From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8BFF8AC14F5 for ; Tue, 30 Jan 2024 19:22:51 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=4NsCdlv9no+Vv6DGCepGzso78wWRSI/MVAGGx5omxUc=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706642570; v=1; b=rpXntci2iVTJtIWImL1s6+MRSrt8Z0V22TYZcEBsGCtsM8A0TxKfavXHtl9yOYHQCeAqIVvn PY0x6UYXSEQNRIyieSp5dOCnVYK1JcEEqK02LAIIZDseOw1cMavnmRTqsra9iz2K7YBA0SAYRw/ phzeB5o11LBmMTJ7Npc+zAbA= X-Received: by 127.0.0.2 with SMTP id HVNUYY7687511xAWbMVKtxN1; Tue, 30 Jan 2024 11:22:50 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web10.5461.1706642569413377002 for ; Tue, 30 Jan 2024 11:22:49 -0800 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-168-7_9O8cAfOEu_FmxgyFjUSA-1; Tue, 30 Jan 2024 14:22:46 -0500 X-MC-Unique: 7_9O8cAfOEu_FmxgyFjUSA-1 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5C9AD101A526; Tue, 30 Jan 2024 19:22:46 +0000 (UTC) X-Received: from [10.39.192.28] (unknown [10.39.192.28]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D0AB82026D66; Tue, 30 Jan 2024 19:22:44 +0000 (UTC) Message-ID: Date: Tue, 30 Jan 2024 20:22:43 +0100 MIME-Version: 1.0 Subject: Re: [edk2-devel] [PATCH v3 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process. To: devel@edk2.groups.io, kraxel@redhat.com Cc: Michael Roth , Oliver Steffen , Jiewen Yao , Tom Lendacky , Min Xu , Ard Biesheuvel , Erdem Aktas References: <20240130130441.772484-1-kraxel@redhat.com> <20240130130441.772484-2-kraxel@redhat.com> From: "Laszlo Ersek" In-Reply-To: <20240130130441.772484-2-kraxel@redhat.com> X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,lersek@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: MviDX7ocGQqVC7fkTEPKWp2ux7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=rpXntci2; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io On 1/30/24 14:04, Gerd Hoffmann wrote: > Specifically before running lzma uncompress of the main firmware volume. > This is needed to make sure caching is enabled, otherwise the uncompress > can be extremely slow. >=20 > Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes. >=20 > Background: Depending on virtual machine configuration kvm may uses EPT > memory types to apply guest MTRR settings. In case MTRRs are disabled > kvm will use the uncachable memory type for all mappings. The > vmx_get_mt_mask() function in the linux kernel handles this and can be > found here: >=20 > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arc= h/x86/kvm/vmx/vmx.c?h=3Dv6.7.1#n7580 >=20 > In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In > case the VM has a mdev device assigned that is not the case though. >=20 > Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable > should not be set by default in CR0") kvm also ended up using > MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit > kvm evaluates guest mtrr settings, which why setting up MTRRs early is > important now. >=20 > Signed-off-by: Gerd Hoffmann > --- > OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++ > OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++---- > OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++ > 3 files changed, 69 insertions(+), 5 deletions(-) >=20 > diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMai= n.c > index 42a587adfa57..a218ca17a01a 100644 > --- a/OvmfPkg/IntelTdx/Sec/SecMain.c > +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c > @@ -27,6 +27,8 @@ > #include > #include > #include > +#include > +#include > =20 > #define SEC_IDT_ENTRY_COUNT 34 > =20 > @@ -48,6 +50,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate =3D { > } > }; > =20 > +// > +// Enable MTRR early, set default type to write back. > +// Needed to make sure caching is enabled, > +// without this lzma decompress can be very slow. > +// > +STATIC > +VOID > +SecMtrrSetup ( > + VOID > + ) > +{ > + CPUID_VERSION_INFO_EDX Edx; > + MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; > + > + AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); > + if (!Edx.Bits.MTRR) { > + return; > + } > + > + DefType.Uint64 =3D AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); > + DefType.Bits.Type =3D 6; /* write back */ > + DefType.Bits.E =3D 1; /* enable */ > + AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); > +} > + > VOID > EFIAPI > SecCoreStartupWithStack ( > @@ -204,6 +231,11 @@ SecCoreStartupWithStack ( > InitializeApicTimer (0, MAX_UINT32, TRUE, 5); > DisableApicTimerInterrupt (); > =20 > + // > + // Initialize MTRR > + // > + SecMtrrSetup (); > + > PeilessStartup (&SecCoreData); > =20 > ASSERT (FALSE); > diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Librar= y/PlatformInitLib/MemDetect.c > index f042517bb64a..e89f63eee054 100644 > --- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c > +++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c > @@ -1082,18 +1082,18 @@ PlatformQemuInitializeRam ( > MtrrGetAllMtrrs (&MtrrSettings); > =20 > // > - // MTRRs disabled, fixed MTRRs disabled, default type is uncached > + // See SecMtrrSetup(), default type should be write back > // > - ASSERT ((MtrrSettings.MtrrDefType & BIT11) =3D=3D 0); > + ASSERT ((MtrrSettings.MtrrDefType & BIT11) !=3D 0); > ASSERT ((MtrrSettings.MtrrDefType & BIT10) =3D=3D 0); > - ASSERT ((MtrrSettings.MtrrDefType & 0xFF) =3D=3D 0); > + ASSERT ((MtrrSettings.MtrrDefType & 0xFF) =3D=3D MTRR_CACHE_WRITE_BA= CK); > =20 > // > // flip default type to writeback > // > - SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06); > + SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_W= RITE_BACK); > ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables); > - MtrrSettings.MtrrDefType |=3D BIT11 | BIT10 | 6; > + MtrrSettings.MtrrDefType |=3D BIT10; > MtrrSetAllMtrrs (&MtrrSettings); > =20 > // > diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c > index 31da5d0ace51..46c54f2984ff 100644 > --- a/OvmfPkg/Sec/SecMain.c > +++ b/OvmfPkg/Sec/SecMain.c > @@ -30,6 +30,8 @@ > #include > #include > #include > +#include > +#include > #include "AmdSev.h" > =20 > #define SEC_IDT_ENTRY_COUNT 34 > @@ -744,6 +746,31 @@ FindAndReportEntryPoints ( > return; > } > =20 > +// > +// Enable MTRR early, set default type to write back. > +// Needed to make sure caching is enabled, > +// without this lzma decompress can be very slow. > +// > +STATIC > +VOID > +SecMtrrSetup ( > + VOID > + ) > +{ > + CPUID_VERSION_INFO_EDX Edx; > + MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; > + > + AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); > + if (!Edx.Bits.MTRR) { > + return; > + } > + > + DefType.Uint64 =3D AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); > + DefType.Bits.Type =3D 6; /* write back */ > + DefType.Bits.E =3D 1; /* enable */ > + AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); > +} > + > VOID > EFIAPI > SecCoreStartupWithStack ( > @@ -942,6 +969,11 @@ SecCoreStartupWithStack ( > InitializeApicTimer (0, MAX_UINT32, TRUE, 5); > DisableApicTimerInterrupt (); > =20 > + // > + // Initialize MTRR > + // > + SecMtrrSetup (); > + > // > // Initialize Debug Agent to support source level debug in SEC/PEI pha= ses before memory ready. > // Cannot comment on the "OvmfPkg/IntelTdx/Sec/SecMain.c" source file changes, but for the rest: Reviewed-by: Laszlo Ersek -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114818): https://edk2.groups.io/g/devel/message/114818 Mute This Topic: https://groups.io/mt/104052591/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/leave/12367111/7686176/19134562= 12/xyzzy [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-