[mirror_edk2.git] / UefiCpuPkg / Library / MpInitLib / X64 / MpFuncs.nasm

;------------------------------------------------------------------------------ ;\r
; Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.<BR>\r
; SPDX-License-Identifier: BSD-2-Clause-Patent\r
;\r
; Module Name:\r
;\r
;   MpFuncs.nasm\r
;\r
; Abstract:\r
;\r
;   This is the assembly code for MP support\r
;\r
;-------------------------------------------------------------------------------\r
\r
%include "MpEqu.inc"\r
extern ASM_PFX(InitializeFloatingPointUnits)\r
\r
%macro  OneTimeCall 1\r
    jmp     %1\r
%1 %+ OneTimerCallReturn:\r
%endmacro\r
\r
%macro  OneTimeCallRet 1\r
    jmp     %1 %+ OneTimerCallReturn\r
%endmacro\r
\r
DEFAULT REL\r
\r
SECTION .text\r
\r
;-------------------------------------------------------------------------------------\r
;RendezvousFunnelProc  procedure follows. All APs execute their procedure. This\r
;procedure serializes all the AP processors through an Init sequence. It must be\r
;noted that APs arrive here very raw...ie: real mode, no stack.\r
;ALSO THIS PROCEDURE IS EXECUTED BY APs ONLY ON 16 BIT MODE. HENCE THIS PROC\r
;IS IN MACHINE CODE.\r
;-------------------------------------------------------------------------------------\r
RendezvousFunnelProcStart:\r
; At this point CS = 0x(vv00) and ip= 0x0.\r
; Save BIST information to ebp firstly\r
\r
BITS 16\r
    mov        ebp, eax                        ; Save BIST information\r
\r
    mov        ax, cs\r
    mov        ds, ax\r
    mov        es, ax\r
    mov        ss, ax\r
    xor        ax, ax\r
    mov        fs, ax\r
    mov        gs, ax\r
\r
    mov        si,  MP_CPU_EXCHANGE_INFO_FIELD (BufferStart)\r
    mov        ebx, [si]\r
\r
    mov        si,  MP_CPU_EXCHANGE_INFO_FIELD (DataSegment)\r
    mov        edx, [si]\r
\r
    ;\r
    ; Get start address of 32-bit code in low memory (<1MB)\r
    ;\r
    mov        edi, MP_CPU_EXCHANGE_INFO_FIELD (ModeTransitionMemory)\r
\r
    mov        si, MP_CPU_EXCHANGE_INFO_FIELD (GdtrProfile)\r
o32 lgdt       [cs:si]\r
\r
    mov        si, MP_CPU_EXCHANGE_INFO_FIELD (IdtrProfile)\r
o32 lidt       [cs:si]\r
\r
    ;\r
    ; Switch to protected mode\r
    ;\r
    mov        eax, cr0                    ; Get control register 0\r
    or         eax, 000000003h             ; Set PE bit (bit #0) & MP\r
    mov        cr0, eax\r
\r
    ; Switch to 32-bit code (>1MB)\r
o32 jmp far    [cs:di]\r
\r
;\r
; Following code must be copied to memory with type of EfiBootServicesCode.\r
; This is required if NX is enabled for EfiBootServicesCode of memory.\r
;\r
BITS 32\r
Flat32Start:                                   ; protected mode entry point\r
    mov        ds, dx\r
    mov        es, dx\r
    mov        fs, dx\r
    mov        gs, dx\r
    mov        ss, dx\r
\r
    ;\r
    ; Enable execute disable bit\r
    ;\r
    mov        esi, MP_CPU_EXCHANGE_INFO_FIELD (EnableExecuteDisable)\r
    cmp        byte [ebx + esi], 0\r
    jz         SkipEnableExecuteDisableBit\r
\r
    mov        ecx, 0c0000080h             ; EFER MSR number\r
    rdmsr                                  ; Read EFER\r
    bts        eax, 11                     ; Enable Execute Disable Bit\r
    wrmsr                                  ; Write EFER\r
\r
SkipEnableExecuteDisableBit:\r
    ;\r
    ; Enable PAE\r
    ;\r
    mov        eax, cr4\r
    bts        eax, 5\r
\r
    mov        esi, MP_CPU_EXCHANGE_INFO_FIELD (Enable5LevelPaging)\r
    cmp        byte [ebx + esi], 0\r
    jz         SkipEnable5LevelPaging\r
\r
    ;\r
    ; Enable 5 Level Paging\r
    ;\r
    bts        eax, 12                     ; Set LA57=1.\r
\r
SkipEnable5LevelPaging:\r
\r
    mov        cr4, eax\r
\r
    ;\r
    ; Load page table\r
    ;\r
    mov        esi, MP_CPU_EXCHANGE_INFO_FIELD (Cr3)             ; Save CR3 in ecx\r
    mov        ecx, [ebx + esi]\r
    mov        cr3, ecx                    ; Load CR3\r
\r
    ;\r
    ; Enable long mode\r
    ;\r
    mov        ecx, 0c0000080h             ; EFER MSR number\r
    rdmsr                                  ; Read EFER\r
    bts        eax, 8                      ; Set LME=1\r
    wrmsr                                  ; Write EFER\r
\r
    ;\r
    ; Enable paging\r
    ;\r
    mov        eax, cr0                    ; Read CR0\r
    bts        eax, 31                     ; Set PG=1\r
    mov        cr0, eax                    ; Write CR0\r
\r
    ;\r
    ; Far jump to 64-bit code\r
    ;\r
    mov        edi, MP_CPU_EXCHANGE_INFO_FIELD (ModeHighMemory)\r
    add        edi, ebx\r
    jmp far    [edi]\r
\r
BITS 64\r
\r
;\r
; Required for the AMD SEV helper functions\r
;\r
%include "AmdSev.nasm"\r
\r
LongModeStart:\r
    mov        esi, ebx\r
    lea        edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (InitFlag)]\r
    cmp        qword [edi], 1       ; ApInitConfig\r
    jnz        GetApicId\r
\r
