From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120])
 by mx.groups.io with SMTP id smtpd.web12.32859.1590420102828040341
 for <devel@edk2.groups.io>;
 Mon, 25 May 2020 08:21:43 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=d/Me98ai;
 spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1590420101;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=pYcgHp3/yqMwef2cCZrpjcINdZHGPsB8YjpSLNFyEUw=;
	b=d/Me98aiSZ6+4D70cj+TV/m4XIx4jpskhkDm0bhMfOmLoVsQnaTJjrtbrLxR42EO5B+DnK
	fiZR+ovkL8jMP5rYcolLEE1spoazRls3TJ0r6wMjNYkKzpm1oU/Mg9C9z9H7dZ0i9OvnfU
	swnTSwuatEssyp0DXS4THkCFVQ/mWHk=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-392-V95vt-ELNUiQDIwvbpls0w-1; Mon, 25 May 2020 11:21:31 -0400
X-MC-Unique: V95vt-ELNUiQDIwvbpls0w-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 92706835B40;
	Mon, 25 May 2020 15:21:29 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-168.ams2.redhat.com [10.36.114.168])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3061E10013D2;
	Mon, 25 May 2020 15:21:26 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v8 31/46] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase
To: devel@edk2.groups.io, thomas.lendacky@amd.com
Cc: Jordan Justen <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Liming Gao <liming.gao@intel.com>, Eric Dong <eric.dong@intel.com>,
 Ray Ni <ray.ni@intel.com>, Brijesh Singh <brijesh.singh@amd.com>
References: <cover.1589925074.git.thomas.lendacky@amd.com>
 <7597094ec951d2224f9527c2fc18cf93fb939f26.1589925074.git.thomas.lendacky@amd.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <bcb6a008-aed1-24a9-9821-470071969a7a@redhat.com>
Date: Mon, 25 May 2020 17:21:26 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <7597094ec951d2224f9527c2fc18cf93fb939f26.1589925074.git.thomas.lendacky@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

On 05/19/20 23:50, Lendacky, Thomas wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
> 
> Allocate memory for the GHCB pages and the per-CPU variable pages during
> SEV initialization for use during Pei and Dxe phases. The GHCB page(s)
> must be shared pages, so clear the encryption mask from the current page
> table entries. Upon successful allocation, set the GHCB PCDs (PcdGhcbBase
> and PcdGhcbSize).
> 
> The per-CPU variable page needs to be unique per AP. Using the page after
> the GHCB ensures that it is unique per AP. Only the GHCB page is marked as
> shared, keeping the per-CPU variable page encyrpted. The same logic is
> used in DXE using CreateIdentityMappingPageTables() before switching to
> the DXE pagetables.
> 
> The GHCB pages (one per vCPU) will be used by the PEI and DXE #VC
> exception handlers. The #VC exception handler will fill in the necessary
> fields of the GHCB and exit to the hypervisor using the VMGEXIT
> instruction. The hypervisor then accesses the GHCB associated with the
> vCPU in order to perform the requested function.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  OvmfPkg/OvmfPkgIa32.dsc             |  2 ++
>  OvmfPkg/OvmfPkgIa32X64.dsc          |  2 ++
>  OvmfPkg/OvmfPkgX64.dsc              |  2 ++
>  OvmfPkg/PlatformPei/PlatformPei.inf |  2 ++
>  OvmfPkg/PlatformPei/AmdSev.c        | 45 ++++++++++++++++++++++++++++-
>  5 files changed, 52 insertions(+), 1 deletion(-)
> 
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index b289260c1f2d..f849a7d698cd 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -611,6 +611,8 @@ [PcdsDynamicDefault]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
>  
>    # Set SEV-ES defaults
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
>    gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0
>  
>  !if $(SMM_REQUIRE) == TRUE
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index 00faf5036670..d1b4ffedc6af 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -623,6 +623,8 @@ [PcdsDynamicDefault]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
>  
>    # Set SEV-ES defaults
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
>    gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0
>  
>  !if $(SMM_REQUIRE) == TRUE
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 58671828c5fe..ebc903d922cf 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -621,6 +621,8 @@ [PcdsDynamicDefault]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0
>  
>    # Set SEV-ES defaults
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0
>    gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0
>  
>  !if $(SMM_REQUIRE) == TRUE
> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
> index a54d10ba90d5..4742e1bdf42b 100644
> --- a/OvmfPkg/PlatformPei/PlatformPei.inf
> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
> @@ -102,6 +102,8 @@ [Pcd]
>    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
>    gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
>    gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize
>    gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber
> diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
> index 4dc5340caa7a..4fd4534cabea 100644
> --- a/OvmfPkg/PlatformPei/AmdSev.c
> +++ b/OvmfPkg/PlatformPei/AmdSev.c
> @@ -10,12 +10,15 @@
>  // The package level header files this module uses
>  //
>  #include <IndustryStandard/Q35MchIch9.h>
> +#include <Library/BaseMemoryLib.h>
>  #include <Library/DebugLib.h>
>  #include <Library/HobLib.h>
>  #include <Library/MemEncryptSevLib.h>
> +#include <Library/MemoryAllocationLib.h>
>  #include <Library/PcdLib.h>
>  #include <PiPei.h>
>  #include <Register/Amd/Cpuid.h>
> +#include <Register/Amd/Msr.h>
>  #include <Register/Cpuid.h>
>  #include <Register/Intel/SmramSaveStateMap.h>
>  
> @@ -32,7 +35,10 @@ AmdSevEsInitialize (
>    VOID
>    )
>  {
> -  RETURN_STATUS     PcdStatus;
> +  VOID              *GhcbBase;
> +  PHYSICAL_ADDRESS  GhcbBasePa;
> +  UINTN             GhcbPageCount, PageCount;
> +  RETURN_STATUS     PcdStatus, DecryptStatus;
>  
>    if (!MemEncryptSevEsIsEnabled ()) {
>      return;
> @@ -40,6 +46,43 @@ AmdSevEsInitialize (
>  
>    PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE);
>    ASSERT_RETURN_ERROR (PcdStatus);
> +
> +  //
> +  // Allocate GHCB and per-CPU variable pages.
> +  //
> +  GhcbPageCount = mMaxCpuCount * 2;
> +  GhcbBase = AllocatePages (GhcbPageCount);
> +  ASSERT (GhcbBase != NULL);
> +
> +  GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN) GhcbBase;
> +
> +  //
> +  // Each vCPU gets two consecutive pages, the first is the GHCB and the
> +  // second is the per-CPU variable page. Loop through the allocation and
> +  // only clear the encryption mask for the GHCB pages.
> +  //
> +  for (PageCount = 0; PageCount < GhcbPageCount; PageCount += 2) {
> +    DecryptStatus = MemEncryptSevClearPageEncMask (
> +      0,
> +      GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount),
> +      1,
> +      TRUE
> +      );
> +    ASSERT_RETURN_ERROR (DecryptStatus);
> +  }

This part is new in v7 (in sync with the updated commit message).

It looks OK to me, but please don't carry over R-b tags given previously
when modifying patches non-trivially.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo


> +
> +  ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount));
> +
> +  PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa);
> +  ASSERT_RETURN_ERROR (PcdStatus);
> +  PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount));
> +  ASSERT_RETURN_ERROR (PcdStatus);
> +
> +  DEBUG ((DEBUG_INFO,
> +    "SEV-ES is enabled, %lu GHCB pages allocated starting at 0x%p\n",
> +    (UINT64)GhcbPageCount, GhcbBase));
> +
> +  AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
>  }
>  
>  /**
>