UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

An SEV-SNP guest requires that the physical address of the GHCB must
be registered with the hypervisor before using it. See the GHCB
specification section 2.3.2 for more details.

Cc: Michael Roth <michael.roth@amd.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Ray Ni <ray.ni@Intel.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
This commit is contained in:
Brijesh Singh 2021-12-09 11:27:54 +08:00 committed by mergify[bot]
parent 2c354252be
commit 9c703bc0f1
4 changed files with 64 additions and 5 deletions

View File

@ -92,6 +92,7 @@ struc MP_CPU_EXCHANGE_INFO
.ModeHighSegment: CTYPE_UINT16 1 .ModeHighSegment: CTYPE_UINT16 1
.Enable5LevelPaging: CTYPE_BOOLEAN 1 .Enable5LevelPaging: CTYPE_BOOLEAN 1
.SevEsIsEnabled: CTYPE_BOOLEAN 1 .SevEsIsEnabled: CTYPE_BOOLEAN 1
.SevSnpIsEnabled CTYPE_BOOLEAN 1
.GhcbBase: CTYPE_UINTN 1 .GhcbBase: CTYPE_UINTN 1
endstruc endstruc

View File

@ -896,8 +896,9 @@ FillExchangeInfoData (
ExchangeInfo->Enable5LevelPaging = (BOOLEAN)(Cr4.Bits.LA57 == 1); ExchangeInfo->Enable5LevelPaging = (BOOLEAN)(Cr4.Bits.LA57 == 1);
DEBUG ((DEBUG_INFO, "%a: 5-Level Paging = %d\n", gEfiCallerBaseName, ExchangeInfo->Enable5LevelPaging)); DEBUG ((DEBUG_INFO, "%a: 5-Level Paging = %d\n", gEfiCallerBaseName, ExchangeInfo->Enable5LevelPaging));
ExchangeInfo->SevEsIsEnabled = CpuMpData->SevEsIsEnabled; ExchangeInfo->SevEsIsEnabled = CpuMpData->SevEsIsEnabled;
ExchangeInfo->GhcbBase = (UINTN)CpuMpData->GhcbBase; ExchangeInfo->SevSnpIsEnabled = CpuMpData->SevSnpIsEnabled;
ExchangeInfo->GhcbBase = (UINTN)CpuMpData->GhcbBase;
// //
// Get the BSP's data of GDT and IDT // Get the BSP's data of GDT and IDT
@ -1847,9 +1848,10 @@ MpInitLibInitialize (
CpuMpData->CpuData = (CPU_AP_DATA *)(CpuMpData + 1); CpuMpData->CpuData = (CPU_AP_DATA *)(CpuMpData + 1);
CpuMpData->CpuInfoInHob = (UINT64)(UINTN)(CpuMpData->CpuData + MaxLogicalProcessorNumber); CpuMpData->CpuInfoInHob = (UINT64)(UINTN)(CpuMpData->CpuData + MaxLogicalProcessorNumber);
InitializeSpinLock (&CpuMpData->MpLock); InitializeSpinLock (&CpuMpData->MpLock);
CpuMpData->SevEsIsEnabled = ConfidentialComputingGuestHas (CCAttrAmdSevEs); CpuMpData->SevEsIsEnabled = ConfidentialComputingGuestHas (CCAttrAmdSevEs);
CpuMpData->SevEsAPBuffer = (UINTN)-1; CpuMpData->SevSnpIsEnabled = ConfidentialComputingGuestHas (CCAttrAmdSevSnp);
CpuMpData->GhcbBase = PcdGet64 (PcdGhcbBase); CpuMpData->SevEsAPBuffer = (UINTN)-1;
CpuMpData->GhcbBase = PcdGet64 (PcdGhcbBase);
// //
// Make sure no memory usage outside of the allocated buffer. // Make sure no memory usage outside of the allocated buffer.

View File

@ -222,6 +222,7 @@ typedef struct {
// //
BOOLEAN Enable5LevelPaging; BOOLEAN Enable5LevelPaging;
BOOLEAN SevEsIsEnabled; BOOLEAN SevEsIsEnabled;
BOOLEAN SevSnpIsEnabled;
UINTN GhcbBase; UINTN GhcbBase;
} MP_CPU_EXCHANGE_INFO; } MP_CPU_EXCHANGE_INFO;
@ -291,6 +292,7 @@ struct _CPU_MP_DATA {
BOOLEAN WakeUpByInitSipiSipi; BOOLEAN WakeUpByInitSipiSipi;
BOOLEAN SevEsIsEnabled; BOOLEAN SevEsIsEnabled;
BOOLEAN SevSnpIsEnabled;
UINTN SevEsAPBuffer; UINTN SevEsAPBuffer;
UINTN SevEsAPResetStackStart; UINTN SevEsAPResetStackStart;
CPU_MP_DATA *NewCpuMpData; CPU_MP_DATA *NewCpuMpData;

View File

@ -15,6 +15,57 @@
%define SIZE_4KB 0x1000 %define SIZE_4KB 0x1000
RegisterGhcbGpa:
;
; Register GHCB GPA when SEV-SNP is enabled
;
lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (SevSnpIsEnabled)]
cmp byte [edi], 1 ; SevSnpIsEnabled
jne RegisterGhcbGpaDone
; Save the rdi and rsi to used for later comparison
push rdi
push rsi
mov edi, eax
mov esi, edx
or eax, 18 ; Ghcb registration request
wrmsr
rep vmmcall
rdmsr
mov r12, rax
and r12, 0fffh
cmp r12, 19 ; Ghcb registration response
jne GhcbGpaRegisterFailure
; Verify that GPA is not changed
and eax, 0fffff000h
cmp edi, eax
jne GhcbGpaRegisterFailure
cmp esi, edx
jne GhcbGpaRegisterFailure
pop rsi
pop rdi
jmp RegisterGhcbGpaDone
;
; Request the guest termination
;
GhcbGpaRegisterFailure:
xor edx, edx
mov eax, 256 ; GHCB terminate
wrmsr
rep vmmcall
; We should not return from the above terminate request, but if we do
; then enter into the hlt loop.
DoHltLoop:
cli
hlt
jmp DoHltLoop
RegisterGhcbGpaDone:
OneTimeCallRet RegisterGhcbGpa
; ;
; The function checks whether SEV-ES is enabled, if enabled ; The function checks whether SEV-ES is enabled, if enabled
; then setup the GHCB page. ; then setup the GHCB page.
@ -39,6 +90,9 @@ SevEsSetupGhcb:
mov rdx, rax mov rdx, rax
shr rdx, 32 shr rdx, 32
mov rcx, 0xc0010130 mov rcx, 0xc0010130
OneTimeCall RegisterGhcbGpa
wrmsr wrmsr
SevEsSetupGhcbExit: SevEsSetupGhcbExit: