From nobody Thu May 16 16:06:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102056+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1680026989449781.7776337065384; Tue, 28 Mar 2023 11:09:49 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id q4hkYY1788612x4Wf69n3mP8; Tue, 28 Mar 2023 11:09:49 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.60]) by mx.groups.io with SMTP id smtpd.web11.3790.1680026987996362731 for ; Tue, 28 Mar 2023 11:09:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FzWmW04BvZaFdorlPM0VI3kl0iuzNTU6UDTg836ll4M3kQElQd4y2Y3BkR3aOI0qhBOGS8xYXgGItgM2PQUmKMI5xlLNtmmIGn07N4bxzRX7DnSmNFBPfedoEma7LzzdgnJNhlCXk05jL8NM4GpA3bvrz+b03ysObNm0v1OZjh1uWeWVPOzBjpOTVK1kkwD/9HfF8wCUA5hcEBxhUI7RUEoiLye8N4kRXzEidjZ3LAlK76kz6u3fdEsHgnJ63g2+IwF9JicVkvozKwKT5TZFvokQqT0VeV4uVtRTUd3ybAAtNQuV/hpfpKhtKUgsciqftxOhopOZM9OGJvcRweZPqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+TsFR+DxnVfWDR6hxl0gElpSvdoXZmXYZJ9+I8aTiA0=; b=U/1WE5sa4+gJfzm3lHxwMZh/kJfh3Zz7jBQvXLKMxRJb4RQnIh86L0qY9wNCC930DEGSF4NJ0Sla3M2A2m7WFePgKGBwGYGc+Zg+ULgWlG4uja7VB9BwKPxxX1jv9p/K15LQIuJPd1ELx/dli3Av73sEScFUQuPOknvtPbbWuU4/rDQnflWXB2+uzvGlDLWroSweMbM0LUs7RGVIU27eFSSohoIfkC68LjMrWh3arbzW2IF9A5DcR58kh7iWUgnsVJe8aZEfWRsLa8oMsj2ZUiimiy80lgR0H4F9DCJfs14KCweTjdP/UW0TeZV+i5QaDu6ZQMu7eQoh8IijGyzUNQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none X-Received: from MN2PR06CA0001.namprd06.prod.outlook.com (2603:10b6:208:23d::6) by SA1PR12MB6945.namprd12.prod.outlook.com (2603:10b6:806:24c::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6222.33; Tue, 28 Mar 2023 18:09:46 +0000 X-Received: from BL02EPF0000C405.namprd05.prod.outlook.com (2603:10b6:208:23d:cafe::d4) by MN2PR06CA0001.outlook.office365.com (2603:10b6:208:23d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.43 via Frontend Transport; Tue, 28 Mar 2023 18:09:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+102056+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BL02EPF0000C405.mail.protection.outlook.com (10.167.241.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6178.30 via Frontend Transport; Tue, 28 Mar 2023 18:09:45 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Tue, 28 Mar 2023 13:09:44 -0500 From: "Lendacky, Thomas via groups.io" To: CC: Eric Dong , Ray Ni , Rahul Kumar , Gerd Hoffmann , Michael Roth , Ashish Kalra Subject: [edk2-devel] [PATCH v2 1/2] UefiCpuPkg/MpInitLib: Reuse VMSA allocation to avoid unreserved allocation Date: Tue, 28 Mar 2023 13:09:23 -0500 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF0000C405:EE_|SA1PR12MB6945:EE_ X-MS-Office365-Filtering-Correlation-Id: 9377b07a-9005-4408-f06d-08db2fb79c99 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: J+9EE1BLZUZtt1265DFsX6QcAfJ0QRaWJUppxzeMlC35auNG07xPu1ukjxzI1loFx77iFQdov+aUEJ+m32UDFY3SYm4Dz6HwJ2LCLu+AEk+JksBhZCgnGn7w3Q0AQ79jAI4MZ51xf7i4efiKjoe6DWcJS3BumoU+uxlO+Kp8S1n3trerEC3bGac67aTahsH5a5xYhIyNAl7WI7xUZZfSPVwRX/3PCx9bCtaNGZi3o6V4v11tyR43p5+Gmr90PC3vsvwt7O8Zi7Rrjfvy61a1VDnz/IuUJWiWdvhYHHmAWlm+nOBFycjXIV0qsZXwmvsD2Y4JAMlHIvpyDb7YyJ7KkLPs4jJF+URK6kzi1cdHBEw4LGXdo3fadoRTyYIk950mXNiNti6G6/xNzwr5pwv3tzQTee+YpJDMKU8BoIBXGAAGFAIb/56S0v7H+6aq3TGIymnan8MCKw0HuUaNe+X5ikAudwC70SLs2j9wYICOQsoNTZhivKXljnZo5s+QCebMyXb6ZjiwJaLeYWFLqfiWdGu7p/6cgwNAXguq9IqqCpy0Ip6eyuhbxlP3xi3mOzZKaSIzdffeayzIsZ3hwlLlT2TDU4wI5ARm7e4/MiRGMAzHkVuhExbqb/xRIF0JcJGoFgWV7Ro8KYYKTOC0jyFpKRv0hwikJn7OOGUa4VIYwYv7CZ+TktnYhQL5t0d7zWoUv1d4+6rYyzw+aj0ww4AfmUuNMJy8khJQ+PwKevwnCZE= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Mar 2023 18:09:45.5443 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9377b07a-9005-4408-f06d-08db2fb79c99 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF0000C405.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB6945 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: lMuOOBApDmwMZuhpIFRROdpKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1680026989; bh=Nbg1wfxLfzphoLhDhho4LbjiY+PqDH9vkK/FyE79gLQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=mMqWVAWygvrEITo6OrylFdELLfBql1HScRhm7lsW4Vl3/JdFXxM/ol4FZiAeksJhI8S WQ4rCeFUDmPAbZ4rKsQXbbyKQfU2U8cotUdN6wevtMzQmpSJE5Pgsa2oeBnhL3pLyxjll J/tqEV/61da2AnkZJpmFWRtFHXdgSMUDG3U= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1680026990795100001 Content-Type: text/plain; charset="utf-8" https://bugzilla.tianocore.org/show_bug.cgi?id=3D4353 When parking the APs on exiting from UEFI, a new page allocation is made. This allocation, however, does not end up being marked reserved in the memory map supplied to the OS. To avoid this, re-use the VMSA by clearing the VMSA RMP flag, updating the page contents and re-setting the VMSA RMP flag. Fixes: 06544455d0d4 ("UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation ...") Signed-off-by: Tom Lendacky Acked-by: Gerd Hoffmann Acked-by: Ray Ni --- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 204 +++++++++++++--------- 1 file changed, 124 insertions(+), 80 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index bfda1e19030d..509be9b41757 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -14,40 +14,140 @@ #include =20 /** - Create an SEV-SNP AP save area (VMSA) for use in running the vCPU. + Perform the requested AP Creation action. =20 - @param[in] CpuMpData Pointer to CPU MP Data - @param[in] CpuData Pointer to CPU AP Data + @param[in] SaveArea Pointer to VM save area (VMSA) @param[in] ApicId APIC ID of the vCPU + @param[in] Action AP action to perform + + @retval TRUE Action completed successfully + @retval FALSE Action did not complete successfully **/ -VOID -SevSnpCreateSaveArea ( - IN CPU_MP_DATA *CpuMpData, - IN CPU_AP_DATA *CpuData, - UINT32 ApicId +STATIC +BOOLEAN +SevSnpPerformApAction ( + IN SEV_ES_SAVE_AREA *SaveArea, + IN UINT32 ApicId, + IN UINTN Action ) { - SEV_ES_SAVE_AREA *SaveArea; - IA32_CR0 ApCr0; - IA32_CR0 ResetCr0; - IA32_CR4 ApCr4; - IA32_CR4 ResetCr4; - UINTN StartIp; - UINT8 SipiVector; - UINT32 RmpAdjustStatus; - UINT64 VmgExitStatus; MSR_SEV_ES_GHCB_REGISTER Msr; GHCB *Ghcb; BOOLEAN InterruptState; UINT64 ExitInfo1; UINT64 ExitInfo2; + UINT32 RmpAdjustStatus; + UINT64 VmgExitStatus; =20 - // - // Allocate a single page for the SEV-ES Save Area and initialize it. - // - SaveArea =3D AllocateReservedPages (1); - if (!SaveArea) { - return; + if (Action =3D=3D SVM_VMGEXIT_SNP_AP_CREATE) { + // + // To turn the page into a recognized VMSA page, issue RMPADJUST: + // Target VMPL but numerically higher than current VMPL + // Target PermissionMask is not used + // + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, + TRUE + ); + if (RmpAdjustStatus !=3D 0) { + DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n")= ); + ASSERT (FALSE); + + return FALSE; + } + } + + ExitInfo1 =3D (UINT64)ApicId << 32; + ExitInfo1 |=3D Action; + ExitInfo2 =3D (UINT64)(UINTN)SaveArea; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + CcExitVmgInit (Ghcb, &InterruptState); + + if (Action =3D=3D SVM_VMGEXIT_SNP_AP_CREATE) { + Ghcb->SaveArea.Rax =3D SaveArea->SevFeatures; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + } + + VmgExitStatus =3D CcExitVmgExit ( + Ghcb, + SVM_EXIT_SNP_AP_CREATION, + ExitInfo1, + ExitInfo2 + ); + + CcExitVmgDone (Ghcb, InterruptState); + + if (VmgExitStatus !