    ; Increment the number of APs executing here as early as possible\r
    ; This is decremented in C code when AP is finished executing\r
    mov        edi, esi\r
    add        edi, MP_CPU_EXCHANGE_INFO_FIELD (NumApsExecuting)\r
    lock inc   dword [edi]\r
\r
    ; AP init\r
    mov        edi, esi\r
    add        edi, MP_CPU_EXCHANGE_INFO_FIELD (ApIndex)\r
    mov        ebx, 1\r
    lock xadd  dword [edi], ebx                 ; EBX = ApIndex++\r
    inc        ebx                              ; EBX is CpuNumber\r
\r
    ; program stack\r
    mov        edi, esi\r
    add        edi, MP_CPU_EXCHANGE_INFO_FIELD (StackSize)\r
    mov        eax, dword [edi]\r
    mov        ecx, ebx\r
    inc        ecx\r
    mul        ecx                               ; EAX = StackSize * (CpuNumber + 1)\r
    mov        edi, esi\r
    add        edi, MP_CPU_EXCHANGE_INFO_FIELD (StackStart)\r
    add        rax, qword [edi]\r
    mov        rsp, rax\r
\r
    ;\r
    ;  Setup the GHCB when AMD SEV-ES active.\r
    ;\r
    OneTimeCall SevEsSetupGhcb\r
    jmp        CProcedureInvoke\r
\r
GetApicId:\r
    ;\r
    ; Use the GHCB protocol to get the ApicId when SEV-ES is active.\r
    ;\r
    OneTimeCall SevEsGetApicId\r
\r
DoCpuid:\r
    mov        eax, 0\r
    cpuid\r
    cmp        eax, 0bh\r
    jb         NoX2Apic             ; CPUID level below CPUID_EXTENDED_TOPOLOGY\r
\r
    mov        eax, 0bh\r
    xor        ecx, ecx\r
    cpuid\r
    test       ebx, 0ffffh\r
    jz         NoX2Apic             ; CPUID.0BH:EBX[15:0] is zero\r
\r
    ; Processor is x2APIC capable; 32-bit x2APIC ID is already in EDX\r
    jmp        GetProcessorNumber\r
\r
NoX2Apic:\r
    ; Processor is not x2APIC capable, so get 8-bit APIC ID\r
    mov        eax, 1\r
    cpuid\r
    shr        ebx, 24\r
    mov        edx, ebx\r
\r
GetProcessorNumber:\r
    ;\r
    ; Get processor number for this AP\r
    ; Note that BSP may become an AP due to SwitchBsp()\r
    ;\r
    xor         ebx, ebx\r
    lea         eax, [esi + MP_CPU_EXCHANGE_INFO_FIELD (CpuInfo)]\r
    mov         rdi, [eax]\r
\r
GetNextProcNumber:\r
    cmp         dword [rdi + CPU_INFO_IN_HOB.InitialApicId], edx                      ; APIC ID match?\r
    jz          ProgramStack\r
    add         rdi, CPU_INFO_IN_HOB_size\r
    inc         ebx\r
    jmp         GetNextProcNumber\r
\r
ProgramStack:\r
    mov         rsp, qword [rdi + CPU_INFO_IN_HOB.ApTopOfStack]\r
\r
CProcedureInvoke:\r
    push       rbp               ; Push BIST data at top of AP stack\r
    xor        rbp, rbp          ; Clear ebp for call stack trace\r
    push       rbp\r
    mov        rbp, rsp\r
\r
    mov        rax, qword [esi + MP_CPU_EXCHANGE_INFO_FIELD (InitializeFloatingPointUnits)]\r
    sub        rsp, 20h\r
    call       rax               ; Call assembly function to initialize FPU per UEFI spec\r
    add        rsp, 20h\r
\r
    mov        edx, ebx          ; edx is ApIndex\r
    mov        ecx, esi\r
    add        ecx, MP_CPU_EXCHANGE_INFO_OFFSET ; rcx is address of exchange info data buffer\r
\r
    mov        edi, esi\r
    add        edi, MP_CPU_EXCHANGE_INFO_FIELD (CFunction)\r
    mov        rax, qword [edi]\r
\r
    sub        rsp, 20h\r
    call       rax               ; Invoke C function\r
    add        rsp, 20h\r
    jmp        $                 ; Should never reach here\r
\r
RendezvousFunnelProcEnd:\r
\r
;-------------------------------------------------------------------------------------\r
;SwitchToRealProc procedure follows.\r
;ALSO THIS PROCEDURE IS EXECUTED BY APs TRANSITIONING TO 16 BIT MODE. HENCE THIS PROC\r
;IS IN MACHINE CODE.\r
;  SwitchToRealProc (UINTN BufferStart, UINT16 Code16, UINT16 Code32, UINTN StackStart)\r
;  rcx - Buffer Start\r
;  rdx - Code16 Selector Offset\r
;  r8  - Code32 Selector Offset\r
;  r9  - Stack Start\r
;-------------------------------------------------------------------------------------\r
SwitchToRealProcStart:\r
BITS 64\r
    cli\r
\r
    ;\r
    ; Get RDX reset value before changing stacks since the\r
    ; new stack won't be able to accomodate a #VC exception.\r
    ;\r
    push       rax\r
    push       rbx\r
    push       rcx\r
    push       rdx\r
\r
    mov        rax, 1\r
    cpuid\r
    mov        rsi, rax                    ; Save off the reset value for RDX\r
\r
    pop        rdx\r
    pop        rcx\r
    pop        rbx\r
    pop        rax\r
\r
    ;\r
    ; Establish stack below 1MB\r
    ;\r
    mov        rsp, r9\r
\r
    ;\r
    ; Push ultimate Reset Vector onto the stack\r
    ;\r
    mov        rax, rcx\r
    shr        rax, 4\r
    push       word 0x0002                 ; RFLAGS\r
    push       ax                          ; CS\r
    push       word 0x0000                 ; RIP\r
    push       word 0x0000                 ; For alignment, will be discarded\r
\r
    ;\r
    ; Get address of "16-bit operand size" label\r
