The FillExchangeInfoDataSevEs() is only called for SEV-SNP guests, but
the name (and comment in MpLib.c) implies that it is also called for
SEV-ES guests. Rename the function to FillExchangeInfoDataSevSnp() to
avoid confusion.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
The SevSnpKnownInitApicId field within the MP_CPU_EXCHANGE_INFO structure
is not guaranteed to be zero when booting an SEV-ES guest. While the check
in SevSnpGetInitCpuNumber() is conditionally guarded by verifying if the
guest is an SEV-SNP guest, the check in SevEsGetApicId() is not similarly
guarded.
This lack of protection can cause SevEsGetApicId() to return to the wrong
location. If the value of the SevSnpKnownInitApicId field contains the
exact random value of 1, the guest will be treated as an SEV-SNP guest
rather than an SEV-ES guest and return to the wrong location in the code
which will lead to a crash.
Ensure that all SEV related fields in MP_CPU_EXCHANGE_INFO structure are
properly initialized, thus removing the need for guarding access to the
SevSnpKnownInitApicId field.
Fixes: dca5d26bc5 ("UefiCpuPkg/MpInitLib: Fix SNP AP creation when using known APIC IDs")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
In the MpInitLib, pages are allocated for
the APs, and data is copied into them. Depending
on the allocation type, Nx needs to be removed
from the pages to allow the processors to execute.
Additionally, ReadOnly needs to be applied to the
pages after they have been filled with the
instructions that the APs need to execute.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Co-authored-by: Oliver Smith-Denny <osde@microsoft.com>
On RISC-V platforms, just like other platforms, we need to pass various
information from one stage to another (hartid/cmo operations etc).
Also there are some settings like Timer freq which are platform dependent
which use PCDs. Today hartid is extracted through Firmware Context
(custom in mem structure passed from one stage to another). For CMO we
have a features HOB. Going forward we would like to have a standard
mechanism to pass on such information and DT is handy as it can easily
carry all this information (in some cases nodes already exists). This
patch implement timebase frequency extraction from DT.
Signed-off-by: Akshay Behl <cap2k4@rivosinc.com>
Co-authored-by: Dhaval Sharma <dhaval@rivosinc.com>
Move ArmMmuLib from ArmPkg to UefiCpuPkg for easy maintaining.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
A split-lock violation in OVMF was discovered due to the
NumApsExecuting field of the MP_CPU_EXCHANGE_INFO
struct (which is used atomically by the AP Reset Vector
assembly code) crossing a cacheline boundary.
Since the MP_CPU_EXCHANGE_INFO struct is unaligned and
the NumApsExecuting field resides after other non-UINTN aligned
fields in the struct (i.e. GdtrProfile/IdtrProfile), the
NumApsExecuting field was allocated at a non-UINTN aligned
address (crossing a cache-line) resulting in the split-lock
violation.
Therefore, align the MP_CPU_EXCHANGE_INFO struct (on a UINTN
boundary) and move the NumApsExecuting field to before the
GdtrProfile/IdtrProfile fields to ensure it is UINTN aligned and
thus resides within a single cacheline avoiding the split-lock.
Do the same for the ApIndex field as it is also used atomically
and thus subject to a split-lock violation.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Aaron Young <aaron.young@oracle.com>
Since the LoongArch AP boot SPEC is published, it can identify which IPI
by vector. Added IPI vector logic and enabled them.
Signed-off-by: Chao Li <lichao@loongson.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Dongyan Qian <qiandongyan@loongson.cn>
Cc: Xiangdong Meng <mengxiangdong@loongson.cn>
If the AP wakes up out of order for the 1st time, and the data in the
HOB is also out of order, then there will be a issue: if the big number
core wakes up before the small number core, the big number core will
modify the APIC number in the CpuMpData, which will cause the small
number core can not be wake up. Using the APIC number from the HOB to
wake up the APs can fix it.
Signed-off-by: Chao Li <lichao@loongson.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Dongyan Qian <qiandongyan@loongson.cn>
Cc: Xiangdong Meng <mengxiangdong@loongson.cn>
A typical initial AP boot up will choose a CpuNumber based on the ApIndex
value that it gets back after a locked increment of the ApIndex value.
