]> git.proxmox.com Git - mirror_edk2.git/blame - OvmfPkg/Library/PlatformInitLib/Platform.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UefiCpuPkg: Move AsmRelocateApLoopStart from Mpfuncs.nasm to AmdSev.nasm
[mirror_edk2.git] / OvmfPkg / Library / PlatformInitLib / Platform.c
CommitLineData
102cafed
MX		 1/**@file\r
2\r
3 Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR>\r
4 Copyright (c) 2011, Andrei Warkentin <andreiw@motorola.com>\r
5\r
6 SPDX-License-Identifier: BSD-2-Clause-Patent\r
7\r
8**/\r
9\r
10//\r
11// The package level header files this module uses\r
12//\r
13#include <PiPei.h>\r
14\r
15//\r
16// The Library classes this module consumes\r
17//\r
18#include <Library/BaseMemoryLib.h>\r
19#include <Library/BaseLib.h>\r
20#include <Library/DebugLib.h>\r
21#include <Library/HobLib.h>\r
96047b66
MX		 22#include <Library/IoLib.h>\r
23#include <IndustryStandard/I440FxPiix4.h>\r
24#include <IndustryStandard/Microvm.h>\r
25#include <IndustryStandard/Pci22.h>\r
26#include <IndustryStandard/Q35MchIch9.h>\r
27#include <IndustryStandard/QemuCpuHotplug.h>\r
4f173db8 28#include <Library/MemoryAllocationLib.h>\r
96047b66
MX		 29#include <Library/QemuFwCfgLib.h>\r
30#include <Library/QemuFwCfgS3Lib.h>\r
31#include <Library/QemuFwCfgSimpleParserLib.h>\r
32#include <Library/PciLib.h>\r
4f173db8
MX		 33#include <Guid/SystemNvDataGuid.h>\r
34#include <Guid/VariableFormat.h>\r
96047b66
MX		 35#include <OvmfPlatforms.h>\r
36\r
102cafed
MX		 37#include <Library/PlatformInitLib.h>\r
38\r
bf5678b5
LE		 39#define CPUHP_BUGCHECK_OVERRIDE_FWCFG_FILE \\r
40 "opt/org.tianocore/X-Cpuhp-Bugcheck-Override"\r
41\r
102cafed
MX		 42VOID\r
43EFIAPI\r
44PlatformAddIoMemoryBaseSizeHob (\r
45 IN EFI_PHYSICAL_ADDRESS MemoryBase,\r
46 IN UINT64 MemorySize\r
47 )\r
48{\r
49 BuildResourceDescriptorHob (\r
50 EFI_RESOURCE_MEMORY_MAPPED_IO,\r
51 EFI_RESOURCE_ATTRIBUTE_PRESENT |\r
52 EFI_RESOURCE_ATTRIBUTE_INITIALIZED |\r
53 EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |\r
54 EFI_RESOURCE_ATTRIBUTE_TESTED,\r
55 MemoryBase,\r
56 MemorySize\r
57 );\r
58}\r
59\r
60VOID\r
61EFIAPI\r
62PlatformAddReservedMemoryBaseSizeHob (\r
63 IN EFI_PHYSICAL_ADDRESS MemoryBase,\r
64 IN UINT64 MemorySize,\r
65 IN BOOLEAN Cacheable\r
66 )\r
67{\r
68 BuildResourceDescriptorHob (\r
69 EFI_RESOURCE_MEMORY_RESERVED,\r
70 EFI_RESOURCE_ATTRIBUTE_PRESENT |\r
71 EFI_RESOURCE_ATTRIBUTE_INITIALIZED |\r
72 EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |\r
73 (Cacheable ?\r
74 EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |\r
75 EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |\r
76 EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE :\r
77 0\r
78 ) |\r
79 EFI_RESOURCE_ATTRIBUTE_TESTED,\r
80 MemoryBase,\r
81 MemorySize\r
82 );\r
83}\r
84\r
85VOID\r
86EFIAPI\r
87PlatformAddIoMemoryRangeHob (\r
88 IN EFI_PHYSICAL_ADDRESS MemoryBase,\r
89 IN EFI_PHYSICAL_ADDRESS MemoryLimit\r
90 )\r
91{\r
92 PlatformAddIoMemoryBaseSizeHob (MemoryBase, (UINT64)(MemoryLimit - MemoryBase));\r
93}\r
94\r
95VOID\r
96EFIAPI\r
97PlatformAddMemoryBaseSizeHob (\r
98 IN EFI_PHYSICAL_ADDRESS MemoryBase,\r
99 IN UINT64 MemorySize\r
100 )\r
101{\r
102 BuildResourceDescriptorHob (\r
103 EFI_RESOURCE_SYSTEM_MEMORY,\r
104 EFI_RESOURCE_ATTRIBUTE_PRESENT |\r
105 EFI_RESOURCE_ATTRIBUTE_INITIALIZED |\r
106 EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE |\r
107 EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE |\r
108 EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE |\r
109 EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE |\r
110 EFI_RESOURCE_ATTRIBUTE_TESTED,\r
111 MemoryBase,\r
112 MemorySize\r
113 );\r
114}\r
115\r
116VOID\r
117EFIAPI\r
118PlatformAddMemoryRangeHob (\r
119 IN EFI_PHYSICAL_ADDRESS MemoryBase,\r
120 IN EFI_PHYSICAL_ADDRESS MemoryLimit\r
121 )\r
122{\r
123 PlatformAddMemoryBaseSizeHob (MemoryBase, (UINT64)(MemoryLimit - MemoryBase));\r
124}\r
96047b66
MX		 125\r
126VOID\r
127EFIAPI\r
128PlatformMemMapInitialization (\r
129 IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob\r
130 )\r
131{\r
132 UINT64 PciIoBase;\r