    ;\r
    lea        rbx, [PM16Mode]\r
\r
    ;\r
    ; Push addresses used to change to compatibility mode\r
    ;\r
    lea        rax, [CompatMode]\r
    push       r8\r
    push       rax\r
\r
    ;\r
    ; Clear R8 - R15, for reset, before going into 32-bit mode\r
    ;\r
    xor        r8, r8\r
    xor        r9, r9\r
    xor        r10, r10\r
    xor        r11, r11\r
    xor        r12, r12\r
    xor        r13, r13\r
    xor        r14, r14\r
    xor        r15, r15\r
\r
    ;\r
    ; Far return into 32-bit mode\r
    ;\r
    retfq\r
\r
BITS 32\r
CompatMode:\r
    ;\r
    ; Set up stack to prepare for exiting protected mode\r
    ;\r
    push       edx                         ; Code16 CS\r
    push       ebx                         ; PM16Mode label address\r
\r
    ;\r
    ; Disable paging\r
    ;\r
    mov        eax, cr0                    ; Read CR0\r
    btr        eax, 31                     ; Set PG=0\r
    mov        cr0, eax                    ; Write CR0\r
\r
    ;\r
    ; Disable long mode\r
    ;\r
    mov        ecx, 0c0000080h             ; EFER MSR number\r
    rdmsr                                  ; Read EFER\r
    btr        eax, 8                      ; Set LME=0\r
    wrmsr                                  ; Write EFER\r
\r
    ;\r
    ; Disable PAE\r
    ;\r
    mov        eax, cr4                    ; Read CR4\r
    btr        eax, 5                      ; Set PAE=0\r
    mov        cr4, eax                    ; Write CR4\r
\r
    mov        edx, esi                    ; Restore RDX reset value\r
\r
    ;\r
    ; Switch to 16-bit operand size\r
    ;\r
    retf\r
\r
BITS 16\r
    ;\r
    ; At entry to this label\r
    ;   - RDX will have its reset value\r
    ;   - On the top of the stack\r
    ;     - Alignment data (two bytes) to be discarded\r
    ;     - IP for Real Mode (two bytes)\r
    ;     - CS for Real Mode (two bytes)\r
    ;\r
    ; This label is also used with AsmRelocateApLoop. During MP finalization,\r
    ; the code from PM16Mode to SwitchToRealProcEnd is copied to the start of\r
    ; the WakeupBuffer, allowing a parked AP to be booted by an OS.\r
    ;\r
PM16Mode:\r
    mov        eax, cr0                    ; Read CR0\r
    btr        eax, 0                      ; Set PE=0\r
    mov        cr0, eax                    ; Write CR0\r
\r
    pop        ax                          ; Discard alignment data\r
\r
    ;\r
    ; Clear registers (except RDX and RSP) before going into 16-bit mode\r
    ;\r
    xor        eax, eax\r
    xor        ebx, ebx\r
    xor        ecx, ecx\r
    xor        esi, esi\r
    xor        edi, edi\r
    xor        ebp, ebp\r
\r
    iret\r
\r
SwitchToRealProcEnd:\r
\r
;-------------------------------------------------------------------------------------\r
;  AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment, TopOfApStack, CountTofinish, Pm16CodeSegment, SevEsAPJumpTable, WakeupBuffer);\r
;-------------------------------------------------------------------------------------\r
AsmRelocateApLoopStart:\r
BITS 64\r
    cmp        qword [rsp + 56], 0  ; SevEsAPJumpTable\r
    je         NoSevEs\r
\r
    ;\r
    ; Perform some SEV-ES related setup before leaving 64-bit mode\r
    ;\r
    push       rcx\r
    push       rdx\r
\r
    ;\r
    ; Get the RDX reset value using CPUID\r
    ;\r
    mov        rax, 1\r
    cpuid\r
    mov        rsi, rax          ; Save off the reset value for RDX\r
\r
    ;\r
    ; Prepare the GHCB for the AP_HLT_LOOP VMGEXIT call\r
    ;   - Must be done while in 64-bit long mode so that writes to\r
    ;     the GHCB memory will be unencrypted.\r
    ;   - No NAE events can be generated once this is set otherwise\r
    ;     the AP_RESET_HOLD SW_EXITCODE will be overwritten.\r
    ;\r
    mov        rcx, 0xc0010130\r
    rdmsr                        ; Retrieve current GHCB address\r
    shl        rdx, 32\r
    or         rdx, rax\r
\r
    mov        rdi, rdx\r
    xor        rax, rax\r
    mov        rcx, 0x800\r
    shr        rcx, 3\r
    rep stosq                    ; Clear the GHCB\r
\r
    mov        rax, 0x80000004   ; VMGEXIT AP_RESET_HOLD\r
    mov        [rdx + 0x390], rax\r
    mov        rax, 114          ; Set SwExitCode valid bit\r
    bts        [rdx + 0x3f0], rax\r
    inc        rax               ; Set SwExitInfo1 valid bit\r
    bts        [rdx + 0x3f0], rax\r
    inc        rax               ; Set SwExitInfo2 valid bit\r
    bts        [rdx + 0x3f0], rax\r
\r
    pop        rdx\r
    pop        rcx\r
\r
NoSevEs:\r
    cli                          ; Disable interrupt before switching to 32-bit mode\r
    mov        rax, [rsp + 40]   ; CountTofinish\r
    lock dec   dword [rax]       ; (*CountTofinish)--\r
\r
    mov        r10, [rsp + 48]   ; Pm16CodeSegment\r
    mov        rax, [rsp + 56]   ; SevEsAPJumpTable\r
    mov        rbx, [rsp + 64]   ; WakeupBuffer\r
