From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.4305.1647564386903029587 for ; Thu, 17 Mar 2022 17:46:59 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=atX1Srg0; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647564419; x=1679100419; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5N8OYqKiZYxAXRAWQJPfNgswcQtaNku51mJ1H6X2K5c=; b=atX1Srg0ZF7lwEh3FTR/EbjjqdJUYkrVlVOa+nytuJKK53JwbZ3wF4yz +Z4b7layQvmRthQhNsSvE9CnwfBm08b/eLHDE2tvHt7x9E3IJ6FUIASTv AhS9rOBoxMWORtBUSHba+swQYp+gL/j/Q3vFMWxjDliM9rLXlaPXGoR1k PZ7xMBBE6WLR9MH4PZpj/g2/GptBVFfKd3oqJe00oj7sm08G0pKjZwCoT Dac71MzvI7ioIXoCI2KaNKupRTXVeOTG9q+kIH2s341hn1DrfWKzzkrjp CZps5S5Kvu2ZIx66QbMobT4xmOBPKOxg9WyGbEGWH2HvspugMqz3wxToC A==; X-IronPort-AV: E=McAfee;i="6200,9189,10289"; a="281817968" X-IronPort-AV: E=Sophos;i="5.90,190,1643702400"; d="scan'208";a="281817968" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 17:46:58 -0700 X-IronPort-AV: E=Sophos;i="5.90,190,1643702400"; d="scan'208";a="541602737" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.172.84]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 17:46:56 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Eric Dong , Ray Ni , Rahul Kumar , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Gerd Hoffmann Subject: [PATCH V9 12/47] UefiCpuPkg: Support TDX in BaseXApicX2ApicLib Date: Fri, 18 Mar 2022 08:45:30 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 MSR is accessed in BaseXApicX2ApicLib. In TDX some MSRs are accessed directly from/to CPU. Some should be accessed via explicit requests from the host VMM using TDCALL(TDG.VP.VMCALL). This is done by the help of TdxLib. Please refer to [TDX] Section 18.1 TDX: https://software.intel.com/content/dam/develop/external/us/en/ documents/tdx-module-1.0-public-spec-v0.931.pdf Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Reviewed-by: Ray Ni Signed-off-by: Min Xu --- .../BaseXApicX2ApicLib/BaseXApicX2ApicLib.c | 160 +++++++++++++++++- 1 file changed, 152 insertions(+), 8 deletions(-) diff --git a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c index aaa42ff8450b..2d17177df12b 100644 --- a/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c +++ b/UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.c @@ -23,11 +23,155 @@ #include #include #include +#include // // Library internal functions // +/** + Some MSRs in TDX are accessed via TdCall. + Some are directly read/write from/to CPU. + + @param MsrIndex Index of the MSR + @retval TRUE MSR accessed via TdCall. + @retval FALSE MSR accessed not via TdCall. + +**/ +BOOLEAN +AccessMsrTdxCall ( + IN UINT32 MsrIndex + ) +{ + if (!TdIsEnabled ()) { + return FALSE; + } + + switch (MsrIndex) { + case MSR_IA32_X2APIC_TPR: + case MSR_IA32_X2APIC_PPR: + case MSR_IA32_X2APIC_EOI: + case MSR_IA32_X2APIC_ISR0: + case MSR_IA32_X2APIC_ISR1: + case MSR_IA32_X2APIC_ISR2: + case MSR_IA32_X2APIC_ISR3: + case MSR_IA32_X2APIC_ISR4: + case MSR_IA32_X2APIC_ISR5: + case MSR_IA32_X2APIC_ISR6: + case MSR_IA32_X2APIC_ISR7: + case MSR_IA32_X2APIC_TMR0: + case MSR_IA32_X2APIC_TMR1: + case MSR_IA32_X2APIC_TMR2: + case MSR_IA32_X2APIC_TMR3: + case MSR_IA32_X2APIC_TMR4: + case MSR_IA32_X2APIC_TMR5: + case MSR_IA32_X2APIC_TMR6: + case MSR_IA32_X2APIC_TMR7: + case MSR_IA32_X2APIC_IRR0: + case MSR_IA32_X2APIC_IRR1: + case MSR_IA32_X2APIC_IRR2: + case MSR_IA32_X2APIC_IRR3: + case MSR_IA32_X2APIC_IRR4: + case MSR_IA32_X2APIC_IRR5: + case MSR_IA32_X2APIC_IRR6: + case MSR_IA32_X2APIC_IRR7: + return FALSE; + default: + break; + } + + return TRUE; +} + +/** + Read MSR value. + + @param MsrIndex Index of the MSR to read + @retval 64-bit Value of MSR. + +**/ +UINT64 +LocalApicReadMsrReg64 ( + IN UINT32 MsrIndex + ) +{ + UINT64 Val; + UINT64 Status; + + if (AccessMsrTdxCall (MsrIndex)) { + Status = TdVmCall (TDVMCALL_RDMSR, (UINT64)MsrIndex, 0, 0, 0, &Val); + if (Status != 0) { + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + } else { + Val = AsmReadMsr64 (MsrIndex); + } + + return Val; +} + +/** + Write to MSR. + + @param MsrIndex Index of the MSR to write to + @param Value Value to be written to the MSR + + @return Value + +**/ +UINT64 +LocalApicWriteMsrReg64 ( + IN UINT32 MsrIndex, + IN UINT64 Value + ) +{ + UINT64 Status; + + if (AccessMsrTdxCall (MsrIndex)) { + Status = TdVmCall (TDVMCALL_WRMSR, (UINT64)MsrIndex, Value, 0, 0, 0); + if (Status != 0) { + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + } else { + AsmWriteMsr64 (MsrIndex, Value); + } + + return Value; +} + +/** + Read MSR value. + + @param MsrIndex Index of the MSR to read + @retval 32-bit Value of MSR. + +**/ +UINT32 +LocalApicReadMsrReg32 ( + IN UINT32 MsrIndex + ) +{ + return (UINT32)LocalApicReadMsrReg64 (MsrIndex); +} + +/** + Write to MSR. + + @param MsrIndex Index of the MSR to write to + @param Value Value to be written to the MSR + + @return Value + +**/ +UINT32 +LocalApicWriteMsrReg32 ( + IN UINT32 MsrIndex, + IN UINT32 Value + ) +{ + return (UINT32)LocalApicWriteMsrReg64 (MsrIndex, Value); +} + /** Determine if the CPU supports the Local APIC Base Address MSR. @@ -78,7 +222,7 @@ GetLocalApicBaseAddress ( return PcdGet32 (PcdCpuLocalApicBaseAddress); } - ApicBaseMsr.Uint64 = AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 = LocalApicReadMsrReg64 (MSR_IA32_APIC_BASE); return (UINTN)(LShiftU64 ((UINT64)ApicBaseMsr.Bits.ApicBaseHi, 32)) + (((UINTN)ApicBaseMsr.Bits.ApicBase) << 12); @@ -109,12 +253,12 @@ SetLocalApicBaseAddress ( return; } - ApicBaseMsr.Uint64 = AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 = LocalApicReadMsrReg64 (MSR_IA32_APIC_BASE); ApicBaseMsr.Bits.ApicBase = (UINT32)(BaseAddress >> 12); ApicBaseMsr.Bits.ApicBaseHi = (UINT32)(RShiftU64 ((UINT64)BaseAddress, 32)); - AsmWriteMsr64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); + LocalApicWriteMsrReg64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); } /** @@ -154,7 +298,7 @@ ReadLocalApicReg ( ASSERT (MmioOffset != XAPIC_ICR_HIGH_OFFSET); MsrIndex = (UINT32)(MmioOffset >> 4) + X2APIC_MSR_BASE_ADDRESS; - return AsmReadMsr32 (MsrIndex); + return LocalApicReadMsrReg32 (MsrIndex); } } @@ -203,7 +347,7 @@ WriteLocalApicReg ( // Use memory fence here to force the serializing semantics to be consisent with xAPIC mode. // MemoryFence (); - AsmWriteMsr32 (MsrIndex, Value); + LocalApicWriteMsrReg32 (MsrIndex, Value); } } @@ -309,7 +453,7 @@ GetApicMode ( return LOCAL_APIC_MODE_XAPIC; } - ApicBaseMsr.Uint64 = AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 = LocalApicReadMsrReg64 (MSR_IA32_APIC_BASE); // // Local APIC should have been enabled // @@ -354,9 +498,9 @@ SetApicMode ( case LOCAL_APIC_MODE_XAPIC: break; case LOCAL_APIC_MODE_X2APIC: - ApicBaseMsr.Uint64 = AsmReadMsr64 (MSR_IA32_APIC_BASE); + ApicBaseMsr.Uint64 = LocalApicReadMsrReg64 (MSR_IA32_APIC_BASE); ApicBaseMsr.Bits.EXTD = 1; - AsmWriteMsr64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); + LocalApicWriteMsrReg64 (MSR_IA32_APIC_BASE, ApicBaseMsr.Uint64); break; default: ASSERT (FALSE); -- 2.29.2.windows.2