From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114627+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307222447117.35227453051675; Fri, 26 Jan 2024 14:13:42 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=T9NgzZFxwinY25gOfjd0bhRFt1GAxHn2CYV/RDqJ6Xs=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307222; v=1; b=cjQuhSB5sTMqo4MA/NEFsao4gfCqSZ0zpmyRBL31stmbHZxDKmGSBYlmwVCIkAXRE6ghHmwU bqHj74Avh6OvH0scsD+koCfMiFb81JOD/z5OtoDFfcF+DEH+BKHxYCU1psbE/k4UMj4Q52Nib60 O094jztz/WJxFBeO9rYgQ2qo= X-Received: by 127.0.0.2 with SMTP id ZCr3YY1788612xVF5CFCg5gQ; Fri, 26 Jan 2024 14:13:42 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.40]) by mx.groups.io with SMTP id smtpd.web11.2930.1706307221235836996 for ; Fri, 26 Jan 2024 14:13:41 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QuBzByDKQZeP87kxpLk3PR7euVDz2MfaXtwUjvNkathty5a1dS/5MisH1TKnqtVBgeirVTZ/QB0p912VipkgOhbnzJu/2UH7lmESHtbumx68C9JRqzBGPpc8a+mBXxR/uPkTAnTVAFko/jv3DuiWiOUJnySkXkatOTc35Z40wBzGB4zRDV2GeXKhhr2dWnMZkeaAgQyuD7XfGYz70Vf0oEqV2Y70LAi/s8twpfDUVEBmK5b3NuHwxVZcDkSmx44MUkzKDeun95qzGrfV3v4lrJr7W0hzjN2OdkXOFhT0v3f0z3pK42NruUZgxIVRc13LzNgi759s0PSXXfgVOZeExw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gWAfnpJUCRbjVBRbN04prcO079lOfyTiu6oN/A/YiOo=; b=Fn3B5/qewbeThsjQGFsUsUjTH1hAKG11Hwbl25KJVVwKiCFtarRQwCz1g4e0Jbr7JagUGSjcIvBr/867f4JcJv2JJHIjpMOHilWMiGzKcJtIsygzfaSHyQiRVK3uaLfJLOfzcZhGz6xup8mc4uUT6BsUk+/keWtvZvqaQl/qijuJq7dP+XRRYc3LYGqWqZIM+qKNEdlbxOtQwJiymC5oTmwov8U/UhsQSluRvyOn33oIWqkcsqWODKJJnJ3au0VEfPQ+LLqkjppEU+Yqpsb4BPTwFFQnQ2M9fyzExbJch7P/EpArKDBzvUsmfU4jGxI1732OPGJd3wpNOa517ON/Dw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from CY5PR18CA0030.namprd18.prod.outlook.com (2603:10b6:930:5::32) by LV8PR12MB9405.namprd12.prod.outlook.com (2603:10b6:408:1fa::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 22:13:38 +0000 X-Received: from CY4PEPF0000E9D1.namprd03.prod.outlook.com (2603:10b6:930:5:cafe::2a) by CY5PR18CA0030.outlook.office365.com (2603:10b6:930:5::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:13:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114627+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D1.mail.protection.outlook.com (10.167.241.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:13:37 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:13:36 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 01/16] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Date: Fri, 26 Jan 2024 16:13:00 -0600 Message-ID: <7289d8c5217907e711038e92cdec0c38ffe2f727.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D1:EE_|LV8PR12MB9405:EE_ X-MS-Office365-Filtering-Correlation-Id: 888ab72e-df20-449d-4148-08dc1ebc0bab X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: g36xh2KQMuJFEQe79mnoZO6MKOD+tdIO/JXxtG1pswqigrRzdokNofSrB5KNdCRXGub3Vib9EvJT+0/422Mel7zlIsze7buQZBXzPemGTUQKRy/qwxU8mwJKBv8SFzn0sp6JpUuidawF108I8YoWf6J7QXM3LPP3h5gvqm3PWQ+vrfVdGbM/JLZuVe7BEIwRndR2VmARKDWU+fmX0/beiWDvrFFP+3HNmgtUDMhEiQtG8zWAjsvz3R28bLf3dPlNuUZsVuVsIMXSD4r++VmS7v4w05g+k7fe4igUnRjt54IlhhyilS/HgW2VpcR4yIKLCuaCZ1HW+EtPmS5Ncu7IguMuOs4wyjiDl8WmQ+HbBkYM9TXx8w1FMTnq0XbOooe0G86cREbYegnXUhU9o8FAEGbbmMX6PLrXREfsA2WXO5ALvcQoHjHYddxt/bzru6p+D0AZSh/6d+RrmBY0oFML+pDMJHnGvNJ9cvpMNBqKgvO6Ps0pC7zanBc0rbaGIo0VRYU/PPPJiQeuy31M1Is1UlAsHAcKyyCft3ZIAcsht3vziucEy77f7DDDHENi09Ep9Zj8x7StzpM6Tlhx3vnPm2xi87bsbXkMbj4FmI51Xg4sfr/arWtptaxQR6rAT9S/zNZPIbLLfjtqvj7aLve1v69i/Ev9+f7pcqpWbqiCaKZHaljW4hdiB6ihs3Sgmg626OWMJVjGg+RMWXUlCU2hfCHUsiyr6wAMmVgo5CYrZ0BjSfCsc7voVpp0T7iMeSwLXNfQe60sAo7IG7OsMFkxqojcpHo80vNe/gGeXbp9pY8= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:13:37.7131 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 888ab72e-df20-449d-4148-08dc1ebc0bab X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D1.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9405 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 7ISJRzQgwdziFEISLXYasd2ix1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307223495100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 In preparation for running under an SVSM at VMPL1 or higher (higher numerically, lower privilege), re-organize the way a page state change is performed in order to free up the GHCB for use by the SVSM support. Currently, the page state change logic directly uses the GHCB shared buffer to build the page state change structures. However, this will be in conflict with the use of the GHCB should an SVSM call be required. Instead, use a separate buffer (an area in the workarea during SEC and an allocated page during PEI/DXE) to hold the page state change request and only update the GHCB shared buffer as needed. Since the information is copied to, and operated on, in the GHCB shared buffer this has the added benefit of not requiring to save the start and end entries for use when validating the memory during the page state change sequence. Signed-off-by: Tom Lendacky --- MdePkg/Include/Register/Amd/Ghcb.h | = 9 +- OvmfPkg/Include/WorkArea.h | = 7 + OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h | = 4 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c | 1= 6 ++- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 2= 5 +++- OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c | 2= 0 ++- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 1= 4 +- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 15= 1 +++++++++++++------- 8 files changed, 183 insertions(+), 63 deletions(-) diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index dab396f3ede8..29b2e45d0163 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -4,7 +4,7 @@ Provides data types allowing an SEV-ES guest to interact with the hyperv= isor using the GHCB protocol. =20 - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
+ Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @par Specification Reference: @@ -195,13 +195,14 @@ typedef struct { UINT32 Reserved; } SNP_PAGE_STATE_HEADER; =20 -#define SNP_PAGE_STATE_MAX_ENTRY 253 - typedef struct { SNP_PAGE_STATE_HEADER Header; - SNP_PAGE_STATE_ENTRY Entry[SNP_PAGE_STATE_MAX_ENTRY]; + SNP_PAGE_STATE_ENTRY Entry[]; } SNP_PAGE_STATE_CHANGE_INFO; =20 +#define SNP_PAGE_STATE_MAX_ENTRY \ + ((sizeof (((GHCB *)0)->SharedBuffer) - sizeof (SNP_PAGE_STATE_HEADER)) /= sizeof (SNP_PAGE_STATE_ENTRY)) + // // SEV-ES save area mapping structures used for SEV-SNP AP Creation. // Only the fields required to be set to a non-zero value are defined. diff --git a/OvmfPkg/Include/WorkArea.h b/OvmfPkg/Include/WorkArea.h index b1c7045ce18c..87d2063f6d13 100644 --- a/OvmfPkg/Include/WorkArea.h +++ b/OvmfPkg/Include/WorkArea.h @@ -54,6 +54,13 @@ typedef struct _SEC_SEV_ES_WORK_AREA { // detection in OvmfPkg/ResetVector/Ia32/AmdSev.c // UINT8 ReceivedVc; + UINT8 Reserved[7]; + + // Used by SEC to generate Page State Change requests. This should be + // sized less than an equal to the GHCB shared buffer area to allow a + // single call to the hypervisor. + // + UINT8 WorkBuffer[1024]; } SEC_SEV_ES_WORK_AREA; =20 // diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h = b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h index 43319cc9ed17..516d0eae91d7 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChange.h @@ -24,7 +24,9 @@ InternalSetPageState ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINTN NumPages, IN SEV_SNP_PAGE_STATE State, - IN BOOLEAN UseLargeEntry + IN BOOLEAN UseLargeEntry, + IN VOID *PscBuffer, + IN UINTN PscBufferSize ); =20 VOID diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c index cbcdd46f528f..c8e8478a30d4 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/DxeSnpSystemRamValidate.c @@ -16,6 +16,8 @@ #include "SnpPageStateChange.h" #include "VirtualMemory.h" =20 +STATIC VOID *mPscBuffer =3D NULL; + /** Pre-validate the system RAM when SEV-SNP is enabled in the guest VM. =20 @@ -52,5 +54,17 @@ MemEncryptSevSnpPreValidateSystemRam ( } } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + if (mPscBuffer =3D=3D NULL) { + mPscBuffer =3D AllocateReservedPages (1); + ASSERT (mPscBuffer !=3D NULL); + } + + InternalSetPageState ( + BaseAddress, + NumPages, + SevSnpPagePrivate, + TRUE, + mPscBuffer, + EFI_PAGE_SIZE + ); } diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index dee3fb8914ca..df367341d1ac 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -23,6 +23,8 @@ STATIC BOOLEAN mAddressEncMaskChecked =3D FALSE; STATIC UINT64 mAddressEncMask; STATIC PAGE_TABLE_POOL *mPageTablePool =3D NULL; =20 +STATIC VOID *mPscBuffer =3D NULL; + typedef enum { SetCBit, ClearCBit @@ -786,7 +788,19 @@ SetMemoryEncDec ( // The InternalSetPageState() is used for setting the page state in the = RMP table. // if (!Mmio && (Mode =3D=3D ClearCBit) && MemEncryptSevSnpIsEnabled ()) { - InternalSetPageState (PhysicalAddress, EFI_SIZE_TO_PAGES (Length), Sev= SnpPageShared, FALSE); + if (mPscBuffer =3D=3D NULL) { + mPscBuffer =3D AllocateReservedPages (1); + ASSERT (mPscBuffer !=3D NULL); + } + + InternalSetPageState ( + PhysicalAddress, + EFI_SIZE_TO_PAGES (Length), + SevSnpPageShared, + FALSE, + mPscBuffer, + EFI_PAGE_SIZE + ); } =20 // @@ -975,11 +989,18 @@ SetMemoryEncDec ( // The InternalSetPageState() is used for setting the page state in the = RMP table. // if ((Mode =3D=3D SetCBit) && MemEncryptSevSnpIsEnabled ()) { + if (mPscBuffer =3D=3D NULL) { + mPscBuffer =3D AllocateReservedPages (1); + ASSERT (mPscBuffer !=3D NULL); + } + InternalSetPageState ( OrigPhysicalAddress, EFI_SIZE_TO_PAGES (OrigLength), SevSnpPagePrivate, - FALSE + FALSE, + mPscBuffer, + EFI_PAGE_SIZE ); } =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c index 497016544482..46fc4994bfa4 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiSnpSystemRamValidate.c @@ -17,6 +17,8 @@ #include "SnpPageStateChange.h" #include "VirtualMemory.h" =20 +STATIC UINT8 mPscBufferPage[EFI_PAGE_SIZE]; + typedef struct { UINT64 StartAddress; UINT64 EndAddress; @@ -113,7 +115,14 @@ MemEncryptSevSnpPreValidateSystemRam ( if (BaseAddress < OverlapRange.StartAddress) { NumPages =3D EFI_SIZE_TO_PAGES (OverlapRange.StartAddress - BaseAd= dress); =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TR= UE); + InternalSetPageState ( + BaseAddress, + NumPages, + SevSnpPagePrivate, + TRUE, + mPscBufferPage, + sizeof (mPscBufferPage) + ); } =20 BaseAddress =3D OverlapRange.EndAddress; @@ -122,7 +131,14 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 // Validate the remaining pages. NumPages =3D EFI_SIZE_TO_PAGES (EndAddress - BaseAddress); - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + InternalSetPageState ( + BaseAddress, + NumPages, + SevSnpPagePrivate, + TRUE, + mPscBufferPage, + sizeof (mPscBufferPage) + ); BaseAddress =3D EndAddress; } } diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c index 7797febb8ac6..86af2ba0356e 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -10,6 +10,7 @@ =20 #include #include +#include #include =20 #include "SnpPageStateChange.h" @@ -65,6 +66,8 @@ MemEncryptSevSnpPreValidateSystemRam ( IN UINTN NumPages ) { + SEC_SEV_ES_WORK_AREA *SevEsWorkArea; + if (!MemEncryptSevSnpIsEnabled ()) { return; } @@ -78,5 +81,14 @@ MemEncryptSevSnpPreValidateSystemRam ( SnpPageStateFailureTerminate (); } =20 - InternalSetPageState (BaseAddress, NumPages, SevSnpPagePrivate, TRUE); + SevEsWorkArea =3D (SEC_SEV_ES_WORK_AREA *)FixedPcdGet32 (PcdSevEsWorkAre= aBase); + + InternalSetPageState ( + BaseAddress, + NumPages, + SevSnpPagePrivate, + TRUE, + SevEsWorkArea->WorkBuffer, + sizeof (SevEsWorkArea->WorkBuffer) + ); } diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern= al.c index 46c6682760d5..f8bbe4d6f46b 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c @@ -72,14 +72,19 @@ SnpPageStateFailureTerminate ( STATIC VOID PvalidateRange ( - IN SNP_PAGE_STATE_CHANGE_INFO *Info, - IN UINTN StartIndex, - IN UINTN EndIndex, - IN BOOLEAN Validate + IN SNP_PAGE_STATE_CHANGE_INFO *Info ) { - UINTN RmpPageSize, Ret, i; + UINTN RmpPageSize; + UINTN StartIndex; + UINTN EndIndex; + UINTN Index; + UINTN Ret; EFI_PHYSICAL_ADDRESS Address; + BOOLEAN Validate; + + StartIndex =3D Info->Header.CurrentEntry; + EndIndex =3D Info->Header.EndEntry; =20 for ( ; StartIndex <=3D EndIndex; StartIndex++) { // @@ -87,6 +92,7 @@ PvalidateRange ( // Address =3D ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFr= ameNumber) << EFI_PAGE_SHIFT; RmpPageSize =3D Info->Entry[StartIndex].PageSize; + Validate =3D Info->Entry[StartIndex].Operation =3D=3D SNP_PAGE_STAT= E_PRIVATE; =20 Ret =3D AsmPvalidate (RmpPageSize, Validate, Address); =20 @@ -96,7 +102,7 @@ PvalidateRange ( // the RMP entry is 4K and we are validating it as a 2MB. // if ((Ret =3D=3D PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize =3D=3D Pv= alidatePageSize2MB)) { - for (i =3D 0; i < PAGES_PER_LARGE_ENTRY; i++) { + for (Index =3D 0; Index < PAGES_PER_LARGE_ENTRY; Index++) { Ret =3D AsmPvalidate (PvalidatePageSize4K, Validate, Address); if (Ret) { break; @@ -131,22 +137,37 @@ BuildPageStateBuffer ( IN EFI_PHYSICAL_ADDRESS EndAddress, IN SEV_SNP_PAGE_STATE State, IN BOOLEAN UseLargeEntry, - IN SNP_PAGE_STATE_CHANGE_INFO *Info + IN SNP_PAGE_STATE_CHANGE_INFO *Info, + IN UINTN InfoSize ) { EFI_PHYSICAL_ADDRESS NextAddress; - UINTN i, RmpPageSize; + UINTN Index; + UINTN IndexMax; + UINTN PscIndexMax; + UINTN RmpPageSize; =20 // Clear the page state structure - SetMem (Info, sizeof (*Info), 0); + SetMem (Info, InfoSize, 0); =20 - i =3D 0; + Index =3D 0; + IndexMax =3D (InfoSize - sizeof (Info->Header)) / sizeof (Info->Entry= [0]); NextAddress =3D EndAddress; =20 + // + // Make the use of the work area as efficient as possible relative to + // exiting from the guest to the hypervisor. Maximize the number of entr= ies + // that can be processed per exit. + // + PscIndexMax =3D (IndexMax / SNP_PAGE_STATE_MAX_ENTRY) * SNP_PAGE_STATE_M= AX_ENTRY; + if (PscIndexMax > 0) { + IndexMax =3D MIN (IndexMax, PscIndexMax); + } + // // Populate the page state entry structure // - while ((BaseAddress < EndAddress) && (i < SNP_PAGE_STATE_MAX_ENTRY)) { + while ((BaseAddress < EndAddress) && (Index < IndexMax)) { // // Is this a 2MB aligned page? Check if we can use the Large RMP entry. // @@ -160,14 +181,14 @@ BuildPageStateBuffer ( NextAddress =3D BaseAddress + EFI_PAGE_SIZE; } =20 - Info->Entry[i].GuestFrameNumber =3D BaseAddress >> EFI_PAGE_SHIFT; - Info->Entry[i].PageSize =3D RmpPageSize; - Info->Entry[i].Operation =3D MemoryStateToGhcbOp (State); - Info->Entry[i].CurrentPage =3D 0; - Info->Header.EndEntry =3D (UINT16)i; + Info->Entry[Index].GuestFrameNumber =3D BaseAddress >> EFI_PAGE_SHIFT; + Info->Entry[Index].PageSize =3D RmpPageSize; + Info->Entry[Index].Operation =3D MemoryStateToGhcbOp (State); + Info->Entry[Index].CurrentPage =3D 0; + Info->Header.EndEntry =3D (UINT16)Index; =20 BaseAddress =3D NextAddress; - i++; + Index++; } =20 return NextAddress; @@ -176,11 +197,29 @@ BuildPageStateBuffer ( STATIC VOID PageStateChangeVmgExit ( - IN GHCB *Ghcb, - IN SNP_PAGE_STATE_CHANGE_INFO *Info + IN GHCB *Ghcb, + IN SNP_PAGE_STATE_ENTRY *Start, + IN UINT16 Count ) { - EFI_STATUS Status; + SNP_PAGE_STATE_CHANGE_INFO *GhcbInfo; + EFI_STATUS Status; + BOOLEAN InterruptState; + + ASSERT (Count <=3D SNP_PAGE_STATE_MAX_ENTRY); + if (Count > SNP_PAGE_STATE_MAX_ENTRY) { + SnpPageStateFailureTerminate (); + } + + // + // Initialize the GHCB + // + CcExitVmgInit (Ghcb, &InterruptState); + + GhcbInfo =3D (SNP_PAGE_STATE_CHANGE_INFO *)Ghcb->Sh= aredBuffer; + GhcbInfo->Header.CurrentEntry =3D 0; + GhcbInfo->Header.EndEntry =3D Count - 1; + CopyMem (GhcbInfo->Entry, Start, sizeof (*Start) * Count); =20 // // As per the GHCB specification, the hypervisor can resume the guest be= fore @@ -191,7 +230,7 @@ PageStateChangeVmgExit ( // page state was not successful, then later memory access will result // in the crash. // - while (Info->Header.CurrentEntry <=3D Info->Header.EndEntry) { + while (GhcbInfo->Header.CurrentEntry <=3D GhcbInfo->Header.EndEntry) { Ghcb->SaveArea.SwScratch =3D (UINT64)Ghcb->SharedBuffer; CcExitVmgSetOffsetValid (Ghcb, GhcbSwScratch); =20 @@ -205,6 +244,34 @@ PageStateChangeVmgExit ( SnpPageStateFailureTerminate (); } } + + CcExitVmgDone (Ghcb, InterruptState); +} + +STATIC +VOID +PageStateChange ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ + GHCB *Ghcb; + MSR_SEV_ES_GHCB_REGISTER Msr; + SNP_PAGE_STATE_HEADER *Header; + UINT16 Index; + UINT16 Count; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + Header =3D &Info->Header; + + for (Index =3D Header->CurrentEntry; Index <=3D Header->EndEntry;) { + Count =3D MIN (Header->EndEntry - Index + 1, SNP_PAGE_STATE_MAX_ENTRY); + + PageStateChangeVmgExit (Ghcb, &Info->Entry[Index], Count); + + Index +=3D Count; + } } =20 /** @@ -220,18 +287,14 @@ InternalSetPageState ( IN EFI_PHYSICAL_ADDRESS BaseAddress, IN UINTN NumPages, IN SEV_SNP_PAGE_STATE State, - IN BOOLEAN UseLargeEntry + IN BOOLEAN UseLargeEntry, + IN VOID *PscBuffer, + IN UINTN PscBufferSize ) { - GHCB *Ghcb; EFI_PHYSICAL_ADDRESS NextAddress, EndAddress; - MSR_SEV_ES_GHCB_REGISTER Msr; - BOOLEAN InterruptState; SNP_PAGE_STATE_CHANGE_INFO *Info; =20 - Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); - Ghcb =3D Msr.Ghcb; - EndAddress =3D BaseAddress + EFI_PAGES_TO_SIZE (NumPages); =20 DEBUG (( @@ -245,56 +308,40 @@ InternalSetPageState ( UseLargeEntry )); =20 - while (BaseAddress < EndAddress) { - UINTN CurrentEntry, EndEntry; - - // - // Initialize the GHCB - // - CcExitVmgInit (Ghcb, &InterruptState); + Info =3D (SNP_PAGE_STATE_CHANGE_INFO *)PscBuffer; =20 + for (NextAddress =3D BaseAddress; NextAddress < EndAddress;) { // // Build the page state structure // - Info =3D (SNP_PAGE_STATE_CHANGE_INFO *)Ghcb->SharedBuffer; NextAddress =3D BuildPageStateBuffer ( - BaseAddress, + NextAddress, EndAddress, State, UseLargeEntry, - Info + PscBuffer, + PscBufferSize ); =20 - // - // Save the current and end entry from the page state structure. We ne= ed - // it later. - // - CurrentEntry =3D Info->Header.CurrentEntry; - EndEntry =3D Info->Header.EndEntry; - // // If the caller requested to change the page state to shared then // invalidate the pages before making the page shared in the RMP table. // if (State =3D=3D SevSnpPageShared) { - PvalidateRange (Info, CurrentEntry, EndEntry, FALSE); + PvalidateRange (Info); } =20 // // Invoke the page state change VMGEXIT. // - PageStateChangeVmgExit (Ghcb, Info); + PageStateChange (Info); =20 // // If the caller requested to change the page state to private then // validate the pages after it has been added in the RMP table. // if (State =3D=3D SevSnpPagePrivate) { - PvalidateRange (Info, CurrentEntry, EndEntry, TRUE); + PvalidateRange (Info); } - - CcExitVmgDone (Ghcb, InterruptState); - - BaseAddress =3D NextAddress; } } --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114627): https://edk2.groups.io/g/devel/message/114627 Mute This Topic: https://groups.io/mt/103986437/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114628+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 170630723033787.23691572768246; Fri, 26 Jan 2024 14:13:50 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=+L+zqX0eecvpXaHUlkeF1OQFY34PNQTzc5tcCQ1PejI=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307230; v=1; b=eRIC8m7lVmyoNfjh/1Hu99iyPlqizFnxrNdYAbWciOWaGE81zYQ/EAiav5VySA5HdPLoknIN pznXKM5tHsyn+3fTchSgsGCy88+xgb3Grwolx/0+NXEGaqtogpezirxlrAN3DqI4Ea3jJ2mo+Wb Ktyfdyz6Xd5r1auNp48RO8jM= X-Received: by 127.0.0.2 with SMTP id RiphYY1788612xoXzo7CSonM; Fri, 26 Jan 2024 14:13:50 -0800 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.73]) by mx.groups.io with SMTP id smtpd.web10.2855.1706307229312568291 for ; Fri, 26 Jan 2024 14:13:49 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BoGZO3W9n/N0NTTutAOs0YHlp8dCz+WKaWSdR1go5US8QTJT9zphKQy+360NiIjxTv5XMfPnzUFNh2B5brf32IcKjS6YYvzdDV04hBdHJvI5UCo3/qTIuPOBbBJobPCHynMcnYHi0N7PpP8ZIugz6noiUUSGzJAB7TJTYYQI4XYBYp3w7MeV/s3NLNvASy6+WmzEvmoIe/yJeXlNPj3v0FzpEM2IIWru1RibCk0eq6osX//vGoylQLrf+y7JPIUpqH9cnmLyYdRxTmM7dDpZriY+botZraYXLhrVCEeQZzx1Kw1oAM+uXOJQyUWWr82W5nFM3fXLn/TrBRPXOJluaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e2MgcVKnqXK1HFPr7nmqQQAlS0LT9tXRdRh53cYfo58=; b=ToOZ/TnMKyyvR6MAjpAyzwHaSJ6DInyw5nTo2okgRzGwmcP1HBkAfpPujsDh+2B1YN70pUgdDPtpiRRmx98BAAkosUJXvRJna23fusJzbS7NvNV7CMdRt3U2YkiJ+eQQkQpUfSQP1+mZ4omC+9uB0r1eB7rkruP62q19Dr+X4dQjUeq3QMU+00P/jKtIhxD1qpebzBZ56u831gG5m562YpsWzWCnqXLwRvX1dExppYnkPbKrGwSnOvQ2xulF9YEWi+EpSfJ8G7+1YwqqQ9mp1RO94g4y0Hb077MQWeUQJDK+N5Lj3UBA0pOyn07Lj12JGqtZZe2lTgEpCpO9uHt4Ug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from CY5PR17CA0027.namprd17.prod.outlook.com (2603:10b6:930:17::26) by PH8PR12MB7351.namprd12.prod.outlook.com (2603:10b6:510:215::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:13:45 +0000 X-Received: from CY4PEPF0000E9CE.namprd03.prod.outlook.com (2603:10b6:930:17:cafe::db) by CY5PR17CA0027.outlook.office365.com (2603:10b6:930:17::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:13:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114628+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9CE.mail.protection.outlook.com (10.167.241.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:13:44 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:13:43 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 02/16] MdePkg/Register/Amd: Define the SVSM related information Date: Fri, 26 Jan 2024 16:13:01 -0600 Message-ID: <8c14a9ce8e25bd5e0fed2c6f758be8ee674dd83e.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9CE:EE_|PH8PR12MB7351:EE_ X-MS-Office365-Filtering-Correlation-Id: 0a498237-cd15-4aab-8ae3-08dc1ebc0ff8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: C2LpSpEqACszatfHCjs8w84Jv9kOSwLMBgTBumrL1Y2+fHHU8SpmJMEWkMQTjfza1HSa1Ccah+sPZEo1sPO2L9mHDcHnpfLslDKoTbYuK7KTP+TdQHUVFPkEGW1MCrew4kwNtz3pGc/ZmnTSgUQ2RP78wAAEzBv5cZsRRSBr2fgkucmYEZuqCtKY3LLohaKfg0usT4YhHTKLkuxP+qAyRUC1ymOXPAdtpXxRhblTV3DJmPErzBcJ6OHYq8CXwrPgCdPcIA4W8arv/2vVGAj+JzgPP7s0r0ZpQcltY7Yc4otJW6w5xbodRd4GP93DZcNh+1NBjU3LNMy5YepQXsJ9u+UGDAa+Bpdx9h3ZGv924N+eBIFJuWK+8fjbPVgzO0dY1JK3qXUiNWxSsxyo69uAnsh17agxaJfTtoojnRNm9SH6jWZICIYdRSDuqSCFnBoYb2Cu9bSE85YaYtQYfrYemaSxjI7fs9ATmhF9cbBlpFLsyzVexPLG73J8lgPjmIn25wcO2WnQ9oAkdm5t4seFPCddtaLZjdEGkwPBqgG7aZ+NoFPQ76HEvaUeTFbD0Xuwfb86gcV1wpthANwBY4Q1dkG9kRwQncLQvzvRudtxZYnaLa4WS2JB23EGPJ1clvYk+YUdI80u+epuaVZZYaLCWu0RpoBRHrRGEZ/wSh3tcMUk62Jo7MASSdw3y8YT62M10i9J2KfVPdSV66D6foQEKqZf4Lf8hjQqp8tX4RUsA1pNhUIDJvlT0/ceUYFJ9W4H X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:13:44.9149 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0a498237-cd15-4aab-8ae3-08dc1ebc0ff8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9CE.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7351 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: N2wxnCMKPbR6Mntmuh4pSN4Hx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307231502100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The Secure VM Service Module specification defines the interfaces needed to allow multi-VMPL level execution of an SEV-SNP guest. Define the SVSM related structures for the SVSM Calling Area as well as the SVSM CAA MSR. The SVSM CAA MSR is an MSR register that is reserved for software use and will not be implemented in hardware. Signed-off-by: Tom Lendacky --- MdePkg/Include/Register/Amd/Fam17Msr.h | 19 +++- MdePkg/Include/Register/Amd/Msr.h | 3 +- MdePkg/Include/Register/Amd/Svsm.h | 101 ++++++++++++++++++++ MdePkg/Include/Register/Amd/SvsmMsr.h | 35 +++++++ 4 files changed, 156 insertions(+), 2 deletions(-) diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Regist= er/Amd/Fam17Msr.h index bb4e143e2456..f2d5ccb39dc7 100644 --- a/MdePkg/Include/Register/Amd/Fam17Msr.h +++ b/MdePkg/Include/Register/Amd/Fam17Msr.h @@ -6,7 +6,7 @@ returned is a single 32-bit or 64-bit value, then a data structure is not provided for that MSR. =20 - Copyright (c) 2017, Advanced Micro Devices. All rights reserved.
+ Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<= BR> SPDX-License-Identifier: BSD-2-Clause-Patent =20 @par Specification Reference: @@ -71,9 +71,24 @@ typedef union { UINT32 ErrorCode; } SnpPageStateChangeResponse; =20 + struct { + UINT64 Function : 12; + UINT64 Reserved1 : 20; + UINT64 Vmpl : 8; + UINT64 Reserved2 : 56; + } SnpVmplRequest; + + struct { + UINT32 Function : 12; + UINT32 Reserved : 20; + UINT32 ErrorCode; + } SnpVmplResponse; + VOID *Ghcb; =20 UINT64 GhcbPhysicalAddress; + + UINT64 Uint64; } MSR_SEV_ES_GHCB_REGISTER; =20 #define GHCB_INFO_SEV_INFO 1 @@ -84,6 +99,8 @@ typedef union { #define GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE 19 #define GHCB_INFO_SNP_PAGE_STATE_CHANGE_REQUEST 20 #define GHCB_INFO_SNP_PAGE_STATE_CHANGE_RESPONSE 21 +#define GHCB_INFO_SNP_VMPL_REQUEST 22 +#define GHCB_INFO_SNP_VMPL_RESPONSE 23 #define GHCB_HYPERVISOR_FEATURES_REQUEST 128 #define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 #define GHCB_INFO_TERMINATE_REQUEST 256 diff --git a/MdePkg/Include/Register/Amd/Msr.h b/MdePkg/Include/Register/Am= d/Msr.h index 084eb892cdd9..04a3cbeb4315 100644 --- a/MdePkg/Include/Register/Amd/Msr.h +++ b/MdePkg/Include/Register/Amd/Msr.h @@ -6,7 +6,7 @@ returned is a single 32-bit or 64-bit value, then a data structure is not provided for that MSR. =20 - Copyright (c) 2017 - 2019, Advanced Micro Devices. All rights reserved.<= BR> + Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<= BR> SPDX-License-Identifier: BSD-2-Clause-Patent =20 @par Specification Reference: @@ -19,5 +19,6 @@ =20 #include #include +#include =20 #endif diff --git a/MdePkg/Include/Register/Amd/Svsm.h b/MdePkg/Include/Register/A= md/Svsm.h new file mode 100644 index 000000000000..9a989f803107 --- /dev/null +++ b/MdePkg/Include/Register/Amd/Svsm.h @@ -0,0 +1,101 @@ +/** @file + Secure VM Service Module (SVSM) Definition. + + Provides data types allowing an SEV-SNP guest to interact with the SVSM. + + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + Secure VM Service Module Specification + +**/ + +#ifndef SVSM_H_ +#define SVSM_H_ + +#include +#include +#include + +// +// The SVSM definitions are part of the SNP Secrets Page: +// An SVSM is considered present if the SvsmSize field is non-zero. +// +typedef PACKED struct { + UINT8 Reserved1[320]; + + UINT64 SvsmBase; + UINT64 SvsmSize; + UINT64 SvsmCaa; + UINT32 SvsmMaxVersion; + UINT8 SvsmGuestVmpl; + UINT8 Reserved2[3]; +} SVSM_INFORMATION; + +typedef PACKED struct { + UINT8 SvsmCallPending; + UINT8 SvsmMemAvailable; + UINT8 Reserved1[6]; + + // + // The remainder of the CAA 4KB area can be used for argument + // passing to the SVSM. + // + UINT8 SvsmBuffer[SIZE_4KB - 8]; +} SVSM_CAA; + +#define SVSM_SUCCESS 0x00000000 +#define SVSM_ERR_INCOMPLETE 0x80000000 +#define SVSM_ERR_UNSUPPORTED_PROTOCOL 0x80000001 +#define SVSM_ERR_UNSUPPORTED_CALL 0x80000002 +#define SVSM_ERR_INVALID_ADDRESS 0x80000003 +#define SVSM_ERR_INVALID_FORMAT 0x80000004 +#define SVSM_ERR_INVALID_PARAMETER 0x80000005 +#define SVSM_ERR_INVALID_REQUEST 0x80000006 +#define SVSM_ERR_BUSY 0x80000007 + +#define SVSM_ERR_PVALIDATE_FAIL_INPUT 0x80001001 +#define SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH 0x80001006 +#define SVSM_ERR_PVALIDATE_FAIL_NO_CHANGE 0x80001010 + +typedef PACKED struct { + UINT16 Entries; + UINT16 Next; + + UINT8 Reserved[4]; +} SVSM_PVALIDATE_HEADER; + +typedef union { + struct { + UINT64 PageSize : 2; + UINT64 Action : 1; + UINT64 IgnoreCf : 1; + UINT64 Reserved_2 : 8; + UINT64 Address : 52; + } Bits; + UINT64 Uint64; +} SVSM_PVALIDATE_ENTRY; + +typedef PACKED struct { + SVSM_PVALIDATE_HEADER Header; + SVSM_PVALIDATE_ENTRY Entry[]; +} SVSM_PVALIDATE_REQUEST; + +#define SVSM_PVALIDATE_MAX_ENTRY \ + ((sizeof (((SVSM_CAA *)0)->SvsmBuffer) - sizeof (SVSM_PVALIDATE_HEADER))= / sizeof (SVSM_PVALIDATE_ENTRY)) + +typedef union { + SVSM_PVALIDATE_REQUEST PvalidateRequest; +} SVSM_REQUEST; + +typedef union { + struct { + UINT32 CallId; + UINT32 Protocol; + } Id; + + UINT64 Uint64; +} SVSM_FUNCTION; + +#endif diff --git a/MdePkg/Include/Register/Amd/SvsmMsr.h b/MdePkg/Include/Registe= r/Amd/SvsmMsr.h new file mode 100644 index 000000000000..9e7fca880ba5 --- /dev/null +++ b/MdePkg/Include/Register/Amd/SvsmMsr.h @@ -0,0 +1,35 @@ +/** @file + MSR Definitions. + + Provides defines for Machine Specific Registers(MSR) indexes. Data struc= tures + are provided for MSRs that contain one or more bit fields. If the MSR v= alue + returned is a single 32-bit or 64-bit value, then a data structure is not + provided for that MSR. + + Copyright (c) 2024, Advanced Micro Devices. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef SVSM_MSR_H_ +#define SVSM_MSR_H_ + +/** + Secure VM Service Module CAA register + +**/ +#define MSR_SVSM_CAA 0xc001f000 + +/** + MSR information returned for #MSR_SVSM_CAA +**/ +typedef union { + struct { + UINT32 Lower32Bits; + UINT32 Upper32Bits; + } Bits; + + UINT64 Uint64; +} MSR_SVSM_CAA_REGISTER; + +#endif --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114628): https://edk2.groups.io/g/devel/message/114628 Mute This Topic: https://groups.io/mt/103986439/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114629+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307236788360.86425808440436; Fri, 26 Jan 2024 14:13:56 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=csIepQgrqL+2vPyaOWWli0HJ/KoXUwszQDo/+C22uv0=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307236; v=1; b=RQN0QttPEJ7lN5iiTKqDzA7fssvwdiTQexB1xiUcys3itLLH9wjYtgSIiwLuqqS+6IKwMsmQ uPQ3dq3cHxuBJhzGjIxROlxj816WdWLSvuhdNgocUWTmRsqc6oohTSl8/G6+zbQyM4wwd0iS8on 7YNfSt7EcF/FcmM0y2V+0Oz4= X-Received: by 127.0.0.2 with SMTP id NAD1YY1788612x5SaXIfYLp4; Fri, 26 Jan 2024 14:13:56 -0800 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.60]) by mx.groups.io with SMTP id smtpd.web11.2937.1706307235783362939 for ; Fri, 26 Jan 2024 14:13:55 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J3cVFH/dVKUnemQB+A+hZKx8z3HllbaoNukar5C6vAnCcMO5qqF6Xn4cDoofA5r/pAwTrJT4BsqEMSO2xFn8f0TbQUmK1qdELnSSMkdWkPyOUGhJwrz/YxzMc3qKcxrtBB5eaMrAbMLh7EaWlmul4HntnLFrISoKvxRK82IWv0wXfL9yAj23TNExWj5FEdd5hSI7Y6iXm/Y6l93D2lXOk4sS5HXjo50uQfZ+YdeGZKSaFYSk7+RK7FOrFhAJ3lAvKTMtHxSY9vIV6A4+az1xwRY+tnrNEtazIiXq12M17T57b0wHLjW/bfwRFXLkcm777VbhrQVOQN13JkxmPXPxkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vsUwip5R/THu1l2vEm7Blrc/xu5q/TaivivI++r2C+Q=; b=R9gh6V0MZ/2eORRtEnW8q/IWuojCh3EEpHLG9APxEEtpLpIVPRLy54ioRe+GlY7arVKWLgUD2tGlTA8C78eMbU9PWew4p3cgXwsRdUSU2rAEv4vhvJMsDx44fVKTrIsMLFJ/YORxqaY4EctxIy9gIp+PD9TBgEzFv0gJaiwWKnC5fgCMJFpxKsjrh0lHnBLfeSFub9+5sHi9ehiG6nTaP+lHnT8bYMp0jyYduJ5aV9Mdl+LldU4OwO4bVMHe+Ajv6bJ9mCBDCQwxbB/CEE4WGt7qtIRyihNDghk+9QDXGAIr9gftGqveVHYjQfHv0rqFXONWcwWUjXgy1JVVoUiuwQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from CY5PR13CA0011.namprd13.prod.outlook.com (2603:10b6:930::16) by BL1PR12MB5947.namprd12.prod.outlook.com (2603:10b6:208:39a::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 22:13:52 +0000 X-Received: from CY4PEPF0000E9CD.namprd03.prod.outlook.com (2603:10b6:930:0:cafe::7b) by CY5PR13CA0011.outlook.office365.com (2603:10b6:930::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.15 via Frontend Transport; Fri, 26 Jan 2024 22:13:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114629+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9CD.mail.protection.outlook.com (10.167.241.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:13:52 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:13:50 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 03/16] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Date: Fri, 26 Jan 2024 16:13:02 -0600 Message-ID: <38bd6d829d25b89d416fa0f40eb5cc4487a0290f.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9CD:EE_|BL1PR12MB5947:EE_ X-MS-Office365-Filtering-Correlation-Id: 9ee22e62-10ce-47c2-ffd3-08dc1ebc1463 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: 2Yi9qhNqy16waTeiZg2QorNScUIqT8PXVmm2WJyxrcOM2DWoDbxvykbTRNfyEXEB3fgx2CQNOe8oYqLuSu15oUhGPA713AnqjF2QQ3Cvmfo80LLMH13by38770fsSitV3Iy+QKxKVGXb5eq0xOev6FqRpeK6Mm683PHixsLqbxwwDDz6SEWWi4YlWcLei4KKi2EcFyP62Fba55CvlkgnoRJf2EdtYSqcRZnJOqDw8QMuKzFNMCjh6hKcP1kpy4UKlsVM8HsSuF2z8bbGHilJ9UzYfMeH3uauQmsbTclqGtIbRA5kRkJqoRFqUbcaEROXhRd+M92ITh/qSuC8ifAHu70EPR+px8DqeGG2JwMIMn3OEv2hdDbHLZwf42T//u6V62ugbrXbVDa8aZeTxjEm3OeiUaZ/RvNMY+TUfSSDbH6nYgVhCVkHzF9v3ZqGWtP7iNqd+coPPqZkUKA303pUz8y/38gXobbUcBKY+7kiWtzQHnalOWcUeB0jpRGcQ2NFef/al5QRwg4dqQ+XpFOuZmN8fdxKscOXfU+zIZdn8/CxsVOvQ6SqFXO2ZcLY+jfrOqL8rMht4OEt3Df/CklVQcLGajENw0/k2U6XO43rjU7fxWh+yGcxcvPpEoOYhdiNYiEUb9X17B19m0/9piV2kuj2K3qlaxzCEeMZU4ao1jQjsmGWCBYTx1+VsCHt7dh7Kq0yLhS5jxkMxDLJYt146p6ojJZ/q+7NfGoS2ozZ+Ll3kvSrb87swvxnmLNS1y84xmYheBlqj1pWAgZpKOhrvA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:13:52.3456 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9ee22e62-10ce-47c2-ffd3-08dc1ebc1463 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9CD.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5947 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: wq5o5mj4LajLgzoTt7WKeTaNx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307237518100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The SVSM specification relies on a specific register calling convention to hold the parameters that are associated with the SVSM request. The SVSM is invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest using the GHCB MSR Protocol or a GHCB NAE event. Create a new version of the VMGEXIT instruction that will adhere to this calling convention and load the SVSM function arguments into the proper register before invoking the VMGEXIT instruction. On return, perform the atomic exchange on the SVSM call pending value as specified in the SVSM specification. Signed-off-by: Tom Lendacky --- MdePkg/Library/BaseLib/BaseLib.inf | 2 + MdePkg/Include/Library/BaseLib.h | 39 ++++++++ MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++++++++ MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++++++++++++++++++ 4 files changed, 174 insertions(+) diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/Ba= seLib.inf index 6b46949be332..2b3d9af36706 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -187,6 +187,7 @@ [Sources.Ia32] Ia32/XGetBv.nasm Ia32/XSetBv.nasm Ia32/VmgExit.nasm + Ia32/VmgExitSvsm.nasm =20 Ia32/DivS64x64Remainder.c Ia32/InternalSwitchStack.c | MSFT @@ -328,6 +329,7 @@ [Sources.X64] X64/XGetBv.nasm X64/XSetBv.nasm X64/VmgExit.nasm + X64/VmgExitSvsm.nasm ChkStkGcc.c | GCC =20 [Sources.EBC] diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base= Lib.h index ca0d06c7f335..149519d85233 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -7655,6 +7655,45 @@ AsmVmgExit ( VOID ); =20 +/// +/// The structure used to supply and return data to and from the SVSM. +/// +typedef struct { + VOID *Caa; + UINT64 RaxIn; + UINT64 RcxIn; + UINT64 RdxIn; + UINT64 R8In; + UINT64 R9In; + UINT64 RaxOut; + UINT64 RcxOut; + UINT64 RdxOut; + UINT64 R8Out; + UINT64 R9Out; + UINT8 *CallPending; +} SVSM_CALL_DATA; + +/** + Executes a VMGEXIT instruction (VMMCALL with a REP prefix) with arguments + and return code + + Executes a VMGEXIT instruction placing the specified arguments in the + corresponding registers before invocation. Upon return an XCHG is done to + atomically clear and retrieve the SVSM call pending value. The returned = RAX + register value becomes the function return code. This function is intend= ed + for use with an SVSM. This function is only available on IA-32 and x64. + + @param[in,out] SvsmCallPending Pointer to the location of the SVSM cal= l data + + @return Value of the RAX