    mov        rsp, r9           ; TopOfApStack\r
\r
    push       rax               ; Save SevEsAPJumpTable\r
    push       rbx               ; Save WakeupBuffer\r
    push       r10               ; Save Pm16CodeSegment\r
    push       rcx               ; Save MwaitSupport\r
    push       rdx               ; Save ApTargetCState\r
\r
    lea        rax, [PmEntry]    ; rax <- The start address of transition code\r
\r
    push       r8\r
    push       rax\r
\r
    ;\r
    ; Clear R8 - R15, for reset, before going into 32-bit mode\r
    ;\r
    xor        r8, r8\r
    xor        r9, r9\r
    xor        r10, r10\r
    xor        r11, r11\r
    xor        r12, r12\r
    xor        r13, r13\r
    xor        r14, r14\r
    xor        r15, r15\r
\r
    ;\r
    ; Far return into 32-bit mode\r
    ;\r
    retfq\r
\r
BITS 32\r
PmEntry:\r
    mov        eax, cr0\r
    btr        eax, 31           ; Clear CR0.PG\r
    mov        cr0, eax          ; Disable paging and caches\r
\r
    mov        ecx, 0xc0000080\r
    rdmsr\r
    and        ah, ~ 1           ; Clear LME\r
    wrmsr\r
    mov        eax, cr4\r
    and        al, ~ (1 << 5)    ; Clear PAE\r
    mov        cr4, eax\r
\r
    pop        edx\r
    add        esp, 4\r
    pop        ecx,\r
    add        esp, 4\r
\r
MwaitCheck:\r
    cmp        cl, 1              ; Check mwait-monitor support\r
    jnz        HltLoop\r
    mov        ebx, edx           ; Save C-State to ebx\r
MwaitLoop:\r
    cli\r
    mov        eax, esp           ; Set Monitor Address\r
    xor        ecx, ecx           ; ecx = 0\r
    xor        edx, edx           ; edx = 0\r
    monitor\r
    mov        eax, ebx           ; Mwait Cx, Target C-State per eax[7:4]\r
    shl        eax, 4\r
    mwait\r
    jmp        MwaitLoop\r
\r
HltLoop:\r
    pop        edx                ; PM16CodeSegment\r
    add        esp, 4\r
    pop        ebx                ; WakeupBuffer\r
    add        esp, 4\r
    pop        eax                ; SevEsAPJumpTable\r
    add        esp, 4\r
    cmp        eax, 0             ; Check for SEV-ES\r
    je         DoHlt\r
\r
    cli\r
    ;\r
    ; SEV-ES is enabled, use VMGEXIT (GHCB information already\r
    ; set by caller)\r
    ;\r
BITS 64\r
    rep        vmmcall\r
BITS 32\r
\r
    ;\r
    ; Back from VMGEXIT AP_HLT_LOOP\r
    ;   Push the FLAGS/CS/IP values to use\r
    ;\r
    push       word 0x0002        ; EFLAGS\r
    xor        ecx, ecx\r
    mov        cx, [eax + 2]      ; CS\r
    push       cx\r
    mov        cx, [eax]          ; IP\r
    push       cx\r
    push       word 0x0000        ; For alignment, will be discarded\r
\r
    push       edx\r
    push       ebx\r
\r
    mov        edx, esi           ; Restore RDX reset value\r
\r
    retf\r
\r
DoHlt:\r
    cli\r
    hlt\r
    jmp        DoHlt\r
\r
BITS 64\r
AsmRelocateApLoopEnd:\r
\r
;-------------------------------------------------------------------------------------\r
;  AsmGetAddressMap (&AddressMap);\r
;-------------------------------------------------------------------------------------\r
global ASM_PFX(AsmGetAddressMap)\r
ASM_PFX(AsmGetAddressMap):\r
    lea        rax, [RendezvousFunnelProcStart]\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RendezvousFunnelAddress], rax\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.ModeEntryOffset], LongModeStart - RendezvousFunnelProcStart\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RendezvousFunnelSize], RendezvousFunnelProcEnd - RendezvousFunnelProcStart\r
    lea        rax, [AsmRelocateApLoopStart]\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RelocateApLoopFuncAddress], rax\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RelocateApLoopFuncSize], AsmRelocateApLoopEnd - AsmRelocateApLoopStart\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.ModeTransitionOffset], Flat32Start - RendezvousFunnelProcStart\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealSize], SwitchToRealProcEnd - SwitchToRealProcStart\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealOffset], SwitchToRealProcStart - RendezvousFunnelProcStart\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealNoNxOffset], SwitchToRealProcStart - Flat32Start\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealPM16ModeOffset], PM16Mode - RendezvousFunnelProcStart\r
    mov        qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealPM16ModeSize], SwitchToRealProcEnd - PM16Mode\r
    ret\r
\r
;-------------------------------------------------------------------------------------\r
;AsmExchangeRole procedure follows. This procedure executed by current BSP, that is\r
;about to become an AP. It switches its stack with the current AP.\r
;AsmExchangeRole (IN   CPU_EXCHANGE_INFO    *MyInfo, IN   CPU_EXCHANGE_INFO    *OthersInfo);\r
;-------------------------------------------------------------------------------------\r
global ASM_PFX(AsmExchangeRole)\r