The ApIndex to APIC ID relationship is random, which is not an issue when
a broadcast INIT-SIPI is performed.
With SNP and a hypervisor that supports retrieval of the known APIC IDs,
the broadcast INIT-SIPI method is replaced by waking each individual vCPU.
In this situation, a specific VMSA is associated with a specific APIC ID.
However, random assignment of an ApIndex can break this association. This
isn't typically an issue, because the AP bring-up finishes with the AP
issuing a HLT instruction, which is intercepted by the hypervisor and the
AP won't run again until the next INIT-SIPI. However, when HLT isn't
intercepted by the hypervisor (Qemu '-overcommit cpu-pm=on' parameter),
then the HLT does not exit to the hypervisor. On the next INIT-SIPI, it
can happen that a VMRUN is executed with a different VMSA address than
was originally used, and if that VMSA is still in a VMRUN on another AP,
then the executing VMRUN will fail, crashing the guest.
To fix this issue, add a CPU exchange info field, SevSnpKnownInitApicId,
that indicates the APs are starting with an already known initial APIC ID
and set the initial APIC ID and APIC ID in the CPU_INFO_IN_HOB HOB.
During AP boot, the SevSnpKnownInitApicId field will result in the
CpuNumber being set to the index with a matching APIC ID (similar to AP
booting when the InitFlag != ApInitConfig).
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
EDKII_PEI_MP_SERVICES2_PPI has been renamed to EFI_PEI_MP_SERVICES2_PPI
and moved to MdePkg.
Relevant changes have been made here.
Signed-off-by: Sachin Ganesh <sachinganesh@ami.com>
IntelMmSaveStateLib and SmmCpuPlatformHookLibNull were limited to
DXE_SMM_DRIVER MM_STANDALONE, where as previously not supported module
types were listed.
Add MM_CORE_STANDALONE as a supported module type for these libraries.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Since TdxMeasurementLib has been moved to MdeModulePkg,
the duplicate code should be removed.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
We need to stub the SVSM vTPM protocol in the UefiCpuPkg in order to
support a SEV-SNP guest running under a SVSM at VMPL1 or lower.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Co-authored-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Claudio Carvalho <cclaudio@linux.ibm.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Introduce fundamental architecture-level functionalities which should
be implemented cross different architectures.
Signed-off-by: Ajan Zhong <ajan.zhong@newfw.com>
Add NULL instance of TdxMeasurementLib.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
This patch adds the IsCpuSyncAlwaysNeeded interface to the SmmCpuPlatformHookLib.
This interface will determine whether the first CPU Synchronization should be
executed unconditionally when a SMI occurs.
If the function returns true, it indicates that there is no need to check the
system configuration and status, and the first CPU Synchronization should be
executed unconditionally.
If the function returns false, it indicates that the first CPU Synchronization is
not executed unconditionally, and the decision to synchronize should be based on
the system configuration and status.
Signed-off-by: Khor Swee Aun <swee.aun.khor@intel.com>
If the exception type is INT, we need to know which interrupt could not
be handled, so we added a method to dump them.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
There is a problem with LoongArch64 exception handler, it returns a
unhandled value when we get an exception type, the correct value should
be right shifted 16 bits, so fix it.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
Since the UEFI 2.11 has been released, the macro
MAX_LOONGARCH_EXCEPTION has been added in MdePkg, so it is deleted in
LoongArch folder header file.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
When updating memory attributes, if only access attributes are changed,
the default memory cache attribute is NULL and a CACHE_CC is added by
default.
Signed-off-by: Chao Li <lichao@loongson.cn>
Resolves several issues in UefiCpuPkg related to:
1. Unchecked returns leading to potential NULL or uninitialized access.
2. Potential unchecked integer overflows.
3. Incorrect comparison between integers of different sizes.
Co-authored-by: kenlautner <85201046+kenlautner@users.noreply.github.com>
Signed-off-by: Chris Fernald <chfernal@microsoft.com>
Change conditional check to check the array index before
reading the array member to prevent read past end of buffer.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Per AMD64 Architecture Programmer's Manual Volume 2: System
Programming - 10.2.3 SMRAM State-Save Area (Rev 24593), the AMD64
architecture does not use the legacy SMM state-save area format
(Table 10-2) for 32-bit SMRAM save state map. Clean up codes for the
invalid save state map.
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Check if input buffer range unblockable:
1.The input buffer range to block should be totally covered
by one or multi memory allocation HOB
2.All the memory allocation HOB that overlap with the input
buffer range should be EfiRuntimeServicesData, EfiACPIMemoryNVS
or EfiReservedMemoryType.
Signed-off-by: Dun Tan <dun.tan@intel.com>
This patch is to add SmmCpuPlatformHookBeforeMmiHandler interface
in SmmCpuPlatformHookLib.
The new API can be used to perform the platform specific items
before executing MMI Handler. For example, Intel can leverage
this API to clear the pending SMI bit after all CPUs finish the
sync and before the MMI handlers. If so, the the redundant
SMI can be avoided after CPU exit from current SMI.
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Previously, the SMM S3 resume code required taking control of APs to
perform SMM rebase, which would overwrite the context set by MpLib.
As a result, MpLib needed to wake up APs using InitSipiSipi to restore
the context after SMM S3 resume.
With the recent change where SMM rebase occurs in the early PEI phase,
the SMM S3 resume code no longer modifies AP context. Therefore, the
forced use of InitSipiSipi after SMM S3 resume is no longer necessary.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
The OpenSSL library uses floating point registers.
The is no guarantee that a prior firmware stage has enabled the FPU.
Provide a library BaseRiscVFpuLib to
* Enable the FPU and set it to state 'dirty'.
* Clear the fcsr CSR.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Currently, TDX exposes MTRR CPUID bit to TDX VM. So based on the CPUID,
the guest software components (OVMF/TDVF and guest kernel) will access
MTRR MSRs. One problem for guest to use of MTRR is the change of MTRR
setting needs to set CR0.CD=1, which will case #VE for TDX.
For Linux kernel, there is a mechanism called SW defined MTRR introduced
by the patch https://lore.kernel.org/all/20230502120931.
20719-4-jgross@suse.com/. If this is integrated for TDX guest, then Linux
kernel will not access any MTRR MSRs.
So we update MtrrLibIsMtrrSupported() to always return false for TD-Guest,
then TDVF will not access MTRR MSRs at all.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Binbin Wu <binbin.wu@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
This patch is to avoid configure SMBASE if SmBase relocation has been
done. If gSmmBaseHobGuid found, means SmBase info has been relocated
and recorded in the SmBase array. No need to do the relocation in
SmmCpuFeaturesInitializeProcessor().
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
Since the LoongArch SPEC has adjusted the CSR 0x20 register name and
the MdePkg also added the new name, so enable it in UefiCpuPkg.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Signed-off-by: Chao Li <lichao@loongson.cn>
The BSP's APIC mode is synced to all APs in CollectProcessorCount().
So, it's safe to skip the X2 APIC enabling in AutoEnableX2Apic() which
runs later when BSP's APIC mode is X2 APIC already.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
The change saves the BSP's initial APIC mode and syncs to all APs
in first time wakeup. It allows certain platforms to switch to X2 APIC
as early as possible and also independent on CpuFeaturePei/Dxe.
The platform should switch BSP to X2 APIC mode first before the
CpuMpPeim runs.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
It's very confusing that auto X2 APIC enabling and APIC ID sorting
are all performed inside CollectProcessorCount().
The change is to separate the X2 APIC enabling to AutoEnableX2Apic()
and call that from MpInitLibInitialize().
SortApicId() is called from MpInitLibInitialize() as well.
Signed-off-by: Ray Ni <ray.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
This library provides an interface to request non-MMRAM pages to be
mapped/unblocked from inside MM environment.