register on return + +**/ +UINT32 +EFIAPI +AsmVmgExitSvsm ( + IN OUT SVSM_CALL_DATA *SvsmCallData + ); + /** Patch the immediate operand of an IA32 or X64 instruction such that the = byte, word, dword or qword operand is encoded at the end of the instruction's diff --git a/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm b/MdePkg/Library/= BaseLib/Ia32/VmgExitSvsm.nasm new file mode 100644 index 000000000000..14717bd1af02 --- /dev/null +++ b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm @@ -0,0 +1,39 @@ +;-------------------------------------------------------------------------= ----- +; +; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Module Name: +; +; VmgExitSvsm.Asm +; +; Abstract: +; +; AsmVmgExitSvsm function +; +; Notes: +; +;-------------------------------------------------------------------------= ----- + + DEFAULT REL + SECTION .text + +;-------------------------------------------------------------------------= ----- +; UINT32 +; EFIAPI +; AsmVmgExitSvsm ( +; SVSM_CALL_DATA *SvsmCallData +; ); +;-------------------------------------------------------------------------= ----- +global ASM_PFX(AsmVmgExitSvsm) +ASM_PFX(AsmVmgExitSvsm): +; +; NASM doesn't support the vmmcall instruction in 32-bit mode and NASM ver= sions +; before 2.12 cannot translate the 64-bit "rep vmmcall" instruction into e= lf32 +; format. Given that VMGEXIT does not make sense on IA32, provide a stub +; implementation that is identical to CpuBreakpoint(). In practice, +; AsmVmgExitSvsm() should never be called on IA32. +; + int 3 + ret + diff --git a/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm b/MdePkg/Library/B= aseLib/X64/VmgExitSvsm.nasm new file mode 100644 index 000000000000..b8af78890611 --- /dev/null +++ b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm @@ -0,0 +1,94 @@ +;-------------------------------------------------------------------------= ----- +; +; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Module Name: +; +; VmgExitSvsm.Asm +; +; Abstract: +; +; AsmVmgExitSvsm function +; +; Notes: +; +;-------------------------------------------------------------------------= ----- + + DEFAULT REL + SECTION .text + +;-------------------------------------------------------------------------= ----- +; typedef struct { +; VOID *Caa; +; UINT64 RaxIn; +; UINT64 RcxIn; +; UINT64 RdxIn; +; UINT64 R8In; +; UINT64 R9In; +; UINT64 RaxOut; +; UINT64 RcxOut; +; UINT64 RdxOut; +; UINT64 R8Out; +; UINT64 R9Out; +; UINT8 *CallPending; +; } SVSM_CALL_DATA; +; +; UINT32 +; EFIAPI +; AsmVmgExitSvsm ( +; SVSM_CALL_DATA *SvsmCallData +; ); +;-------------------------------------------------------------------------= ----- +global ASM_PFX(AsmVmgExitSvsm) +ASM_PFX(AsmVmgExitSvsm): + push r10 + push r11 + push r12 + +; +; Calling convention has SvsmCallData in RCX. Move RCX to R12 in order to +; properly populate the SVSM register state. +; + mov r12, rcx + + mov rax, [r12 + 8] + mov rcx, [r12 + 16] + mov rdx, [r12 + 24] + mov r8, [r12 + 32] + mov r9, [r12 + 40] + +; +; Set CA call pending +; + mov r10, [r12] + mov byte [r10], 1 + + rep vmmcall + + mov [r12 + 48], rax + mov [r12 + 56], rcx + mov [r12 + 64], rdx + mov [r12 + 72], r8 + mov [r12 + 80], r9 + +; +; Perform the atomic exchange and return the CA call pending value. +; The call pending value is a one-byte field at offset 0 into the CA, +; which is currently the value in R10. +; + + mov r11, [r12 + 88] ; Get CallPending address + mov cl, byte [r11] + xchg byte [r10], cl + mov byte [r11], cl ; Return the exchanged value + + pop r12 + pop r11 + pop r10 + +; +; RAX has the value to be returned from the SVSM +; + ret + --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114629): https://edk2.groups.io/g/devel/message/114629 Mute This Topic: https://groups.io/mt/103986440/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114630+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307248923874.811448277984; Fri, 26 Jan 2024 14:14:08 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=v7wxiP+aj9rlyWSMOhkBimpbrkWd5FQToGajb7U6iKY=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307248; v=1; b=wPQz/Qie17IRj9gg3qZhuG+hT/VzYkeo0B7zTip3u+yAkrZS7uAZSr8W/UaSKZBXuvayv/p1 ObCdu8mU2oORZzn5+LDMrTOI1lkzh5mYbGG3cifWJ9UjTcDkSiWWn4rN0E+THAo5R9Q22h8RB8S SJJgJp0iR8duZnTL5aMPKwo8= X-Received: by 127.0.0.2 with SMTP id KgLqYY1788612xwTaXBMauSo; Fri, 26 Jan 2024 14:14:08 -0800 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.74]) by mx.groups.io with SMTP id smtpd.web11.2946.1706307247935322962 for ; Fri, 26 Jan 2024 14:14:08 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lgHyoy+WFWMJn45N1yflreoI8ElTbEw7Jrhpus+qNOtaAofrNjqN0jGM/QyQUFtSkGahowqpfNg6WqzUIod45yuhOuuzL/WFHgiG2E0N4FywS4nrp4NeaBsxuBoE+yNV/gxyaRIbz1PytLfzyaMApboDqaOl85wow3bLEbMFjnRrLmS9VhWQvZysJjQpKDVvTNJpDDjgVsPVX5lmdheqhAOghgNPgvdd97c+R4LEgcIImeieBu+KgtBI30UY8uFVrCBfEvU9kmg6jWUbNXgBrDo8DNFn+MKdY7kLZy80i2uvG28Rr0iOr55nm9B3LTBlzlJ4isz6RudHtXyp6kxG3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GbmIEjB0m2PtKHvftIjNjsuGOdnIrdtr5VZsgCY+f6k=; b=Whn7VvkJw26LEC220BJfl4cwI9VfnRoxUM0RdoK2DIsXZlV/1FNXJRJvcFBH7yprJvfHN82goWR4YEup04YXqmy3WQr08D5iWdB5dMhbBNQCjA2Q1LeLxxvvi4IvBy+QHc3qEYl1KmuEqwEE3uBSXla0mhDypIfk92kV0fa+Fr6xn79jKMocylCr1vMyF9F9gq5DPgYab4KbGcQLClXZS8/xDG1kQb2k6c//yv0YXdCJH0sXotG4remo/Ctns7rGlTFrofyLWmk8kFVP2ZG6ljJM++9vnINsWGwC7Z+Ttq8uJ9G5un2z7tokwRFyThbyeRfTCkrsEMKQYk1PVgJSkQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from CY5PR04CA0016.namprd04.prod.outlook.com (2603:10b6:930:1e::13) by CH0PR12MB5386.namprd12.prod.outlook.com (2603:10b6:610:d5::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 22:13:59 +0000 X-Received: from CY4PEPF0000E9D2.namprd03.prod.outlook.com (2603:10b6:930:1e:cafe::c8) by CY5PR04CA0016.outlook.office365.com (2603:10b6:930:1e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:13:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114630+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D2.mail.protection.outlook.com (10.167.241.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:13:59 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:13:58 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 04/16] UefiCpuPkg/CcExitLib: Extend the CcExitLib library to support an SVSM Date: Fri, 26 Jan 2024 16:13:03 -0600 Message-ID: <7061a9fb7a184fa0a2354842e834a260398aedc8.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D2:EE_|CH0PR12MB5386:EE_ X-MS-Office365-Filtering-Correlation-Id: a4133abd-3826-4319-53de-08dc1ebc18a4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: 3/IQnUm+wehrlcbjYEqLp6xEPS0qJEPsJAtoJdwPv/3Z4K3H0VsYFAUadtiF+DtFefU+s3daAZ3C5Xx1xGtFNVVSFwdAbvx/g8jXJTGB/pZO5qMXiVH7/BrFWbTyzGJ0ALnWMdp3thPkxHSzUf11243GkzIppqJ7oCNDpfNdw2OGI/B5TVL1Hm2Lgh8yO73lcGz3qV6hMhWI35AD5gP+i3C9AvG6+s4hlbCqHLiBRQNiG/NUTS6ugNkQSRoCCUDqxspzOIkqloaYjb4zoMURsFWtMnUB3MkX/igzmoIZm5fOzlo8qN4o4psYa90zYY3HZxLgv3QnJwUXUz1p+ybjWQFOGO56mcKqVuh1FnhNW5JGdFiZWYlTHbqyctBSD7WoCjIaSm39GpEOGzUUF/A2cPNPERJOqia+eJugThE4Bke2R6bembp97dlsoG8TUhaZynmvmPJSKPD2/otCeen8rEd08/R9LC+IRh2rbueLHJjCk64MfI0hlBCTG9dnYz2203eHl3YgsLSfHCPOn/93eA1Gfn3TpLlcUkVk0RDbFm0dp+5kn0coP5Oc7B60T2MlufKnCP/OlvmP+XXO0SMoQgaA9dTeK6/GmE6JLIOE7qEC8e+fW0sv2zhSWDnN2Jv5gPTqkhtmmrYaIETvNLA3Exr7aYLuZzn+LbqTMKySu9jcNze5UCGf3NQJVsLQwUby4aFk7l8OzHGO9RIrTdokCRMsQS1fsBMvKae2llT+OoQi7GOiE3uNwE4Xs9NwavpBmPaYqOap9TVcLKmhzNstlw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:13:59.4781 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a4133abd-3826-4319-53de-08dc1ebc18a4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D2.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB5386 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: twhmTSlD4Kap7xizCaawAxXAx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307249556100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 In order to support an SEV-SNP guest running under an SVSM at VMPL1 or lower, the CcExitLib library must be extended with new intefaces. This includes an interface to detect if running under an SVSM, an interface to return the current VMPL, an interface to perform memory validation and an interface to set or clear the attribute that allows a page to be used as a VMSA. Signed-off-by: Tom Lendacky --- UefiCpuPkg/Include/Library/CcExitLib.h | 71 ++++++++++++++++- UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c | 82 +++++++++++++++++++- 2 files changed, 151 insertions(+), 2 deletions(-) diff --git a/UefiCpuPkg/Include/Library/CcExitLib.h b/UefiCpuPkg/Include/Li= brary/CcExitLib.h index 3381d583691f..2a9de5d5e8e7 100644 --- a/UefiCpuPkg/Include/Library/CcExitLib.h +++ b/UefiCpuPkg/Include/Library/CcExitLib.h @@ -6,7 +6,7 @@ #VC exceptions. - Handle #VE exception in TDX. =20 - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
+ Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -147,6 +147,75 @@ CcExitHandleVc ( IN OUT EFI_SYSTEM_CONTEXT SystemContext ); =20 +/** + Report the presence of an Secure Virtual Services Module (SVSM). + + Determines the presence of an SVSM. + + @retval TRUE An SVSM is present + @retval FALSE An SVSM is not present + +**/ +BOOLEAN +EFIAPI +CcExitSnpSvsmPresent ( + VOID + ); + +/** + Report the VMPL level at which the SEV-SNP guest is running. + + Determines the VMPL level at which the guest is running. If an SVSM is + not present, then it must be VMPL0, otherwise return what is reported + by the SVSM. + + @return The VMPL level + +**/ +UINT8 +EFIAPI +CcExitSnpGetVmpl ( + VOID + ); + +/** + Perform a PVALIDATE operation for the page ranges specified. + + Validate or rescind the validation of the specified pages. + + @param[in] Info Pointer to a page state change structure + +**/ +VOID +EFIAPI +CcExitSnpPvalidate ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ); + +/** + Perform an RMPADJUST operation to alter the VMSA setting of a page. + + Add or remove the VMSA attribute for a page. + + @param[in] Vmsa Pointer to an SEV-ES save area page + @param[in] ApicId APIC ID associated with the VMSA + @param[in] SetVmsa Boolean indicator as to whether to set or + or clear the VMSA setting for the page + + @retval EFI_SUCCESS RMPADJUST operation successful + @retval EFI_UNSUPPORTED Operation is not supported + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid + parameter was supplied + +**/ +EFI_STATUS +EFIAPI +CcExitSnpVmsaRmpAdjust ( + IN SEV_ES_SAVE_AREA *Vmsa, + IN UINT32 ApicId, + IN BOOLEAN SetVmsa + ); + /** Handle a #VE exception. =20 diff --git a/UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c b/UefiCpuPkg/= Library/CcExitLibNull/CcExitLibNull.c index 230e50705b4a..60b19c0433c7 100644 --- a/UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c +++ b/UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.c @@ -1,7 +1,7 @@ /** @file CcExit Base Support Library. =20 - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
+ Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -165,6 +165,86 @@ CcExitHandleVc ( return EFI_UNSUPPORTED; } =20 +/** + Report the presence of an Secure Virtual Services Module (SVSM). + + Determines the presence of an SVSM. + + @retval TRUE An SVSM is present + @retval FALSE An SVSM is not present + +**/ +BOOLEAN +EFIAPI +CcExitSnpSvsmPresent ( + VOID + ) +{ + return FALSE; +} + +/** + Report the VMPL level at which the SEV-SNP guest is running. + + Determines the VMPL level at which the guest is running. If an SVSM is + not present, then it must be VMPL0, otherwise return what is reported + by the SVSM. + + @return The VMPL level + +**/ +UINT8 +EFIAPI +CcExitSnpGetVmpl ( + VOID + ) +{ + return 0; +} + +/** + Perform a PVALIDATE operation for the page ranges specified. + + Validate or rescind the validation of the specified pages. + + @param[in] Info Pointer to a page state change structure + +**/ +VOID +EFIAPI +CcExitSnpPvalidate ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ +} + +/** + Perform an RMPADJUST operation to alter the VMSA setting of a page. + + Add or remove the VMSA attribute for a page. + + @param[in] Vmsa Pointer to an SEV-ES save area page + @param[in] ApicId APIC ID associated with the VMSA + @param[in] SetVmsa Boolean indicator as to whether to set or + or clear the VMSA setting for the page + + @retval EFI_SUCCESS RMPADJUST operation successful + @retval EFI_UNSUPPORTED Operation is not supported + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid + parameter was supplied + +**/ +EFI_STATUS +EFIAPI +CcExitSnpVmsaRmpAdjust ( + IN SEV_ES_SAVE_AREA *Vmsa, + IN UINT32 ApicId, + IN BOOLEAN SetVmsa + ) +{ + return EFI_UNSUPPORTED; +} + /** Handle a #VE exception. =20 --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114630): https://edk2.groups.io/g/devel/message/114630 Mute This Topic: https://groups.io/mt/103986445/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114631+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307251226557.8642606972577; Fri, 26 Jan 2024 14:14:11 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=1N4ampMuwFV5oQyZ1AQKgRWENsfsyFX1mkgpQZpBIQI=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307250; v=1; b=eGCU+pbVSN0aGDvojFpI/+e/Iq8ywhzA5+OzxgSMTVeC/6xAYcRu5XYEZ9y4lJKLYy/yruQ+ 3sidbtD7tAEy/S1D6B/nPjmZxm5Bfh35iZ9Eqw8ayicidr8vAc6rFsDu8A/2uc+EfK7DGGF5+fw JQsgqs25X8NI1inq9d8j+X3w= X-Received: by 127.0.0.2 with SMTP id 37Y0YY1788612xCZjbLbeoRV; Fri, 26 Jan 2024 14:14:10 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.73]) by mx.groups.io with SMTP id smtpd.web10.2866.1706307250168752703 for ; Fri, 26 Jan 2024 14:14:10 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fuPU51tqtPdYOah9zobYXikP1UyCb6B9PT19bu86flIa2vtjZDwBGGdm18WN1ljPB/tQDwsb5JCOnLkcjv3Jj67LhbUS7ytvkwH8ITQISOHEQ1EIvSA40mkCrzqgoqM0f1APYPYia1LJ5tM9vw4zDfG3Ul+i4BLVW0zu7/8DvHwj11H8GW5JC1nRySZ0YRlPsVikiaMWlP78z4l5lfTAyPE/ckGpy89mftPBQg8eee0NuXkA4N2gKrR+hrDpX25YoLVNDZjjCntDRbuP3CAy63iD4XV70pa1FHmKoMBfNwH6TYRihOZO41/t58fDP2kQNXa59vqX/j3dgBMNp/0Nbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=COLwbD/6jo+4NAeq+AFqmO3ShREq52neo5i21JLhtlY=; b=eja9Sysp8qk9L11SCi/w4XMr6U2JGBgTdFbiumMUjcYaPpMN5YQf+ukiTWp6ivNHOPUN9nelVcj1OqfAJS1BnhetAYZbdJgJtJt7MfJwFBU4qBxlCIQarqjYYvCbhFIaGW4mlZATXP+CpaimdfR6332djqir1VWH5OLKbTc4Kg7bRu8FnKwHE0//V7wZAEwNDQisg+ayDb8T14h0L9MN8tN3Vh1jub0wpy31hQNxG7dxkQR7zVGcXC8xQJ3l+xDBAYOAAGn7qPsx/elCBm25CxQsU/NDTC+rYPQMb3d5RX9qLJP+B8/Q0tYK/k1LNPXLE6ElKO+O2Hr6RCAqbgS1OA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DM6PR02CA0092.namprd02.prod.outlook.com (2603:10b6:5:1f4::33) by BY5PR12MB4147.namprd12.prod.outlook.com (2603:10b6:a03:205::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:14:07 +0000 X-Received: from DS2PEPF0000343A.namprd02.prod.outlook.com (2603:10b6:5:1f4:cafe::76) by DM6PR02CA0092.outlook.office365.com (2603:10b6:5:1f4::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 22:14:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114631+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343A.mail.protection.outlook.com (10.167.18.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:07 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:05 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 05/16] Ovmfpkg/CcExitLib: Extend CcExitLib to handle SVSM related services Date: Fri, 26 Jan 2024 16:13:04 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343A:EE_|BY5PR12MB4147:EE_ X-MS-Office365-Filtering-Correlation-Id: 5dfd3a95-d2cf-4888-2d9e-08dc1ebc1d42 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: G8wYyMaGV9H9P9RxdhoLj4/0MKnqm9TMyChv+7WWxxvcC2uBbHTvWw2GemSQ6OaUO6UaL9R65mtQhwOkT+p61WfxdufzlOA+08nSfMob0denqk1M4Y9VJ/3B3XAvYIua3G2bV+y74i4nd4jbmW7423awY/pr54RA1wnxrcIeWrAVKoFj4r5lZhgRlBUWXS5S02TaNHDVbzXAETkwZRUtbl4YWxkHSW+G0plRMsYAe1XOgg7vl91ilf+oK5fv2s0B8j6q+69CKD4BYANm2rNgeHQHr4R0Uvz6CuENMI9/gTCwRG9u5oc66K60MazD1ApweKH975OS+2XFSQaAjI4AZ64gEd4ybUKOIFF4wxa7+SViEsZ20Bgg7TX1KVuqqlO0auCyk7p5+Apswx0x6nRDNvhmekK8tt5yLuON7bbCFXKEngcAiU09RGUN7opegw4lAvDUK8eDRbKFTC0DS9f40WKfg52uIQ5mLfeBmAbnzgFKkgiFoeP8Kk1KAA9+UQ9wYvAxXAeJCIEsl5U4+oUX9PIl0DU0enASDw2MXzmXBeUzrb0I9s+euzCx+mnvI1nPLoZ2jbSyEERI+2dhdAduwwduYZSaZpEqi4onxxq4tqVkPt4dh0222901TGyoll7umIPBELwzqwi8/vlmju0C7jZOzzKUikMHyKKCo7MCR5iqDQuYs9KLieSKv9emdVUpX8py2y6woSvSVp3kYim6JweHAUHDbmrzMd6xZqsed4cobXD6CYbBCpyn9g9dzvJR X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:07.1766 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5dfd3a95-d2cf-4888-2d9e-08dc1ebc1d42 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4147 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: apitc10nlp7gh5YM8VnhKQdKx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307251548100005 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Add initial support for the new CcExitLib interfaces to the OvmfPkg version of the library. The initial implementation will fully implement the SVSM presence check API and the SVSM VMPL API, with later patches fully implementing the other interfaces. The SVSM presence check, CcExitSnpSvsmPresent(), determines the presence of an SVSM by checking if an SVSM has been advertised in the SEV-SNP Secrets Page. The SVSM VMPL API, CcExitSnpGetVmpl(), returns the VMPL level at which the OVMF is currently running. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/CcExitLib/CcExitLib.inf | 5 +- OvmfPkg/Library/CcExitLib/SecCcExitLib.inf | 5 +- OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 102 ++++++++++++++++++++ 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/CcExitLib/CcExitLib.inf b/OvmfPkg/Library/CcEx= itLib/CcExitLib.inf index bc75cd5f5a04..2e68b12bb4e2 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitLib.inf +++ b/OvmfPkg/Library/CcExitLib/CcExitLib.inf @@ -1,7 +1,7 @@ ## @file # CcExitLib Library. # -# Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved. +# Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights rese= rved.