ASM_PFX(AsmExchangeRole):\r
    ; DO NOT call other functions in this function, since 2 CPU may use 1 stack\r
    ; at the same time. If 1 CPU try to call a function, stack will be corrupted.\r
\r
    push       rax\r
    push       rbx\r
    push       rcx\r
    push       rdx\r
    push       rsi\r
    push       rdi\r
    push       rbp\r
    push       r8\r
    push       r9\r
    push       r10\r
    push       r11\r
    push       r12\r
    push       r13\r
    push       r14\r
    push       r15\r
\r
    mov        rax, cr0\r
    push       rax\r
\r
    mov        rax, cr4\r
    push       rax\r
\r
    ; rsi contains MyInfo pointer\r
    mov        rsi, rcx\r
\r
    ; rdi contains OthersInfo pointer\r
    mov        rdi, rdx\r
\r
    ;Store EFLAGS, GDTR and IDTR regiter to stack\r
    pushfq\r
    sgdt       [rsi + CPU_EXCHANGE_ROLE_INFO.Gdtr]\r
    sidt       [rsi + CPU_EXCHANGE_ROLE_INFO.Idtr]\r
\r
    ; Store the its StackPointer\r
    mov        [rsi + CPU_EXCHANGE_ROLE_INFO.StackPointer], rsp\r
\r
    ; update its switch state to STORED\r
    mov        byte [rsi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_STORED\r
\r
WaitForOtherStored:\r
    ; wait until the other CPU finish storing its state\r
    cmp        byte [rdi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_STORED\r
    jz         OtherStored\r
    pause\r
    jmp        WaitForOtherStored\r
\r
OtherStored:\r
    ; Since another CPU already stored its state, load them\r
    ; load GDTR value\r
    lgdt       [rdi + CPU_EXCHANGE_ROLE_INFO.Gdtr]\r
\r
    ; load IDTR value\r
    lidt       [rdi + CPU_EXCHANGE_ROLE_INFO.Idtr]\r
\r
    ; load its future StackPointer\r
    mov        rsp, [rdi + CPU_EXCHANGE_ROLE_INFO.StackPointer]\r
\r
    ; update the other CPU's switch state to LOADED\r
    mov        byte [rdi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_LOADED\r
\r
WaitForOtherLoaded:\r
    ; wait until the other CPU finish loading new state,\r
    ; otherwise the data in stack may corrupt\r
    cmp        byte [rsi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_LOADED\r
    jz         OtherLoaded\r
    pause\r
    jmp        WaitForOtherLoaded\r
\r
OtherLoaded:\r
    ; since the other CPU already get the data it want, leave this procedure\r
    popfq\r
\r
    pop        rax\r
    mov        cr4, rax\r
\r
    pop        rax\r
    mov        cr0, rax\r
\r
    pop        r15\r
    pop        r14\r
    pop        r13\r
    pop        r12\r
    pop        r11\r
    pop        r10\r
    pop        r9\r
    pop        r8\r
    pop        rbp\r
    pop        rdi\r
    pop        rsi\r
    pop        rdx\r
    pop        rcx\r
    pop        rbx\r
    pop        rax\r
\r
    ret\r
Commit	Line	Data
d94e5f67	1	;------------------------------------------------------------------------------ ;\r
2aa107c0	2	; Copyright (c) 2015 - 2022, Intel Corporation. All rights reserved.<BR>\r
0acd8697	3	; SPDX-License-Identifier: BSD-2-Clause-Patent\r
d94e5f67 JF	4	;\r
	5	; Module Name:\r
	6	;\r
	7	; MpFuncs.nasm\r
	8	;\r
	9	; Abstract:\r
	10	;\r
	11	; This is the assembly code for MP support\r
	12	;\r
	13	;-------------------------------------------------------------------------------\r
	14	\r
	15	%include "MpEqu.inc"\r
	16	extern ASM_PFX(InitializeFloatingPointUnits)\r
	17	\r
e2289d19 BS	18	%macro OneTimeCall 1\r
	19	jmp %1\r
	20	%1 %+ OneTimerCallReturn:\r
	21	%endmacro\r
	22	\r
	23	%macro OneTimeCallRet 1\r
	24	jmp %1 %+ OneTimerCallReturn\r
	25	%endmacro\r
	26	\r
d94e5f67 JF	27	DEFAULT REL\r
	28	\r
	29	SECTION .text\r
	30	\r
	31	;-------------------------------------------------------------------------------------\r
	32	;RendezvousFunnelProc procedure follows. All APs execute their procedure. This\r
	33	;procedure serializes all the AP processors through an Init sequence. It must be\r
	34	;noted that APs arrive here very raw...ie: real mode, no stack.\r
	35	;ALSO THIS PROCEDURE IS EXECUTED BY APs ONLY ON 16 BIT MODE. HENCE THIS PROC\r
	36	;IS IN MACHINE CODE.\r
	37	;-------------------------------------------------------------------------------------\r
d94e5f67 JF	38	RendezvousFunnelProcStart:\r
	39	; At this point CS = 0x(vv00) and ip= 0x0.\r
	40	; Save BIST information to ebp firstly\r
	41	\r
	42	BITS 16\r
	43	mov ebp, eax ; Save BIST information\r
	44	\r
	45	mov ax, cs\r
	46	mov ds, ax\r
	47	mov es, ax\r
	48	mov ss, ax\r
	49	xor ax, ax\r
	50	mov fs, ax\r
	51	mov gs, ax\r
	52	\r
2fba7d4e	53	mov si, MP_CPU_EXCHANGE_INFO_FIELD (BufferStart)\r
d94e5f67 JF	54	mov ebx, [si]\r
d94e5f67 JF	55	\r
2fba7d4e	56	mov si, MP_CPU_EXCHANGE_INFO_FIELD (DataSegment)\r
f32bfe6d JW	57	mov edx, [si]\r
	58	\r
	59	;\r
	60	; Get start address of 32-bit code in low memory (<1MB)\r
	61	;\r
2fba7d4e	62	mov edi, MP_CPU_EXCHANGE_INFO_FIELD (ModeTransitionMemory)\r
d94e5f67	63	\r
2fba7d4e	64	mov si, MP_CPU_EXCHANGE_INFO_FIELD (GdtrProfile)\r
