From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-BN3-obe.outbound.protection.outlook.com (NAM04-BN3-obe.outbound.protection.outlook.com [40.107.68.41]) by mx.groups.io with SMTP id smtpd.web11.6074.1609857615725367913 for ; Tue, 05 Jan 2021 06:40:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=W1y9VMLV; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.68.41, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=miBfjgK2nnfBf0kVlHyiPlRIbkduYPLeC7zfYx0dIiYxaksz79Dn6PuMvZHS60E8QmVd2dBo6XA5klT/y1KfsJLb9bbrwgq2xgBC5Jmi2M84y/Y40CsWSy/DmPUKVg8OX5Ww0e28Uy2bnBiDe7RNcST5dsBmcWH43QOGjAl8Ef+FYu85kgS+RJW19yUPW+wTRYW2P5Fp6GYZxrj2giQ+yxbtxHOzbM7JXWdlysQMzAG/AVsvKERYmB3nXa8S3DWvITx8i8bVsLdUp+/tRAXEqr06oRaRlIVbmmYEKalZyfkS7Y7o7uF15gT0xU+IUNK23Vvz7DFKPVfdvqZJQ11DDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ysJOyT+DrKn7Wmukphf2rAljddFziiJaKps0zxj2sPE=; b=fsbLrpRazlm4T8bjViQAe/lYqal87B70OtaMmAnfDRoRa0cVDfX+ErReLYZSdLn1R/7ize74Bkex1G0igZ4oMlvyA4Bv+JZvHQX8P8aYVViO/vzn/sdf08OkhrUp+yHSuV5fQb49lyxTV/qHUMnLC0alt8VAjc4ebmIlc8NjLCRQ4LnZcxZCn8s/7M12x/kqxw1H9MSVr9pOj+RefbCnhXCAyN3beiHLNUlDYRLF9Xq+AAWhLTjaPTjKf5aa0+TUjvtvNAOPflBCi0lW6hToxWk1M6L5bc7bJwBMSHdLUBtB4JwHE0hgRk3Kwyh9zOP7S43Ml6yIFeVdeBN0j1LAWg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ysJOyT+DrKn7Wmukphf2rAljddFziiJaKps0zxj2sPE=; b=W1y9VMLVWbIGJJeV7Eh/TDc5JnURy2er3S7HmNAg5fsVI2UCkpvPRy8fzPG9seQOg0F92qdKP418tm445rbSh9fxfNwgFK9s9ZTFK/HUIEWQU1cJuRUcQebyDR4+hNTVBgMZQKyv5naavCfD6BsU9tUYFevSG/wx0qIon6sMPh0= Authentication-Results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4958.namprd12.prod.outlook.com (2603:10b6:5:20a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.21; Tue, 5 Jan 2021 14:40:10 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Tue, 5 Jan 2021 14:40:10 +0000 Subject: Re: [edk2-devel] [PATCH 11/12] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported To: Laszlo Ersek , devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel , Anthony Perard , Julien Grall References: <6190a1ad-3475-8b0c-9391-3efdc6050213@redhat.com> From: "Lendacky, Thomas" Message-ID: Date: Tue, 5 Jan 2021 08:40:08 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <6190a1ad-3475-8b0c-9391-3efdc6050213@redhat.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0212.namprd13.prod.outlook.com (2603:10b6:806:25::7) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.118] (165.204.77.1) by SA9PR13CA0212.namprd13.prod.outlook.com (2603:10b6:806:25::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.4 via Frontend Transport; Tue, 5 Jan 2021 14:40:09 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 45a98ac3-094f-4755-d493-08d8b187cdd7 X-MS-TrafficTypeDiagnostic: DM6PR12MB4958: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JlVFyfbBhD0xxkzW7k9gTpzSJpVBORXyKYHZT/GWx+t81CtYj44q9pdIykFKuTj12EXBMvrlcxbH31Hgfc5VaF2q5zim5dFxEbpHP7lJEIq1SH9VHfCy9mPlEii4VPztCyx0uItKX4o7g9P3fWhazHWWQjM7zqNKDfpE9Ovix0yc5kJ7t5myOKNRxD9XHUcqsWK+98keSETgKDe62AEr/Ej1ZaUinmzZPoff74eku83JGsR9YFh5YCW1T2Wl7ga4n2xu2/whA8JXKFtemcKP6O0Xknj8TYLUwfN8wBpDWqPvxQxQ2mHgNh4rZ7jvzz7qkf6x6zYaxXtxL5GoFX4uS/jlf69bS3GHFzlJ71oHjc84RO/LV6XzA5UR6yhrbEaFRfiPrUhEsjifpqVLxlHXj367ILiZ0LExCkak44nNBj20eczTz2mPkxd0soCOl3t+b4efxz8wYOwxbBSTY0oD8Mkc2WQ8MJOSqq0q1JIwRwea/qKu0ricTnrqHVrCR2YBpFCX9nuwSBnWi5sKDDk5MGUpN33AVMzMhLPmBpel1nDNtIiFytwexH78ciudOCnI