# Copyright (C) 2020 - 2022, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -23,6 +23,7 @@ [Defines] =20 [Sources.common] CcExitLib.c + CcExitSvsm.c CcExitVcHandler.c CcExitVcHandler.h CcInstruction.c @@ -45,3 +46,5 @@ [LibraryClasses] [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize diff --git a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf b/OvmfPkg/Library/C= cExitLib/SecCcExitLib.inf index 811269dd2c06..7b81900a11d4 100644 --- a/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf +++ b/OvmfPkg/Library/CcExitLib/SecCcExitLib.inf @@ -1,7 +1,7 @@ ## @file # VMGEXIT Support Library. # -# Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved. +# Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights rese= rved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -22,6 +22,7 @@ [Defines] =20 [Sources.common] CcExitLib.c + CcExitSvsm.c CcExitVcHandler.c CcExitVcHandler.h CcInstruction.c @@ -45,5 +46,7 @@ [LibraryClasses] [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.c new file mode 100644 index 000000000000..fb8b762caadc --- /dev/null +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c @@ -0,0 +1,102 @@ +/** @file + SVSM Support Library. + + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include +#include + +/** + Report the presence of an Secure Virtual Services Module (SVSM). + + Determines the presence of an SVSM. + + @retval TRUE An SVSM is present + @retval FALSE An SVSM is not present + +**/ +BOOLEAN +EFIAPI +CcExitSnpSvsmPresent ( + VOID + ) +{ + SVSM_INFORMATION *SvsmInfo; + + SvsmInfo =3D (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase); + + return (SvsmInfo !=3D NULL && SvsmInfo->SvsmSize !=3D 0); +} + +/** + Report the VMPL level at which the SEV-SNP guest is running. + + Determines the VMPL level at which the guest is running. If an SVSM is + not present, then it must be VMPL0, otherwise return what is reported + by the SVSM. + + @return The VMPL level + +**/ +UINT8 +EFIAPI +CcExitSnpGetVmpl ( + VOID + ) +{ + SVSM_INFORMATION *SvsmInfo; + + SvsmInfo =3D (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase); + + return CcExitSnpSvsmPresent () ? SvsmInfo->SvsmGuestVmpl : 0; +} + +/** + Perform a PVALIDATE operation for the page ranges specified. + + Validate or rescind the validation of the specified pages. + + @param[in] Info Pointer to a page state change structure + +**/ +VOID +EFIAPI +CcExitSnpPvalidate ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ +} + +/** + Perform an RMPADJUST operation to alter the VMSA setting of a page. + + Add or remove the VMSA attribute for a page. + + @param[in] Vmsa Pointer to an SEV-ES save area page + @param[in] ApicId APIC ID associated with the VMSA + @param[in] SetVmsa Boolean indicator as to whether to set or + or clear the VMSA setting for the page + + @retval EFI_SUCCESS RMPADJUST operation successful + @retval EFI_UNSUPPORTED Operation is not supported + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid + parameter was supplied + +**/ +EFI_STATUS +EFIAPI +CcExitSnpVmsaRmpAdjust ( + IN SEV_ES_SAVE_AREA *Vmsa, + IN UINT32 ApicId, + IN BOOLEAN SetVmsa + ) +{ + return EFI_UNSUPPORTED; +} --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114631): https://edk2.groups.io/g/devel/message/114631 Mute This Topic: https://groups.io/mt/103986446/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114632+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307259271500.5577170927305; Fri, 26 Jan 2024 14:14:19 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=xMpOEERV7XM9gweJH18h4uNujm4bYVsDhnKcQma4vJA=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307258; v=1; b=TuRVznOX9GReDwb2xLeyed2xOP1GTuB4J/CWSFQKUjB1DbVyNKqeZff/yfYLSuCjS8lEG70u hIJKxGl7DgKmx2KD4i71C7VeAdnRwmzPRO8bGXnbHUk5umCApw19jHxoR/WECVZ9V6hfqPWmZKP rIjBjd5gL/7VAfzwweHm9KRw= X-Received: by 127.0.0.2 with SMTP id 6FiqYY1788612x3maa2pvxIj; Fri, 26 Jan 2024 14:14:18 -0800 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.72]) by mx.groups.io with SMTP id smtpd.web10.2870.1706307258317594380 for ; Fri, 26 Jan 2024 14:14:18 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=neFL+PXx8jrbFYSj3EtVqgYysNOysFsqpC0r+I8S1SQKBtuA+i0laWcsskMhXx5PamT3V0ofAZ2EyEOo/D7kWIqIm1I/jIRGZEhEJqpAhdtxjacZTkuQYB7L9Ubz2QYN1SHIb0ObjpdDbh73Oz+X6SSiOFjuFz/zpRpMwmdAurndj96qenvATuN4j8cMHZ1zpgFSg04vCLUPrrsabpoih7vu7WdbLhDvDlLQ0qKKD70XSJm/MnA6jtzOvMojVRMm4j5/gGwhPoQrQeJYIzAFSah6F44SEVfPPQPfg3qZW/K4u2Mj+VM5tHS7m6OCpb8/6MbOlLbB0/ZIZ8kTKq+xHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fyQQl2uha62nXRRf46wJWgDW1qksZYYJYSpMocc9KjU=; b=Geu7Ck1jf3sIDEzxSQf7qzl851M9FkPPTbWSMIulSxOXwjWtEEijaGwjSShWkvi7AzAWBclw0Ey4sVbNCsIUyvYpMajCGnssmfTCt92li04Zb545m1dVy6V6qvP6ehCUm+6XKkjhaq+XYN3aVn+9lxakV3kgAyiFp6EKDzV3TabgL6rrub46qufBy0ex+Ih2N8jeT9G8EcFdch4QV5Qrj8EFf84KR/jHqfFu0scFs/1uBvDEkrwdbRuwYy/h6L8nvVGsUGCp2YQH65Mly0dHiRslIwJTq+8fWm7sAeEGc43bULv1Xn3J4B9e1uAngSomeQBqwc4CyfwdkLv8hlTyqw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DM6PR02CA0074.namprd02.prod.outlook.com (2603:10b6:5:1f4::15) by SN7PR12MB6689.namprd12.prod.outlook.com (2603:10b6:806:273::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.37; Fri, 26 Jan 2024 22:14:13 +0000 X-Received: from DS2PEPF0000343A.namprd02.prod.outlook.com (2603:10b6:5:1f4:cafe::d) by DM6PR02CA0074.outlook.office365.com (2603:10b6:5:1f4::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26 via Frontend Transport; Fri, 26 Jan 2024 22:14:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114632+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343A.mail.protection.outlook.com (10.167.18.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:13 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:12 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 06/16] OvmfPkg: Create a calling area used to communicate with the SVSM Date: Fri, 26 Jan 2024 16:13:05 -0600 Message-ID: <71953b1d2099718aef44c5ad6ff2d616540a1d25.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343A:EE_|SN7PR12MB6689:EE_ X-MS-Office365-Filtering-Correlation-Id: e5136090-8b45-4d13-b197-08dc1ebc2113 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: i4LVP6n2K6L8uo0LViFuMqrgiUhTLyQHGk2xb0NHMbqmO1q1VPxz2B9pBwGGBITaNl6IVZM9eg2fZj5zyTqhtWpMU4IlS9pQ5sQFy10sMqxUJIlWJ8fVGeWSXxk0nwoZjoBt53Zp3DDu261A9Sfjnxv9IIyie4fi2K6wyJtCLo3eSs2VXS6yHjBlFrkgkuP0XXMkxfjA9D4U72lMZCd9tjUU03+A+MMQ/L9EnW7lz07EcJX/RugX0tDr961sQ68aarBXcBFIOoS6qEeRRmbmu6yz1K/GZQHs4gDaEmrGjSLxYfc4MFtFQP+IW9XwJQQtODPPScqq16dAp6G18mccr2lfcab0RDcDSZpXGLJf/RqI3uc58mVTAEdwnganar2qqyHaLZDloCTmdyvTE7OXCpgzH4nyGRQN5nRaB/A+CyGnaImZVuNnYpR9Aq7eGDM2lJoJGnGzO2RzxoyK8K6L1cd/ZSaGXEwQPqaNFNnAdqPY/5iXkQRHfJQjemUodZSIjwIGurTNdoWtkPQ5jQBeBhQQ0hXMhvF4K9Mad12IaOSlLEfHnRELBV1yeLqyFhB2GAlXGJthFviV6wKpFhs9BwzjLWYuFy3YnL3q4mH6KjXrZ4C6l7rcpvBui/qcLZzIrEjEDFlibvJnygptemwVnegbnMhIsRz9UXKkV6/x8ekP9SCJPArqE18z1Af9I/B2xvF123DnNeYAdKPQJVJHxnkw48BuBtB8DMwt0Pu/fB19OZUveysa1fAjNGWj1gjzfxrpquajdjjo2vM87UXzZg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:13.6454 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e5136090-8b45-4d13-b197-08dc1ebc2113 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB6689 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Rr2jvfY46YPfgc8XNyu8vIP8x1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307261609100003 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 An SVSM requires a calling area page whose address (CAA) is used by the SVSM to communicate and process the SVSM request. Add a pre-defined page area to the OvmfPkg and AmdSev packages and define corresponding PCDs used to communicate the location and size of the area. Keep the AmdSev package in sync with the OvmfPkg and adjust the AmdSev launch and hash area memory locations. Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkg.dec | 4 ++++ OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++--- OvmfPkg/OvmfPkgX64.fdf | 3 +++ OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ OvmfPkg/PlatformPei/AmdSev.c | 13 ++++++++++++- OvmfPkg/ResetVector/ResetVector.nasmb | 6 ++++-- OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm | 9 +++++++++ 8 files changed, 42 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index b44fa039f76c..f208d048ca12 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -334,6 +334,10 @@ [PcdsFixedAtBuild] ## Restrict boot to EFI applications in firmware volumes. gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|FALSE|BOOLEAN|0x6c =20 + ## The base address and size of the initial SVSM Calling Area. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|0|UINT32|0x6e + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize|0|UINT32|0x6f + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 9dd409596780..dafa5ebacbaf 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -68,13 +68,16 @@ [FD.MEMFD] 0x00E000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.Pcd= OvmfCpuidSize =20 -0x00F000|0x000C00 +0x00F000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSecSvsmCaaSize + +0x010000|0x000C00 gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretBase|gUefiOvmfPkgTokenSpaceGu= id.PcdSevLaunchSecretSize =20 -0x00FC00|0x000400 +0x010C00|0x000400 gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid= .PcdQemuHashTableSize =20 -0x010000|0x010000 +0x011000|0x00F000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 0x020000|0x0E0000 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index f47ab1727e4c..f12844f674e7 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -94,6 +94,9 @@ [FD.MEMFD] 0x00E000|0x001000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase|gUefiOvmfPkgTokenSpaceGuid.Pcd= OvmfCpuidSize =20 +0x00F000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase|gUefiOvmfPkgTokenSpaceGui= d.PcdOvmfSecSvsmCaaSize + 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index ad52be306560..6907cc72669e 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -127,6 +127,8 @@ [FixedPcd] gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index a4154ca90c28..0f5f8fec0b77 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -62,5 +62,7 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecSvsmCaaSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSnpSecretsSize diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index e6b602d79a05..af832d3e535e 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -1,7 +1,7 @@ /**@file Initialize Secure Encrypted Virtualization (SEV) support =20 - Copyright (c) 2017 - 2020, Advanced Micro Devices. All rights reserved.<= BR> + Copyright (c) 2017 - 2024, Advanced Micro Devices. All rights reserved.<= BR> =20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -465,5 +465,16 @@ SevInitializeRam ( (UINT64)(UINTN)PcdGet32 (PcdOvmfCpuidSize), EfiReservedMemoryType ); + + // + // The calling area memory needs to be protected until the OS can crea= te + // its own calling area. Mark it as EfiReservedMemoryType so that the + // guest firmware and OS do not use it as a system memory. + // + BuildMemoryAllocationHob ( + (EFI_PHYSICAL_ADDRESS)(UINTN)PcdGet32 (PcdOvmfSecSvsmCaaBase), + (UINT64)(UINTN)PcdGet32 (PcdOvmfSecSvsmCaaSize), + EfiReservedMemoryType + ); } } diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 5832aaa8abf7..503f81eb7025 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -3,7 +3,7 @@ ; This file includes all other code files to assemble the reset vector code ; ; Copyright (c) 2008 - 2013, Intel Corporation. All rights reserved.
-; Copyright (c) 2020, Advanced Micro Devices, Inc. All rights reserved.
+; Copyright (c) 2020 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
; SPDX-License-Identifier: BSD-2-Clause-Patent ; ;-------------------------------------------------------------------------= ----- @@ -64,6 +64,8 @@ %define SEV_SNP_SECRETS_SIZE (FixedPcdGet32 (PcdOvmfSnpSecretsSiz= e)) %define CPUID_BASE (FixedPcdGet32 (PcdOvmfCpuidBase)) %define CPUID_SIZE (FixedPcdGet32 (PcdOvmfCpuidSize)) +%define SVSM_CAA_BASE (FixedPcdGet32 (PcdOvmfSecSvsmCaaBas= e)) +%define SVSM_CAA_SIZE (FixedPcdGet32 (PcdOvmfSecSvsmCaaSiz= e)) %if (FixedPcdGet32 (PcdSevLaunchSecretBase) > 0) ; There's a reserved page for SEV secrets and hashes; the VMM will fill = and ; validate the page, or mark it as a zero page. @@ -84,7 +86,7 @@ ; %define SNP_SEC_MEM_BASE_DESC_2 (GHCB_BASE + 0x1000) %define SNP_SEC_MEM_SIZE_DESC_2 (SEV_SNP_SECRETS_BASE - SNP_SEC_MEM_= BASE_DESC_2) -%define SNP_SEC_MEM_BASE_DESC_3 (CPUID_BASE + CPUID_SIZE + SEV_SNP_K= ERNEL_HASHES_SIZE) +%define SNP_SEC_MEM_BASE_DESC_3 (SVSM_CAA_BASE + SVSM_CAA_SIZE + SEV= _SNP_KERNEL_HASHES_SIZE) %define SNP_SEC_MEM_SIZE_DESC_3 (FixedPcdGet32 (PcdOvmfPeiMemFvBase)= - SNP_SEC_MEM_BASE_DESC_3) =20 %ifdef ARCH_X64 diff --git a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm b/OvmfPkg/ResetVec= tor/X64/OvmfSevMetadata.asm index 8aa77d870123..cb813bdbc5a2 100644 --- a/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm +++ b/OvmfPkg/ResetVector/X64/OvmfSevMetadata.asm @@ -26,6 +26,9 @@ BITS 64 ; %define OVMF_SECTION_TYPE_CPUID 0x3 =20 +; The SVSM Calling Area Address (CAA) +%define OVMF_SECTION_TYPE_SVSM_CAA 0x4 + ; Kernel hashes section for measured direct boot %define OVMF_SECTION_TYPE_KERNEL_HASHES 0x10 =20 @@ -67,6 +70,12 @@ CpuidSec: DD CPUID_SIZE DD OVMF_SECTION_TYPE_CPUID =20 +; SVSM CAA page +SvsmCaa: + DD SVSM_CAA_BASE + DD SVSM_CAA_SIZE + DD OVMF_SECTION_TYPE_SVSM_CAA + %if (SEV_SNP_KERNEL_HASHES_BASE > 0) ; Kernel hashes for measured direct boot, or zero page if ; there are no kernel hashes / SEV secrets --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114632): https://edk2.groups.io/g/devel/message/114632 Mute This Topic: https://groups.io/mt/103986449/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114633+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307266486668.0151441540719; Fri, 26 Jan 2024 14:14:26 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=S7OUNjm1QYk8eLMBxQDjmgTvU9KrzL026Ma/phfrlso=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307266; v=1; b=fJByWBniVvHR+OU/etlgcCrNbrBbdWwgUGfMJtgjt1vOPsrYzi782RKuTGsd4gxpSYnadJqN H3vFOpST/42GXGzEnSoW1lUqPw8rPP4mK1zkWCFLQ5aoHUoZ79w2iAeQ14OajwQ2rfzjITXszru 5qol/VrRT5RoPuBzMGRXMZPo= X-Received: by 127.0.0.2 with SMTP id DENlYY1788612xXnxeh4emcq; Fri, 26 Jan 2024 14:14:26 -0800 X-Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.107.223.83]) by mx.groups.io with SMTP id smtpd.web10.2874.1706307265490579827 for ; Fri, 26 Jan 2024 14:14:25 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R2obC7yeTgXoIq5dIJm+rElzTbznbGzL1p2y9mYealt/8Sz9/IJvcfFu2ncBvGcwJpAKDSpFvT0Uqw9L54WwFw1EfYNEImS7u1Fpbm04KS1liA3ecF3RRxMXjkgn1evPDBvhADxpz9Tj0plg6izgcDtdumPCI/sZTsqI81L/mUAM5z9Ts4AZwldWpU9pe5+C0yLktk77WeYbyOTS043KcJ/NiDBqCeDRADpveLdVmPunL16QjRjf7Jexh1E/24P0I2BIR5BkKYNM1HgChweILXF8wJciUh/4KIrP1xFJNnDypsUezxPqFnWTY9xPJT7E6p7yQEgL/siyOqaxolryrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DqPx6ZSC04otMvvPX67Iuftyh37GPt0u0NFQX+AHE0w=; b=eXsl/sVhTmLA1lvK59V9XSn+7HdU30qntpltlzc59pJEFXJB8HO5IMCX759b36hxAvpaAfLbHmN1O22oBk55Z9gg2P91XZZQ1+CWiRbzC0fCp+J4/qaWXbcI3iHwCgshH6j3imBxE8s336jLZ59fABDUDT6dUAt1q5J/mvtr151LOFxUZmUEGrSiFZcgHJFubVAiz9FEXGM9bVIbjS8OkLMxuc8F9H05nq6ibDEyxh0aphnYMshOaoOdSUKCk36HiJXTY0wvOvPpL83fLkBlTEmFPbvv9hg6E1yAvPQ7P+8VAUz0Y8HeLxDRlyAiW1d9YmjcR1ShQvEwivQ7UNBeGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DM6PR03CA0088.namprd03.prod.outlook.com (2603:10b6:5:333::21) by CH2PR12MB4119.namprd12.prod.outlook.com (2603:10b6:610:aa::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:14:21 +0000 X-Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:5:333:cafe::6) by DM6PR03CA0088.outlook.office365.com (2603:10b6:5:333::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:14:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114633+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:20 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:19 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 07/16] OvmfPkg/CcExitLib: Add support for the SVSM_CORE_PVALIDATE call Date: Fri, 26 Jan 2024 16:13:06 -0600 Message-ID: <7bd1171077a547173d35f95a89387d13abdc8301.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|CH2PR12MB4119:EE_ X-MS-Office365-Filtering-Correlation-Id: 7813e664-0b06-4eba-2da6-08dc1ebc2550 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: baVsMnvkrpEIY1O/uOcjUlMmMkAssn/8GfAqvFa+VxPO+1T+TcRy88hEoBDbOxYC21cdGzBXsepnrHx455ruR5OjlnfhoRSxUt6893jjLfkpRJOpBfoQ3lQ1T/ihd6y/cGeawF7mgB+gN8InlxljsTxYwV1swCFlxn2qPnb+GXkZ4mu6mJQriZfMTB7w6dtMNmTaqp6GTj+oAzxX6KD3Z94yT2jzS0wRqVwsXE0179Cn+i3kr8zmVLG1Cay9BXDtQlz+o4vP3IGKlDIAjibg4FU7gfs39xmjaNJ83PNPhxVgxVp7aiJUf7K1ZDABgdyRQqS7oJhIOsAw1dClTid3QwX/MOWjkfHT5j7VAd7tN9epVC5BXOyctH16SliKkuHpufzA0WqJxiuEqRO2dRnVbbR23/sz0bFkj2M2dCXlVKX7jF8C6TblO88tX1dwZDwLN+CNX4XqPh517zszNiTM4GuUmuNuY7pTkoAluRY9O7FenvUq4ggYVmy1OVtJtJXbjmXgFeMOm5grBLOVKK++nqmKYreXon6xI1PH84Of/064PkrfEVWHTCnXw93FG0mf12XfFzP0mu9zlH5LKCbrAcx8cZWut+vSmVgk0UAiibDvmqh5PxNOQjD0DpyE3hLYWIcJ5dZXBXSUR0CvEQj1I7t1sYdcNJkpyLwjW9kPAyF9UNrkkWZihNVeJ9vu7A3aSICZfI8ucnpRF8FqSWXbZPbH1WZW/OMfhl2RJl1Z9pv7vASgTt9T91J0vHo10H8DO++VFOKO67tIGVpCPCtWQQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:20.7683 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7813e664-0b06-4eba-2da6-08dc1ebc2550 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4119 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Zf7PIGd1zKnjWbaCvNAP8fYzx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307267619100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The PVALIDATE instruction can only be performed at VMPL0. An SVSM will be present when running at VMPL1 or higher. When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform memory validation instead of issuing the PVALIDATE instruction directly. This moves the current PVALIDATE functionality into the CcExitLib library, where it can be determined whether an SVSM is present and perform the proper operation. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 8= 2 +----- OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 31= 1 ++++++++++++++++++++ 2 files changed, 321 insertions(+), 72 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern= al.c index f8bbe4d6f46b..60d47ce090fe 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c @@ -17,11 +17,10 @@ =20 #include #include +#include =20 #include "SnpPageStateChange.h" =20 -#define PAGES_PER_LARGE_ENTRY 512 - STATIC UINTN MemoryStateToGhcbOp ( @@ -63,73 +62,6 @@ SnpPageStateFailureTerminate ( CpuDeadLoop (); } =20 -/** - This function issues the PVALIDATE instruction to validate or invalidate = the memory - range specified. If PVALIDATE returns size mismatch then it retry validat= ing with - smaller page size. - - */ -STATIC -VOID -PvalidateRange ( - IN SNP_PAGE_STATE_CHANGE_INFO *Info - ) -{ - UINTN RmpPageSize; - UINTN StartIndex; - UINTN EndIndex; - UINTN Index; - UINTN Ret; - EFI_PHYSICAL_ADDRESS Address; - BOOLEAN Validate; - - StartIndex =3D Info->Header.CurrentEntry; - EndIndex =3D Info->Header.EndEntry; - - for ( ; StartIndex <=3D EndIndex; StartIndex++) { - // - // Get the address and the page size from the Info. - // - Address =3D ((EFI_PHYSICAL_ADDRESS)Info->Entry[StartIndex].GuestFr= ameNumber) << EFI_PAGE_SHIFT; - RmpPageSize =3D Info->Entry[StartIndex].PageSize; - Validate =3D Info->Entry[StartIndex].Operation =3D=3D SNP_PAGE_STAT= E_PRIVATE; - - Ret =3D AsmPvalidate (RmpPageSize, Validate, Address); - - // - // If we fail to validate due to size mismatch then try with the - // smaller page size. This senario will occur if the backing page in - // the RMP entry is 4K and we are validating it as a 2MB. - // - if ((Ret =3D=3D PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize =3D=3D Pv= alidatePageSize2MB)) { - for (Index =3D 0; Index < PAGES_PER_LARGE_ENTRY; Index++) { - Ret =3D AsmPvalidate (PvalidatePageSize4K, Validate, Address); - if (Ret) { - break; - } - - Address =3D Address + EFI_PAGE_SIZE; - } - } - - // - // If validation failed then do not continue. - // - if (Ret) { - DEBUG (( - DEBUG_ERROR, - "%a:%a: Failed to %a address 0x%Lx Error code %d\n", - gEfiCallerBaseName, - __func__, - Validate ? "Validate" : "Invalidate", - Address, - Ret - )); - SnpPageStateFailureTerminate (); - } - } -} - STATIC EFI_PHYSICAL_ADDRESS BuildPageStateBuffer ( @@ -145,6 +77,7 @@ BuildPageStateBuffer ( UINTN Index; UINTN IndexMax; UINTN PscIndexMax; + UINTN SvsmIndexMax; UINTN RmpPageSize; =20 // Clear the page state structure @@ -159,11 +92,16 @@ BuildPageStateBuffer ( // exiting from the guest to the hypervisor. Maximize the number of entr= ies // that can be processed per exit. // - PscIndexMax =3D (IndexMax / SNP_PAGE_STATE_MAX_ENTRY) * SNP_PAGE_STATE_M= AX_ENTRY; + PscIndexMax =3D (IndexMax / SNP_PAGE_STATE_MAX_ENTRY) * SNP_PAGE_STATE_= MAX_ENTRY; + SvsmIndexMax =3D (IndexMax / SVSM_PVALIDATE_MAX_ENTRY) * SVSM_PVALIDATE_= MAX_ENTRY; if (PscIndexMax > 0) { IndexMax =3D MIN (IndexMax, PscIndexMax); } =20 + if (SvsmIndexMax > 0) { + IndexMax =3D MIN (IndexMax, SvsmIndexMax); + } + // // Populate the page state entry structure // @@ -328,7 +266,7 @@ InternalSetPageState ( // invalidate the pages before making the page shared in the RMP table. // if (State =3D=3D SevSnpPageShared) { - PvalidateRange (Info); + CcExitSnpPvalidate (Info); } =20 // @@ -341,7 +279,7 @@ InternalSetPageState ( // validate the pages after it has been added in the RMP table. // if (State =3D=3D SevSnpPagePrivate) { - PvalidateRange (Info); + CcExitSnpPvalidate (Info); } } } diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.c index fb8b762caadc..43e0a357efa5 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c @@ -13,6 +13,312 @@ #include #include =20 +#define PAGES_PER_2MB_ENTRY 512 + +/** + Terminate the guest using the GHCB MSR protocol. + + Uses the GHCB MSR protocol to request that the guest be termiated. + +**/ +STATIC +VOID +SvsmTerminate ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + + // + // Use the GHCB MSR Protocol to request termination by the hypervisor + // + Msr.Uint64 =3D 0; + Msr.GhcbTerminate.Function =3D GHCB_INFO_TERMINATE_REQUEST; + Msr.GhcbTerminate.ReasonCodeSet =3D GHCB_TERMINATE_GHCB; + Msr.GhcbTerminate.ReasonCode =3D GHCB_TERMINATE_GHCB_GENERAL; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64); + + AsmVmgExit (); + + ASSERT (FALSE); + CpuDeadLoop (); +} + +/** + Return the address of SVSM Call Area (CAA). + + Determines the address of the SVSM CAA. + + @return The address of the SVSM CAA + +**/ +STATIC +SVSM_CAA * +SvsmGetCaa ( + VOID + ) +{ + SVSM_INFORMATION *SvsmInfo; + + SvsmInfo =3D (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase); + + return CcExitSnpSvsmPresent () ? (SVSM_CAA *)SvsmInfo->SvsmCaa : NULL; +} + +/** + Issue an SVSM request. + + Invokes the SVSM to process a request on behalf of the guest. + + @param[in,out] SvsmCallData Pointer to the SVSM call data + + @return Contents of RAX upon return from VMGEXIT +**/ +STATIC +UINTN +SvsmMsrProtocol ( + IN OUT SVSM_CALL_DATA *SvsmCallData + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + UINT64 CurrentMsr; + UINT8 Pending; + BOOLEAN InterruptState; + UINTN Ret; + + do { + // + // Be sure that an interrupt can't cause a #VC while the GHCB MSR prot= ocol + // is being used (#VC handler will ASSERT if lower 12-bits are not zer= o). + // + InterruptState =3D GetInterruptState (); + if (InterruptState) { + DisableInterrupts (); + } + + Pending =3D 0; + SvsmCallData->CallPending =3D &Pending; + + CurrentMsr =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + Msr.Uint64 =3D 0; + Msr.SnpVmplRequest.Function =3D GHCB_INFO_SNP_VMPL_REQUEST; + Msr.SnpVmplRequest.Vmpl =3D 0; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64); + + // + // Guest memory is used for the guest-SVSM communication, so fence the + // invocation of the VMGEXIT instruction to ensure VMSA accesses are + // synchronized properly. + // + MemoryFence (); + Ret =3D AsmVmgExitSvsm (SvsmCallData); + MemoryFence (); + + Msr.Uint64 =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr); + + if (InterruptState) { + EnableInterrupts (); + } + + if (Pending !=3D 0) { + SvsmTerminate (); + } + + if ((Msr.SnpVmplResponse.Function !=3D GHCB_INFO_SNP_VMPL_RESPONSE) || + (Msr.SnpVmplResponse.ErrorCode !=3D 0)) + { + SvsmTerminate (); + } + } while (Ret =3D=3D SVSM_ERR_INCOMPLETE || Ret =3D=3D SVSM_ERR_BUSY); + + return Ret; +} + +/** + Issue an SVSM request to perform the PVALIDATE instruction. + + Invokes the SVSM to process the PVALIDATE instruction on behalf of the + guest to validate or invalidate the memory range specified. + + @param[in] Info Pointer to a page state change structure + +**/ +STATIC +VOID +SvsmPvalidate ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ + SVSM_CALL_DATA SvsmCallData; + SVSM_CAA *Caa; + SVSM_PVALIDATE_REQUEST *Request; + SVSM_FUNCTION Function; + BOOLEAN Validate; + UINTN Entry; + UINTN EntryLimit; + UINTN Index; + UINTN EndIndex; + UINT64 Gfn; + UINT64 GfnEnd; + UINTN Ret; + + Caa =3D SvsmGetCaa (); + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + + Function.Id.Protocol =3D 0; + Function.Id.CallId =3D 1; + + Request =3D (SVSM_PVALIDATE_REQUEST *)Caa->SvsmBuffer; + EntryLimit =3D ((sizeof (Caa->SvsmBuffer) - sizeof (*Request)) / + sizeof (Request->Entry[0])) - 1; + + SvsmCallData.Caa =3D Caa; + SvsmCallData.RaxIn =3D Function.Uint64; + SvsmCallData.RcxIn =3D (UINT64)(UINTN)Request; + + Entry =3D 0; + Index =3D Info->Header.CurrentEntry; + EndIndex =3D Info->Header.EndEntry; + + while (Index <=3D EndIndex) { + Validate =3D Info->Entry[Index].Operation =3D=3D SNP_PAGE_STATE_PRIVAT= E; + + Request->Header.Entries++; + Request->Entry[Entry].Bits.PageSize =3D Info->Entry[Index].PageSize; + Request->Entry[Entry].Bits.Action =3D (Validate =3D=3D TRUE) ? 1 : 0; + Request->Entry[Entry].Bits.IgnoreCf =3D 0; + Request->Entry[Entry].Bits.Address =3D Info->Entry[Index].GuestFrameN= umber; + + Entry++; + if ((Entry > EntryLimit) || (Index =3D=3D EndIndex)) { + Ret =3D SvsmMsrProtocol (&SvsmCallData); + if ((Ret =3D=3D SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH) && + (Request->Entry[Request->Header.Next].Bits.PageSize !=3D 0)) + { + // Calculate the Index of the entry after the entry that failed + // before clearing the buffer so that processing can continue + // from that point + Index =3D Index - (Entry - Request->Header.Next) + 2; + + // Obtain the failing GFN before clearing the buffer + Gfn =3D Request->Entry[Request->Header.Next].Bits.Address; + + // Clear the buffer in prep for creating all new entries + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + Entry =3D 0; + + GfnEnd =3D Gfn + 511; + for ( ; Gfn <=3D GfnEnd; Gfn++) { + Request->Header.Entries++; + Request->Entry[Entry].Bits.PageSize =3D 0; + Request->Entry[Entry].Bits.Action =3D (Validate =3D=3D TRUE) ?= 1 : 0; + Request->Entry[Entry].Bits.IgnoreCf =3D 0; + Request->Entry[Entry].Bits.Address =3D Gfn; + + Entry++; + if ((Entry > EntryLimit) || (Gfn =3D=3D GfnEnd)) { + Ret =3D SvsmMsrProtocol (&SvsmCallData); + if (Ret !=3D 0) { + SvsmTerminate (); + } + + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + Entry =3D 0; + } + } + + continue; + } + + if (Ret !=3D 0) { + SvsmTerminate (); + } + + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + Entry =3D 0; + } + + Index++; + } +} + +/** + Perform the PVALIDATE instruction. + + Performs the PVALIDATE instruction to validate or invalidate the memory + range specified. + + @param[in] Info Pointer to a page state change structure + +**/ +STATIC +VOID +BasePvalidate ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ + UINTN Index; + UINTN EndIndex; + UINTN Address; + UINTN RmpPageSize; + BOOLEAN Validate; + UINTN Ret; + + Index =3D Info->Header.CurrentEntry; + EndIndex =3D Info->Header.EndEntry; + while (Index <=3D EndIndex) { + // + // Get the address and the page size from the Info. + // + Address =3D Info->Entry[Index].GuestFrameNumber << EFI_PAGE_SHIFT; + RmpPageSize =3D Info->Entry[Index].PageSize; + Validate =3D Info->Entry[Index].Operation =3D=3D SNP_PAGE_STATE_PRI= VATE; + + Ret =3D AsmPvalidate (RmpPageSize, Validate, Address); + + // + // If PVALIDATE of a 2M page fails due to a size mismatch, then retry + // the full 2M range using a page size of 4K. This can occur if RMP en= try + // has a page size of 4K. + // + if ((Ret =3D=3D PVALIDATE_RET_SIZE_MISMATCH) && (RmpPageSize =3D=3D Pv= alidatePageSize2MB)) { + UINTN EndAddress; + + EndAddress =3D Address + (PAGES_PER_2MB_ENTRY * SIZE_4KB); + while (Address < EndAddress) { + Ret =3D AsmPvalidate (PvalidatePageSize4K, Validate, Address); + if (Ret) { + break; + } + + Address +=3D SIZE_4KB; + } + } + + // + // If validation failed then do not continue. + // + if (Ret) { + DEBUG (( + DEBUG_ERROR, + "%a:%a: Failed to %a address 0x%Lx Error code %d\n", + gEfiCallerBaseName, + __func__, + Validate ? "Validate" : "Invalidate", + Address, + Ret + )); + + SvsmTerminate (); + } + + Index++; + } +} + /** Report the presence of an Secure Virtual Services Module (SVSM). =20 @@ -72,6 +378,11 @@ CcExitSnpPvalidate ( IN SNP_PAGE_STATE_CHANGE_INFO *Info ) { + if (CcExitSnpSvsmPresent ()) { + SvsmPvalidate (Info); + } else { + BasePvalidate (Info); + } } =20 /** --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114633): https://edk2.groups.io/g/devel/message/114633 Mute This Topic: https://groups.io/mt/103986455/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114634+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307272391329.9072635829077; Fri, 26 Jan 2024 14:14:32 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=PiH1fwuvv17lYdIKpPfngxNRg+xN78wxrBx1FE0rHMc=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307272; v=1; b=tsaBlLuIsxrCZpyIb8xSYTnSV6nsC/s0H/2t0Rdn+kdYMW93G8cBOAXeuqvU09igzBgvSKqR 4tWmYw16lssYKTvnq0IiojvSaZQOqc3BBE1tCj1bVVqciJtDKN2w4FGxjm781JZsakPA8jt6WBr Tw18ZqIJh/0Pk/aJbm5qcJbo= X-Received: by 127.0.0.2 with SMTP id FtbcYY1788612xFaekvacPzO; Fri, 26 Jan 2024 14:14:32 -0800 X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.76]) by mx.groups.io with SMTP id smtpd.web11.2956.1706307271506538355 for ; Fri, 26 Jan 2024 14:14:31 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WIwo7fF3CqiXnkBpa0XUlZOXmHVzut28/TRhbiXKhfYresa77ziKf4pRarZoHzzcmdJHb+hFle65+v5w0vXv6NuJr1UGqS6Pnr05oVvYmaxE/CSt+0Unogx4mphxtHW11KMl7p9KnnkCN0g8QgEyBvrVKeoYA/iCCmmPJjCo1on33FDogL5KUjIO27tXjPCefov48w2BWn2uUtxNaGgNW89zNrx85DyC7Nh5hI10T3hzlx7X+Ies4Pd7XhVyl9w1yssqpsfS00mJ2jzF+BxviTvpTZ5JGrwvrS93yedRXis69GK44ZU0TEzEzAwT5xFKTKp2AnOvZXDYzdiC/w4mEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WYK3eWeyguHoRWaA6t+oz/HB+disaWtqolnVbmziYto=; b=MuHCbMtXAnOzxd+lXGABum/v6rX4R12v2AwoR7l9arDWYn0ivAYdVuFlq+A48NSMzh5YydGZEakhBn+5LLqf9zoBEyTrlw4tTpAywKO2xmpCBDbldo/hXg8r/AQrWRT/tn3du2tMmv0q/kZAZSRof2cDM3jylNDpX2GG16laApA7bpYXgZoPGJf84SBpgx8KVkTyV2SKvd7DyCmd00xrCZ5yHRclH+N3HBVK6XUVYBJeOCSJ/c8OmMuEoZRXKrb9AaCzggrSuMqmREINcRseLmDqUN9NjEUbvpkxNa9676mLXo41vtShRm/3VfhvGtHPyaoBJ1gvItGEAT4q0iyUrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DS7PR05CA0094.namprd05.prod.outlook.com (2603:10b6:8:56::11) by IA1PR12MB6259.namprd12.prod.outlook.com (2603:10b6:208:3e5::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 22:14:29 +0000 X-Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:8:56:cafe::3) by DS7PR05CA0094.outlook.office365.com (2603:10b6:8:56::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.14 via Frontend Transport; Fri, 26 Jan 2024 22:14:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114634+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:28 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:26 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 08/16] OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls Date: Fri, 26 Jan 2024 16:13:07 -0600 Message-ID: <331f753e22aa83caec3be1f3bc2168e3646e4dad.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|IA1PR12MB6259:EE_ X-MS-Office365-Filtering-Correlation-Id: ec5c5376-8e21-4afb-3a4c-08dc1ebc2a1e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: 6OcgUpjkr/zTQntPYVnG1TfZ/+BDBFbIfKOS9IFRZ+yO6HA/uq6KAW0MVkKjulAstvGDvLaYogzhMriE+50/l1FUFQhOlpTT0GqekgqRYa+YuYz5SMDlcBt4D40lzpkfhHZbYJwYg6EQGY1AFv8hrOmOxiei33cF3Y4fhkxnKEJs3JTNvJD1Q4ainnEloZ6ZbaO1VdQbAjzDstMZpz6jqlw9HuaRP/dJ94on1Ds/am/2g4YsNK3iWSWg/YFKx8rk+UdKrvoq9yWzUyuujabtaRdRinY26tvaJQI5uXK+FSLFdmfxLNxef7shtfSSx/RprT8tAPrWDCjxe6PqTfmIdqdtWE+f14JwcnLlTjz4dXNc+txZ97nIIGA9V/oCGAeZjLa9AZbft0cGNbkHKrB9CyanF43rte3C1R8NgvCpxsz+vl5t+G8746HN7VToTzcts7G3oIqbcvkE7gvqzeN/4f9KbQau0Fi5g5XmdSXzYN3Ae4mKlctTebaOzZIPqMwDXb+LV88YwbCI6XBb+3z/DrJCE9hICGHIgu4dJ3vVNN6C9UdHlANDOW17Dn2vNRNTRhc+dsTn3dKqYyk3y0gDC1zkCfII4IiukZuDTGbNR9kwd2t132SP7QpURWxIpfy/aIMlq/yeiRjbtM3euGlcVENkZiGN4xY2Yn/23tO/TfQPJM3WD771ckq3YeIIbIX//a8JBllhNkNcrLDodSpV3icXOPN7pO0eoBjEUtSmG7CxHCtbXhgJETwyN7hq3D7dVKOB/rjsCAtdYUU/taPDCg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:28.8296 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ec5c5376-8e21-4afb-3a4c-08dc1ebc2a1e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6259 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: oJHLUgP7aTdMeVSYVIN1GTECx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307274120100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The RMPADJUST instruction is used to alter the VMSA attribute of a page, but the VMSA attribute can only be changed when running at VMPL0. When an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU calls to add or remove the VMSA attribute on a page instead of issuing the RMPADJUST instruction directly. Implement the CcExitSnpVmsaRmpAdjust() API to perform the proper operation to update the VMSA attribute. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 100 +++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.c index 43e0a357efa5..3459338b2033 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c @@ -137,6 +137,103 @@ SvsmMsrProtocol ( return Ret; } =20 +/** + Perform an RMPADJUST operation to alter the VMSA setting of a page. + + Add or remove the VMSA attribute for a page. + + @param[in] Vmsa Pointer to an SEV-ES save area page + @param[in] ApicId APIC ID associated with the VMSA + @param[in] SetVmsa Boolean indicator as to whether to set or + or clear the VMSA setting for the page + + @retval EFI_SUCCESS RMPADJUST operation successful + @retval EFI_UNSUPPORTED Operation is not supported + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid + parameter was supplied + +**/ +EFI_STATUS +EFIAPI +SvsmVmsaRmpAdjust ( + IN SEV_ES_SAVE_AREA *Vmsa, + IN UINT32 ApicId, + IN BOOLEAN SetVmsa + ) +{ + SVSM_CALL_DATA SvsmCallData; + SVSM_FUNCTION Function; + UINTN Ret; + + SvsmCallData.Caa =3D SvsmGetCaa (); + + Function.Id.Protocol =3D 0; + + if (SetVmsa) { + Function.Id.CallId =3D 2; + + SvsmCallData.RaxIn =3D Function.Uint64; + SvsmCallData.RcxIn =3D (UINT64)(UINTN)Vmsa; + SvsmCallData.RdxIn =3D (UINT64)(UINTN)Vmsa + SIZE_4KB; + SvsmCallData.R8In =3D ApicId; + } else { + Function.Id.CallId =3D 3; + + SvsmCallData.RaxIn =3D Function.Uint64; + SvsmCallData.RcxIn =3D (UINT64)(UINTN)Vmsa; + } + + Ret =3D SvsmMsrProtocol (&SvsmCallData); + + return (Ret =3D=3D 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER; +} + +/** + Perform an RMPADJUST operation to alter the VMSA setting of a page. + + Add or remove the VMSA attribute for a page. + + @param[in] Vmsa Pointer to an SEV-ES save area page + @param[in] ApicId APIC ID associated with the VMSA + @param[in] SetVmsa Boolean indicator as to whether to set or + or clear the VMSA setting for the page + + @retval EFI_SUCCESS RMPADJUST operation successful + @retval EFI_UNSUPPORTED Operation is not supported + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid + parameter was supplied + +**/ +EFI_STATUS +EFIAPI +BaseVmsaRmpAdjust ( + IN SEV_ES_SAVE_AREA *Vmsa, + IN UINT32 ApicId, + IN BOOLEAN SetVmsa + ) +{ + UINT64 Rdx; + UINT32 Ret; + + // + // The RMPADJUST instruction is used to set or clear the VMSA bit for a + // page. The VMSA change is only made when running at VMPL0 and is ignor= ed + // otherwise. If too low a target VMPL is specified, the instruction can + // succeed without changing the VMSA bit when not running at VMPL0. Usin= g a + // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error= if + // not running at VMPL0, thus ensuring that the VMSA bit is set appropri= ately + // when no error is returned. + // + Rdx =3D 1; + if (SetVmsa) { + Rdx |=3D RMPADJUST_VMSA_PAGE_BIT; + } + + Ret =3D AsmRmpAdjust ((UINT64)(UINTN)Vmsa, 0, Rdx); + + return (Ret =3D=3D 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER; +} + /** Issue an SVSM request to perform the PVALIDATE instruction. =20 @@ -409,5 +506,6 @@ CcExitSnpVmsaRmpAdjust ( IN BOOLEAN SetVmsa ) { - return EFI_UNSUPPORTED; + return CcExitSnpSvsmPresent () ? SvsmVmsaRmpAdjust (Vmsa, ApicId, SetVms= a) + : BaseVmsaRmpAdjust (Vmsa, ApicId, SetVms= a); } --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114634): https://edk2.groups.io/g/devel/message/114634 Mute This Topic: https://groups.io/mt/103986458/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114635+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307280630296.6183133877032; Fri, 26 Jan 2024 14:14:40 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=ftEdzMOpgmEOoU3ZqHW90HDHkbhBMqvQxOjZ2LyR4vU=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307280; v=1; b=VgDBJ+gf8axJh1gconf8Jkw42CxEOOzs0A/HboeP64ya9ERw31r35C+NtSER7mQM72OZzKlO mtOCSH/DsaT/abVIPuS8iRQbudsBYOV0eLi0XmAE3jfvQB4eZlpSizd8m5WgbuPRPF+DbbJd72b KP1FNBY2w0uFF/vrM6yczZeg= X-Received: by 127.0.0.2 with SMTP id 3tO9YY1788612xF0wIUbhf4e; Fri, 26 Jan 2024 14:14:40 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.40]) by mx.groups.io with SMTP id smtpd.web10.2881.1706307279641462010 for ; Fri, 26 Jan 2024 14:14:39 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nYSsHbHAlxUK38xCcg10i2pjmMJ1vBQ6O2anGggeUfwgjguU/HTT+cDt5Bo/WlKathduXo3br7ElQnffNuxLWLuHOY7h0a79RGVDVdfxXMIyi160dZ/1XOpl5j/HCNSKa2kZYFS2T0uA1e4y7ta56rmdrTY0PVz12PZkI4x0sr7NaZVgBRE7UH70n5XTPQpVZXqSRNErZCDIoK7iuy8SyLLkLqclKLg+CwpCZY7z/BPnsNv5d0pw9IpAJUfw9q5Z4mPm7WntoN3yIvbmGqD3vXjgRPWSGq/mHabSCnBntoY5cjjlgi/jPVHjgUfrwTUSC/itSJAlZ/EXBwYSdUYg+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e6vLdhtbp+kpUeZaUOk+R+XT63V/WJ3g+UKmRLjmLCE=; b=fDMvaUXoy1DChMRaBeBT4cTNaFus+J1H8i1wPai1hgfsuDfQfQM+VYU5wp/K2wN+qZLUVYgcmMaPFI5pol4MBAMEcAL64Ni6z+bd+DHF3wQaPy46Aivr0M806WAfrC8/vyxA/1cO6BEd00JTNFM53zxxlV6kRmkOYF5coAsD9ZmJvTp3R2CSzptKp/WVRYCk0VOXcIzdv0n1ECmV/G+UTBCYZDUyiXOG7Vvr0Yy0CYenpIOl+aOVrbJr9UYJDdTghPqavdnq3K2JhWfyN76GMgD2D9c6UiIETODwWXfKlUX4usB8aFzJ/EnfOuZdzhZSKLyHRkpZhqpC++JjHsuRCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from SJ0PR03CA0034.namprd03.prod.outlook.com (2603:10b6:a03:33e::9) by LV3PR12MB9167.namprd12.prod.outlook.com (2603:10b6:408:196::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7181.23; Fri, 26 Jan 2024 22:14:37 +0000 X-Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:a03:33e:cafe::b6) by SJ0PR03CA0034.outlook.office365.com (2603:10b6:a03:33e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22 via Frontend Transport; Fri, 26 Jan 2024 22:14:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114635+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:34 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:33 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 09/16] UefiCpuPkg/MpInitLib: Use CcExitSnpVmsaRmpAdjust() to set/clear VMSA Date: Fri, 26 Jan 2024 16:13:08 -0600 Message-ID: <8054a730de53debf85cace82346ed1ecab8daa66.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|LV3PR12MB9167:EE_ X-MS-Office365-Filtering-Correlation-Id: 657cac29-9604-4087-0a12-08dc1ebc2dc7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: lCGWorB5K+vxZVoI3vGL38ROXRrb3aW29BOCxYKLXC+bo5T0GfqJYUIVAI8At7KB0vH/4IEgWk/y3KHzF0VtdNWhmgOiErIl7mklASN06RQbswOmSgl9vBkIP6mm79PDe6X+UKvxMMZTZOnGLVV/Xnsrqwvg+bnn94QyhFn+0FpJO0HCi8qaIEC5fKuCPRwh7zMDO+JHKhxHZs4TAHG66lUot7TVihxYnzQ7qVBtzwe4PGLZEUKP3HV9yxosWTL0SCHkZroags2+saYQKE9iOU9qOGy7RKpaB6L774ruDc5iWC/C5kBvXWYgijkfvwncrNKXUIwaN+aq/7RUC2E3PtGCNr+G8U7eqxo40vosuTou4pJRJtyatdEvQARDWiWxW07AJSeKa6iFEoYj3xQlqaDklyjJHhO1HU8gVtFF+zsStA6SxElStE74vDvo1cNpv+CP+6peveLwAvtJOhRoCU10fk+WMrUlWthNZQkyshAKoU6MxGh8vxnZk3Y+VBFxwBfTwHZtMAfzBPyeaHlXccn8r1IGef6Q8Y+End6xG1WKPJCmiviaeUuCgAZlB2V7wzFz5i1vLdUCeW16Sa+o/c8IqNO3f/2ezVpBvjTrw2Z8okoaGheNHDwiLBo+ylRjMrGidoKzJFpu5hP8iNttwLY00FRQcvMqBNsmnVme+e8kd+pc6niMR/8W4n8irM/ffvJecMQzu4M90TEB0Am2Xyna4iwV6CMsDXKaaQ1L6LKwtVTl3C3t1qcGQfvHq8KUw4ppioUP6fUIK3TCCI7DJtSQs7vX8n+0pbY8uBFYqAs= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:34.9846 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 657cac29-9604-4087-0a12-08dc1ebc2dc7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9167 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: RNx41F9rSrJQUE6NwpN0sHfHx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307281621100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The RMPADJUST instruction is used to change the VMSA attribute of a page, but the VMSA attribute can only be changed when running at VMPL0. When an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU calls to change the VMSA attribute on a page instead of issuing the RMPADJUST instruction directly. Implement the CcExitSnpVmsaRmpAdjust() API to perform the appropriate operation to change the VMSA attribute based on the presence of an SVSM. Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/MpLib.h | 14 ------ UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 20 -------- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 53 +++----------------- 3 files changed, 6 insertions(+), 81 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index a96a6389c17d..6e2137cb17cd 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -870,20 +870,6 @@ FillExchangeInfoDataSevEs ( IN volatile MP_CPU_EXCHANGE_INFO *ExchangeInfo ); =20 -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ); - /** Create an SEV-SNP AP save area (VMSA) for use in running the vCPU. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Librar= y/MpInitLib/Ia32/AmdSev.c index c83144285b68..a2b8a5b3f516 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c @@ -48,23 +48,3 @@ SevSnpCreateAP ( // ASSERT (FALSE); } - -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ) -{ - // - // RMPADJUST is not supported in 32-bit mode - // - return RETURN_UNSUPPORTED; -} diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index c9f0984f41a2..db9a37fbbd19 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -38,20 +38,15 @@ SevSnpPerformApAction ( BOOLEAN InterruptState; UINT64 ExitInfo1; UINT64 ExitInfo2; - UINT32 RmpAdjustStatus; UINT64 VmgExitStatus; + EFI_STATUS VmsaStatus; =20 if (Action =3D=3D SVM_VMGEXIT_SNP_AP_CREATE) { // - // To turn the page into a recognized VMSA page, issue RMPADJUST: - // Target VMPL but numerically higher than current VMPL - // Target PermissionMask is not used + // Turn the page into a recognized VMSA page. // - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - TRUE - ); - if (RmpAdjustStatus !=3D 0) { + VmsaStatus =3D CcExitSnpVmsaRmpAdjust (SaveArea, ApicId, TRUE); + if (EFI_ERROR (VmsaStatus)) { DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA creation\n")= ); ASSERT (FALSE); =20 @@ -94,11 +89,8 @@ SevSnpPerformApAction ( // Make the current VMSA not runnable and accessible to be // reprogrammed. // - RmpAdjustStatus =3D SevSnpRmpAdjust ( - (EFI_PHYSICAL_ADDRESS)(UINTN)SaveArea, - FALSE - ); - if (RmpAdjustStatus !=3D 0) { + VmsaStatus =3D CcExitSnpVmsaRmpAdjust (SaveArea, ApicId, FALSE); + if (EFI_ERROR (VmsaStatus)) { DEBUG ((DEBUG_INFO, "SEV-SNP: RMPADJUST failed for VMSA reset\n")); ASSERT (FALSE); =20 @@ -292,36 +284,3 @@ SevSnpCreateAP ( SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); } } - -/** - Issue RMPADJUST to adjust the VMSA attribute of an SEV-SNP page. - - @param[in] PageAddress - @param[in] VmsaPage - - @return RMPADJUST return value -**/ -UINT32 -SevSnpRmpAdjust ( - IN EFI_PHYSICAL_ADDRESS PageAddress, - IN BOOLEAN VmsaPage - ) -{ - UINT64 Rdx; - - // - // The RMPADJUST instruction is used to set or clear the VMSA bit for a - // page. The VMSA change is only made when running at VMPL0 and is ignor= ed - // otherwise. If too low a target VMPL is specified, the instruction can - // succeed without changing the VMSA bit when not running at VMPL0. Usin= g a - // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error= if - // not running at VMPL0, thus ensuring that the VMSA bit is set appropri= ately - // when no error is returned. - // - Rdx =3D 1; - if (VmsaPage) { - Rdx |=3D RMPADJUST_VMSA_PAGE_BIT; - } - - return AsmRmpAdjust ((UINT64)PageAddress, 0, Rdx); -} --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114635): https://edk2.groups.io/g/devel/message/114635 Mute This Topic: https://groups.io/mt/103986460/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114636+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307288363414.944347095024; Fri, 26 Jan 2024 14:14:48 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=GlZbkUyspna8ijmFpYwJ0nO7O7NZa9QeUoGTU4jgkBs=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307288; v=1; b=MxCRzWiILbVwXILDTrArszFKHzAD4QFcDruKo6vweM32k9E0UBHKLR5V78MuLP5kRV55Gtm2 C6iKGEYI4Uthud1aDyNVnjCm52OKlDKDUb2zyVWX6y1ONkn1oKzIslFEUw/b8L5BS1rA0hlerhO Br4L5HcDBWg782i6kdc5v62Q= X-Received: by 127.0.0.2 with SMTP id fQxNYY1788612xhLF3nHJqBD; Fri, 26 Jan 2024 14:14:48 -0800 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.42]) by mx.groups.io with SMTP id smtpd.web11.2970.1706307287375114360 for ; Fri, 26 Jan 2024 14:14:47 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eLu3W0TtJ2I0sVExTB8gEGVKlJvH8TXvovCCfLzBN6FaxRHcGLckHngynwQnN8i0KhOa8YlWLqcJ2Hx16O5zZQNlTrKaNyX2092OaMrUH40C4GCtbS7bQQR/Kg4kmvpeAFI4JtmVRE+AB0zuwnnPs9m4y2+oCKFT1GwHIn4eXqxhDWdovHyYLIdKsy4IEMtb3i2mw5ckXYrMORAURX8MYygHKvKDaE7k5OuKIXdioE0JadXMC7EgCicaId2Zf20CyfHeaptXFjRWheEtp+ROQO6XtIVzxhthbmaQe6GjX23B0mBscMOYABBEtECd7EaoavLXMfTjh6wadmHqY1jJ6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WkRcvtV0avRcvi6Vm9msOHXTitioRR9O6lRq7b4ya38=; b=hga1nL52s5WCYZ8R1UM4hGlFMz7g/V3aJD+WrKnsV+RTgGYYQFLbnVBaAJfw797iSPZukLrdd/zUv+hwVeHRaJoOY2Pyj90liQYrKL5plPWoGAHApigKrv61pw+QLXsovQwV6deS/rra3pMFQmP+8GFMZJds9IMWiYbLjCgI8kp4klvXtgcPHHkvs7Lr/K8E/7UbBlkKHSwvtMm9xGp1ILyBSsPw2fnfcib4p5hVKzP7EAkNmXnBFJ3l21/o7G2bwDZTG9J4RxE6eQGxyTqffrw6p4SrTvpZDwaO/pPR/Apdge0YTT/KebLAHam7EuOi+XN1EeUbpoP/K9fSmXpTAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DS7PR06CA0018.namprd06.prod.outlook.com (2603:10b6:8:2a::9) by PH7PR12MB8123.namprd12.prod.outlook.com (2603:10b6:510:2bb::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.31; Fri, 26 Jan 2024 22:14:42 +0000 X-Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:8:2a:cafe::49) by DS7PR06CA0018.outlook.office365.com (2603:10b6:8:2a::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:14:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114636+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:42 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:41 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 10/16] MdePkg: GHCB APIC ID retrieval support definitions Date: Fri, 26 Jan 2024 16:13:09 -0600 Message-ID: <163f1b66d4c516c81270506391cef77ba7b1c546.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|PH7PR12MB8123:EE_ X-MS-Office365-Filtering-Correlation-Id: b2d8b668-6b90-4076-20a5-08dc1ebc3217 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: BQvm9ym74mDcL/AELuC6AyQn8nIXVrdVEqMYV1q+XaQ20jJpIJwnLIhQGmiU4gPxMs7BdLtcZ7mvvFcdVk2GQ1xq83Csa3YCvRSG6snzaTn0arCDb/JeV5fjD1jelIWnmq0WXJJGXNWc/KdjgzNGJl7Kiuhc+igDSmd+pxTr5Kpg4IgAVIhL/7FbYBJcfxYQ7TGeghsvZMEIn6oa8Rh9yNSpEbutitS1B19oixNW82JIuVFUFEfUewPGrxZrO0lDhUs+NStAVOLRwdFv0KNNS6qK/Ctm5Rga0MzT+ROQ1lTNq5q+kUuFx9J9ay2ziwvqg1E2ChU23U3xZkXOYIm4pv+7COnh3D0md+KSmA8ceS1anFPVvC1G9KWk+WNfDASmYPjaIKBBHw2RgqFeuTp0VRYsHkfLAe3zN2q861Hs15r/Z8deNJdXtNd3IbAGh1PTiu12NkcM976qjeNnGqIX0eh4DjqAeU3eTxQb3OwMXj/CGCmzDjzD80uGrnogVCNE7gKPHs5iIfbqg6vLfw8jvBgmwoQJIKBeTV0Rp9M1ySaUSeH/GZHKzVP33NYblJdtEiHNSyErybq6hU+XB80zAGWHlUBPdm8OSkEbB2TSZG9GIweq9CLPlm8lgO9OyqbpYI5w4wZ4O2UOO4n/c+6RWSdE2rU0E2ydlRQe+rN0ORlIhMBM/FIFGyA/e7s+MBKwDTAtztiQW6SrFEpGi1Wj45IdX3C4ey3ZLsReHgDK4oxeHxVEu4ghSye36ScX2BUtIcGpsXYhPeEAPW5zAVi3Dw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:42.2204 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b2d8b668-6b90-4076-20a5-08dc1ebc3217 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB8123 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: uzTuv8Ehy30bmT65yRnkSiIFx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307289618100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 When an SVSM is present, starting the APs requires knowledge of the APIC IDs. Create the definitions required to retrieve and hold the APIC ID information of all the vCPUs present in the guest. Signed-off-by: Tom Lendacky --- MdePkg/Include/Register/Amd/Ghcb.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/A= md/Ghcb.h index 29b2e45d0163..cb581b14723d 100644 --- a/MdePkg/Include/Register/Amd/Ghcb.h +++ b/MdePkg/Include/Register/Amd/Ghcb.h @@ -56,6 +56,7 @@ #define SVM_EXIT_AP_JUMP_TABLE 0x80000005ULL #define SVM_EXIT_SNP_PAGE_STATE_CHANGE 0x80000010ULL #define SVM_EXIT_SNP_AP_CREATION 0x80000013ULL +#define SVM_EXIT_GET_APIC_IDS 0x80000017ULL #define SVM_EXIT_HYPERVISOR_FEATURES 0x8000FFFDULL #define SVM_EXIT_UNSUPPORTED 0x8000FFFFULL =20 @@ -170,6 +171,7 @@ typedef union { #define GHCB_HV_FEATURES_SNP_AP_CREATE (GHCB_HV_FEATURES= _SNP | BIT1) #define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION (GHCB_HV_FEATURES= _SNP_AP_CREATE | BIT2) #define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION_TIMER (GHCB_HV_FEATURES= _SNP_RESTRICTED_INJECTION | BIT3) +#define GHCB_HV_FEATURES_APIC_ID_LIST BIT4 =20 // // SNP Page State Change. @@ -203,6 +205,14 @@ typedef struct { #define SNP_PAGE_STATE_MAX_ENTRY \ ((sizeof (((GHCB *)0)->SharedBuffer) - sizeof (SNP_PAGE_STATE_HEADER)) /= sizeof (SNP_PAGE_STATE_ENTRY)) =20 +// +// Get APIC IDs +// +typedef struct { + UINT32 NumEntries; + UINT32 ApicIds[]; +} GHCB_APIC_IDS; + // // SEV-ES save area mapping structures used for SEV-SNP AP Creation. // Only the fields required to be set to a non-zero value are defined. --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114636): https://edk2.groups.io/g/devel/message/114636 Mute This Topic: https://groups.io/mt/103986461/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114637+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307292829853.2597550106854; Fri, 26 Jan 2024 14:14:52 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=CjDykEi0IaEjWdLJjvO2UI8ci/zGOsNjLxgBobsQz7w=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307292; v=1; b=RJezfl7qJD/BBZ4RYnuTTZ89VTgyI+5ZQObqRCWMqpxVSW1Md5xcM5tQ5q5suyyBXJ/7H2nJ IM+Ij4Ml+evuGBawrvY6sRmGaytVL0oCUccGexpK27I836uG1fU51FTMHy1+Tz/l9E0IpPNkWPz yM/3F7ZT4lzmwVd3jmCniFrU= X-Received: by 127.0.0.2 with SMTP id BvAGYY1788612x1fUkBK6WNW; Fri, 26 Jan 2024 14:14:52 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.84]) by mx.groups.io with SMTP id smtpd.web11.2974.1706307291921011456 for ; Fri, 26 Jan 2024 14:14:52 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BY3ud+LKXlJzsHUUrU3aOx0TgvFv+FLxKQWufOES5jTlkRp4ZbZGkKdpV4HX2CaDBMxz2brTybZ6AIywBAUYmwlO1S/mMO2QXXvgnzp0x83l7sZ0menXQ1fSLKrER5IknO7PyH89gUNf7CinIWhwiUkaKuCAoqnutjuqhDjVviCZVgrefdA775OLv2A1dfp7gfLJiA5j8QYNg0AWI4K0RHFw50OQMw5jTEMU55rUDQoKs0ypQTyuK4DojZxEDzT3PsUS2H0lkYEaqC20GzRbiSkCNNvaWbLP0oVbs6+OdQcHBrfzR09D8mzzLlois7BCdkmwQ9dj+h76Bg+J6QFGGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WR0OB+nu1PoQhVPrwZeIvLz8J4C4aggALCH2cMUQ9/M=; b=TW3DFGMPoW45NTY7HpCO9tGbeGMqNyVPNQ2oEbF9dTWxcv34tv8lrifZIMGZGwTdDbdV2wEWvuxhQCv7rKhCEOM0GBeJsdiatUNW9lONhzkhy6cafe/I1yzq2bntXvNqHBgK7PFr/RBqmChXeHQzSGDMlmzY+TuynsltkVWHZzGRO+mm8dnXFf0HPOKZ++Wu0XZ3SDXajM9V4PTB53P2QAxycAmrLyy2buG7huo8CRD5UJat4QC58McSKA1vV6E9RAuXdTfdbGkyyeSE7poncL954GZ19jjVKCPlK/eRKXCxEI34QVwfPtZwwN34hGEtZkAMjU1p+Lqdz6FKp5tnVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from SJ0PR03CA0051.namprd03.prod.outlook.com (2603:10b6:a03:33e::26) by SA1PR12MB7200.namprd12.prod.outlook.com (2603:10b6:806:2bb::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.26; Fri, 26 Jan 2024 22:14:49 +0000 X-Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:a03:33e:cafe::7f) by SJ0PR03CA0051.outlook.office365.com (2603:10b6:a03:33e::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.24 via Frontend Transport; Fri, 26 Jan 2024 22:14:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114637+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:49 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:48 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 11/16] UefiCpuPkg: Create APIC ID list PCD Date: Fri, 26 Jan 2024 16:13:10 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|SA1PR12MB7200:EE_ X-MS-Office365-Filtering-Correlation-Id: f669178e-403d-4c65-a0ad-08dc1ebc365f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: Wb0qRYRHCnAGsoJQU/zWw/mGq6l1SiOdKYPR4BBw9FiZ42N2AnoHwGsShaXAwsDHAa8G30Khyv6JehB8mEBzvJNgnnfFhE7PPSRm0bd8E5ccvJBegAdMLYdJ1kpO1Pis2u9ozqVxW6lN85J/tgXlAq9lCSTeew12vW1H73M3w8j6CTjkrRCyxYceUf93p+ZXSi1/3q5CsXTv23Wm8MjxmhSz1RkIqyvT2ja3iSIZspg7IbNABjT/1kHKaO5QWTlCeLOcab1Nr73duJdratpRfNl71SGKmYKDHn1+6zRM4635+G4AhbVQ5CK38FV9gelXd8fV0ViF2Hpo0VhNyFme6ghK3R9ZbRw+ccMeLibTb6KBfZJXrtrZwezWhbr8dZQ3VlSOyeyJqaZtkWv23MRBXKSc9/3Swz6vngD8YvLdCGxsASImYbvBGui/NKdAHf/yW3ebL6xPgX/c+I/Tw3bWS0InOMtwefmEohT/b0LKG9tTwEUmt9P8HkViuGPE9DSQXFkiJU7eUFdHw5t0SjyGVEF1KaxMmLVF7IkvKdhjhzUNnP8jQmNugbMsu4H9F4EFjx643HguteA2FFzMZB2kKpMEbQ3VyORiMggt5H0eMnCva+1qmr2t57rSH3KWNWHT6B/tZoK8Wo+piN2B4HoLZYSJr0+V/ZUFO3NmUq+QpQCn58DipEllqThrieqCglpsVshtJQxhim7ON8yXPhw/MxrQcp0VrRHqA1rzc3UNxby+sKqjCOMRSpA5dOIES+zA8ydtOC8nXytntCzgVsXq1A== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:49.4064 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f669178e-403d-4c65-a0ad-08dc1ebc365f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7200 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: UckjDNxMNe8FJTPtMlof0kjsx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307293694100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Create a PCD that can be used to set and get the APIC ID information that is required for starting APs when an SVSM is present. Signed-off-by: Tom Lendacky --- UefiCpuPkg/UefiCpuPkg.dec | 7 ++++++- UefiCpuPkg/UefiCpuPkg.uni | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 571b59b36f0a..5ffab58189d9 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -2,7 +2,7 @@ # This Package provides UEFI compatible CPU modules and libraries. # # Copyright (c) 2007 - 2023, Intel Corporation. All rights reserved.
-# Copyright (C) 2023 Advanced Micro Devices, Inc. All rights reserved.