d94e5f67 JF	65	o32 lgdt [cs:si]\r
d94e5f67 JF	66	\r
2fba7d4e	67	mov si, MP_CPU_EXCHANGE_INFO_FIELD (IdtrProfile)\r
d94e5f67 JF	68	o32 lidt [cs:si]\r
d94e5f67 JF	69	\r
f32bfe6d JW	70	;\r
	71	; Switch to protected mode\r
	72	;\r
	73	mov eax, cr0 ; Get control register 0\r
	74	or eax, 000000003h ; Set PE bit (bit #0) & MP\r
	75	mov cr0, eax\r
	76	\r
	77	; Switch to 32-bit code (>1MB)\r
	78	o32 jmp far [cs:di]\r
	79	\r
	80	;\r
	81	; Following code must be copied to memory with type of EfiBootServicesCode.\r
	82	; This is required if NX is enabled for EfiBootServicesCode of memory.\r
	83	;\r
	84	BITS 32\r
	85	Flat32Start: ; protected mode entry point\r
	86	mov ds, dx\r
	87	mov es, dx\r
	88	mov fs, dx\r
	89	mov gs, dx\r
	90	mov ss, dx\r
5c66d125 JF	91	\r
	92	;\r
	93	; Enable execute disable bit\r
	94	;\r
2fba7d4e	95	mov esi, MP_CPU_EXCHANGE_INFO_FIELD (EnableExecuteDisable)\r
f32bfe6d JW	96	cmp byte [ebx + esi], 0\r
	97	jz SkipEnableExecuteDisableBit\r
	98	\r
5c66d125 JF	99	mov ecx, 0c0000080h ; EFER MSR number\r
	100	rdmsr ; Read EFER\r
	101	bts eax, 11 ; Enable Execute Disable Bit\r
	102	wrmsr ; Write EFER\r
	103	\r
	104	SkipEnableExecuteDisableBit:\r
f32bfe6d JW	105	;\r
	106	; Enable PAE\r
	107	;\r
d94e5f67 JF	108	mov eax, cr4\r
d94e5f67 JF	109	bts eax, 5\r
09f69a87	110	\r
2fba7d4e	111	mov esi, MP_CPU_EXCHANGE_INFO_FIELD (Enable5LevelPaging)\r
09f69a87 RN	112	cmp byte [ebx + esi], 0\r
	113	jz SkipEnable5LevelPaging\r
	114	\r
	115	;\r
	116	; Enable 5 Level Paging\r
	117	;\r
	118	bts eax, 12 ; Set LA57=1.\r
	119	\r
	120	SkipEnable5LevelPaging:\r
	121	\r
d94e5f67 JF	122	mov cr4, eax\r
d94e5f67 JF	123	\r
f32bfe6d JW	124	;\r
	125	; Load page table\r
	126	;\r
2fba7d4e	127	mov esi, MP_CPU_EXCHANGE_INFO_FIELD (Cr3) ; Save CR3 in ecx\r
f32bfe6d	128	mov ecx, [ebx + esi]\r
d94e5f67 JF	129	mov cr3, ecx ; Load CR3\r
d94e5f67 JF	130	\r
f32bfe6d JW	131	;\r
	132	; Enable long mode\r
	133	;\r
d94e5f67 JF	134	mov ecx, 0c0000080h ; EFER MSR number\r
	135	rdmsr ; Read EFER\r
	136	bts eax, 8 ; Set LME=1\r
	137	wrmsr ; Write EFER\r
	138	\r
f32bfe6d JW	139	;\r
	140	; Enable paging\r
	141	;\r
d94e5f67 JF	142	mov eax, cr0 ; Read CR0\r
	143	bts eax, 31 ; Set PG=1\r
	144	mov cr0, eax ; Write CR0\r
	145	\r
f32bfe6d JW	146	;\r
	147	; Far jump to 64-bit code\r
	148	;\r
2fba7d4e	149	mov edi, MP_CPU_EXCHANGE_INFO_FIELD (ModeHighMemory)\r
f32bfe6d JW	150	add edi, ebx\r
	151	jmp far [edi]\r
	152	\r
d94e5f67	153	BITS 64\r
e2289d19 BS	154	\r
	155	;\r
	156	; Required for the AMD SEV helper functions\r
	157	;\r
	158	%include "AmdSev.nasm"\r
	159	\r
d94e5f67	160	LongModeStart:\r
845c5be1	161	mov esi, ebx\r
2fba7d4e	162	lea edi, [esi + MP_CPU_EXCHANGE_INFO_FIELD (InitFlag)]\r
845c5be1 JF	163	cmp qword [edi], 1 ; ApInitConfig\r
	164	jnz GetApicId\r
	165	\r
0594ec41 ED	166	; Increment the number of APs executing here as early as possible\r
	167	; This is decremented in C code when AP is finished executing\r
	168	mov edi, esi\r
2fba7d4e	169	add edi, MP_CPU_EXCHANGE_INFO_FIELD (NumApsExecuting)\r
0594ec41 ED	170	lock inc dword [edi]\r
0594ec41 ED	171	\r
845c5be1	172	; AP init\r
62f2cf57	173	mov edi, esi\r
2fba7d4e	174	add edi, MP_CPU_EXCHANGE_INFO_FIELD (ApIndex)\r
62f2cf57 RN	175	mov ebx, 1\r
	176	lock xadd dword [edi], ebx ; EBX = ApIndex++\r
	177	inc ebx ; EBX is CpuNumber\r
d94e5f67	178	\r
845c5be1	179	; program stack\r
d94e5f67	180	mov edi, esi\r
2fba7d4e	181	add edi, MP_CPU_EXCHANGE_INFO_FIELD (StackSize)\r
845c5be1 JF	182	mov eax, dword [edi]\r
	183	mov ecx, ebx\r
	184	inc ecx\r
	185	mul ecx ; EAX = StackSize * (CpuNumber + 1)\r
d94e5f67	186	mov edi, esi\r
2fba7d4e	187	add edi, MP_CPU_EXCHANGE_INFO_FIELD (StackStart)\r
d94e5f67 JF	188	add rax, qword [edi]\r
d94e5f67 JF	189	mov rsp, rax\r
7b7508ad	190	\r
7b7508ad	191	;\r
e2289d19	192	; Setup the GHCB when AMD SEV-ES active.\r
7b7508ad	193	;\r
e2289d19	194	OneTimeCall SevEsSetupGhcb\r
845c5be1 JF	195	jmp CProcedureInvoke\r
	196	\r
	197	GetApicId:\r
7b7508ad	198	;\r
e2289d19	199	; Use the GHCB protocol to get the ApicId when SEV-ES is active.\r
7b7508ad	200	;\r
e2289d19	201	OneTimeCall SevEsGetApicId\r
7b7508ad TL	202	\r
7b7508ad TL	203	DoCpuid:\r
845c5be1 JF	204	mov eax, 0\r
	205	cpuid\r
	206	cmp eax, 0bh\r
1cbd8330 LE	207	jb NoX2Apic ; CPUID level below CPUID_EXTENDED_TOPOLOGY\r
	208	\r
	209	mov eax, 0bh\r
	210	xor ecx, ecx\r
	211	cpuid\r
	212	test ebx, 0ffffh\r
	213	jz NoX2Apic ; CPUID.0BH:EBX[15:0] is zero\r
	214	\r
	215	; Processor is x2APIC capable; 32-bit x2APIC ID is already in EDX\r
	216	jmp GetProcessorNumber\r
	217	\r
	218	NoX2Apic:\r
845c5be1 JF	219	; Processor is not x2APIC capable, so get 8-bit APIC ID\r
	220	mov eax, 1\r
	221	cpuid\r
	222	shr ebx, 24\r
	223	mov edx, ebx\r
845c5be1	224	\r
845c5be1 JF	225	GetProcessorNumber:\r
	226	;\r
	227	; Get processor number for this AP\r
	228	; Note that BSP may become an AP due to SwitchBsp()\r
	229	;\r
	230	xor ebx, ebx\r