133 UINT64 PciIoSize;\r
96047b66
MX		 134 UINT64 PciExBarBase;\r
135 UINT32 PciBase;\r
136 UINT32 PciSize;\r
137\r
138 PciIoBase = 0xC000;\r
139 PciIoSize = 0x4000;\r
140\r
141 //\r
142 // Video memory + Legacy BIOS region\r
143 //\r
e23f8f52
MX		 144 if (!TdIsEnabled ()) {\r
145 PlatformAddIoMemoryRangeHob (0x0A0000, BASE_1MB);\r
146 }\r
96047b66
MX		 147\r
148 if (PlatformInfoHob->HostBridgeDevId == 0xffff /* microvm */) {\r
149 PlatformAddIoMemoryBaseSizeHob (MICROVM_GED_MMIO_BASE, SIZE_4KB);\r
150 PlatformAddIoMemoryBaseSizeHob (0xFEC00000, SIZE_4KB); /* ioapic #1 */\r
151 PlatformAddIoMemoryBaseSizeHob (0xFEC10000, SIZE_4KB); /* ioapic #2 */\r
152 return;\r
153 }\r
154\r
124b7650 155 PlatformGetSystemMemorySizeBelow4gb (PlatformInfoHob);\r
96047b66
MX		 156 PciExBarBase = 0;\r
157 if (PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {\r
158 //\r
159 // The MMCONFIG area is expected to fall between the top of low RAM and\r
160 // the base of the 32-bit PCI host aperture.\r
161 //\r
47f44097 162 PciExBarBase = PcdGet64 (PcdPciExpressBaseAddress);\r
124b7650 163 ASSERT (PlatformInfoHob->LowMemory <= PciExBarBase);\r
96047b66
MX		 164 ASSERT (PciExBarBase <= MAX_UINT32 - SIZE_256MB);\r
165 PciBase = (UINT32)(PciExBarBase + SIZE_256MB);\r
166 } else {\r
124b7650 167 ASSERT (PlatformInfoHob->LowMemory <= PlatformInfoHob->Uc32Base);\r
96047b66
MX		 168 PciBase = PlatformInfoHob->Uc32Base;\r
169 }\r
170\r
171 //\r
172 // address purpose size\r
173 // ------------ -------- -------------------------\r
174 // max(top, 2g) PCI MMIO 0xFC000000 - max(top, 2g)\r
175 // 0xFC000000 gap 44 MB\r
176 // 0xFEC00000 IO-APIC 4 KB\r
177 // 0xFEC01000 gap 1020 KB\r
178 // 0xFED00000 HPET 1 KB\r
179 // 0xFED00400 gap 111 KB\r
180 // 0xFED1C000 gap (PIIX4) / RCRB (ICH9) 16 KB\r
181 // 0xFED20000 gap 896 KB\r
182 // 0xFEE00000 LAPIC 1 MB\r
183 //\r
184 PciSize = 0xFC000000 - PciBase;\r
185 PlatformAddIoMemoryBaseSizeHob (PciBase, PciSize);\r
186\r
187 PlatformInfoHob->PcdPciMmio32Base = PciBase;\r
188 PlatformInfoHob->PcdPciMmio32Size = PciSize;\r
189\r
190 PlatformAddIoMemoryBaseSizeHob (0xFEC00000, SIZE_4KB);\r
191 PlatformAddIoMemoryBaseSizeHob (0xFED00000, SIZE_1KB);\r
192 if (PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {\r
193 PlatformAddIoMemoryBaseSizeHob (ICH9_ROOT_COMPLEX_BASE, SIZE_16KB);\r
194 //\r
195 // Note: there should be an\r
196 //\r
197 // PlatformAddIoMemoryBaseSizeHob (PciExBarBase, SIZE_256MB);\r
198 //\r
199 // call below, just like the one above for RCBA. However, Linux insists\r
200 // that the MMCONFIG area be marked in the E820 or UEFI memory map as\r
201 // "reserved memory" -- Linux does not content itself with a simple gap\r
202 // in the memory map wherever the MCFG ACPI table points to.\r
203 //\r
204 // This appears to be a safety measure. The PCI Firmware Specification\r
205 // (rev 3.1) says in 4.1.2. "MCFG Table Description": "The resources can\r
206 // *optionally* be returned in [...] EFIGetMemoryMap as reserved memory\r
207 // [...]". (Emphasis added here.)\r
208 //\r
209 // Normally we add memory resource descriptor HOBs in\r
210 // QemuInitializeRam(), and pre-allocate from those with memory\r
211 // allocation HOBs in InitializeRamRegions(). However, the MMCONFIG area\r
212 // is most definitely not RAM; so, as an exception, cover it with\r
213 // uncacheable reserved memory right here.\r
214 //\r
215 PlatformAddReservedMemoryBaseSizeHob (PciExBarBase, SIZE_256MB, FALSE);\r
216 BuildMemoryAllocationHob (\r
217 PciExBarBase,\r
218 SIZE_256MB,\r
219 EfiReservedMemoryType\r
220 );\r
221 }\r
222\r
223 PlatformAddIoMemoryBaseSizeHob (PcdGet32 (PcdCpuLocalApicBaseAddress), SIZE_1MB);\r
224\r
225 //\r
226 // On Q35, the IO Port space is available for PCI resource allocations from\r
227 // 0x6000 up.\r
228 //\r
229 if (PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {\r
230 PciIoBase = 0x6000;\r
231 PciIoSize = 0xA000;\r
232 ASSERT ((ICH9_PMBASE_VALUE & 0xF000) < PciIoBase);\r
233 }\r
234\r
235 //\r
236 // Add PCI IO Port space available for PCI resource allocations.\r
