From nobody Fri Oct 18 06:19:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114377+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114377+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1706170998; cv=none; d=zohomail.com; s=zohoarc; b=Xap50xf/+F3txmx4Ggo9oW581KQxQJv5OtxqlZw66Bn7MupjYHk0pMLQdp/dDN5bkINQUqogQmtYWHTzCMtwoL9PAA2s8ir2gsikjpaErUP4scvP9kRtlKBQTGKjlcbS+hROy81hzTH4WnvEV4GICFE1Sp1ysiklBMM2uYswuwM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1706170998; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id; bh=elm04scaGIE6gfEG/zXTDwiuUFj/QkZ8RYCsuFY+/WM=; b=a9av079WTcEeT8UU7hNYnjeCstVshbEXMNJ8+7EL95fqYSaPY6hPTyHIQJvWyqNwh0wZKSvXQyRgIYLzlwygls077148gNJjt9ikS3prUIiFRVMQPobxuNTTgCdkZWXfdrSc6UEXHzpS7mWV7s3ASNqSIHZPbeU0+sJLJ3hEGIg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114377+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706170998430462.33290790196213; Thu, 25 Jan 2024 00:23:18 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=vd5XS20HCMetUwoY/4UDILy9OWPqRmHyTvFFC9iQUYg=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706170998; v=1; b=ditorzpGo2SK9QAXdZEk+OaN/qyteqki80iGap/n4+6/FsmL5/lhpqx/qX1ltIhsJBHicagD MXlcDf7AkLZMYLX/XHoo94OUT45tsbxi4LAFvivz07jd00FJ/w+MieN4frhgbzl/eG01PYnr0tu 6+nC/VoIwRgaAD90vG/OWYt0= X-Received: by 127.0.0.2 with SMTP id sCufYY1788612xMRqbrDnX8N; Thu, 25 Jan 2024 00:23:18 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.12557.1706170997436281096 for ; Thu, 25 Jan 2024 00:23:17 -0800 X-Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-394-BwmfUaCfMEunJRQ2d6gcQw-1; Thu, 25 Jan 2024 03:23:13 -0500 X-MC-Unique: BwmfUaCfMEunJRQ2d6gcQw-1 X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 124453C0EAD8; Thu, 25 Jan 2024 08:23:13 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.43]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AD5CF2BA; Thu, 25 Jan 2024 08:23:12 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id AD3261801A8B; Thu, 25 Jan 2024 09:23:11 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Michael Roth , Min Xu , Gerd Hoffmann , Jiewen Yao , Tom Lendacky , Oliver Steffen Subject: [edk2-devel] [PATCH v2 1/4] OvmfPkg/Sec: Setup MTRR early in the boot process. Date: Thu, 25 Jan 2024 09:23:08 +0100 Message-ID: <20240125082311.310203-2-kraxel@redhat.com> In-Reply-To: <20240125082311.310203-1-kraxel@redhat.com> References: <20240125082311.310203-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: hjnS4WA9Io6pLt7m2LDZT7hXx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706170999591100006 Content-Type: text/plain; charset="utf-8"; x-default="true" Specifically before running lzma uncompress of the main firmware volume. This is needed to make sure caching is enabled, otherwise the uncompress can be extremely slow. Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes. Background: Depending on virtual machine configuration kvm may uses EPT memory types to apply guest MTRR settings. In case MTRRs are disabled kvm will use the uncachable memory type for all mappings. Here is the linux kernel function handling this: static u8 vmx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio) { /* We wanted to honor guest CD/MTRR/PAT, but doing so could result in * memory aliases with conflicting memory types and sometimes MCEs. * We have to be careful as to what are honored and when. * * For MMIO, guest CD/MTRR are ignored. The EPT memory type is set to * UC. The effective memory type is UC or WC depending on guest PAT. * This was historically the source of MCEs and we want to be * conservative. * * When there is no need to deal with noncoherent DMA (e.g., no VT-d * or VT-d has snoop control), guest CD/MTRR/PAT are all ignored. The * EPT memory type is set to WB. The effective memory type is forced * WB. * * Otherwise, we trust guest. Guest CD/MTRR/PAT are all honored. The * EPT memory type is used to emulate guest CD/MTRR. */ if (is_mmio) return MTRR_TYPE_UNCACHABLE << VMX_EPT_MT_EPTE_SHIFT; if (!kvm_arch_has_noncoherent_dma(vcpu->kvm)) return (MTRR_TYPE_WRBACK << VMX_EPT_MT_EPTE_SHIFT) | VMX_EPT_IPAT_BIT; if (kvm_read_cr0_bits(vcpu, X86_CR0_CD)) { if (kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_CD_NW_CLEARED)) return MTRR_TYPE_WRBACK << VMX_EPT_MT_EPTE_SHIFT; else return (MTRR_TYPE_UNCACHABLE << VMX_EPT_MT_EPTE_SHIFT) | VMX_EPT_IPAT_BIT; } return kvm_mtrr_get_guest_memory_type(vcpu, gfn) << VMX_EPT_MT_EPTE_SHIFT; } In most VM configurations kvm_arch_has_noncoherent_dma() evaluate to false, so kvm uses MTRR_TYPE_WRBACK. In case the VM has a mdev device assigned that is not the case though. Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable should not be set by default in CR0") the function also ended up using MTRR_TYPE_WRBACK thanks to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit kvm actually evaluates mtrr settings via kvm_mtrr_get_guest_memory_type(). Signed-off-by: Gerd Hoffmann --- OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++ OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++---- OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++ 3 files changed, 69 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c index 42a587adfa57..e8ff0e9081d1 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.c +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -27,6 +27,8 @@ #include #include #include +#include +#include =20 #define SEC_IDT_ENTRY_COUNT 34 =20 @@ -48,6 +50,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate =3D { } }; =20 +// +// Enable MTRR early, set default type to write back. +// Needed to make sure caching is enabled, +// without this lzma decompress can be very slow. +// +STATIC +VOID +SecMtrrSetup ( + VOID + ) +{ + CPUID_VERSION_INFO_EDX Edx; + MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; + + AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); + if (!Edx.Bits.MTRR) { + return; + } + + DefType.Uint64 =3D AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);; + DefType.Bits.Type =3D 6; /* write back */ + DefType.Bits.E =3D 1; /* enable */ + AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -204,6 +231,11 @@ SecCoreStartupWithStack ( InitializeApicTimer (0, MAX_UINT32, TRUE, 5); DisableApicTimerInterrupt (); =20 + // + // Initialize MTRR + // + SecMtrrSetup (); + PeilessStartup (&SecCoreData); =20 ASSERT (FALSE); diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/= PlatformInitLib/MemDetect.c index f042517bb64a..e89f63eee054 100644 --- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c +++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c @@ -1082,18 +1082,18 @@ PlatformQemuInitializeRam ( MtrrGetAllMtrrs (&MtrrSettings); =20 // - // MTRRs disabled, fixed MTRRs disabled, default type is uncached + // See SecMtrrSetup(), default type should be write back // - ASSERT ((MtrrSettings.MtrrDefType & BIT11) =3D=3D 0); + ASSERT ((MtrrSettings.MtrrDefType & BIT11) !=3D 0); ASSERT ((MtrrSettings.MtrrDefType & BIT10) =3D=3D 0); - ASSERT ((MtrrSettings.MtrrDefType & 0xFF) =3D=3D 0); + ASSERT ((MtrrSettings.MtrrDefType & 0xFF) =3D=3D MTRR_CACHE_WRITE_BACK= ); =20 // // flip default type to writeback // - SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06); + SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRI= TE_BACK); ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables); - MtrrSettings.MtrrDefType |=3D BIT11 | BIT10 | 6; + MtrrSettings.MtrrDefType |=3D BIT10; MtrrSetAllMtrrs (&MtrrSettings); =20 // diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 31da5d0ace51..a066db34997c 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -30,6 +30,8 @@ #include #include #include +#include +#include #include "AmdSev.h" =20 #define SEC_IDT_ENTRY_COUNT 34 @@ -744,6 +746,31 @@ FindAndReportEntryPoints ( return; } =20 +// +// Enable MTRR early, set default type to write back. +// Needed to make sure caching is enabled, +// without this lzma decompress can be very slow. +// +STATIC +VOID +SecMtrrSetup ( + VOID + ) +{ + CPUID_VERSION_INFO_EDX Edx; + MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; + + AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); + if (!Edx.Bits.MTRR) { + return; + } + + DefType.Uint64 =3D AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);; + DefType.Bits.Type =3D 6; /* write back */ + DefType.Bits.E =3D 1; /* enable */ + AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); +} + VOID EFIAPI SecCoreStartupWithStack ( @@ -942,6 +969,11 @@ SecCoreStartupWithStack ( InitializeApicTimer (0, MAX_UINT32, TRUE, 5); DisableApicTimerInterrupt (); =20 + // + // Initialize MTRR + // + SecMtrrSetup (); + // // Initialize Debug Agent to support source level debug in SEC/PEI phase= s before memory ready. // --=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114377): https://edk2.groups.io/g/devel/message/114377 Mute This Topic: https://groups.io/mt/103950478/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-