2fba7d4e	231	lea eax, [esi + MP_CPU_EXCHANGE_INFO_FIELD (CpuInfo)]\r
edd74ad3	232	mov rdi, [eax]\r
d94e5f67	233	\r
845c5be1	234	GetNextProcNumber:\r
2fba7d4e	235	cmp dword [rdi + CPU_INFO_IN_HOB.InitialApicId], edx ; APIC ID match?\r
845c5be1	236	jz ProgramStack\r
2fba7d4e	237	add rdi, CPU_INFO_IN_HOB_size\r
845c5be1	238	inc ebx\r
7367cc6c	239	jmp GetNextProcNumber\r
845c5be1 JF	240	\r
845c5be1 JF	241	ProgramStack:\r
2fba7d4e	242	mov rsp, qword [rdi + CPU_INFO_IN_HOB.ApTopOfStack]\r
d94e5f67 JF	243	\r
d94e5f67 JF	244	CProcedureInvoke:\r
8396e2dd JF	245	push rbp ; Push BIST data at top of AP stack\r
8396e2dd JF	246	xor rbp, rbp ; Clear ebp for call stack trace\r
d94e5f67 JF	247	push rbp\r
	248	mov rbp, rsp\r
	249	\r
2fba7d4e	250	mov rax, qword [esi + MP_CPU_EXCHANGE_INFO_FIELD (InitializeFloatingPointUnits)]\r
d94e5f67 JF	251	sub rsp, 20h\r
	252	call rax ; Call assembly function to initialize FPU per UEFI spec\r
	253	add rsp, 20h\r
	254	\r
37676b9f	255	mov edx, ebx ; edx is ApIndex\r
d94e5f67	256	mov ecx, esi\r
2fba7d4e	257	add ecx, MP_CPU_EXCHANGE_INFO_OFFSET ; rcx is address of exchange info data buffer\r
d94e5f67 JF	258	\r
d94e5f67 JF	259	mov edi, esi\r
2fba7d4e	260	add edi, MP_CPU_EXCHANGE_INFO_FIELD (CFunction)\r
d94e5f67 JF	261	mov rax, qword [edi]\r
	262	\r
	263	sub rsp, 20h\r
8396e2dd	264	call rax ; Invoke C function\r
d94e5f67	265	add rsp, 20h\r
8396e2dd	266	jmp $ ; Should never reach here\r
d94e5f67 JF	267	\r
	268	RendezvousFunnelProcEnd:\r
	269	\r
7b7508ad TL	270	;-------------------------------------------------------------------------------------\r
	271	;SwitchToRealProc procedure follows.\r
	272	;ALSO THIS PROCEDURE IS EXECUTED BY APs TRANSITIONING TO 16 BIT MODE. HENCE THIS PROC\r
	273	;IS IN MACHINE CODE.\r
	274	; SwitchToRealProc (UINTN BufferStart, UINT16 Code16, UINT16 Code32, UINTN StackStart)\r
	275	; rcx - Buffer Start\r
	276	; rdx - Code16 Selector Offset\r
	277	; r8 - Code32 Selector Offset\r
	278	; r9 - Stack Start\r
	279	;-------------------------------------------------------------------------------------\r
7b7508ad TL	280	SwitchToRealProcStart:\r
	281	BITS 64\r
	282	cli\r
	283	\r
	284	;\r
	285	; Get RDX reset value before changing stacks since the\r
	286	; new stack won't be able to accomodate a #VC exception.\r
	287	;\r
	288	push rax\r
	289	push rbx\r
	290	push rcx\r
	291	push rdx\r
	292	\r
	293	mov rax, 1\r
	294	cpuid\r
	295	mov rsi, rax ; Save off the reset value for RDX\r
	296	\r
	297	pop rdx\r
	298	pop rcx\r
	299	pop rbx\r
	300	pop rax\r
	301	\r
	302	;\r
	303	; Establish stack below 1MB\r
	304	;\r
	305	mov rsp, r9\r
	306	\r
	307	;\r
	308	; Push ultimate Reset Vector onto the stack\r
	309	;\r
	310	mov rax, rcx\r
	311	shr rax, 4\r
	312	push word 0x0002 ; RFLAGS\r
	313	push ax ; CS\r
	314	push word 0x0000 ; RIP\r
	315	push word 0x0000 ; For alignment, will be discarded\r
	316	\r
	317	;\r
	318	; Get address of "16-bit operand size" label\r
	319	;\r
	320	lea rbx, [PM16Mode]\r
	321	\r
	322	;\r
	323	; Push addresses used to change to compatibility mode\r
	324	;\r
	325	lea rax, [CompatMode]\r
	326	push r8\r
	327	push rax\r
	328	\r
	329	;\r
	330	; Clear R8 - R15, for reset, before going into 32-bit mode\r
	331	;\r
	332	xor r8, r8\r
	333	xor r9, r9\r
	334	xor r10, r10\r
	335	xor r11, r11\r
	336	xor r12, r12\r
	337	xor r13, r13\r
	338	xor r14, r14\r
	339	xor r15, r15\r
	340	\r
	341	;\r
	342	; Far return into 32-bit mode\r
	343	;\r
2aa107c0	344	retfq\r
7b7508ad TL	345	\r
	346	BITS 32\r
	347	CompatMode:\r
	348	;\r
	349	; Set up stack to prepare for exiting protected mode\r
	350	;\r
	351	push edx ; Code16 CS\r
	352	push ebx ; PM16Mode label address\r
	353	\r
	354	;\r
	355	; Disable paging\r
	356	;\r
	357	mov eax, cr0 ; Read CR0\r
	358	btr eax, 31 ; Set PG=0\r
	359	mov cr0, eax ; Write CR0\r
	360	\r
	361	;\r
	362	; Disable long mode\r
	363	;\r
	364	mov ecx, 0c0000080h ; EFER MSR number\r
	365	rdmsr ; Read EFER\r
	366	btr eax, 8 ; Set LME=0\r
	367	wrmsr ; Write EFER\r
	368	\r
	369	;\r
	370	; Disable PAE\r
	371	;\r
	372	mov eax, cr4 ; Read CR4\r
	373	btr eax, 5 ; Set PAE=0\r
	374	mov cr4, eax ; Write CR4\r
	375	\r
	376	mov edx, esi ; Restore RDX reset value\r
	377	\r
	378	;\r
	379	; Switch to 16-bit operand size\r
	380	;\r
	381	retf\r
	382	\r
	383	BITS 16\r
	384	;\r
	385	; At entry to this label\r
	386	; - RDX will have its reset value\r
	387	; - On the top of the stack\r
	388	; - Alignment data (two bytes) to be discarded\r
	389	; - IP for Real Mode (two bytes)\r
	390	; - CS for Real Mode (two bytes)\r
	391	;\r
20da7ca4 TL	392	; This label is also used with AsmRelocateApLoop. During MP finalization,\r
	393	; the code from PM16Mode to SwitchToRealProcEnd is copied to the start of\r
	394	; the WakeupBuffer, allowing a parked AP to be booted by an OS.\r
	395	;\r
7b7508ad TL	396	PM16Mode:\r
	397	mov eax, cr0 ; Read CR0\r
	398	btr eax, 0 ; Set PE=0\r
	399	mov cr0, eax ; Write CR0\r
	400	\r