237 //\r
238 BuildResourceDescriptorHob (\r
239 EFI_RESOURCE_IO,\r
240 EFI_RESOURCE_ATTRIBUTE_PRESENT |\r
241 EFI_RESOURCE_ATTRIBUTE_INITIALIZED,\r
242 PciIoBase,\r
243 PciIoSize\r
244 );\r
245\r
246 PlatformInfoHob->PcdPciIoBase = PciIoBase;\r
247 PlatformInfoHob->PcdPciIoSize = PciIoSize;\r
248}\r
249\r
250/**\r
251 * Fetch "opt/ovmf/PcdSetNxForStack" from QEMU\r
252 *\r
253 * @param Setting The pointer to the setting of "/opt/ovmf/PcdSetNxForStack".\r
254 * @return EFI_SUCCESS Successfully fetch the settings.\r
255 */\r
256EFI_STATUS\r
257EFIAPI\r
258PlatformNoexecDxeInitialization (\r
259 IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob\r
260 )\r
261{\r
262 return QemuFwCfgParseBool ("opt/ovmf/PcdSetNxForStack", &PlatformInfoHob->PcdSetNxForStack);\r
263}\r
264\r
265VOID\r
266PciExBarInitialization (\r
267 VOID\r
268 )\r
269{\r
270 union {\r
271 UINT64 Uint64;\r
272 UINT32 Uint32[2];\r
273 } PciExBarBase;\r
274\r
275 //\r
276 // We only support the 256MB size for the MMCONFIG area:\r
277 // 256 buses * 32 devices * 8 functions * 4096 bytes config space.\r
278 //\r
279 // The masks used below enforce the Q35 requirements that the MMCONFIG area\r
280 // be (a) correctly aligned -- here at 256 MB --, (b) located under 64 GB.\r
281 //\r
282 // Note that (b) also ensures that the minimum address width we have\r
283 // determined in AddressWidthInitialization(), i.e., 36 bits, will suffice\r
284 // for DXE's page tables to cover the MMCONFIG area.\r
285 //\r
47f44097 286 PciExBarBase.Uint64 = PcdGet64 (PcdPciExpressBaseAddress);\r
96047b66
MX		 287 ASSERT ((PciExBarBase.Uint32[1] & MCH_PCIEXBAR_HIGHMASK) == 0);\r
288 ASSERT ((PciExBarBase.Uint32[0] & MCH_PCIEXBAR_LOWMASK) == 0);\r
289\r
290 //\r
291 // Clear the PCIEXBAREN bit first, before programming the high register.\r
292 //\r
293 PciWrite32 (DRAMC_REGISTER_Q35 (MCH_PCIEXBAR_LOW), 0);\r
294\r
295 //\r
296 // Program the high register. Then program the low register, setting the\r
297 // MMCONFIG area size and enabling decoding at once.\r
298 //\r
299 PciWrite32 (DRAMC_REGISTER_Q35 (MCH_PCIEXBAR_HIGH), PciExBarBase.Uint32[1]);\r
300 PciWrite32 (\r
301 DRAMC_REGISTER_Q35 (MCH_PCIEXBAR_LOW),\r
302 PciExBarBase.Uint32[0] | MCH_PCIEXBAR_BUS_FF | MCH_PCIEXBAR_EN\r
303 );\r
304}\r
305\r
306VOID\r
307EFIAPI\r
308PlatformMiscInitialization (\r
309 IN EFI_HOB_PLATFORM_INFO *PlatformInfoHob\r
310 )\r
311{\r
312 UINTN PmCmd;\r
313 UINTN Pmba;\r
314 UINT32 PmbaAndVal;\r
315 UINT32 PmbaOrVal;\r
316 UINTN AcpiCtlReg;\r
317 UINT8 AcpiEnBit;\r
318\r
319 //\r
320 // Disable A20 Mask\r
321 //\r
bf25f27e
SB		 322 if (PlatformInfoHob->HostBridgeDevId != CLOUDHV_DEVICE_ID) {\r
323 IoOr8 (0x92, BIT1);\r
324 }\r
96047b66
MX		 325\r
326 //\r
327 // Build the CPU HOB with guest RAM size dependent address width and 16-bits\r
328 // of IO space. (Side note: unlike other HOBs, the CPU HOB is needed during\r
329 // S3 resume as well, so we build it unconditionally.)\r
330 //\r
331 BuildCpuHob (PlatformInfoHob->PhysMemAddressWidth, 16);\r
332\r
333 //\r
334 // Determine platform type and save Host Bridge DID to PCD\r
335 //\r
336 switch (PlatformInfoHob->HostBridgeDevId) {\r
337 case INTEL_82441_DEVICE_ID:\r
338 PmCmd = POWER_MGMT_REGISTER_PIIX4 (PCI_COMMAND_OFFSET);\r
339 Pmba = POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMBA);\r
340 PmbaAndVal = ~(UINT32)PIIX4_PMBA_MASK;\r
341 PmbaOrVal = PIIX4_PMBA_VALUE;\r
342 AcpiCtlReg = POWER_MGMT_REGISTER_PIIX4 (PIIX4_PMREGMISC);\r
343 AcpiEnBit = PIIX4_PMREGMISC_PMIOSE;\r
344 break;\r
345 case INTEL_Q35_MCH_DEVICE_ID:\r
346 PmCmd = POWER_MGMT_REGISTER_Q35 (PCI_COMMAND_OFFSET);\r
347 Pmba = POWER_MGMT_REGISTER_Q35 (ICH9_PMBASE);\r
348 PmbaAndVal = ~(UINT32)ICH9_PMBASE_MASK;\r
349 PmbaOrVal = ICH9_PMBASE_VALUE;\r
350 AcpiCtlReg = POWER_MGMT_REGISTER_Q35 (ICH9_ACPI_CNTL);\r
351 AcpiEnBit = ICH9_ACPI_CNTL_ACPI_EN;\r
352 break;\r
353 case CLOUDHV_DEVICE_ID:\r
354 break;\r
355 default:\r
356 DEBUG ((\r
357 DEBUG_ERROR,\r
358 "%a: Unknown Host Bridge Device ID: 0x%04x\n",\r
359 __FUNCTION__,\r
