From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.40])
 by mx.groups.io with SMTP id smtpd.web10.3722.1680026997757869193
 for <devel@edk2.groups.io>;
 Tue, 28 Mar 2023 11:09:58 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=hUfGtdUK;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.40, mailfrom: thomas.lendacky@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=HmfVVwbeLpGc9XzeiP0XEmTQh7Ol0lSRYDKZLi6wgHrcyYt8kxeTpB2xIR1C0nHJF9KHjg8EMttFIGsc4a/T6xMVF6W6Dazlxd58s7Fxp0dYc8GRaNQjEGXkQ4dV9EXieHdyA8IZIG9gvjFpsrdKTXARiXu/EQxneWH3mdB94uPYAhQ3RTzEl5JKK/w9JbzLSjP1qr2QHnGueVbD2F/bpCrFU83zYMj+P8vvqTAndli7ZZiJW6KV5qO8FMTrSO7pwzSsE88aQRWWRfyAFId+S8p9VB+4wwpUCznJl17FsTDCDQIzWRZZTHv8z8wtRbuYt0Dq3XtcDhbJZMJcSbvg5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=KtjaM1A7U4tQg8Je4F8jCMyc06aQQNFUeOvrJVpLryc=;
 b=T8pvoZIcoftwXqredl3UHreJFYUg0fZRqByAecPAWhZtUdCTisji51M/knf0GlEaA+U1pXywGnhNGpP7HGC9/PEJ/IvpikkBrumXTOKUwxPaJN0w/inOnMsoS/Ut1X/+gkm06u7Q2VL8mXsof9tRxdNC38aoPSELJN5nB0TLWbdwErzmjHvriDO/cvEDJOf+2le1Nq9DQR7dWp/yJrwnh0a+7iD/+oXGrZrjDeAt6/lh4oreBlGAx2GwW6pApjAFUUdOeebzhOP/CNxeUUWCOyoNVcLqJZRr1vZddxBCwqNL6K/RS99c/0LYwuP7VBQFn4d0HFi2N648M/yjcniXiw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KtjaM1A7U4tQg8Je4F8jCMyc06aQQNFUeOvrJVpLryc=;
 b=hUfGtdUKzvhUCg4+AEkhQ4wpShXTQ74Z6x1uJNIaCd55XPjWt+LjJG/Kq4jsFI6pXgtvEV4TYhZT0bmKa6cKqsOEAuNjnkt9W0FtVllURJbpjUjNsCsE4aXAsAtF/yrkvMHtyRTAL4rTGb6VXHyOnjN58TLXqUgEX/hWW4YRk2Q=
Received: from BL1PR13CA0235.namprd13.prod.outlook.com (2603:10b6:208:2bf::30)
 by SJ1PR12MB6028.namprd12.prod.outlook.com (2603:10b6:a03:489::8) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.41; Tue, 28 Mar
 2023 18:09:53 +0000
Received: from BL02EPF0000C403.namprd05.prod.outlook.com
 (2603:10b6:208:2bf:cafe::6e) by BL1PR13CA0235.outlook.office365.com
 (2603:10b6:208:2bf::30) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.18 via Frontend
 Transport; Tue, 28 Mar 2023 18:09:53 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
 BL02EPF0000C403.mail.protection.outlook.com (10.167.241.5) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.6178.30 via Frontend Transport; Tue, 28 Mar 2023 18:09:53 +0000
Received: from tlendack-t1.amdoffice.net (10.180.168.240) by
 SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.34; Tue, 28 Mar 2023 13:09:52 -0500
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: <devel@edk2.groups.io>
CC: Eric Dong <eric.dong@intel.com>, Ray Ni <ray.ni@intel.com>, Rahul Kumar
	<rahul1.kumar@intel.com>, Gerd Hoffmann <kraxel@redhat.com>, Michael Roth
	<michael.roth@amd.com>, Ashish Kalra <Ashish.Kalra@amd.com>
Subject: [PATCH v2 2/2] UefiCpuPkg/MpInitLib: Ensure SEV-SNP VMSA allocations are not 2MB aligned
Date: Tue, 28 Mar 2023 13:09:24 -0500
Message-ID: <ebb1da256879843eaea76a7334f9f3c60da638ee.1680026964.git.thomas.lendacky@amd.com>
X-Mailer: git-send-email 2.40.0
In-Reply-To: <cover.1680026964.git.thomas.lendacky@amd.com>
References: <cover.1680026964.git.thomas.lendacky@amd.com>
MIME-Version: 1.0
Return-Path: Thomas.Lendacky@amd.com
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL02EPF0000C403:EE_|SJ1PR12MB6028:EE_
X-MS-Office365-Filtering-Correlation-Id: 308649a3-314a-4f44-3ca4-08db2fb7a151
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	BibmN9q2fU9EoxS4OVs+ND81BMizSDg0xqF1A82I/7wnASuhfBgLEyDx9w34WY6X8CjrqkeIWSJXxNLU3N8DHuM1lW4vEKx7sO5iaCHeRcfcRZ6kb6UIuK5HNnFJ1wOMLU1dVmPQ9VOGt1u4kUAZwkN16+nMxjuFVmeg5nKyHgPALPebMCoXuJbl3mIMod24MIcu5QAmvJoHgYWvZsbM6OaunmzEZH6EGmFAUaj+qZsjJJmf+XTFoVG2LmNGECE5sAPIlZA8DSl7/ojk91JF/ft0mHKkcW2h6XkM54aKJeSQCQ6eZoC80eD9ZIXgPXi4CpplEblkq+BYTfxdCWLkqe7Jp+8YH1r5nAe0Sbw0Ush/fkTi5m+N9axyYbKGmMqvPG50HjIcsWyZYHJab3V2r6gSzKnp9lT3+BPzg6mmMEwpzdqt7Y/K3R7wsyALakXwJ8k922y3BMIrmnzfDC0E1zYM1O+dfC2VNXP1/4S1IrurDoxS4w++a8LzpoeAQX1tsv9IScZ+bxm2dF3OfPgIGdow2LLVLJRh4rtM2FSPgOIMpbIJ3MJbKde9xwdRIiBvZc7Uae1NgfndztdD7qjmh00RZ4pHsyVmlOkeheX28RJ770QBHKYvGXHFomtB3/mSxi4HdwrANvt2rrFkoYts2edipLrDcaE31pTAeBHndY6vbaHG2v+IBpJt2Io1pBur0czMgtStnh32XxyexnWihejNZLgwDvyOKfHESJh7fFI=
