRst8NdSp/K6S6I3IucF2Ed0Bluu787ms4dyRvaXSPuWoVZeGSBTHFN7e3jxdSwD33g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=42i5ol45Q+G+dOrKdrbOA1hImsRt9OYrFAYPFko9/hE=; b=DT8d7sp35nlxyPFmEL+f6OHxNfI3GmNvs5bWknSZbgUT3TEqFvm8CZmpoDOlhvmfeU3lSU2WrlpRHASHT9ckIM+OjGSM3MKss0qX+5hwP3heiDr3vQtIG7DWmJ0YLf6dEgpawSLZ4ENo0Z3hpmIRAd6KIFjQLCr1jM2OWeVICXs= Received: from CO1PR11MB4930.namprd11.prod.outlook.com (2603:10b6:303:9b::11) by MW3PR11MB4700.namprd11.prod.outlook.com (2603:10b6:303:2d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.17; Tue, 14 Sep 2021 02:25:19 +0000 Received: from CO1PR11MB4930.namprd11.prod.outlook.com ([fe80::50ce:c9a3:ab37:9fac]) by CO1PR11MB4930.namprd11.prod.outlook.com ([fe80::50ce:c9a3:ab37:9fac%9]) with mapi id 15.20.4500.019; Tue, 14 Sep 2021 02:25:18 +0000 From: "Ni, Ray" To: Brijesh Singh , "devel@edk2.groups.io" CC: James Bottomley , "Xu, Min M" , "Yao, Jiewen" , Tom Lendacky , "Justen, Jordan L" , Ard Biesheuvel , Erdem Aktas , "Michael Roth" , Gerd Hoffmann , Michael Roth , "Dong, Eric" , "Kumar, Rahul1" Subject: Re: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Thread-Topic: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Thread-Index: AQHXqMwiNCCIxL4NKkitPE8nuJU0X6uizGUQgAAA5NA= Date: Tue, 14 Sep 2021 02:25:18 +0000 Message-ID: References: <20210913181941.23405-1-brijesh.singh@amd.com> <20210913181941.23405-26-brijesh.singh@amd.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: fa5abe74-ba77-46da-6347-08d97726e55a x-ms-traffictypediagnostic: MW3PR11MB4700: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: qFvdcoCZh5Yzqkl3c/v1EAYWOJXnfsc6JuM2amZLsXEF/ICvcgt9EIcZmUcU7Wm9cHcBoIBjsGfuRW/g39ZlyJI4mpoEjiCYZO8Syh7oGTEEg+72AvL53ns9ki9YpCcZEx2yi7yOYIsdlndIVQ8eQDONHZFhuCV6MPlvCRBUQ4GFRcFILV71Ew5X2C+NsO97kP6sjKl327SqIGzGk+Y5t4+nUIrZJKEda7yJ09joT6udWgNtFjEbuJ6n2VGFZp8O7UseoB8FQr/YkxzKXjE3LAAn5r8SoZ89LwZPjZj0n30DMybm9VhUK+54ZnD2caxtFYKjjoPhPxvkZTq20k7w48t9oQ3yf4qWpmuCIQ1mBAEYU5X+ZUm+JoY/1nvZreN+gUvm5h0Mg2yyVqTM8113AoaRvdcXyi+G9ynaK09kULtt5ffXPD78YcqyRiNFFaKM+YrUa/QCqPSqRdHUP7+xB8hTuyiGNpL5se75cek4wQ5XhbKiKeSl4zMRsYRDOEoVcPsGqvhtGVjt0Q1Mxc9PxAm0UFUJIiHjWe3QVcYD6n3cnUch5Jy89cF0Tmonj+RSAo9w0CPTgv2KsLze5qbpwppCt9aUrSsCzsQwz2iORFRkAFwYXDL5lNnj3KJBIB3SgJDDJfDOBOslYR0VSNoKTmOtQgddiLGgH71Jgmc9RzB8YnQStpnXOIl2KvnW9iqR9Lfnj+CeTr6CazZF2iVi1ncxki+1GxATMzzaa4ixgb0l62nmSp9Lxt8h/ojBGxGqSMU0LqN8zlqOeTdl2B55eaZgIZMPTxBT+Erpl8PS1eM= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4930.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(396003)(366004)(346002)(136003)(39860400002)(376002)(478600001)(2906002)(9686003)(54906003)(8676002)(6506007)(83380400001)(5660300002)(966005)(53546011)(64756008)(66476007)(33656002)(55016002)(66556008)(76116006)(2940100002)(71200400001)(186003)(19627235002)(52536014)(7696005)(66946007)(8936002)(316002)(4326008)(107886003)(38070700005)(38100700002)(110136005)(66446008)(86362001)(122000001)(26005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?ahyzbn5EvTyDFY18kpczSP+KIsTfoWIekfkMKRm3tODXFg7eu+QpdHQnZ+ke?= =?us-ascii?Q?sZEwS+xW6q9+3aEcNpGz2GeSUY9xG9Cv9vXQbHFTvoJKm2+V6wRmq0V6c37z?= =?us-ascii?Q?voKM4b3h+czbS8nAqCofYJSql882UZXOFeeA+par285WId16eeC/86BsuI/f?= =?us-ascii?Q?SibpP2DXgIUXrP0WW28ZDTlVqn0ktR+feJov4UENKgSgGdWtSlaUa0mu7DMr?= =?us-ascii?Q?FYJw0moJLu3UFKSsw0crtNheBf3UTBCrt8j1b0H+LI+LyB/JBBKlvYeZJM81?