For MM modules that need to access areas outside of
MMRAMs, the agents responsible for setting up these regions must use
this API to enable access to these memory areas from within MM. During
the IPL, when RestrictedMemoryAccess is enabled,
this unblocked memory is specifically used to create a BuildResourceHob,
which allocates storage for the SMM accessible DRAM (non-MMIO) range.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Hongbin1 Zhang <hongbin1.zhang@intel.com>
Cc: Wei6 Xu <wei6.xu@intel.com>
Cc: Dun Tan <dun.tan@intel.com>
Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
Commit 2f499c36db commented out the
RandomTestCase tests in CpuPageTableLibTestHost, but it left the
test suite being registered without any tests. This causes a failure
for tools that check to ensure tests are being registered with test
suites.
This patch comments out the test suite in addition to the tests
being added to it.
Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com>
Structure assignment may depend on the compiler to expand to memcpy.
For this, we may need to add -mno-memcpy to the compilation flag.
Here, we reduce dependencies and use CopyMem for data conversion without
memcpy.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Chao Li <lichao@loongson.cn>
Signed-off-by: Dongyan Qian <qiandongyan@loongson.cn>
Co-authored-by: Chao Li <lichao@loongson.cn>
Given that the second parameter can be universally set to TRUE across
all use cases, its removal simplifies the function interface and the
associated code paths.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
Analysis of the current usage patterns revealed that this parameter
should consistently set to TRUE.
Specifically, the parameter was found to be False in the following
scenarios:
1. During the initial volatile register setup for the first AP wake-up
in both the PEI and DXE phases. In these instances, the volatile
registers are pre-initialized in MpInitLibInitialize(),
and manually setting them to zero does not require altering the DR
state.
2. When switching the BSP, the new BSP does not synchronize the DR.
This behavior is now adjusted to ensure the DR state is synchronized,
aligning with a more logical and expected behavior when transitioning
BSP roles.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
In previoud commit, we remove the ApInitReconfig status. Now there
are only two status ApInitConfig and ApInitDone.
Only the very first waking up AP needs to set ApInitConfig status.
Therefore, if this is not the first wake up, set ApInitDone status
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
ApInitReconfig status is used to indicate that when AP wakes up, AP
need to restore volatile registers from BSP and use InitSipiSipi. Since
we handle the volatile registers well, we can use WakeUpByInitSipiSipi
flag to replace ApInitReconfig. Avoid using ApInitReconfig can simplify
code.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
When enable stack guard, APs needs separate GDTs.
In current code, APs will lose their separate GDTs when AP get disabled
and later re-enabled. This is because when re-enabling AP, AP restores
volatile registers from BSP.
This patch updates the AP management to ensure that each AP saves and
restores its own set of volatile registers to solve this issue.
Key changes include:
- APs now maintain their own volatile register space, eliminating
dependency on the BSP's register state.
- Special handling is implemented for the first AP wake-up during the
PEI and DXE phases, where the volatile registers are synchronized from
the BSP.
- When switching BSP, remove manual handling the global variable
CpuMpData->CpuData[Index].VolatileRegisters. The manually handling
in previous code is because, old BSP may not save volatile registers
after the AP procedure and new BSP's VolatileRegisters buffer may be
used by other APs. Now, since AP always save/restore volatile registers
from their own buffer, no need to do the special handling.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
BSP should save and sync to AP the init timer count instead of
current timer count.
Also, BSP can check the init timer count to know if the local apic
timer is enabled. Only sync the setting when it is enabled.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
This update ensures the consistency of Local APIC timer settings across
all processors when a BSP switch occurs.
The Local APIC timer is utilized in two distinct scenarios:
1. As a delay mechanism within the timer library.
2. To generate periodic timer interrupts during the DXE phase.
For scenario 1, APs can simply inherit the initial settings from the
BSP. Even the local APIC timer setting is changed by BSP later, AP
can still use the old setting. Therefore, the code to save the Local
APIC timer can be moved to MpInitLibInitialize().
For scenario 2, because normal AP doesn't enable timer interrupt, we
only need to care SwitchBsp case. It is crucial that the periodic
timer interrupts remain operational after BSP is switched. To achieve
this, the Local APIC timer settings on old BSP are now preserved and
synced to new BSP.
Signed-off-by: Zhiguang Liu <zhiguang.liu@intel.com>