360 PlatformInfoHob->HostBridgeDevId\r
361 ));\r
362 ASSERT (FALSE);\r
363 return;\r
364 }\r
365\r
366 if (PlatformInfoHob->HostBridgeDevId == CLOUDHV_DEVICE_ID) {\r
367 DEBUG ((DEBUG_INFO, "%a: Cloud Hypervisor is done.\n", __FUNCTION__));\r
368 return;\r
369 }\r
370\r
371 //\r
372 // If the appropriate IOspace enable bit is set, assume the ACPI PMBA has\r
373 // been configured and skip the setup here. This matches the logic in\r
374 // AcpiTimerLibConstructor ().\r
375 //\r
376 if ((PciRead8 (AcpiCtlReg) & AcpiEnBit) == 0) {\r
377 //\r
378 // The PEI phase should be exited with fully accessibe ACPI PM IO space:\r
379 // 1. set PMBA\r
380 //\r
381 PciAndThenOr32 (Pmba, PmbaAndVal, PmbaOrVal);\r
382\r
383 //\r
384 // 2. set PCICMD/IOSE\r
385 //\r
386 PciOr8 (PmCmd, EFI_PCI_COMMAND_IO_SPACE);\r
387\r
388 //\r
389 // 3. set ACPI PM IO enable bit (PMREGMISC:PMIOSE or ACPI_CNTL:ACPI_EN)\r
390 //\r
391 PciOr8 (AcpiCtlReg, AcpiEnBit);\r
392 }\r
393\r
394 if (PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {\r
395 //\r
396 // Set Root Complex Register Block BAR\r
397 //\r
398 PciWrite32 (\r
399 POWER_MGMT_REGISTER_Q35 (ICH9_RCBA),\r
400 ICH9_ROOT_COMPLEX_BASE | ICH9_RCBA_EN\r
401 );\r
402\r
403 //\r
404 // Set PCI Express Register Range Base Address\r
405 //\r
406 PciExBarInitialization ();\r
407 }\r
408}\r
409\r
c3e128a4
LE		 410/**\r
411 Check for various QEMU bugs concerning CPU numbers.\r
412\r
413 Compensate for those bugs if various conditions are satisfied, by updating a\r
414 suitable subset of the input-output parameters. The function may not return\r
415 (it may hang deliberately), even in RELEASE builds, if the QEMU bug is\r
416 impossible to cover up.\r
417\r
418 @param[in,out] BootCpuCount On input, the boot CPU count reported by QEMU via\r
419 fw_cfg (QemuFwCfgItemSmpCpuCount). The caller is\r
420 responsible for ensuring (BootCpuCount > 0); that\r
421 is, if QEMU does not provide the boot CPU count\r
422 via fw_cfg *at all*, then this function must not\r
423 be called.\r
424\r
425 @param[in,out] Present On input, the number of present-at-boot CPUs, as\r
426 reported by QEMU through the modern CPU hotplug\r
427 register block.\r
428\r
429 @param[in,out] Possible On input, the number of possible CPUs, as\r
430 reported by QEMU through the modern CPU hotplug\r
431 register block.\r
432**/\r
433STATIC\r
434VOID\r
435PlatformCpuCountBugCheck (\r
436 IN OUT UINT16 *BootCpuCount,\r
437 IN OUT UINT32 *Present,\r
438 IN OUT UINT32 *Possible\r
439 )\r
440{\r
441 ASSERT (*BootCpuCount > 0);\r
442\r
bf5678b5
LE		 443 //\r
444 // Sanity check: we need at least 1 present CPU (CPU#0 is always present).\r
445 //\r
446 // The legacy-to-modern switching of the CPU hotplug register block got broken\r
447 // (for TCG) in QEMU v5.1.0. Refer to "IO port write width clamping differs\r
448 // between TCG and KVM" at\r
449 // <http://mid.mail-archive.com/aaedee84-d3ed-a4f9-21e7-d221a28d1683@redhat.com>\r
450 // or at\r
451 // <https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00199.html>.\r
452 //\r
453 // QEMU received the fix in commit dab30fbef389 ("acpi: cpuhp: fix\r
454 // guest-visible maximum access size to the legacy reg block", 2023-01-08), to\r
455 // be included in QEMU v8.0.0.\r
456 //\r
457 // If we're affected by this QEMU bug, then we must not continue: it confuses\r
458 // the multiprocessing in UefiCpuPkg/Library/MpInitLib, and breaks CPU\r
459 // hot(un)plug with SMI in OvmfPkg/CpuHotplugSmm.\r
460 //\r
461 if (*Present == 0) {\r
462 UINTN Idx;\r
463 STATIC CONST CHAR8 *CONST Message[] = {\r
464 "Broken CPU hotplug register block found. Update QEMU to version 8+, or",\r
465 "to a stable release with commit dab30fbef389 backported. Refer to",\r
466 "<https://bugzilla.tianocore.org/show_bug.cgi?id=4250>.",\r
467 "Consequences of the QEMU bug may include, but are not limited to:",\r
468 "- all firmware logic, dependent on the CPU hotplug register block,",\r
469 " being confused, for example, multiprocessing-related logic;",\r
470 "- guest OS data loss, including filesystem corruption, due to crash or",\r