= =?us-ascii?Q?TqswuAXMpFCETj8hssE8o/TgNUBGzPNL9RBaeYezA19lgM5PHXjLevjDCKk7?= =?us-ascii?Q?YDZFOJ+8CU1QC6BGM2LrxEvkOLOaILDvs8lLNe3fFKx7ry6Ep49JZhbY8Som?= =?us-ascii?Q?Wk5jUr8qbJOrAO6oua+gSOKDFfLAuFA2hp+4DHvAvzc2sDJU0qZvfIxmy3I4?= =?us-ascii?Q?EWz0wufC91gzHtzeHx9rncnMNi+Pmo1EwC/oR11bttYXhpqJRQxOkMY20ron?= =?us-ascii?Q?/HboNVC4iNiRNnjqtyObexGYQgM9Mc7R4k9UiTE3Mgu03QGU73H/SAOJQPUK?= =?us-ascii?Q?m2YyMTCbYdizCoBh/xknnacPBzRDZhD/LUHXRGbVLjnec41Zzn5e/q1tYVp9?= =?us-ascii?Q?dcxnep2mpdmOPbSNCuo94NYMOTfYqI7bdpkkh129KycCOq3lKge7tzO7L6Fh?= =?us-ascii?Q?VMThHLrQeKZjPKLSYlDMrWmhYscg3dyTucBp4lEzMNmgALWOd7+FGe6dcSU6?= =?us-ascii?Q?8tdS2YbI1zTw24MbSG01Pjy/uewCz9pxUIpSgNCrAcxAo4KoJa6NyDW4LeKz?= =?us-ascii?Q?20x4P3wFYoMqihg7GEt4ZUYvHU++zhhSi6T2e6MfUOlOE37xl0fDexz0CFjk?= =?us-ascii?Q?ZhRXWhGDouhCHcHo6AuiJfiKNOITBEJZW8lbLIRSFbMs19Y3kHWbGHpx8kPF?= =?us-ascii?Q?jenH/mCadvPnh4Z0uqIJ423bRg7eLmRb2HHmXVNXl37try5e/ndDRmLRxIdm?= =?us-ascii?Q?8QNKAn0shc0E3v+UQzZdzwfdqWLBdha4RKuAQJX+WKeNex96wnsS7k7qJQGp?= =?us-ascii?Q?3GoYJpwYvpJX/oOm3HjXZd3e6x/GlbKchavBncGn0i1D6sGRRciTtBel44JW?= =?us-ascii?Q?69QWe2TyniogJinHwNHD/7X62ompEDNFyE/hooD0xPWeOGt0zJa6iHkyZP86?= =?us-ascii?Q?jZZNiAh2TNiIXylvZOrGWEVTnikVGZvxuImaSK80pVJihsqJsfdY/uSMt6bt?= =?us-ascii?Q?Ei04KWwO0q32z4VvQ1ZU1z+izFOsMDHXSGEVUta9BLfkaeJj77KCTT0vOhGT?= =?us-ascii?Q?eRNJsb/JO/Mz6bFz/5A5kkUo?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4930.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fa5abe74-ba77-46da-6347-08d97726e55a X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2021 02:25:18.8162 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GxZMn1CMO06IncUO0EovzNs0adeiFsphaETJaZnifOCjSeZhjggwzqqyr7LraHfHJyz1vMWOjp722QaB3XhWcw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4700 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The comments don't apply to this patch only. To be clear, it would be great that you can do a cleanup of existing code t= o try best separating the SEV flow from the common flow. -----Original Message----- From: Ni, Ray=20 Sent: Tuesday, September 14, 2021 10:24 AM To: Brijesh Singh ; devel@edk2.groups.io Cc: James Bottomley ; Xu, Min M ; Y= ao, Jiewen ; Tom Lendacky ; = Justen, Jordan L ; Ard Biesheuvel ; Erdem Aktas ; Michael Roth ; Gerd Hoffmann ; Michael Roth ; Dong, Eric ; Kumar, Rahul1 Subject: RE: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHC= B GPA when SEV-SNP is enabled Hi Brijesh, Can you please separate the SEV logic in separate functions in separate fil= es? These are not x86 common logics. With more and more SEV specific logics add= ed, I want to keep the common flow clean. Thanks, Ray -----Original Message----- From: Brijesh Singh Sent: Tuesday, September 14, 2021 2:20 AM To: devel@edk2.groups.io Cc: James Bottomley ; Xu, Min M ; Y= ao, Jiewen ; Tom Lendacky ; = Justen, Jordan L ; Ard Biesheuvel ; Erdem Aktas ; Michael Roth ; Gerd Hoffmann ; Brijesh Singh ; Michael Roth ; Dong, Eric ; Ni, Ray ; Kumar, Rahul1 Subject: [PATCH v7 25/31] UefiCpuPkg/MpLib: add support to register GHCB GP= A when SEV-SNP is enabled BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 An SEV-SNP guest requires that the physical address of the GHCB must be reg= istered with the hypervisor before using it. See the GHCB specification sec= tion 2.3.2 for more details. Cc: Michael Roth Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Erdem