X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(39860400002)(376002)(136003)(346002)(66476007)(45080400002)(31696002)(16576012)(316002)(83380400001)(478600001)(86362001)(66946007)(8676002)(66556008)(36756003)(5660300002)(52116002)(966005)(2616005)(186003)(4326008)(53546011)(6486002)(956004)(54906003)(8936002)(2906002)(31686004)(16526019)(26005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?b0FvNHN0UjNaYjBrc0FCelhFMm14RUMwdlIwQk5tYzNKYkp1QU5jWS95bDgr?= =?utf-8?B?dU9CR09mUVZrNnFmb252Ykk5MTNOclFxZFFmdkNYSGw1MWZHNFVab2x5R0Mx?= =?utf-8?B?akRkV2xtVUJMaTVQeTlmSFhLMENSZ1pCVWN0ZlNHaUxGbG1BWHo1UGV2WmxC?= =?utf-8?B?N2RoMU5NUFVLZk5LNW5IcjRvMTM1QmMvQmVRSjlsSFFUdk5LdUJlSERhSEZi?= =?utf-8?B?eVR5dXVkTWlWUEs0dVNzd0RSUDFseUxwOGtzbFo4emdlVXZUdnNCcU9WcGxD?= =?utf-8?B?TTM5VzFTVjJhaStUYjZweWNhWGhTNzQxRjZ2N1piK3pYeG1rYXR1SFBWUHYv?= =?utf-8?B?L2wvUERYRG5VcDJrUXYycGlDa2J1em9wdFVIQWE3aVFJZ3V4UlNRUHNRVHlT?= =?utf-8?B?RTAyeXRtSWRhWUJsTVNTbjVjVGhkZFJKUUxjZ0hxU2M4aUNqc2NOOTVMQUFE?= =?utf-8?B?d1NQWHQ2QUdscGtiS25qM0VqdDJ6WWRoblFqTXdjVk45S2dDSUs5SWtZbjZy?= =?utf-8?B?RjZSU3RpZ2JLdGduZlFTY1doZ2pkUlcyRW5HOVgxL0tLWE5SWHhmd0NuWUI5?= =?utf-8?B?S21CZitUWkIvOU1nOHBpOG5wVHMwUDlsdFpqT2VZbTcydlp1WFQwaG9oU2wr?= =?utf-8?B?U2pzc0dYMjczblA1MFhUc3JIc2pteTV6S2NtTzVaOEVuaFhUME5uMVpYT21L?= =?utf-8?B?Z3VUZXY2Y2libTc2WWVLOHBsamh5S3VhUEptZHpiQno5cFA3TE95YXZheXlB?= =?utf-8?B?UnBqMy8vNlE2R0xRVUV1K3VJUG5EREY0RTREaHNzb2cwenllTUovSlhRcUg4?= =?utf-8?B?OU53Sm0yV3g0YUovMEFyYy9MaTNCdnVLNjEySWNjMHVzdlBuN1FDaEFLYWwv?= =?utf-8?B?ZjN0MTBNenJwVzFESXM1ZFNYQWJ6ZDR1TmlvYjR0bEMwcit0NGM0dng0c0ZL?= =?utf-8?B?Y3dieXVybVVmU2dvRVdjQjRWV2d5WEJpaHRZQnMyRjh3YTJyN3RLMFJ3bkhF?= =?utf-8?B?SE15NHFsRnlIb0xjdUdIaEhwNzlsQ0c1ajhCUEwyUUN6d2F0SDhIR2ZBN0ZS?= =?utf-8?B?cTBBcjFRUTk4Ui9Ka1lJTEpqUWh1amJOaGpZY1ppUVNldjRRcHU4NGN0QkRr?= =?utf-8?B?WXdWUnlQNE1FU2F4RXRmL25lcktjcU01SlJyNWJiLzM3a1EwbkFjb0tGR1Br?= =?utf-8?B?QzkxRC9HUmlmdVMvSDVUTWdndE0xeFoxcEQ3ZzU2T2k1SHRYL3AzelJ0SVlV?= =?utf-8?B?Z2lFL0pnV1NIekk3VzQ1ejlpVkFGVUNQWi9hcXlLdHhYYWZWWHBqRllnVFl0?= =?utf-8?Q?LbHF/xuYflUQLgc1l0gaqN8UgyfYeJrL/X?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2021 14:40:10.3661 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 45a98ac3-094f-4755-d493-08d8b187cdd7 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xg0qT8qNSbLV35dXggLP/XJ+XHCVPpQmluqN6QEaUmUJZARgUgCxzqfY1Fpwn6J2o6mbd0EfKZnb8WrxEsF6jA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4958 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 1/5/21 4:13 AM, Laszlo Ersek wrote: > On 12/15/20 21:51, Lendacky, Thomas wrote: >> From: Tom Lendacky >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7C330e4cc1c9954f57e60e08d8b1629676%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637454384297042607%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tutrqsYVzXDNPUeIBu0XwhE7Jhj6UPCDbITGhLeVgWY%3D&reserved=0 >> >> Protect the GHCB backup pages used by an SEV-ES guest when S3 is >> supported. >> >> Regarding the lifecycle of the GHCB backup pages: >> PcdOvmfSecGhcbBackupBase >> >> (a) when and how it is initialized after first boot of the VM >> >> If SEV-ES is enabled, the GHCB backup pages when a nested #VC is >> received during the SEC phase >> [OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c]. > > (1) This sentence appears to miss a verb. Yup. I'll change it to: If SEV-ES is enabled, the GHCB backup pages are initialized when a nested #VC is received during the SEC phase [OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c]. Thanks, Tom > > With that fixed: > > Reviewed-by: Laszlo Ersek > > Thanks > Laszlo > >> >> (b) how it is protected from memory allocations during DXE >> >> If S3 and SEV-ES are enabled, then InitializeRamRegions() >> [OvmfPkg/PlatformPei/MemDetect.c] protects the ranges with an AcpiNVS >> memory allocation HOB, in PEI. >> >> If S3 is disabled, then these ranges are not protected. PEI switches to >> the GHCB backup pages in permanent PEI memory and DXE will use these >> PEI GHCB backup pages, so we don't have to preserve >> PcdOvmfSecGhcbBackupBase. >> >> (c) how it is protected from the OS >> >> If S3 is enabled, then (b) reserves it from the OS too. >> >> If S3 is disabled, then the range needs no protection. >> >> (d) how it is accessed on the S3 resume path >> >> It is rewritten same as in (a), which is fine because (b) reserved it. >> >> (e) how it is accessed on the warm reset path >> >> It is rewritten same as in (a). >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Anthony Perard >> Cc: Julien Grall >> Cc: Brijesh Singh >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ >> OvmfPkg/PlatformPei/MemDetect.c | 5 +++++ >> 2 files changed, 7 insertions(+) >> >> diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf >> index c53be2f4925c..6ef77ba7bb21 100644 >> --- a/OvmfPkg/PlatformPei/PlatformPei.inf >> +++ b/OvmfPkg/PlatformPei/PlatformPei.inf >> @@ -118,6 +118,8 @@ [FixedPcd] >> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiReservedMemoryType >> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode >> gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase >> + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize >> gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase >> gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaSize >> >> diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c >> index ffbbef891a11..c08aa2e45a53 100644 >> --- a/OvmfPkg/PlatformPei/MemDetect.c >> +++ b/OvmfPkg/PlatformPei/MemDetect.c >> @@ -888,6 +888,11 @@ InitializeRamRegions ( >> (UINT64)(UINTN) PcdGet32 (PcdOvmfSecGhcbSize), >> EfiACPIMemoryNVS >> ); >> + BuildMemoryAllocationHob ( >> + (EFI_PHYSICAL_ADDRESS)(UINTN) PcdGet32 (PcdOvmfSecGhcbBackupBase), >> + (UINT64)(UINTN) PcdGet32 (PcdOvmfSecGhcbBackupSize), >> + EfiACPIMemoryNVS >> + ); >> } >> #endif >> } >> >