+# Copyright (C) 2023 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -477,5 +477,10 @@ [PcdsDynamic, PcdsDynamicEx] # @Prompt GHCB Hypervisor Features gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures|0x0|UINT64|0x60000018 =20 + ## This dynamic PCD contains the address of the APIC ID list obtained th= rough the GHCB GET APIC IDS + # VMGEXIT defined in the version 3 of GHCB spec. + # @Prompt SEV-ES CPU APIC ID List + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds|0x0|UINT64|0x6000001A + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni diff --git a/UefiCpuPkg/UefiCpuPkg.uni b/UefiCpuPkg/UefiCpuPkg.uni index d17bcfd10c7a..329255a0efd4 100644 --- a/UefiCpuPkg/UefiCpuPkg.uni +++ b/UefiCpuPkg/UefiCpuPkg.uni @@ -301,3 +301,6 @@ #string STR_gUefiCpuPkgTokenSpaceGuid_PcdSevEsWorkAreaSize_PROMPT #langua= ge en-US "Specify the size of the SEV-ES work area" =20 #string STR_gUefiCpuPkgTokenSpaceGuid_PcdSevEsWorkAreaSize_HELP #langua= ge en-US "Specifies the size of the work area used by an SEV-ES guest." + +#string STR_gUefiCpuPkgTokenSpaceGuid_PcdSevSnpApicIds_PROMPT #langua= ge en-US "Specifies the address of the APIC ID list." +#string STR_gUefiCpuPkgTokenSpaceGuid_PcdSevSnpApicIds_HELP #langua= ge en-US "Set to the address of the APIC ID list retrieved from the hypervi= sor, zero if unavailable." --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114637): https://edk2.groups.io/g/devel/message/114637 Mute This Topic: https://groups.io/mt/103986462/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114638+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307299979155.76872947540517; Fri, 26 Jan 2024 14:14:59 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=YHXlIsHW2n9hQrS0dCYhcTJfB+ozo/Iv/moM13n4dJg=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307299; v=1; b=n66RBQ1L67JxqKVyeaLxXRidEi5FZo/JAMu0jWHNHgn2GbjS9AbrddUZ0fEsJo4nZayStffK i7nRuynrKHQnBX1HDmmwJezEo2LTkwb4v6dxy9T4QAw9u0gjDv4E9A9UPmxNHUzJFnnQbPZJzUb /ToUOPitg1/mC8xxfN8J+Swo= X-Received: by 127.0.0.2 with SMTP id wmDyYY1788612xQntbNmYAjN; Fri, 26 Jan 2024 14:14:59 -0800 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.68]) by mx.groups.io with SMTP id smtpd.web10.2889.1706307298960833489 for ; Fri, 26 Jan 2024 14:14:59 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hz2TLWlVjDX5rkw2coJdHgXOR9V09tBd59ort3CAn77a5bwUYP6WWWc1jBgTy0rS2BxPM3yEnykhvMhjIo9H5mzo3yGwY+dya7gu6hoO1U1rnebt9zul+JRIIPbOku3b6peToQbGiRk6kaCVCmaXX4FXupEfdPad6tgQ3X6U/VNvsvQFt0Fm01waQ9GNryDp9ZaDQvmOBAXqxu3GupzuYPWT9PIQFtZo/NGdMsLRoocSBj032lNZ9XUdysSJIncf6F09bO9FCRxDk9Vs9dG/Y4X8XHE+5KqOCEBpHIzF1lLXcI41q+arqyor8r6zBl1yE7dp69YWImvmvTsjEE0/1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=olX00rkqV64+bdwe74by9x3guj2NaCl9TDuKFNIig+k=; b=d3UMdedtDYVvYn1ZvDqnJ162zvYcxZ2NbpH3TVkllTbcE5ad+4/IpT19Rqdd6TIgr+OGV0DExMmrxyC/xd2abo9xUzOq5o8m5sSXdQ8snQvcF9Cjqg+1P+88eZY6JD5GbopEZ8fA9CAjdIP6e39iE0oIVZGagD3f423oItitcCLg7wNU4RWOmwopsJTT6bFC0a/WoRVNjYhxdoB4sTAT/8meL4K1ZyvAdRx/1rq3l0VWBekbKLXVsdAv0MowZKkiPUfSW3KntuwwKMZ9TuIUAxUW8wUpxRt62Cy2/O/jw2ckKT8e6G+Mxc1vtFsnVsdH6VZO3ZxScCe3EwTeTHDH9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DM6PR13CA0032.namprd13.prod.outlook.com (2603:10b6:5:bc::45) by DM6PR12MB4386.namprd12.prod.outlook.com (2603:10b6:5:28f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:14:56 +0000 X-Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:5:bc:cafe::da) by DM6PR13CA0032.outlook.office365.com (2603:10b6:5:bc::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.14 via Frontend Transport; Fri, 26 Jan 2024 22:14:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114638+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:56 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:55 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 12/16] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Date: Fri, 26 Jan 2024 16:13:11 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|DM6PR12MB4386:EE_ X-MS-Office365-Filtering-Correlation-Id: 4aba98c0-2fd1-4fd6-5a3a-08dc1ebc3ac0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: NU/xIoOtkAK98NlYN3rFQn9+rFASTnsvkX8xYXL7fZNnZoQjOhz2CvxAsenuIRHZdf7GhLDfSbwnmMtBd7J8EzSCAEp4HtXeyZLudpIJOOrr7BkeUVBWI2Fr6HAapCL0jLyTL79ru+F/HPTEhMJ/0wojPX19ufbKwD8OMz36BvvC9k7SDwPBpdXIyLfbCcIknLjHhTMIa3SqNz5Ive6R0NOoTBlyOkUNA8Ezv7y6DF/OEO5ritv+cUquVIIFNLVrS2fyxBJgv28FYqAYV7oedPqnnV2wm17VtHS08Ms2lmrHhCO35vWxxCaWk+egAAg7MMha4iqIXTtClNoOkYbe20eH5eJP2LJiVaDOFGhhQMMH0OJGkpFVqluPx76zc40mLXGSmXCVnAHbGkAI0VaPQiijg/M/0bfqrr9Q1a51uft/DNZfDEFZpxd7lT1/LefPZzmaruEGt6B6g9qIi72nS8F8xxKisYxvwyEOTU9E2Gbz9EWWu6yyriujGcQOuHIlQZIiC64+inct1t3jdLcxHA5sZA4ZwytWjYkDkJXGIF5PCLMxuKF68StYgdg7h5e+/hdakyBtfDxDV0013x65iBkrAiU2I2yiQmds1o5/QOkk/dXxh12dCahl/35P+TSsMXP/D9D2vZ7/TutqkUSnyu+jCQC+hxEeb66XYkZ/72+jtIXCFE/kLtE21U7Omrv25qjtnQstfbov15+IOkisfMqKzp7HKF5WN09E31zpxdFw36nMIp9hNGAaK9wfuiJoy+Th9jdyyaMRVDp3Y620wQ== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:56.7356 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4aba98c0-2fd1-4fd6-5a3a-08dc1ebc3ac0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4386 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: UZy8I35070atCNFWg6JgZEWix1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307301746100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 If the hypervisor supports retrieval of the vCPU APIC IDs, retrieve them before any APs are actually started. The APIC IDs can be used to start the APs for any SEV-SNP guest, but is a requirement for an SEV-SNP guest that is running under an SVSM. After retrieving the APIC IDs, save the address of the APIC ID data structure in the PcdSevSnpApicIds PCD. Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/PlatformPei.inf | 1 + OvmfPkg/PlatformPei/AmdSev.c | 87 ++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 6907cc72669e..6379f66b627d 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -116,6 +116,7 @@ [Pcd] gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds =20 [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index af832d3e535e..d8a30b6e1613 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -31,6 +31,85 @@ GetHypervisorFeature ( VOID ); =20 +/** + Retrieve APIC IDs from the hypervisor. + +**/ +STATIC +VOID +AmdSevSnpGetApicIds ( + VOID + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + BOOLEAN InterruptState; + UINT64 VmgExitStatus; + UINT64 PageCount; + BOOLEAN PageCountValid; + VOID *ApicIds; + RETURN_STATUS Status; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + PageCount =3D 0; + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, 0, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax)) { + PageCount =3D Ghcb->SaveArea.Rax; + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + return; + } + + // + // Allocate the memory for the APIC IDs + // + ApicIds =3D AllocateReservedPages ((UINTN)PageCount); + ASSERT (ApicIds !=3D NULL); + + Status =3D MemEncryptSevClearPageEncMask ( + 0, + (UINTN)ApicIds, + (UINTN)PageCount + ); + ASSERT_RETURN_ERROR (Status); + + ZeroMem (ApicIds, EFI_PAGES_TO_SIZE ((UINTN)PageCount)); + + PageCountValid =3D FALSE; + + CcExitVmgInit (Ghcb, &InterruptState); + Ghcb->SaveArea.Rax =3D PageCount; + CcExitVmgSetOffsetValid (Ghcb, GhcbRax); + VmgExitStatus =3D CcExitVmgExit (Ghcb, SVM_EXIT_GET_APIC_IDS, (UINTN)Api= cIds, 0); + if (CcExitVmgIsOffsetValid (Ghcb, GhcbRax) && (Ghcb->SaveArea.Rax =3D=3D= PageCount)) { + PageCountValid =3D TRUE; + } + + CcExitVmgDone (Ghcb, InterruptState); + + ASSERT (VmgExitStatus =3D=3D 0); + ASSERT (PageCountValid); + if ((VmgExitStatus !=3D 0) || !PageCountValid) { + FreePages (ApicIds, (UINTN)PageCount); + return; + } + + Status =3D PcdSet64S (PcdSevSnpApicIds, (UINTN)ApicIds); +} + /** Initialize SEV-SNP support if running as an SEV-SNP guest. =20 @@ -78,6 +157,14 @@ AmdSevSnpInitialize ( } } } + + // + // Retrieve the APIC IDs if the hypervisor supports it. These will be us= ed + // to always start APs using SNP AP Create. + // + if ((HvFeatures & GHCB_HV_FEATURES_APIC_ID_LIST) =3D=3D GHCB_HV_FEATURES= _APIC_ID_LIST) { + AmdSevSnpGetApicIds (); + } } =20 /** --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114638): https://edk2.groups.io/g/devel/message/114638 Mute This Topic: https://groups.io/mt/103986465/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114639+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307308090426.15026945054103; Fri, 26 Jan 2024 14:15:08 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=U+k9msEEvsFQDQ1B6ueNW4iT3XXy6CWkHkEPr9+WNkY=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307307; v=1; b=RpUZ68N2EPE8SkHItTe/IU+HadJwcaFDYs/v4gB8BEezUHJCrRln7qEH4ERSWg/wpgFdTj94 RbuCCd4zWKuL0aznFwTEqoemT8zoNTWvXkGPzDBjpCfc0ZOgE8+2R4Lu21WDsTjevq/0FFx/RDe vTMaERPVxB+zFB+RhXYn3uu8= X-Received: by 127.0.0.2 with SMTP id SL2WYY1788612x6UsAoEXE8D; Fri, 26 Jan 2024 14:15:07 -0800 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.41]) by mx.groups.io with SMTP id smtpd.web10.2899.1706307307018087457 for ; Fri, 26 Jan 2024 14:15:07 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VkTnbrJaVL9grKPbK/ZXMCbdDw4fFHEiEJ0ptTn12Ig14vA0QWLXea4ScmVUGaKbiEFAEUaFJCblU3BftiRYf/Q37N46InrQwMwhe6IeI/lJxyME8Ky01vA2SAcR+xnLsmwEptyjsubgDKegpjN1ufALSH+REfX5sJzxqJwIlD6T5GIIcGacshd9L+S2W2e4W1yO9tWYu/FlYMAaPXH04wYyXZyaqdFcaWUmP/I2zXaCMmeMXBVRh8ShppkgkqjD7r6w71GOwIlfSEpw0Yl7rfXgZXbN2CYUMdFCr8PocBf81IiY1ecGZ1cKydFdLpkwnoQkhkMoqU2KVQbnFRkBqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6IBjrBRoPXMHRDtpFgmmUb4SMKdZD+b0VhmNYlZsMx4=; b=Bf8WADlM2bgf2p0RH23SvXamgqC6vaDMcUdApQRr5oHNcVBmNOHpfsYZNxovNUFaU+uIV5MPAgGmQXPTyLAH4LU3sjFt0HKgxSm9FSVqIm8hjFfZSyYhfpbgknXbqM5x7MCxuSg8Tc3hgL5PcJZRJq7PZgUm9wYodB9SDD0wptAnPw76vkWZZV4eRzqlTGrgNX+NiaPdPb2Cc0qKJbKOrQVUwARjdx0+9RjyP5qDMkomVWhesDKFnAkoXpoaORPdz1PDMMXY9TtK5zsycz4b9eNOt/8IzIHr3gnqNXUaL+dsMhtv1Fqi6kG8R6xXBSvDvBHCGOlpx50ObEeACfrCJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DM6PR04CA0003.namprd04.prod.outlook.com (2603:10b6:5:334::8) by SJ1PR12MB6218.namprd12.prod.outlook.com (2603:10b6:a03:457::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 22:15:04 +0000 X-Received: from DS2PEPF0000343F.namprd02.prod.outlook.com (2603:10b6:5:334:cafe::cd) by DM6PR04CA0003.outlook.office365.com (2603:10b6:5:334::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:15:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114639+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343F.mail.protection.outlook.com (10.167.18.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:15:03 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:15:02 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 13/16] UefiCpuPkg/MpInitLib: Always use AP Create if PcdSevSnpApicIds is set Date: Fri, 26 Jan 2024 16:13:12 -0600 Message-ID: <1948e02ed8167f9b9f8a71dd2d3216896720aa30.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343F:EE_|SJ1PR12MB6218:EE_ X-MS-Office365-Filtering-Correlation-Id: 6e5366c8-1c53-4be6-4894-08dc1ebc3f04 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: S7rniaJPPTisJGZnIL1vyUyv5TJtGxRaS+I50j1NgCJzCFkEQ1TrYTQqBwFv267c7HNCRb08suPXYdaIc7WpyxUnuacDcQIgGs6dC+ZdG9gI1vsbnQwJ5ay6Yxig8cFgV7WWVV99bk7IowI5PfC0BAeRmShwvyLrWhBXbuQhMwQuS1ZW0eT1/rpq8fSK6wzcAA9YXwVUfMr595AUnd+2+MlsB2RmAH73OLR0nadlDRel8A8Te73eVMsqXEsYnXvS3m7xcTLkbj4HbfMUx0nMS9Z/bom3sV4teI+3J92NEdu+YzGewLHt6bfk2M/9DpbwECZV9mmzqyjpYTs9YBTwqmAXpFlzUq3OO6tkZT9h0wGbERioRQqw4HmeuhblCpOXGXegmbi+m10SVzmMngLfMOEmKQmjh86r2aRKk/fHNZEVo+pIF+ri7vTS7b0BJh9mIxUiDXfL06CP0YLeK0TYw1Xl/MIaCVoE20tZ+jnF6H1+c8PUWvZWzKBzDfyQ3NyEz3mJ05J3L8MjSavDEMQL0qb/Lrn+p/ljBfhF7PWOWp4BXE10xkaXFXS79QPKysFEMhX772VmjnvPhJ0fDXw7S1ujoKVKiCodA1UMhGx+jViUGjAeIlQ1VitgBksXRPq+vwDlnJErgY6wZnzXqicY0eH5tOKhBAey2CJqoYgl1z34RUGVD5xdHCNNZFsr8FiCO53yZ47fF5OiWCEq+lgjmG8mumhf1GfaFcC3UwSWsbNIo8L0fv6gtltT2EJmlovf9wHmUYDYuWWwEDP9Aou4NryyEBlXRd1/T2mkP08g4cM= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:15:03.8916 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6e5366c8-1c53-4be6-4894-08dc1ebc3f04 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6218 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: Xo8qTKE5ppgxuhwt1IrQALV4x1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307309688100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Currently, the first time an AP is started for an SEV-SNP guest, it relies on the VMSA as set by the hypervisor. If the list of APIC IDs has been retrieved, this is not necessary. Instead, use the SEV-SNP AP Create protocol to start the AP for the first time and thereafter using the VMPL at which the BSP is running. Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 3 +- UefiCpuPkg/Library/MpInitLib/MpLib.h | 13 ++++ UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c | 19 +++++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 7 +- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 79 +++++++++++++++++++- 6 files changed, 116 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 55e46d4a1fad..1ec50481f0d4 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -82,6 +82,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## = CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## = SOMETIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## = CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## = CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## = CONSUMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## = CONSUMES diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index bc3d716aa951..f0af07d3bdfb 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -66,7 +66,8 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase ## SOME= TIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdGhcbHypervisorFeatures ## CONS= UMES - gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CON= SUMES + gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdSevSnpApicIds ## CONS= UMES gEfiMdeModulePkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr ## CONS= UMES =20 diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 6e2137cb17cd..f1a5fa98d425 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -897,6 +897,19 @@ SevSnpCreateAP ( IN INTN ProcessorNumber ); =20 +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +SevSnpUseCreateAP ( + IN CPU_MP_DATA *CpuMpData + ); + /** Get pointer to CPU MP Data structure from GUIDed HOB. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c b/UefiCpuPkg/Librar= y/MpInitLib/Ia32/AmdSev.c index a2b8a5b3f516..f9f24bee09de 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/AmdSev.c @@ -48,3 +48,22 @@ SevSnpCreateAP ( // ASSERT (FALSE); } + +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +SevSnpUseCreateAP ( + IN CPU_MP_DATA *CpuMpData + ) +{ + // + // SEV-SNP is not supported on 32-bit build. + // + return FALSE; +} diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index cdfb570e61a0..5e017bcf9018 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1302,9 +1302,10 @@ WakeUpAP ( // // Wakeup all APs // Must use the INIT-SIPI-SIPI method for initial configuration in - // order to obtain the APIC ID. + // order to obtain the APIC ID if not an SEV-SNP guest and the + // list of APIC IDs is not available. // - if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag !=3D ApInitCo= nfig)) { + if (SevSnpUseCreateAP (CpuMpData)) { SevSnpCreateAP (CpuMpData, -1); } else { if ((CpuMpData->InitFlag =3D=3D ApInitConfig) && FixedPcdGetBool (= PcdFirstTimeWakeUpAPsBySipi)) { @@ -1414,7 +1415,7 @@ WakeUpAP ( SetSevEsJumpTable (ExchangeInfo->BufferStart); } =20 - if (CpuMpData->SevSnpIsEnabled && (CpuMpData->InitFlag !=3D ApInitCo= nfig)) { + if (SevSnpUseCreateAP (CpuMpData)) { SevSnpCreateAP (CpuMpData, (INTN)ProcessorNumber); } else { SendInitSipiSipi ( diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index db9a37fbbd19..6186a8d71521 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -263,17 +263,63 @@ SevSnpCreateAP ( CPU_INFO_IN_HOB *CpuInfoInHob; CPU_AP_DATA *CpuData; UINTN Index; + UINTN MaxIndex; UINT32 ApicId; + GHCB_APIC_IDS *GhcbApicIds; =20 ASSERT (CpuMpData->MpCpuExchangeInfo->BufferStart < 0x100000); =20 CpuInfoInHob =3D (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; =20 if (ProcessorNumber < 0) { - for (Index =3D 0; Index < CpuMpData->CpuCount; Index++) { + GhcbApicIds =3D (GHCB_APIC_IDS *)(UINTN)PcdGet64 (PcdSevSnpApicIds); + + if (CpuMpData->InitFlag =3D=3D ApInitConfig) { + // + // APs have not been started, so CpuCount is not "known" yet. + // Use the retrieved APIC IDs to start the APs and fill out the + // MpLib CPU information properly. + // + ASSERT (GhcbApicIds !=3D NULL); + if (GhcbApicIds =3D=3D NULL) { + return; + } + + MaxIndex =3D MIN (GhcbApicIds->NumEntries, PcdGet32 (PcdCpuMaxLogica= lProcessorNumber)); + } else { + // + // APs have been previously started. + // + MaxIndex =3D CpuMpData->CpuCount; + } + + for (Index =3D 0; Index < MaxIndex; Index++) { if (Index !=3D CpuMpData->BspNumber) { CpuData =3D &CpuMpData->CpuData[Index]; - ApicId =3D CpuInfoInHob[Index].ApicId, + + if (CpuMpData->InitFlag =3D=3D ApInitConfig) { + // + // CodeQL doesn't understand that a check for NULL was already d= one + // above, so check again. + // + if (GhcbApicIds =3D=3D NULL) { + return; + } + + ApicId =3D GhcbApicIds->ApicIds[Index]; + + // + // For the first boot, use the BSP register information. + // + CopyMem ( + &CpuData->VolatileRegisters, + &CpuMpData->CpuData[0].VolatileRegisters, + sizeof (CpuData->VolatileRegisters) + ); + } else { + ApicId =3D CpuInfoInHob[Index].ApicId; + } + SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); } } @@ -284,3 +330,32 @@ SevSnpCreateAP ( SevSnpCreateSaveArea (CpuMpData, CpuData, ApicId); } } + +/** + Determine if the SEV-SNP AP Create protocol should be used. + + @param[in] CpuMpData Pointer to CPU MP Data + + @retval TRUE Use SEV-SNP AP Create protocol + @retval FALSE Do not use SEV-SNP AP Create protocol +**/ +BOOLEAN +SevSnpUseCreateAP ( + IN CPU_MP_DATA *CpuMpData + ) +{ + // + // The AP Create protocol is used for an SEV-SNP guest if + // - The initial configuration has been performed already or + // - PcdSevSnpApicIds is non-zero. + // + if (!CpuMpData->SevSnpIsEnabled) { + return FALSE; + } + + if ((CpuMpData->InitFlag =3D=3D ApInitConfig) && (PcdGet64 (PcdSevSnpApi= cIds) =3D=3D 0)) { + return FALSE; + } + + return TRUE; +} --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114639): https://edk2.groups.io/g/devel/message/114639 Mute This Topic: https://groups.io/mt/103986469/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114640+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307316799692.3802372996356; Fri, 26 Jan 2024 14:15:16 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=EmpvkrJMeOnHbuxyeti0M1FCiDTxbncdOtYrkNO+gxw=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307316; v=1; b=loJx8sHNfH8lyVi8cghZjojQ71EWCf/rkXUEPQeV9Efy8uaHyRyr1Qf8zpQjq8tlo/RLrD5j 8EUlXPE78FUBnMMdFGWVY1cxHvqWiM8iSDA0+mR0FTKqoCQYRx7GXCHxwQju8mFo4+JBEjnOaiH zxZgvVsXYh+UGkBL8m6yyRyE= X-Received: by 127.0.0.2 with SMTP id E8kEYY1788612x1LPvrtHhxQ; Fri, 26 Jan 2024 14:15:16 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.81]) by mx.groups.io with SMTP id smtpd.web10.2903.1706307315827846235 for ; Fri, 26 Jan 2024 14:15:15 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HYVyIFvlWuwMFi/Wp4Kb8bHZYZod7OOOryoYxtvAECfmbNduVIx8vym1ghB4h9aChP7Det+zqZAx9jRMMZh7+xb7HUzvrXCVDvtkem+2KCA5vKjzFmLC0tDnYDjOmmH0aVm1H3nirMh5c9ToxeeAMk24HQPJ42jskYWsT8qvkYni50GJHZt7txGb5eklGDKefShhghEaHpwJ3ojO091/yOS9CXcmzmq+aqXlO7IQB1ygradvow3sId7FNkmgTsbtcl9d3TIeSxW8xtANOnX0FNrTVDIbswpKVFZm2E9tFZaLdyYZ3hVDUnzFp9I9Y/Trqs/9niHFCskbn4eqAAHE/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5VBpusCbGYtPmbKzIMXKNmJrFasYclLsstgXtYgu+So=; b=hn/tCu2QrZnCzHN+C01Jb6nAB37IYxdSYDDX6iSZD0pFRMMgx3KSIc67AtotoBM9lmckWU8s382jzc98lG1c7m/YFdnnfnwrl7uNOvRZQQSBN60o1mtVDoX1CrmM6mBsuGGi4hN676Ld2vqr16/0wco1f+unl7HwyHdTOQiUwaSHvT17Hl10ceRFh/p/Q3QrOVz2Bi9xmPBYoPpng3jeknbVp6fRRgX7KgLvhsTOC4R8sDT+VwKFqFSXXwk99y8Vm+EaDuEoMHddscHQTztuNR9M9O3qcobaHXf8UB86EvMYsEErzh5LjUH7fsDyj8+HWpTLlHkVDY6KOdWXrN39NQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DS7PR05CA0047.namprd05.prod.outlook.com (2603:10b6:8:2f::26) by PH7PR12MB6810.namprd12.prod.outlook.com (2603:10b6:510:1b4::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:15:11 +0000 X-Received: from DS1PEPF00017091.namprd03.prod.outlook.com (2603:10b6:8:2f:cafe::15) by DS7PR05CA0047.outlook.office365.com (2603:10b6:8:2f::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.15 via Frontend Transport; Fri, 26 Jan 2024 22:15:11 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114640+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS1PEPF00017091.mail.protection.outlook.com (10.167.17.