From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
To: <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Erdem Aktas <erdemaktas@google.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Michael D Kinney <michael.d.kinney@intel.com>,
Min Xu <min.m.xu@intel.com>,
Zhiguang Liu <zhiguang.liu@intel.com>,
"Rahul Kumar" <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [PATCH 12/16] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor
Date: Fri, 26 Jan 2024 16:13:11 -0600 [thread overview]
Message-ID: <d718094462670faa075a86eb7317d55911d7bcf0.1706307195.git.thomas.lendacky@amd.com> (raw)
In-Reply-To: <cover.1706307195.git.thomas.lendacky@amd.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve
them before any APs are actually started. The APIC IDs can be used
to start the APs for any SEV-SNP guest, but is a requirement for an
SEV-SNP guest that is running under an SVSM.
After retrieving the APIC IDs, save the address of the APIC ID data
structure in the PcdSevSnpApicIds PCD.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
OvmfPkg/PlatformPei/AmdSev.c | 87 ++++++++++++++++++++
2 files changed, 88 insertions(+)
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 6907cc72669e..6379f66b627d 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -116,6 +116,7 @@ [Pcd]
gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures
gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask
+ gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase
diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index af832d3e535e..d8a30b6e1613 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -31,6 +31,85 @@ GetHypervisorFeature (
VOID
);
+/**
+ Retrieve APIC IDs from the hypervisor.
+
+**/
+STATIC
+VOID
+AmdSevSnpGetApicIds (
+ VOID
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ GHCB *Ghcb;
+ BOOLEAN InterruptState;
+ UINT64 VmgExitStatus;
+ UINT64 PageCount;
+ BOOLEAN PageCountValid;
+ VOID *ApicIds;
+ RETURN_STATUS Status;
+
+ Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+ Ghcb = Msr.Ghcb;
+
+ PageCount = 0;
+ PageCountValid = FALSE;
+
+ CcExitVmgInit (Ghcb, &InterruptState);
+ Ghcb->SaveArea.Rax = PageCount;
+ CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+ VmgExitStatus = CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0);
+ if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) {
+ PageCount = Ghcb->SaveArea.Rax;
+ PageCountValid = TRUE;
+ }
+
+ CcExitVmgDone (Ghcb, InterruptState);
+
+ ASSERT (VmgExitStatus == 0);
+ ASSERT (PageCountValid);
+ if ((VmgExitStatus != 0) || !PageCountValid) {
+ return;
+ }
+
+ //
+ // Allocate the memory for the APIC IDs
+ //
+ ApicIds = AllocateReservedPages ((UINTN)PageCount);
+ ASSERT (ApicIds != NULL);
+
+ Status = MemEncryptSevClearPageEncMask (
+ 0,
+ (UINTN)ApicIds,
+ (UINTN)PageCount
+ );
+ ASSERT_RETURN_ERROR (Status);
+
+ ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount));
+
+ PageCountValid = FALSE;
+
+ CcExitVmgInit (Ghcb, &InterruptState);
+ Ghcb->SaveArea.Rax = PageCount;
+ CcExitVmgSetOffsetValid (Ghcb, GhcbRax);
+ VmgExitStatus = CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)ApicIds, 0);
+ if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax == PageCount)) {
+ PageCountValid = TRUE;
+ }
+
+ CcExitVmgDone (Ghcb, InterruptState);
+
+ ASSERT (VmgExitStatus == 0);
+ ASSERT (PageCountValid);
+ if ((VmgExitStatus != 0) || !PageCountValid) {
+ FreePages (ApicIds, (UINTN)PageCount);
+ return;
+ }
+
+ Status = PcdSet64S (PcdSevSnpApicIds, (UINTN)ApicIds);
+}
+
/**
Initialize SEV-SNP support if running as an SEV-SNP guest.
@@ -78,6 +157,14 @@ AmdSevSnpInitialize (
}
}
}
+
+ //
+ // Retrieve the APIC IDs if the hypervisor supports it. These will be used
+ // to always start APs using SNP AP Create.
+ //
+ if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) == GHCB_HV_FEATURES_APIC_ID_LIST) {
+ AmdSevSnpGetApicIds ();
+ }
}
/**
--
2.42.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114638): https://edk2.groups.io/g/devel/message/114638
Mute This Topic: https://groups.io/mt/103986465/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-01-26 22:15 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 22:12 [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 01/16] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-01-29 12:59 ` Gerd Hoffmann
2024-01-29 15:39 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 02/16] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-01-29 13:12 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 03/16] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
2024-01-29 13:22 ` Gerd Hoffmann
2024-01-29 15:51 ` Lendacky, Thomas via groups.io
2024-01-30 11:51 ` Gerd Hoffmann
2024-01-31 18:30 ` Lendacky, Thomas via groups.io
2024-02-01 8:35 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 04/16] UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM Lendacky, Thomas via groups.io
2024-02-02 6:06 ` Ni, Ray
2024-01-26 22:13 ` [edk2-devel] [PATCH 05/16] Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 06/16] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 07/16] OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
2024-01-29 14:40 ` Gerd Hoffmann
2024-01-29 17:34 ` Lendacky, Thomas via groups.io
2024-01-31 18:40 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 08/16] OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-01-29 14:46 ` Gerd Hoffmann
2024-01-29 17:37 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 09/16] UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-02-02 6:07 ` Ni, Ray
2024-01-26 22:13 ` [edk2-devel] [PATCH 10/16] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-01-29 14:52 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 11/16] UefiCpuPkg: Create APIC ID list PCD Lendacky, Thomas via groups.io
2024-01-29 14:57 ` Gerd Hoffmann
2024-02-02 6:08 ` Ni, Ray
2024-02-02 22:56 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` Lendacky, Thomas via groups.io [this message]
2024-01-29 15:00 ` [edk2-devel] [PATCH 12/16] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Gerd Hoffmann
2024-01-29 17:49 ` Lendacky, Thomas via groups.io
2024-01-30 11:25 ` Gerd Hoffmann
2024-01-26 22:13 ` [edk2-devel] [PATCH 13/16] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Lendacky, Thomas via groups.io
2024-01-29 15:21 ` Gerd Hoffmann
2024-01-29 18:00 ` Lendacky, Thomas via groups.io
2024-02-02 6:20 ` Ni, Ray
2024-02-02 22:58 ` Lendacky, Thomas via groups.io
2024-02-05 5:06 ` Ni, Ray
2024-01-26 22:13 ` [edk2-devel] [PATCH 14/16] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-01-29 15:21 ` Gerd Hoffmann
2024-02-02 6:48 ` Ni, Ray
2024-01-26 22:13 ` [edk2-devel] [PATCH 15/16] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
2024-01-29 15:23 ` Gerd Hoffmann
2024-01-29 18:04 ` Lendacky, Thomas via groups.io
2024-01-30 11:38 ` Gerd Hoffmann
2024-01-30 16:13 ` Lendacky, Thomas via groups.io
2024-01-26 22:13 ` [edk2-devel] [PATCH 16/16] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-01-29 15:24 ` Gerd Hoffmann
2024-01-27 4:04 ` [edk2-devel] [PATCH 00/16] Provide SEV-SNP support for running under an SVSM Yao, Jiewen
2024-01-27 17:48 ` Lendacky, Thomas via groups.io
2024-01-28 4:11 ` Yao, Jiewen
[not found] ` <17AE677D909D4A42.23935@groups.io>
2024-02-09 8:11 ` Yao, Jiewen
2024-02-09 16:17 ` Lendacky, Thomas via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d718094462670faa075a86eb7317d55911d7bcf0.1706307195.git.thomas.lendacky@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox