From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web12.32859.1590420102828040341 for ; Mon, 25 May 2020 08:21:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=d/Me98ai; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590420101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pYcgHp3/yqMwef2cCZrpjcINdZHGPsB8YjpSLNFyEUw=; b=d/Me98aiSZ6+4D70cj+TV/m4XIx4jpskhkDm0bhMfOmLoVsQnaTJjrtbrLxR42EO5B+DnK fiZR+ovkL8jMP5rYcolLEE1spoazRls3TJ0r6wMjNYkKzpm1oU/Mg9C9z9H7dZ0i9OvnfU swnTSwuatEssyp0DXS4THkCFVQ/mWHk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-392-V95vt-ELNUiQDIwvbpls0w-1; Mon, 25 May 2020 11:21:31 -0400 X-MC-Unique: V95vt-ELNUiQDIwvbpls0w-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 92706835B40; Mon, 25 May 2020 15:21:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-168.ams2.redhat.com [10.36.114.168]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3061E10013D2; Mon, 25 May 2020 15:21:26 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v8 31/46] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh References: <7597094ec951d2224f9527c2fc18cf93fb939f26.1589925074.git.thomas.lendacky@amd.com> From: "Laszlo Ersek" Message-ID: Date: Mon, 25 May 2020 17:21:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <7597094ec951d2224f9527c2fc18cf93fb939f26.1589925074.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 05/19/20 23:50, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Allocate memory for the GHCB pages and the per-CPU variable pages during > SEV initialization for use during Pei and Dxe phases. The GHCB page(s) > must be shared pages, so clear the encryption mask from the current page > table entries. Upon successful allocation, set the GHCB PCDs (PcdGhcbBase > and PcdGhcbSize). > > The per-CPU variable page needs to be unique per AP. Using the page after > the GHCB ensures that it is unique per AP. Only the GHCB page is marked as > shared, keeping the per-CPU variable page encyrpted. The same logic is > used in DXE using CreateIdentityMappingPageTables() before switching to > the DXE pagetables. > > The GHCB pages (one per vCPU) will be used by the PEI and DXE #VC > exception handlers. The #VC exception handler will fill in the necessary > fields of the GHCB and exit to the hypervisor using the VMGEXIT > instruction. The hypervisor then accesses the GHCB associated with the > vCPU in order to perform the requested function. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Reviewed-by: Laszlo Ersek > Signed-off-by: Tom Lendacky > --- > OvmfPkg/OvmfPkgIa32.dsc | 2 ++ > OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ > OvmfPkg/OvmfPkgX64.dsc | 2 ++ > OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ > OvmfPkg/PlatformPei/AmdSev.c | 45 ++++++++++++++++++++++++++++- > 5 files changed, 52 insertions(+), 1 deletion(-) > > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index b289260c1f2d..f849a7d698cd 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -611,6 +611,8 @@ [PcdsDynamicDefault] > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 > > # Set SEV-ES defaults > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 > > !if $(SMM_REQUIRE) == TRUE > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 00faf5036670..d1b4ffedc6af 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -623,6 +623,8 @@ [PcdsDynamicDefault] > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 > > # Set SEV-ES defaults > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 > > !if $(SMM_REQUIRE) == TRUE > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index 58671828c5fe..ebc903d922cf 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -621,6 +621,8 @@ [PcdsDynamicDefault] > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 > > # Set SEV-ES defaults > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase|0 > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize|0 > gUefiCpuPkgTokenSpaceGuid.PcdSevEsIsEnabled|0 > > !if $(SMM_REQUIRE) == TRUE > diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf > index a54d10ba90d5..4742e1bdf42b 100644 > --- a/OvmfPkg/PlatformPei/PlatformPei.inf > +++ b/OvmfPkg/PlatformPei/PlatformPei.inf > @@ -102,6 +102,8 @@ [Pcd] > gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack > gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable > gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase > + gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbSize > gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy > gUefiCpuPkgTokenSpaceGuid.PcdCpuLocalApicBaseAddress > gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index 4dc5340caa7a..4fd4534cabea 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -10,12 +10,15 @@ > // The package level header files this module uses > // > #include > +#include > #include > #include > #include > +#include > #include > #include > #include > +#include > #include > #include > > @@ -32,7 +35,10 @@ AmdSevEsInitialize ( > VOID > ) > { > - RETURN_STATUS PcdStatus; > + VOID *GhcbBase; > + PHYSICAL_ADDRESS GhcbBasePa; > + UINTN GhcbPageCount, PageCount; > + RETURN_STATUS PcdStatus, DecryptStatus; > > if (!MemEncryptSevEsIsEnabled ()) { > return; > @@ -40,6 +46,43 @@ AmdSevEsInitialize ( > > PcdStatus = PcdSetBoolS (PcdSevEsIsEnabled, TRUE); > ASSERT_RETURN_ERROR (PcdStatus); > + > + // > + // Allocate GHCB and per-CPU variable pages. > + // > + GhcbPageCount = mMaxCpuCount * 2; > + GhcbBase = AllocatePages (GhcbPageCount); > + ASSERT (GhcbBase != NULL); > + > + GhcbBasePa = (PHYSICAL_ADDRESS)(UINTN) GhcbBase; > + > + // > + // Each vCPU gets two consecutive pages, the first is the GHCB and the > + // second is the per-CPU variable page. Loop through the allocation and > + // only clear the encryption mask for the GHCB pages. > + // > + for (PageCount = 0; PageCount < GhcbPageCount; PageCount += 2) { > + DecryptStatus = MemEncryptSevClearPageEncMask ( > + 0, > + GhcbBasePa + EFI_PAGES_TO_SIZE (PageCount), > + 1, > + TRUE > + ); > + ASSERT_RETURN_ERROR (DecryptStatus); > + } This part is new in v7 (in sync with the updated commit message). It looks OK to me, but please don't carry over R-b tags given previously when modifying patches non-trivially. Reviewed-by: Laszlo Ersek Thanks Laszlo > + > + ZeroMem (GhcbBase, EFI_PAGES_TO_SIZE (GhcbPageCount)); > + > + PcdStatus = PcdSet64S (PcdGhcbBase, GhcbBasePa); > + ASSERT_RETURN_ERROR (PcdStatus); > + PcdStatus = PcdSet64S (PcdGhcbSize, EFI_PAGES_TO_SIZE (GhcbPageCount)); > + ASSERT_RETURN_ERROR (PcdStatus); > + > + DEBUG ((DEBUG_INFO, > + "SEV-ES is enabled, %lu GHCB pages allocated starting at 0x%p\n", > + (UINT64)GhcbPageCount, GhcbBase)); > + > + AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); > } > > /** >