=3D 0) { + DEBUG ((DEBUG_INFO, "SEV-SNP: AP Destroy failed\n")); + ASSERT (FALSE); + + return FALSE; + } + + if (Action =3D=3D SVM_VMGEXIT_SNP_AP_DESTROY) { + // + // Make the current VMSA not runnable and accessible to be + // reprogrammed. + // + RmpAdjustStatus =3D SevSnpRmpAdjust ( + (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, + FALSE + ); + if (RmpAdjustStatus !=3D 0) { + DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n")); + ASSERT (FALSE); + + return FALSE; + } + } + + return TRUE; +} + +/** + Create an SEV-SNP AP save area (VMSA) for use in running the vCPU. + + @param[in] CpuMpData Pointer to CPU MP Data + @param[in] CpuData Pointer to CPU AP Data + @param[in] ApicId APIC ID of the vCPU +**/ +VOID +SevSnpCreateSaveArea ( + IN CPU_MP_DATA *CpuMpData, + IN CPU_AP_DATA *CpuData, + UINT32 ApicId + ) +{ + SEV_ES_SAVE_AREA *SaveArea; + IA32_CR0 ApCr0; + IA32_CR0 ResetCr0; + IA32_CR4 ApCr4; + IA32_CR4 ResetCr4; + UINTN StartIp; + UINT8 SipiVector; + + if (CpuData->SevEsSaveArea =3D=3D NULL) { + // + // Allocate a single page for the SEV-ES Save Area and initialize it. + // + SaveArea =3D AllocateReservedPages (1); + if (!SaveArea) { + return; + } + + CpuData->SevEsSaveArea =3D SaveArea; + } else { + SaveArea =3D CpuData->SevEsSaveArea; + + // + // Tell the hypervisor to not use the current VMSA + // + if (!SevSnpPerformApAction (SaveArea, ApicId, SVM_VMGEXIT_SNP_AP_DESTR= OY)) { + return; + } } =20 ZeroMem (SaveArea, EFI_PAGE_SIZE); @@ -132,63 +232,7 @@ SevSnpCreateSaveArea ( SaveArea->Vmpl =3D 0; SaveArea->SevFeatures =3D AsmReadMsr64 (MSR_SEV_STATUS) >> 2; =20 - // - // To turn the page into a recognized VMSA page, issue RMPADJUST: - // Target VMPL but numerically higher than current VMPL - // Target PermissionMask is not used - // - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - TRUE - ); - ASSERT (RmpAdjustStatus =3D=3D 0); - - ExitInfo1 =3D (UINT64)ApicId << 32; - ExitInfo1 |=3D SVM_VMGEXIT_SNP_AP_CREATE; - ExitInfo2 =3D (UINT64)(UINTN)SaveArea; - - Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); - Ghcb =3D Msr.Ghcb; - - CcExitVmgInit (Ghcb, &InterruptState); - Ghcb->SaveArea.Rax =3D SaveArea->SevFeatures; - CcExitVmgSetOffsetValid (Ghcb, GhcbRax); - VmgExitStatus =3D CcExitVmgExit ( - Ghcb, - SVM_EXIT_SNP_AP_CREATION, - ExitInfo1, - ExitInfo2 - ); - CcExitVmgDone (Ghcb, InterruptState); - - ASSERT (VmgExitStatus =3D=3D 0); - if (VmgExitStatus !=3D 0) { - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - FALSE - ); - if (RmpAdjustStatus =3D=3D 0) { - FreePages (SaveArea, 1); - } else { - DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed, leaking VMSA page\n"= )); - } - - SaveArea =3D NULL; - } - - if (CpuData->SevEsSaveArea) { - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)CpuData->SevEsSaveAre= a, - FALSE - ); - if (RmpAdjustStatus =3D=3D 0) { - FreePages (CpuData->SevEsSaveArea, 1); - } else { - DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed, leaking VMSA page\n"= )); - } - } - - CpuData->SevEsSaveArea =3D SaveArea; + SevSnpPerformApAction (SaveArea, ApicId, SVM_VMGEXIT_SNP_AP_CREATE); } =20 /** --=20 2.40.