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7202.16 via Frontend Transport; Fri, 26 Jan 2024 22:15:11 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:15:09 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 14/16] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Date: Fri, 26 Jan 2024 16:13:13 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS1PEPF00017091:EE_|PH7PR12MB6810:EE_ X-MS-Office365-Filtering-Correlation-Id: fdb67c06-4747-4969-bada-08dc1ebc434c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: 6il1svhPHLqzZLb1y276TfIWN2/g3IsPGQaApOseFrpUn8j00P4z04gBUN0KYrDuuSH/2cDpQDEVu64GzJaSVF49NMEexJkBSnCW+g+0sKGDJYcOGnS0XIXPuLAMqDHS8sedLh8g9MZqfdJ8BdnKgOxx57JqgVzf8ljNaASHTT+sMclGtymCMTQteamG2xAs+4fBwtwpu/MqU5qYYVdmvo+qnO7uBEhNKT+4Kv8okA0sbOL2btzk8CwggGUhp8nTBn2hqy74JHdRq+f/OMuw6DvgXQCEn4xDK5c7xCgAF6QlDs9pnL8RVwdzK8Cx8+ROwLzsoKnxcfbbNQUTHaNlr47u5YA5yPZm5AFbA5a7hse+cC6aQfilQMrIKDw5Q3e9OxhWY2HOlD0tOTbRbVQrQ4luIkdmKO3xvmzhp/tXb61zA8cCEsP8/uSUI3nUe5I4AqNp+9n5jy9yS0GXFf7EOgo5olpolYYTNLZQNqlfGCWmdIKlCRmnmPbLswmklTE04an/Bi8vVgfOnV+C5XyGHDqZMQz4LdRdXcEW9ET6JMRdj9pttZIBrvf+MjURHpJHpSxWSfX5M9TYUHOPl0JkxgkjvNQ0vyOYfhDbRY/Q4H6RRmHSSVg/j0nSlubls7gCwh8J9bwf/AQFYSQDq0P0PoEIThqP/dX1PljCftKLGWMaJ8PVkadyQFSzheW0etqe1W0uBeVIzlYJBRHgI4o/+ZPDVSnBNEAcPGljI1XleBlV4VLZGBTWlmrdMHVmjm9ceLKHRGzwp7nDCTk/wn8tDw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:15:11.0617 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fdb67c06-4747-4969-bada-08dc1ebc434c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF00017091.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6810 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: jyEmgvQ2yjpLsa8dPQSSW3zjx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307317728100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 When running under an SVSM, the VMPL level of the APs that are started must match the VMPL level provided by the SVSM. Additionally, each AP must have a Calling Area for use with the SVSM protocol. Update the AP creation to properly support running under an SVSM. Signed-off-by: Tom Lendacky --- UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c b/UefiCpuPkg/Library= /MpInitLib/X64/AmdSev.c index 6186a8d71521..9b00c945e13d 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c +++ b/UefiCpuPkg/Library/MpInitLib/X64/AmdSev.c @@ -55,6 +55,7 @@ SevSnpPerformApAction ( } =20 ExitInfo1 =3D (UINT64)ApicId << 32; + ExitInfo1 |=3D (UINT64)SaveArea->Vmpl << 16; ExitInfo1 |=3D Action; ExitInfo2 =3D (UINT64)(UINTN)SaveArea; =20 @@ -115,6 +116,7 @@ SevSnpCreateSaveArea ( UINT32 ApicId ) { + UINTN PageCount; UINT8 *Pages; SEV_ES_SAVE_AREA *SaveArea; IA32_CR0 ApCr0; @@ -124,13 +126,18 @@ SevSnpCreateSaveArea ( UINTN StartIp; UINT8 SipiVector; =20 + // + // When running under an SVSM, a Calling Area page is also needed + // + PageCount =3D CcExitSnpSvsmPresent () ? 2 : 1; + if (CpuData->SevEsSaveArea =3D=3D NULL) { // // Allocate a page for the SEV-ES Save Area and initialize it. Due to = AMD // erratum #1467 (VMSA cannot be on a 2MB boundary), allocate an extra= page // to choose from to work around the issue. // - Pages =3D AllocateReservedPages (2); + Pages =3D AllocateReservedPages (PageCount + 1); if (!Pages) { return; } @@ -139,12 +146,12 @@ SevSnpCreateSaveArea ( // Since page allocation works by allocating downward in the address s= pace, // try to always free the first (lower address) page to limit possible= holes // in the memory map. So, if the address of the second page is 2MB ali= gned, - // then use the first page and free the second page. Otherwise, free t= he + // then use the first page and free the last page. Otherwise, free the // first page and use the second page. // if (_IS_ALIGNED (Pages + EFI_PAGE_SIZE, SIZE_2MB)) { SaveArea =3D (SEV_ES_SAVE_AREA *)Pages; - FreePages (Pages + EFI_PAGE_SIZE, 1); + FreePages (Pages + (EFI_PAGE_SIZE * PageCount), 1); } else { SaveArea =3D (SEV_ES_SAVE_AREA *)(Pages + EFI_PAGE_SIZE); FreePages (Pages, 1); @@ -162,7 +169,7 @@ SevSnpCreateSaveArea ( } } =20 - ZeroMem (SaveArea, EFI_PAGE_SIZE); + ZeroMem (SaveArea, EFI_PAGE_SIZE * PageCount); =20 // // Propogate the CR0.NW and CR0.CD setting to the AP @@ -238,10 +245,10 @@ SevSnpCreateSaveArea ( =20 // // Set the SEV-SNP specific fields for the save area: - // VMPL - always VMPL0 + // VMPL - based on current mode // SEV_FEATURES - equivalent to the SEV_STATUS MSR right shifted 2 bits // - SaveArea->Vmpl =3D 0; + SaveArea->Vmpl =3D CcExitSnpGetVmpl (); SaveArea->SevFeatures =3D AsmReadMsr64 (MSR_SEV_STATUS) >> 2; =20 SevSnpPerformApAction (SaveArea, ApicId, SVM_VMGEXIT_SNP_AP_CREATE); --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114640): https://edk2.groups.io/g/devel/message/114640 Mute This Topic: https://groups.io/mt/103986475/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114641+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307321953437.4750209880916; Fri, 26 Jan 2024 14:15:21 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=zWu8rTTQpZ2my2oOgE6uB9V9n3QIu0vmrYQCr5BYhmg=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307321; v=1; b=QDOLSdY2/iklkElGpG46P6/nNjaUTWFzbKdLrdR2bafVkvIXL33ch6FlUIBrG4lDsfJCGTxK TVmXj3Uam1X9M1KaXNsbFCAabrTn3NkD0Mk8ZKfG9DDzoELDSw1kSV9UwHn5KcAobZQWG9iIT5p JohR5SgHy5u+4fxHaMckQO4w= X-Received: by 127.0.0.2 with SMTP id A1UYYY1788612xyetntZQS2W; Fri, 26 Jan 2024 14:15:21 -0800 X-Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.70]) by mx.groups.io with SMTP id smtpd.web11.2988.1706307321050215484 for ; Fri, 26 Jan 2024 14:15:21 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b3c3DyTF+RcsEBBZQ+c6LxJo5mR9f6h4/CZA0b5LAXLg2n5yT7iuyxvhIaYAnC2wd6c5gw+F8lYRXYF5geQRYQA127CedbvNv1ix4kitiE1e+x6aEx7M7HM1F55HPGMhXchLCL4U3PgZy5CxA1nABpVA4VAMF4PnOMF9SAu63Dyz5YV7272uGis+6rVGi8EkX7K+e76cwVEq3t1x4IHHUMxWCcMVjhitfWA5htYBWU7t4kF9OOtONHXUTYOTWhnPd37tJvVG6HbaEN4z0GuC/jEeX2KZtMxCRK+IlW13UWqlnml/7DQXBSQSPiUS2lSxcbmUS7ps+53P7z/W0Z2Wog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QF/p9YOqpRjoVBZjZZX44Lyd5vHMmxFeL020E/2FOUI=; b=iBOztKbZzOKD7GZTNTKPFqq2qfzIQ+ULA1Lr5uYeuJahpl5BXWYLh/CuP2T9DUflWeUXRqJPVf07J1yWB9h6oLbdRB3/aFPCTe7B44IeVgzIWKXyxdKQ8j/V/wgqNmAbFKkD2FEXVVS5bsYZdTkMq7EcF/5cIBMnFSSFs+Zq939gkhrVLQuXpDk1YDJwJLVwWwT9N49Zrzn7WQ/lbBUVexIESqLiYt5c3r+JDjJO+rXRjiL51/u/JSukABK5PLpGWF7jfjRGxWCMFKs+6xyoGoIzTj6OrM6QI4DGPXI2EE8omqnE2jtFfrdWyqB4BCPciHSmVPJf/beQB5MECUBXww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from SJ0PR03CA0056.namprd03.prod.outlook.com (2603:10b6:a03:33e::31) by CY5PR12MB6455.namprd12.prod.outlook.com (2603:10b6:930:35::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.37; Fri, 26 Jan 2024 22:15:18 +0000 X-Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:a03:33e:cafe::ce) by SJ0PR03CA0056.outlook.office365.com (2603:10b6:a03:33e::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22 via Frontend Transport; Fri, 26 Jan 2024 22:15:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114641+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:15:18 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:15:17 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 15/16] Ovmfpkg/CcExitLib: Provide SVSM discovery support Date: Fri, 26 Jan 2024 16:13:14 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|CY5PR12MB6455:EE_ X-MS-Office365-Filtering-Correlation-Id: 33c72881-79bb-49c0-7ed8-08dc1ebc47a1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: flH1xTisaKBHwiSvWUNW6XeMtbS+mfATgEQGP4c7gp+mdmcoRte6swLOezaLXTUOdDtrDhLYqL9SD242P3VJjQINl2bBxm57/F7UWhiMLI0Oiwb6Rt9QCyv31M4CVH7PNJZhuqaWQh3H7TprJJp3IZiic63SPc4mj5urkWn8isl4cjB5iKcNtGIpAavmn9YZTU+mZRvMHqTWJh6bD9zwPirPFOGeOMSNOLcPb8A9mucB40EMAWpFCiVa/3nFiuG7oWJV0P5/ZWP7pmHvwmcIOhmEzWEMThohGUbHl8q4XHw0CCYU8eg7IOlixJDA5T4NufjyID3L25r1YpvezgPmCWOzyf7nnuaicFKxukHOWdgXHBdFn87JcamqADyUTfVYfOvHiMtmPdsZs0ZMRY/mGKfl9OO52kGjT1bgP0sGyyrFj4EA30LqPNLzVlpx+kIOXGglaZH0SotXjUZMMb4JEi21Qe2y8imxv8KTZ/agZhw3GCe3c1nyh8+45TqeNNV+BNuJYPxY3PkhSpYzShunBre+Kxd7frohtT+iINXv5CgMSUwOFrXIxvZsLU/ul7SYMtvmKMtaYh7+2SxN1ccWDrgn+eVu4mMc2hO7qRSAN0bgef6ScxEgSj/PeEe14CtPzerTn6J/eLGLpj//S27GEoWDvVO8cD6e+QTRPEoIFP8PmV6zgFrZI6f7seUW21SXqZGCjCYPMsPGYgJqPHG2N5tR+8M52X9cSEjFb2yqFy79p87guW3GL8V+ueqneLJp X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:15:18.3437 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 33c72881-79bb-49c0-7ed8-08dc1ebc47a1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6455 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: DVqWucLoDmKaMQDKzD318P1ux1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307323722100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The SVSM specification documents an alternative method of discovery for the SVSM using a reserved CPUID bit and a reserved MSR. For the CPUID support, the #VC handler of an SEV-SNP guest should modify the returned value in the EAX register for the 0x8000001f CPUID function by setting bit 28 when an SVSM is present. For the MSR support, new reserved MSR 0xc001f000 has been defined. A #VC should be generated when accessing this MSR. The #VC handler is expected to ignore writes to this MSR and return the physical calling area address (CAA) on reads of this MSR. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/CcExitLib/CcExitSvsm.h | 29 ++++++++++++++++++++ OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 21 ++++++++++++++ OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 29 ++++++++++++++++++-- 3 files changed, 77 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.h b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.h new file mode 100644 index 000000000000..2325e7a98910 --- /dev/null +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.h @@ -0,0 +1,29 @@ +/** @file + Secure VM Service Module (SVSM) functions. + + Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Specification Reference: + Secure VM Service Module Specification + +**/ + +#ifndef __CCEXITLIB_CCEXITSVSM_H__ +#define __CCEXITLIB_CCEXITSVSM_H__ + +/** + Return the physical address of SVSM Call Area (CAA). + + Determines the physical address of the SVSM CAA. + + @return The physical address of the SVSM CAA + +**/ +UINT64 +EFIAPI +SvsmGetCaaPa ( + VOID + ); + +#endif diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.c index 3459338b2033..e4c600d2a46b 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c @@ -44,6 +44,27 @@ SvsmTerminate ( CpuDeadLoop (); } =20 +/** + Return the physical address of SVSM Call Area (CAA). + + Determines the physical address of the SVSM CAA. + + @return The physical address of the SVSM CAA + +**/ +UINT64 +EFIAPI +SvsmGetCaaPa ( + VOID + ) +{ + SVSM_INFORMATION *SvsmInfo; + + SvsmInfo =3D (SVSM_INFORMATION *)(UINTN)PcdGet32 (PcdOvmfSnpSecretsBase); + + return CcExitSnpSvsmPresent () ? SvsmInfo->SvsmCaa : 0; +} + /** Return the address of SVSM Call Area (CAA). =20 diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Library/= CcExitLib/CcExitVcHandler.c index 0fc30f7bc4f6..950e7c34e37f 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c +++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c @@ -1,7 +1,7 @@ /** @file X64 #VC Exception Handler functon. =20 - Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
+ Copyright (C) 2020 - 2024, Advanced Micro Devices, Inc. All rights reser= ved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -18,6 +18,7 @@ =20 #include "CcExitVcHandler.h" #include "CcInstruction.h" +#include "CcExitSvsm.h" =20 // // Non-automatic Exit function prototype @@ -713,10 +714,29 @@ MsrExit ( IN CC_INSTRUCTION_DATA *InstructionData ) { - UINT64 ExitInfo1, Status; + MSR_SVSM_CAA_REGISTER Msr; + UINT64 ExitInfo1; + UINT64 Status; =20 ExitInfo1 =3D 0; =20 + // + // The SVSM CAA MSR is a software implemented MSR and not supported + // by the hardware, handle it directly. + // + if (Regs->Rax =3D=3D MSR_SVSM_CAA) { + // Writes to the SVSM CAA MSR are ignored + if (*(InstructionData->OpCodes + 1) =3D=3D 0x30) { + return 0; + } + + Msr.Uint64 =3D SvsmGetCaaPa (); + Regs->Rax =3D Msr.Bits.Lower32Bits; + Regs->Rdx =3D Msr.Bits.Upper32Bits; + + return 0; + } + switch (*(InstructionData->OpCodes + 1)) { case 0x30: // WRMSR ExitInfo1 =3D 1; @@ -1388,6 +1408,11 @@ GetCpuidFw ( *Ebx =3D (*Ebx & 0xFFFFFF00) | (Ebx2 & 0x000000FF); /* node ID */ *Ecx =3D (*Ecx & 0xFFFFFF00) | (Ecx2 & 0x000000FF); + } else if (EaxIn =3D=3D 0x8000001F) { + /* Set the SVSM feature bit if running under an SVSM */ + if (CcExitSnpSvsmPresent ()) { + *Eax |=3D BIT28; + } } =20 Out: --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114641): https://edk2.groups.io/g/devel/message/114641 Mute This Topic: https://groups.io/mt/103986477/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue May 14 00:00:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114642+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307330786620.1145950279749; Fri, 26 Jan 2024 14:15:30 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=nP59hpTR6qaSmcjwoIJIYzAKxraqa8cArVTyKs/9V2k=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307330; v=1; b=T+wMpYuZZP67B6ozuzJeeHJvafUp+s2gVbGRW/TpldPTWZZnzcHUrt7MzmKRgCrOLW+sFJdM yLyq+TCrM/TLyB0MjIOgta2DKR1BfDMuAfEaAyb+LnqDvoG1150XIDiFGm3sQhU6Xy249ZC5Nkj /oKqT8SJQx7e5i4DZ2KK5OJU= X-Received: by 127.0.0.2 with SMTP id iaDYYY1788612xuMWcsqD7cV; Fri, 26 Jan 2024 14:15:30 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.57]) by mx.groups.io with SMTP id smtpd.web10.2907.1706307329859428601 for ; Fri, 26 Jan 2024 14:15:30 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bG0cKUkMXL6+5wsiSbiHEXzwhCgb2hLJms8QNZu7voCKgM0V/i7PNuDHqljSCw7tiUpK0oOrupJ4QVqeJI4ryl4zsPfz1newSXSYzDyy2WNvmSZs5A1rwutiX/hK+9lJnCP8x7mOWHkOqk2YcR6EPimfjZxUMTniJwRYbChBb+Q2CiEgsrolgZjxLX5Tb8r6cV6l2y8JIeQQNCw4ARaCKUqi09/eWA1/Dsk6RtbCey7iVf5oPwf2hjeWV3ux3KrHQFvcO/OPoGmgrKUHb4DtrjS81laoaeZCj8zIbUMkHeaGxJqTkmVqZS5MWaJ8+nolAJLP2qS5YAhY02WzFv4Qsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZB678qpZ3N97fDKVrEZrB/lGAlYe4OlLKztAULe3aT0=; b=bqcBZEP3JICnUMHB0LbIOLflsmtOJPc1zE66cIeurWp4Vgh7Bttp3PEjenAb1rWuNs5r1uiME1/k2Rt7u2V188gA6sYiii/SoM1feEqtAngDgyeH5yQBlLKZFEfjHwstUVNz3aMgbNaPAAFurz2X48cbrVBRFp5n8Kk/32BlL4Og/l5XHqtADwaAaKUoUBIXF8xa2hBQ6JI4TmVr6FWKCbeqtn0Gd6mK2LBr3jYBA9rFH9qdgoH6WT7g1YzCqP3jSvTZpU1NZPfukW4UitI39Z2Ul6OepHX0CIFBDS8NyTRnvDG/g7oyl2LUq5Ze/hq8GZbsvRukRPt856oYRxqn5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DS7PR06CA0022.namprd06.prod.outlook.com (2603:10b6:8:2a::10) by CH3PR12MB9172.namprd12.prod.outlook.com (2603:10b6:610:198::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27; Fri, 26 Jan 2024 22:15:25 +0000 X-Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:8:2a:cafe::ed) by DS7PR06CA0022.outlook.office365.com (2603:10b6:8:2a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.27 via Frontend Transport; Fri, 26 Jan 2024 22:15:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114642+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:15:25 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:15:24 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 16/16] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Date: Fri, 26 Jan 2024 16:13:15 -0600 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|CH3PR12MB9172:EE_ X-MS-Office365-Filtering-Correlation-Id: ea07f081-0f0a-4f43-4c54-08dc1ebc4be3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: Qzl8EyFIKlhfgfJxxYkGkXVHQNIJ+guba56TBNE6VJKc4wu358UsSxN99LJ1hr6R2DgR3T7XPoFyNH9qiA83iwXw0Hj7j6H/kK2UH4oerIQHD0DmC94pkCu+LrXVIITz3nrSUJyorfc63PziohhpKK9kxTuPchtedVXqZpJbZK0Do1WK4tJOlvKYUQx5tQmDJ90zS9760PUFMbjD0QuWnl8nqGIWY2oW48NSDM1yA7tIp85ImHZYkN8bjgmvYLRyp30RRSjuGNL4Eq+DamwRByPhK4fu2yYO3r3vP4vK/NxpYGnq5F6tbZP6HMntSzG4JUCJ8+gHnLrgnGP2hNUPFoNRyd4i8mq/EiKct7pB/uhBXvbaPFTAC4aeYOIMMd57wbeZjeN4/LG7h4/gjB48u08AED01SYDQjE+3LUe1T19ZJ9FXVaKdJjcrvz3lHieqjE8uFARYT8Jbqm5b+UTxe0osSSB6FRs859InY0npnVCCKN9K2y8YAfZpuWQ9Yjr9ofK406bP1oFOEwMD6vJIslE/5f1xKZFi3aHGyEWdU3PRpWHF7WQ+wWS/h+ASDYNW2UXLOSht2vGJVtkWIZeNJnAhhHk9tP4IEYeZ1ykedHI8eVxiqQNLiWjs49ggGcGFMcxrdjp4mrjX3xjFVTAh7MAHxVG8kztBSVMnFLLysy9Hy0C7K3PaGCwIEp1YXiF9yTzU2a6ysPck6Npa2O0YuZClLs34qLOmWUw/NbrI/nfjk8JRf3TvNssEfKzEADx2uF+tC4oZT/burDHnvXyKgw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:15:25.4858 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ea07f081-0f0a-4f43-4c54-08dc1ebc4be3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9172 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: IwHrvDCKQzsJYNcwW6ESOjfZx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307331719100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 Currently, an SEV-SNP guest will terminate if it is not running at VMPL0. The requirement for running at VMPL0 is removed if an SVSM is present. Update the current VMPL0 check to additionally check for the presence of an SVSM is the guest is not running at VMPL0. Additionally, fix an error in SevSnpIsVmpl0() where the Status variable should be compared to 0 and not use the EFI_ERROR() function to determine if an error occurred during AsmRmpAdjust(). Signed-off-by: Tom Lendacky --- OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c | 11 ++= +++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValida= te.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c index 86af2ba0356e..803c835680e0 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SecSnpSystemRamValidate.c @@ -12,6 +12,7 @@ #include #include #include +#include =20 #include "SnpPageStateChange.h" =20 @@ -45,7 +46,7 @@ SevSnpIsVmpl0 ( Rdx =3D 1; =20 Status =3D AsmRmpAdjust ((UINT64)gVmpl0Data, 0, Rdx); - if (EFI_ERROR (Status)) { + if (Status !=3D 0) { return FALSE; } =20 @@ -74,10 +75,12 @@ MemEncryptSevSnpPreValidateSystemRam ( =20 // // The page state change uses the PVALIDATE instruction. The instruction - // can be run on VMPL-0 only. If its not VMPL-0 guest then terminate - // the boot. + // can be run at VMPL-0 only. If its not a VMPL-0 guest, then an SVSM mu= st + // be present to perform the operation on behalf of the guest. If the gu= est + // is not running at VMPL-0 and an SVSM is not present, then terminate t= he + // boot. // - if (!SevSnpIsVmpl0 ()) { + if (!SevSnpIsVmpl0 () && !CcExitSnpSvsmPresent ()) { SnpPageStateFailureTerminate (); } =20 --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114642): https://edk2.groups.io/g/devel/message/114642 Mute This Topic: https://groups.io/mt/103986479/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-