471 " hang during ACPI S3 resume;",\r
472 "- SMM privilege escalation, by a malicious guest OS or 3rd partty UEFI",\r
473 " agent, against the platform firmware.",\r
474 "These symptoms need not necessarily be limited to the QEMU user",\r
475 "attempting to hot(un)plug a CPU.",\r
476 "The firmware will now stop (hang) deliberately, in order to prevent the",\r
477 "above symptoms.",\r
478 "You can forcibly override the hang, *at your own risk*, with the",\r
479 "following *experimental* QEMU command line option:",\r
480 " -fw_cfg name=" CPUHP_BUGCHECK_OVERRIDE_FWCFG_FILE ",string=yes",\r
481 "Please only report such bugs that you can reproduce *without* the",\r
482 "override.",\r
483 };\r
484 RETURN_STATUS ParseStatus;\r
485 BOOLEAN Override;\r
486\r
487 DEBUG ((\r
488 DEBUG_ERROR,\r
489 "%a: Present=%u Possible=%u\n",\r
490 __FUNCTION__,\r
491 *Present,\r
492 *Possible\r
493 ));\r
494 for (Idx = 0; Idx < ARRAY_SIZE (Message); ++Idx) {\r
495 DEBUG ((DEBUG_ERROR, "%a: %a\n", __FUNCTION__, Message[Idx]));\r
496 }\r
497\r
498 ParseStatus = QemuFwCfgParseBool (\r
499 CPUHP_BUGCHECK_OVERRIDE_FWCFG_FILE,\r
500 &Override\r
501 );\r
502 if (!RETURN_ERROR (ParseStatus) && Override) {\r
503 DEBUG ((\r
504 DEBUG_WARN,\r
505 "%a: \"%a\" active. You've been warned.\n",\r
506 __FUNCTION__,\r
507 CPUHP_BUGCHECK_OVERRIDE_FWCFG_FILE\r
508 ));\r
509 //\r
510 // The bug is in QEMU v5.1.0+, where we're not affected by the QEMU v2.7\r
511 // reset bug, so BootCpuCount from fw_cfg is reliable. Assume a fully\r
512 // populated topology, like when the modern CPU hotplug interface is\r
513 // unavailable.\r
514 //\r
515 *Present = *BootCpuCount;\r
516 *Possible = *BootCpuCount;\r
517 return;\r
518 }\r
519\r
520 ASSERT (FALSE);\r
521 CpuDeadLoop ();\r
522 }\r
523\r
c3e128a4
LE		 524 //\r
525 // Sanity check: fw_cfg and the modern CPU hotplug interface should expose the\r
526 // same boot CPU count.\r
527 //\r
528 if (*BootCpuCount != *Present) {\r
529 DEBUG ((\r
530 DEBUG_WARN,\r
531 "%a: QEMU v2.7 reset bug: BootCpuCount=%d Present=%u\n",\r
532 __FUNCTION__,\r
533 *BootCpuCount,\r
534 *Present\r
535 ));\r
536 //\r
537 // The handling of QemuFwCfgItemSmpCpuCount, across CPU hotplug plus\r
538 // platform reset (including S3), was corrected in QEMU commit e3cadac073a9\r
539 // ("pc: fix FW_CFG_NB_CPUS to account for -device added CPUs", 2016-11-16),\r
540 // part of release v2.8.0.\r
541 //\r
542 *BootCpuCount = (UINT16)*Present;\r
543 }\r
544}\r
545\r
96047b66
MX		 546/**\r
547 Fetch the boot CPU count and the possible CPU count from QEMU, and expose\r
548 them to UefiCpuPkg modules.\r
549**/\r
550VOID\r
551EFIAPI\r
552PlatformMaxCpuCountInitialization (\r
553 IN OUT EFI_HOB_PLATFORM_INFO *PlatformInfoHob\r
554 )\r
555{\r
43f3cfce 556 UINT16 BootCpuCount = 0;\r
96047b66
MX		 557 UINT32 MaxCpuCount;\r
558\r
559 //\r
560 // Try to fetch the boot CPU count.\r
561 //\r
43f3cfce
SB		 562 if (QemuFwCfgIsAvailable ()) {\r
563 QemuFwCfgSelectItem (QemuFwCfgItemSmpCpuCount);\r
564 BootCpuCount = QemuFwCfgRead16 ();\r
565 }\r
566\r
96047b66
MX		 567 if (BootCpuCount == 0) {\r
568 //\r
569 // QEMU doesn't report the boot CPU count. (BootCpuCount == 0) will let\r
570 // MpInitLib count APs up to (PcdCpuMaxLogicalProcessorNumber - 1), or\r
571 // until PcdCpuApInitTimeOutInMicroSeconds elapses (whichever is reached\r
572 // first).\r
573 //\r
574 DEBUG ((DEBUG_WARN, "%a: boot CPU count unavailable\n", __FUNCTION__));\r
575 MaxCpuCount = PlatformInfoHob->DefaultMaxCpuNumber;\r
576 } else {\r
577 //\r
578 // We will expose BootCpuCount to MpInitLib. MpInitLib will count APs up to\r
579 // (BootCpuCount - 1) precisely, regardless of timeout.\r
580 //\r
581 // Now try to fetch the possible CPU count.\r
582 //\r
583 UINTN CpuHpBase;\r
584 UINT32 CmdData2;\r
585\r
586 CpuHpBase = ((PlatformInfoHob->HostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) ?\r
587 ICH9_CPU_HOTPLUG_BASE : PIIX4_CPU_HOTPLUG_BASE);\r
588\r
589 //\r
590 // If only legacy mode is available in the CPU hotplug register block, or\r