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102056): https://edk2.groups.io/g/devel/message/102056 Mute This Topic: https://groups.io/mt/97911957/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 16 16:06:41 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+102057+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1680026998802595.5994105527184; Tue, 28 Mar 2023 11:09:58 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id jmqpYY1788612xb7PHFByFtD; Tue, 28 Mar 2023 11:09:58 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.40]) by mx.groups.io with SMTP id smtpd.web10.3722.1680026997757869193 for ; Tue, 28 Mar 2023 11:09:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HmfVVwbeLpGc9XzeiP0XEmTQh7Ol0lSRYDKZLi6wgHrcyYt8kxeTpB2xIR1C0nHJF9KHjg8EMttFIGsc4a/T6xMVF6W6Dazlxd58s7Fxp0dYc8GRaNQjEGXkQ4dV9EXieHdyA8IZIG9gvjFpsrdKTXARiXu/EQxneWH3mdB94uPYAhQ3RTzEl5JKK/w9JbzLSjP1qr2QHnGueVbD2F/bpCrFU83zYMj+P8vvqTAndli7ZZiJW6KV5qO8FMTrSO7pwzSsE88aQRWWRfyAFId+S8p9VB+4wwpUCznJl17FsTDCDQIzWRZZTHv8z8wtRbuYt0Dq3XtcDhbJZMJcSbvg5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KtjaM1A7U4tQg8Je4F8jCMyc06aQQNFUeOvrJVpLryc=; b=T8pvoZIcoftwXqredl3UHreJFYUg0fZRqByAecPAWhZtUdCTisji51M/knf0GlEaA+U1pXywGnhNGpP7HGC9/PEJ/IvpikkBrumXTOKUwxPaJN0w/inOnMsoS/Ut1X/+gkm06u7Q2VL8mXsof9tRxdNC38aoPSELJN5nB0TLWbdwErzmjHvriDO/cvEDJOf+2le1Nq9DQR7dWp/yJrwnh0a+7iD/+oXGrZrjDeAt6/lh4oreBlGAx2GwW6pApjAFUUdOeebzhOP/CNxeUUWCOyoNVcLqJZRr1vZddxBCwqNL6K/RS99c/0LYwuP7VBQFn4d0HFi2N648M/yjcniXiw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none X-Received: from BL1PR13CA0235.namprd13.prod.outlook.com (2603:10b6:208:2bf::30) by SJ1PR12MB6028.namprd12.prod.outlook.com (2603:10b6:a03:489::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.41; Tue, 28 Mar 2023 18:09:53 +0000 X-Received: from BL02EPF0000C403.namprd05.prod.outlook.com (2603:10b6:208:2bf:cafe::6e) by BL1PR13CA0235.outlook.office365.com (2603:10b6:208:2bf::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.18 via Frontend Transport; Tue, 28 Mar 2023 18:09:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+102057+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BL02EPF0000C403.mail.protection.outlook.com (10.167.241.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6178.30 via Frontend Transport; Tue, 28 Mar 2023 18:09:53 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Tue, 28 Mar 2023 13:09:52 -0500 From: "Lendacky, Thomas via groups.io" To: CC: Eric Dong , Ray Ni , Rahul Kumar , Gerd Hoffmann , Michael Roth , Ashish Kalra Subject: [edk2-devel] [PATCH v2 2/2] UefiCpuPkg/MpInitLib: Ensure SEV-SNP VMSA allocations are not 2MB aligned Date: Tue, 28 Mar 2023 13:09:24 -0500 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL02EPF0000C403:EE_|SJ1PR12MB6028:EE_ X-MS-Office365-Filtering-Correlation-Id: 308649a3-314a-4f44-3ca4-08db2fb7a151 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: BibmN9q2fU9EoxS4OVs+ND81BMizSDg0xqF1A82I/7wnASuhfBgLEyDx9w34WY6X8CjrqkeIWSJXxNLU3N8DHuM1lW4vEKx7sO5iaCHeRcfcRZ6kb6UIuK5HNnFJ1wOMLU1dVmPQ9VOGt1u4kUAZwkN16+nMxjuFVmeg5nKyHgPALPebMCoXuJbl3mIMod24MIcu5QAmvJoHgYWvZsbM6OaunmzEZH6EGmFAUaj+qZsjJJmf+XTFoVG2LmNGECE5sAPIlZA8DSl7/ojk91JF/ft0mHKkcW2h6XkM54aKJeSQCQ6eZoC80eD9ZIXgPXi4CpplEblkq+BYTfxdCWLkqe7Jp+8YH1r5nAe0Sbw0Ush/fkTi5m+N9axyYbKGmMqvPG50HjIcsWyZYHJab3V2r6gSzKnp9lT3+BPzg6mmMEwpzdqt7Y/K3R7wsyALakXwJ8k922y3BMIrmnzfDC0E1zYM1O+dfC2VNXP1/4S1IrurDoxS4w++a8LzpoeAQX1tsv9IScZ+bxm2dF3OfPgIGdow2LLVLJRh4rtM2FSPgOIMpbIJ3MJbKde9xwdRIiBvZc7Uae1NgfndztdD7qjmh00RZ4pHsyVmlOkeheX28RJ770QBHKYvGXHFomtB3/mSxi4HdwrANvt2rrFkoYts2edipLrDcaE31pTAeBHndY6vbaHG2v+IBpJt2Io1pBur0czMgtStnh32XxyexnWihejNZLgwDvyOKfHESJh7fFI= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Mar 2023 18:09:53.4564 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 308649a3-314a-4f44-3ca4-08db2fb7a151 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL02EPF0000C403.