X-Forefront-Antispam-Report: 
	CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(6029001)(4636009)(136003)(396003)(376002)(346002)(39860400002)(451199021)(46966006)(36840700001)(40470700004)(81166007)(16526019)(70586007)(70206006)(8676002)(6916009)(40460700003)(41300700001)(2906002)(82310400005)(83380400001)(5660300002)(186003)(36756003)(36860700001)(426003)(47076005)(356005)(86362001)(82740400003)(2616005)(336012)(4326008)(40480700001)(478600001)(54906003)(6666004)(966005)(8936002)(26005)(19627235002)(316002)(36900700001);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Mar 2023 18:09:53.4564
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 308649a3-314a-4f44-3ca4-08db2fb7a151
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BL02EPF0000C403.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6028
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4353

Due to AMD erratum #1467, an SEV-SNP VMSA should not be 2MB aligned. To
work around this issue, allocate two pages instead of one. Because of the
way that page allocation is implemented, always try to use the second
page. If the second page is not 2MB aligned, free the first page and use
the second page. If the second page is 2MB aligned, free the second page
and use the first page. Freeing in this way reduces holes in the memory
map.

Fixes: 06544455d0d4 ("UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation ...")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 26 ++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library=
/MpInitLib/X64/AmdSev.c
index 509be9b41757..c9f0984f41a2 100644
--- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
+++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c
@@ -13,6 +13,8 @@
 #include <Register/Amd/Fam17Msr.h>
 #include <Register/Amd/Ghcb.h>
=20
+#define _IS_ALIGNED(x, y)  (ALIGN_POINTER((x), (y)) =3D=3D (x))
+
 /**
   Perform the requested AP Creation action.
=20
@@ -121,6 +123,7 @@ SevSnpCreateSaveArea (
   UINT32          ApicId
   )
 {
+  UINT8             *Pages;
   SEV_ES_SAVE_AREA  *SaveArea;
   IA32_CR0          ApCr0;
   IA32_CR0          ResetCr0;
@@ -131,13 +134,30 @@ SevSnpCreateSaveArea (
=20
   if (CpuData->SevEsSaveArea =3D=3D NULL) {
     //
-    // Allocate a single page for the SEV-ES Save Area and initialize it.
+    // Allocate a page for the SEV-ES Save Area and initialize it. Due to =
AMD
+    // erratum #1467 (VMSA cannot be on a 2MB boundary), allocate an extra=
 page
+    // to choose from to work around the issue.
     //
-    SaveArea =3D AllocateReservedPages (1);
-    if (!SaveArea) {
+    Pages =3D AllocateReservedPages (2);
+    if (!Pages) {
       return;
     }
=20
+    //
+    // Since page allocation works by allocating downward in the address s=
pace,
+    // try to always free the first (lower address) page to limit possible=
 holes
+    // in the memory map. So, if the address of the second page is 2MB ali=
gned,
+    // then use the first page and free the second page. Otherwise, free t=
he
+    // first page and use the second page.
+    //
+    if (_IS_ALIGNED (Pages + EFI_PAGE_SIZE, SIZE_2MB)) {
+      SaveArea =3D (SEV_ES_SAVE_AREA *)Pages;
+      FreePages (Pages + EFI_PAGE_SIZE, 1);
+    } else {
+      SaveArea =3D (SEV_ES_SAVE_AREA *)(Pages + EFI_PAGE_SIZE);
+      FreePages (Pages, 1);
+    }
+
     CpuData->SevEsSaveArea =3D SaveArea;
   } else {
     SaveArea =3D CpuData->SevEsSaveArea;
--=20
2.40.0