Aktas Cc: Gerd Hoffmann Signed-off-by: Brijesh Singh --- UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 + UefiCpuPkg/Library/MpInitLib/MpLib.c | 2 + UefiCpuPkg/Library/MpInitLib/MpEqu.inc | 1 + UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 53 +++++++++++++++++++ 4 files changed, 58 insertions(+) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 388ebef7b0dc..56d6d703d8b0 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -219,6 +219,7 @@ typedef struct { // BOOLEAN Enable5LevelPaging; BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 @@ -288,6 +289,7 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 BOOLEAN SevEsIsEnabled; + BOOLEAN SevSnpIsEnabled; UINTN SevEsAPBuffer; UINTN SevEsAPResetStackStart; CPU_MP_DATA *NewCpuMpData; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index bfef1237f452..365c0ff24ebe 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1040,6 +1040,7 @@ FillExchangeInfoData ( DEBUG ((DEBUG_INFO, "%a: 5-Level Paging =3D %d\n", gEfiCallerBaseName, E= xchangeInfo->Enable5LevelPaging)); =20 ExchangeInfo->SevEsIsEnabled =3D CpuMpData->SevEsIsEnabled; + ExchangeInfo->SevSnpIsEnabled =3D CpuMpData->SevSnpIsEnabled; ExchangeInfo->GhcbBase =3D (UINTN) CpuMpData->GhcbBase; =20 // @@ -2033,6 +2034,7 @@ MpInitLibInitialize ( CpuMpData->CpuInfoInHob =3D (UINT64) (UINTN) (CpuMpData->CpuData + M= axLogicalProcessorNumber); InitializeSpinLock(&CpuMpData->MpLock); CpuMpData->SevEsIsEnabled =3D ConfidentialComputingGuestHas (CCAttrAmdSe= vEs); + CpuMpData->SevSnpIsEnabled =3D ConfidentialComputingGuestHas=20 + (CCAttrAmdSevSnp); CpuMpData->SevEsAPBuffer =3D (UINTN) -1; CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc b/UefiCpuPkg/Library/Mp= InitLib/MpEqu.inc index 2e9368a374a4..01668638f245 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/MpEqu.inc @@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO .ModeHighSegment: CTYPE_UINT16 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1 + .SevSnpIsEnabled CTYPE_BOOLEAN 1 .GhcbBase: CTYPE_UINTN 1 endstruc =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 50df802d1fca..018ebe74bf5f 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -194,6 +194,59 @@ LongModeStart: mov rdx, rax shr rdx, 32 mov rcx, 0xc0010130 + + ; + ; If its an SEV-SNP guest then register the GHCB GPA + ; +RegisterGhcbGpa: + ; + ; Register GHCB GPA when SEV-SNP is enabled + ; + lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)] + cmp byte [edi], 1 ; SevSnpIsEnabled + jne RegisterGhcbGpaDone + + ; Save the rdi and rsi to used for later comparison + push rdi + push rsi + mov edi, eax + mov esi, edx + or eax, 18 ; Ghcb registration request + wrmsr + rep vmmcall + rdmsr + mov r12, rax + and r12, 0fffh + cmp r12, 19 ; Ghcb registration response + jne GhcbGpaRegisterFailure + + ; Verify that GPA is not changed + and eax, 0fffff000h + cmp edi, eax + jne GhcbGpaRegisterFailure + cmp esi, edx + jne GhcbGpaRegisterFailure + pop rsi + pop rdi + jmp RegisterGhcbGpaDone + + ; + ; Request the guest termination + ; +GhcbGpaRegisterFailure: + xor edx, edx + mov eax, 256 ; GHCB terminate + wrmsr + rep vmmcall + + ; We should not return from the above terminate request, but if we do + ; then enter into the hlt loop. +DoHltLoop: + cli + hlt + jmp DoHltLoop + +RegisterGhcbGpaDone: wrmsr jmp CProcedureInvoke =20 -- 2.17.1