591 // the register block is completely missing, then the writes below are\r
592 // no-ops.\r
593 //\r
594 // 1. Switch the hotplug register block to modern mode.\r
595 //\r
596 IoWrite32 (CpuHpBase + QEMU_CPUHP_W_CPU_SEL, 0);\r
597 //\r
598 // 2. Select a valid CPU for deterministic reading of\r
599 // QEMU_CPUHP_R_CMD_DATA2.\r
600 //\r
601 // CPU#0 is always valid; it is the always present and non-removable\r
602 // BSP.\r
603 //\r
604 IoWrite32 (CpuHpBase + QEMU_CPUHP_W_CPU_SEL, 0);\r
605 //\r
606 // 3. Send a command after which QEMU_CPUHP_R_CMD_DATA2 is specified to\r
607 // read as zero, and which does not invalidate the selector. (The\r
608 // selector may change, but it must not become invalid.)\r
609 //\r
610 // Send QEMU_CPUHP_CMD_GET_PENDING, as it will prove useful later.\r
611 //\r
612 IoWrite8 (CpuHpBase + QEMU_CPUHP_W_CMD, QEMU_CPUHP_CMD_GET_PENDING);\r
613 //\r
614 // 4. Read QEMU_CPUHP_R_CMD_DATA2.\r
615 //\r
616 // If the register block is entirely missing, then this is an unassigned\r
617 // IO read, returning all-bits-one.\r
618 //\r
619 // If only legacy mode is available, then bit#0 stands for CPU#0 in the\r
620 // "CPU present bitmap". CPU#0 is always present.\r
621 //\r
622 // Otherwise, QEMU_CPUHP_R_CMD_DATA2 is either still reserved (returning\r
623 // all-bits-zero), or it is specified to read as zero after the above\r
624 // steps. Both cases confirm modern mode.\r
625 //\r
626 CmdData2 = IoRead32 (CpuHpBase + QEMU_CPUHP_R_CMD_DATA2);\r
627 DEBUG ((DEBUG_VERBOSE, "%a: CmdData2=0x%x\n", __FUNCTION__, CmdData2));\r
628 if (CmdData2 != 0) {\r
629 //\r
630 // QEMU doesn't support the modern CPU hotplug interface. Assume that the\r
631 // possible CPU count equals the boot CPU count (precluding hotplug).\r
632 //\r
633 DEBUG ((\r
634 DEBUG_WARN,\r
635 "%a: modern CPU hotplug interface unavailable\n",\r
636 __FUNCTION__\r
637 ));\r
638 MaxCpuCount = BootCpuCount;\r
639 } else {\r
640 //\r
641 // Grab the possible CPU count from the modern CPU hotplug interface.\r
642 //\r
643 UINT32 Present, Possible, Selected;\r
644\r
645 Present = 0;\r
646 Possible = 0;\r
647\r
648 //\r
649 // We've sent QEMU_CPUHP_CMD_GET_PENDING last; this ensures\r
650 // QEMU_CPUHP_RW_CMD_DATA can now be read usefully. However,\r
651 // QEMU_CPUHP_CMD_GET_PENDING may have selected a CPU with actual pending\r
652 // hotplug events; therefore, select CPU#0 forcibly.\r
653 //\r
654 IoWrite32 (CpuHpBase + QEMU_CPUHP_W_CPU_SEL, Possible);\r
655\r
656 do {\r
657 UINT8 CpuStatus;\r
658\r
659 //\r
c3e128a4
LE		 660 // Read the status of the currently selected CPU. This will help with\r
661 // various CPU count sanity checks.\r
96047b66
MX		 662 //\r
663 CpuStatus = IoRead8 (CpuHpBase + QEMU_CPUHP_R_CPU_STAT);\r
664 if ((CpuStatus & QEMU_CPUHP_STAT_ENABLED) != 0) {\r
665 ++Present;\r
666 }\r
667\r
668 //\r
669 // Attempt to select the next CPU.\r
670 //\r
671 ++Possible;\r
672 IoWrite32 (CpuHpBase + QEMU_CPUHP_W_CPU_SEL, Possible);\r
673 //\r
674 // If the selection is successful, then the following read will return\r
675 // the selector (which we know is positive at this point). Otherwise,\r
676 // the read will return 0.\r
677 //\r
678 Selected = IoRead32 (CpuHpBase + QEMU_CPUHP_RW_CMD_DATA);\r
679 ASSERT (Selected == Possible || Selected == 0);\r
680 } while (Selected > 0);\r
681\r
c3e128a4 682 PlatformCpuCountBugCheck (&BootCpuCount, &Present, &Possible);\r
bf5678b5
LE		 683 ASSERT (Present > 0);\r
684 ASSERT (Present <= Possible);\r
685 ASSERT (BootCpuCount == Present);\r
96047b66
MX		 686\r
687 MaxCpuCount = Possible;\r
688 }\r
689 }\r
690\r
691 DEBUG ((\r
692 DEBUG_INFO,\r
693 "%a: BootCpuCount=%d MaxCpuCount=%u\n",\r
694 __FUNCTION__,\r
695 BootCpuCount,\r
696 MaxCpuCount\r
697 ));\r
698 ASSERT (BootCpuCount <= MaxCpuCount);\r
699\r
700 PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber = MaxCpuCount;\r
701 PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount;\r
702}\r
4f173db8
MX		 703\r
704/**\r
705 Check padding data all bit should be 1.\r
706\r
707 @param[in] Buffer - A pointer to buffer header\r
708 @param[in] BufferSize - Buffer size\r
709\r
710 @retval TRUE - The padding data is valid.\r
711 @retval TRUE - The padding data is invalid.\r
712\r
713**/\r
714BOOLEAN\r
715CheckPaddingData (\r
716 IN UINT8 *Buffer,\r
717 IN UINT32 BufferSize\r
718 )\r
719{\r
720 UINT32 index;\r
721\r
722 for (index = 0; index < BufferSize; index++) {\r
723 if (Buffer[index] != 0xFF) {\r
724 return FALSE;\r
725 }\r
726 }\r
727\r
728 return TRUE;\r
729}\r
730\r
731/**\r
732 Check the integrity of NvVarStore.\r
733\r
734 @param[in] NvVarStoreBase - A pointer to NvVarStore header\r
735 @param[in] NvVarStoreSize - NvVarStore size\r
736\r
737 @retval TRUE - The NvVarStore is valid.\r
738 @retval FALSE - The NvVarStore is invalid.\r
739\r
740**/\r
741BOOLEAN\r
742EFIAPI\r
743PlatformValidateNvVarStore (\r
744 IN UINT8 *NvVarStoreBase,\r
745 IN UINT32 NvVarStoreSize\r
746 )\r
747{\r
748 UINT16 Checksum;\r
749 UINTN VariableBase;\r
750 UINT32 VariableOffset;\r
751 UINT32 VariableOffsetBeforeAlign;\r
752 EFI_FIRMWARE_VOLUME_HEADER *NvVarStoreFvHeader;\r
753 VARIABLE_STORE_HEADER *NvVarStoreHeader;\r
754 AUTHENTICATED_VARIABLE_HEADER *VariableHeader;\r
755\r
756 static EFI_GUID FvHdrGUID = EFI_SYSTEM_NV_DATA_FV_GUID;\r
757 static EFI_GUID VarStoreHdrGUID = EFI_AUTHENTICATED_VARIABLE_GUID;\r
758\r
759 VariableOffset = 0;\r
760\r
761 if (NvVarStoreBase == NULL) {\r
762 DEBUG ((DEBUG_ERROR, "NvVarStore pointer is NULL.\n"));\r
763 return FALSE;\r
764 }\r
765\r
766 //\r
767 // Verify the header zerovetor, filesystemguid,\r
768 // revision, signature, attributes, fvlength, checksum\r
769 // HeaderLength cannot be an odd number\r
770 //\r
771 NvVarStoreFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)NvVarStoreBase;\r
772\r
773 if ((!IsZeroBuffer (NvVarStoreFvHeader->ZeroVector, 16)) ||\r
774 (!CompareGuid (&FvHdrGUID, &NvVarStoreFvHeader->FileSystemGuid)) ||\r
775 (NvVarStoreFvHeader->Signature != EFI_FVH_SIGNATURE) ||\r
776 (NvVarStoreFvHeader->Attributes != 0x4feff) ||\r
47d98838 777 ((NvVarStoreFvHeader->HeaderLength & 0x01) != 0) ||\r
4f173db8
MX		 778 (NvVarStoreFvHeader->Revision != EFI_FVH_REVISION) ||\r
779 (NvVarStoreFvHeader->FvLength != NvVarStoreSize)\r
780 )\r
781 {\r
782 DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n"));\r
783 return FALSE;\r
784 }\r
785\r
786 //\r
787 // Verify the header checksum\r
788 //\r
789 Checksum = CalculateSum16 ((VOID *)NvVarStoreFvHeader, NvVarStoreFvHeader->HeaderLength);\r
790\r
791 if (Checksum != 0) {\r
792 DEBUG ((DEBUG_ERROR, "NvVarStore FV checksum was invalid.\n"));\r
793 return FALSE;\r
794 }\r
795\r
796 //\r
797 // Verify the header signature, size, format, state\r
798 //\r
799 NvVarStoreHeader = (VARIABLE_STORE_HEADER *)(NvVarStoreBase + NvVarStoreFvHeader->HeaderLength);\r
800 if ((!CompareGuid (&VarStoreHdrGUID, &NvVarStoreHeader->Signature)) ||\r
801 (NvVarStoreHeader->Format != VARIABLE_STORE_FORMATTED) ||\r
802 (NvVarStoreHeader->State != VARIABLE_STORE_HEALTHY) ||\r
803 (NvVarStoreHeader->Size > (NvVarStoreFvHeader->FvLength - NvVarStoreFvHeader->HeaderLength)) ||\r
804 (NvVarStoreHeader->Size < sizeof (VARIABLE_STORE_HEADER))\r
805 )\r
806 {\r
807 DEBUG ((DEBUG_ERROR, "NvVarStore header signature/size/format/state were invalid.\n"));\r
808 return FALSE;\r
809 }\r
810\r
811 //\r
812 // Verify the header startId, state\r
813 // Verify data to the end\r
814 //\r
815 VariableBase = (UINTN)NvVarStoreBase + NvVarStoreFvHeader->HeaderLength + sizeof (VARIABLE_STORE_HEADER);\r
816 while (VariableOffset < (NvVarStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER))) {\r
817 VariableHeader = (AUTHENTICATED_VARIABLE_HEADER *)(VariableBase + VariableOffset);\r
818 if (VariableHeader->StartId != VARIABLE_DATA) {\r
819 if (!CheckPaddingData ((UINT8 *)VariableHeader, NvVarStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER) - VariableOffset)) {\r
820 DEBUG ((DEBUG_ERROR, "NvVarStore variable header StartId was invalid.\n"));\r
821 return FALSE;\r
822 }\r
823\r
824 VariableOffset = NvVarStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER);\r
825 } else {\r
ceb52713
CYL		 826 if (!((VariableHeader->State == VAR_HEADER_VALID_ONLY) ||\r
827 (VariableHeader->State == VAR_ADDED) ||\r
828 (VariableHeader->State == (VAR_ADDED & VAR_DELETED)) ||\r
829 (VariableHeader->State == (VAR_ADDED & VAR_IN_DELETED_TRANSITION)) ||\r
830 (VariableHeader->State == (VAR_ADDED & VAR_IN_DELETED_TRANSITION & VAR_DELETED))))\r
4f173db8
MX		 831 {\r
832 DEBUG ((DEBUG_ERROR, "NvVarStore Variable header State was invalid.\n"));\r
833 return FALSE;\r
834 }\r
835\r
836 VariableOffset += sizeof (AUTHENTICATED_VARIABLE_HEADER) + VariableHeader->NameSize + VariableHeader->DataSize;\r
837 // Verify VariableOffset should be less than or equal NvVarStoreHeader->Size - sizeof(VARIABLE_STORE_HEADER)\r
838 if (VariableOffset > (NvVarStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER))) {\r
839 DEBUG ((DEBUG_ERROR, "NvVarStore Variable header VariableOffset was invalid.\n"));\r
840 return FALSE;\r
841 }\r
842\r
843 VariableOffsetBeforeAlign = VariableOffset;\r
844 // 4 byte align\r
845 VariableOffset = (VariableOffset + 3) & (UINTN)(~3);\r
846\r
847 if (!CheckPaddingData ((UINT8 *)(VariableBase + VariableOffsetBeforeAlign), VariableOffset - VariableOffsetBeforeAlign)) {\r
848 DEBUG ((DEBUG_ERROR, "NvVarStore Variable header PaddingData was invalid.\n"));\r
849 return FALSE;\r
850 }\r
851 }\r
852 }\r
853\r
854 return TRUE;\r
855}\r
856\r
857/**\r
858 Allocate storage for NV variables early on so it will be\r
859 at a consistent address. Since VM memory is preserved\r
860 across reboots, this allows the NV variable storage to survive\r
861 a VM reboot.\r
862\r
863 *\r
864 * @retval VOID* The pointer to the storage for NV Variables\r
865 */\r
866VOID *\r
867EFIAPI\r
868PlatformReserveEmuVariableNvStore (\r
869 VOID\r
870 )\r
871{\r
872 VOID *VariableStore;\r
873 UINT32 VarStoreSize;\r
874\r
875 VarStoreSize = 2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize);\r
876 //\r
877 // Allocate storage for NV variables early on so it will be\r
878 // at a consistent address. Since VM memory is preserved\r
879 // across reboots, this allows the NV variable storage to survive\r
880 // a VM reboot.\r
881 //\r
882 VariableStore =\r
883 AllocateRuntimePages (\r
884 EFI_SIZE_TO_PAGES (VarStoreSize)\r
885 );\r
886 DEBUG ((\r
887 DEBUG_INFO,\r
888 "Reserved variable store memory: 0x%p; size: %dkb\n",\r
889 VariableStore,\r
890 VarStoreSize / 1024\r
891 ));\r
892\r
893 return VariableStore;\r
894}\r
895\r
896/**\r
897 When OVMF is lauched with -bios parameter, UEFI variables will be\r
898 partially emulated, and non-volatile variables may lose their contents\r
899 after a reboot. This makes the secure boot feature not working.\r
900\r
901 This function is used to initialize the EmuVariableNvStore\r
902 with the conent in PcdOvmfFlashNvStorageVariableBase.\r
903\r
904 @param[in] EmuVariableNvStore - A pointer to EmuVariableNvStore\r
905\r
906 @retval EFI_SUCCESS - Successfully init the EmuVariableNvStore\r
907 @retval Others - As the error code indicates\r
908 */\r
909EFI_STATUS\r
910EFIAPI\r
911PlatformInitEmuVariableNvStore (\r
912 IN VOID *EmuVariableNvStore\r
913 )\r
914{\r
915 UINT8 *Base;\r
916 UINT32 Size;\r
917 UINT32 EmuVariableNvStoreSize;\r
918\r
919 EmuVariableNvStoreSize = 2 * PcdGet32 (PcdFlashNvStorageFtwSpareSize);\r
920 if ((EmuVariableNvStore == NULL) || (EmuVariableNvStoreSize == 0)) {\r
921 DEBUG ((DEBUG_ERROR, "Invalid EmuVariableNvStore parameter.\n"));\r
922 return EFI_INVALID_PARAMETER;\r
923 }\r
924\r
925 Base = (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase);\r
926 Size = (UINT32)PcdGet32 (PcdFlashNvStorageVariableSize);\r
927 ASSERT (Size < EmuVariableNvStoreSize);\r
928\r
929 if (!PlatformValidateNvVarStore (Base, PcdGet32 (PcdCfvRawDataSize))) {\r
930 ASSERT (FALSE);\r
931 return EFI_INVALID_PARAMETER;\r
932 }\r
933\r
934 DEBUG ((DEBUG_INFO, "Init EmuVariableNvStore with the content in FlashNvStorage\n"));\r
935\r
936 CopyMem (EmuVariableNvStore, Base, Size);\r
937\r
938 return EFI_SUCCESS;\r
939}\r
EFI Development Kit II mirror for PVE