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6028 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com X-Gm-Message-State: 0zhrgrFh192hQGZGXyhJCsvZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1680026998; bh=1deEoxmYM+W/dciT/jlk97IY99TNPwtkquPrj0lQfzo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=HAW8CIljcoCxJWY/eSPiBb9FkX/TP5Spc990xo0K6xnU7helK4mMB6ODp/eUZz5BKCo P84lRsaD/7so2JTgA38iIaN2dSsE3qqIA1w437S4jOkNUPxSgg9wSCdMbBrTzSGzqn4pW Urv4bhe0j2IqAmAtEtuqAKualT4g56rP1Pk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1680027000833100002 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4353 Due to AMD erratum #1467, an SEV-SNP VMSA should not be 2MB aligned. To work around this issue, allocate two pages instead of one. Because of the way that page allocation is implemented, always try to use the second page. If the second page is not 2MB aligned, free the first page and use the second page. If the second page is 2MB aligned, free the second page and use the first page. Freeing in this way reduces holes in the memory map. Fixes: 06544455d0d4 ("UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation ...") Signed-off-by: Tom Lendacky Acked-by: Gerd Hoffmann Acked-by: Ray Ni --- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 26 ++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index 509be9b41757..c9f0984f41a2 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -13,6 +13,8 @@ #include #include =20 +#define _IS_ALIGNED(x, y) (ALIGN_POINTER((x), (y)) =3D=3D (x)) + /** Perform the requested AP Creation action. =20 @@ -121,6 +123,7 @@ SevSnpCreateSaveArea ( UINT32 ApicId ) { + UINT8 *Pages; SEV_ES_SAVE_AREA *SaveArea; IA32_CR0 ApCr0; IA32_CR0 ResetCr0; @@ -131,13 +134,30 @@ SevSnpCreateSaveArea ( =20 if (CpuData->SevEsSaveArea =3D=3D NULL) { // - // Allocate a single page for the SEV-ES Save Area and initialize it. + // Allocate a page for the SEV-ES Save Area and initialize it. Due to = AMD + // erratum #1467 (VMSA cannot be on a 2MB boundary), allocate an extra= page + // to choose from to work around the issue. // - SaveArea =3D AllocateReservedPages (1); - if (!SaveArea) { + Pages =3D AllocateReservedPages (2); + if (!Pages) { return; } =20 + // + // Since page allocation works by allocating downward in the address s= pace, + // try to always free the first (lower address) page to limit possible= holes + // in the memory map. So, if the address of the second page is 2MB ali= gned, + // then use the first page and free the second page. Otherwise, free t= he + // first page and use the second page. + // + if (_IS_ALIGNED (Pages + EFI_PAGE_SIZE, SIZE_2MB)) { + SaveArea =3D (SEV_ES_SAVE_AREA *)Pages; + FreePages (Pages + EFI_PAGE_SIZE, 1); + } else { + SaveArea =3D (SEV_ES_SAVE_AREA *)(Pages + EFI_PAGE_SIZE); + FreePages (Pages, 1); + } + CpuData->SevEsSaveArea =3D SaveArea; } else { SaveArea =3D CpuData->SevEsSaveArea; --=20 2.40.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#102057): https://edk2.groups.io/g/devel/message/102057 Mute This Topic: https://groups.io/mt/97911960/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-