	401	pop ax ; Discard alignment data\r
	402	\r
	403	;\r
	404	; Clear registers (except RDX and RSP) before going into 16-bit mode\r
	405	;\r
	406	xor eax, eax\r
	407	xor ebx, ebx\r
	408	xor ecx, ecx\r
	409	xor esi, esi\r
	410	xor edi, edi\r
	411	xor ebp, ebp\r
	412	\r
	413	iret\r
	414	\r
	415	SwitchToRealProcEnd:\r
	416	\r
76157021	417	;-------------------------------------------------------------------------------------\r
20da7ca4	418	; AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment, TopOfApStack, CountTofinish, Pm16CodeSegment, SevEsAPJumpTable, WakeupBuffer);\r
76157021	419	;-------------------------------------------------------------------------------------\r
76157021	420	AsmRelocateApLoopStart:\r
7b7508ad	421	BITS 64\r
20da7ca4 TL	422	cmp qword [rsp + 56], 0 ; SevEsAPJumpTable\r
	423	je NoSevEs\r
	424	\r
	425	;\r
	426	; Perform some SEV-ES related setup before leaving 64-bit mode\r
	427	;\r
	428	push rcx\r
	429	push rdx\r
	430	\r
	431	;\r
	432	; Get the RDX reset value using CPUID\r
	433	;\r
	434	mov rax, 1\r
	435	cpuid\r
	436	mov rsi, rax ; Save off the reset value for RDX\r
	437	\r
	438	;\r
	439	; Prepare the GHCB for the AP_HLT_LOOP VMGEXIT call\r
	440	; - Must be done while in 64-bit long mode so that writes to\r
	441	; the GHCB memory will be unencrypted.\r
	442	; - No NAE events can be generated once this is set otherwise\r
	443	; the AP_RESET_HOLD SW_EXITCODE will be overwritten.\r
	444	;\r
	445	mov rcx, 0xc0010130\r
	446	rdmsr ; Retrieve current GHCB address\r
	447	shl rdx, 32\r
	448	or rdx, rax\r
	449	\r
	450	mov rdi, rdx\r
	451	xor rax, rax\r
	452	mov rcx, 0x800\r
	453	shr rcx, 3\r
	454	rep stosq ; Clear the GHCB\r
	455	\r
	456	mov rax, 0x80000004 ; VMGEXIT AP_RESET_HOLD\r
	457	mov [rdx + 0x390], rax\r
fb2a1a36 TL	458	mov rax, 114 ; Set SwExitCode valid bit\r
	459	bts [rdx + 0x3f0], rax\r
	460	inc rax ; Set SwExitInfo1 valid bit\r
	461	bts [rdx + 0x3f0], rax\r
	462	inc rax ; Set SwExitInfo2 valid bit\r
	463	bts [rdx + 0x3f0], rax\r
20da7ca4 TL	464	\r
	465	pop rdx\r
	466	pop rcx\r
	467	\r
	468	NoSevEs:\r
a7bbe9d2	469	cli ; Disable interrupt before switching to 32-bit mode\r
9f91cb01 JF	470	mov rax, [rsp + 40] ; CountTofinish\r
9f91cb01 JF	471	lock dec dword [rax] ; (*CountTofinish)--\r
76157021	472	\r
20da7ca4 TL	473	mov r10, [rsp + 48] ; Pm16CodeSegment\r
	474	mov rax, [rsp + 56] ; SevEsAPJumpTable\r
	475	mov rbx, [rsp + 64] ; WakeupBuffer\r
	476	mov rsp, r9 ; TopOfApStack\r
	477	\r
	478	push rax ; Save SevEsAPJumpTable\r
	479	push rbx ; Save WakeupBuffer\r
	480	push r10 ; Save Pm16CodeSegment\r
	481	push rcx ; Save MwaitSupport\r
	482	push rdx ; Save ApTargetCState\r
	483	\r
	484	lea rax, [PmEntry] ; rax <- The start address of transition code\r
76157021 JF	485	\r
76157021 JF	486	push r8\r
20da7ca4 TL	487	push rax\r
	488	\r
	489	;\r
	490	; Clear R8 - R15, for reset, before going into 32-bit mode\r
	491	;\r
	492	xor r8, r8\r
	493	xor r9, r9\r
	494	xor r10, r10\r
	495	xor r11, r11\r
	496	xor r12, r12\r
	497	xor r13, r13\r
	498	xor r14, r14\r
	499	xor r15, r15\r
	500	\r
	501	;\r
	502	; Far return into 32-bit mode\r
	503	;\r
2aa107c0	504	retfq\r
20da7ca4	505	\r
76157021 JF	506	BITS 32\r
	507	PmEntry:\r
	508	mov eax, cr0\r
	509	btr eax, 31 ; Clear CR0.PG\r
	510	mov cr0, eax ; Disable paging and caches\r
	511	\r
76157021 JF	512	mov ecx, 0xc0000080\r
	513	rdmsr\r
	514	and ah, ~ 1 ; Clear LME\r
	515	wrmsr\r
	516	mov eax, cr4\r
	517	and al, ~ (1 << 5) ; Clear PAE\r
	518	mov cr4, eax\r
	519	\r
	520	pop edx\r
	521	add esp, 4\r
	522	pop ecx,\r
	523	add esp, 4\r
20da7ca4 TL	524	\r
20da7ca4 TL	525	MwaitCheck:\r
76157021 JF	526	cmp cl, 1 ; Check mwait-monitor support\r
	527	jnz HltLoop\r
	528	mov ebx, edx ; Save C-State to ebx\r
	529	MwaitLoop:\r
a7bbe9d2	530	cli\r
76157021 JF	531	mov eax, esp ; Set Monitor Address\r
	532	xor ecx, ecx ; ecx = 0\r
	533	xor edx, edx ; edx = 0\r
	534	monitor\r
76157021	535	mov eax, ebx ; Mwait Cx, Target C-State per eax[7:4]\r
f56379f3	536	shl eax, 4\r
76157021 JF	537	mwait\r
76157021 JF	538	jmp MwaitLoop\r
20da7ca4	539	\r
76157021	540	HltLoop:\r
20da7ca4 TL	541	pop edx ; PM16CodeSegment\r
	542	add esp, 4\r
	543	pop ebx ; WakeupBuffer\r
	544	add esp, 4\r
	545	pop eax ; SevEsAPJumpTable\r
	546	add esp, 4\r
	547	cmp eax, 0 ; Check for SEV-ES\r
	548	je DoHlt\r
	549	\r
	550	cli\r
	551	;\r
	552	; SEV-ES is enabled, use VMGEXIT (GHCB information already\r
	553	; set by caller)\r
	554	;\r
	555	BITS 64\r
	556	rep vmmcall\r
	557	BITS 32\r
	558	\r
	559	;\r
	560	; Back from VMGEXIT AP_HLT_LOOP\r
	561	; Push the FLAGS/CS/IP values to use\r
	562	;\r
	563	push word 0x0002 ; EFLAGS\r
	564	xor ecx, ecx\r
	565	mov cx, [eax + 2] ; CS\r
	566	push cx\r
	567	mov cx, [eax] ; IP\r
	568	push cx\r
	569	push word 0x0000 ; For alignment, will be discarded\r
	570	\r
	571	push edx\r
	572	push ebx\r
	573	\r
	574	mov edx, esi ; Restore RDX reset value\r
	575	\r
	576	retf\r
	577	\r
	578	DoHlt:\r
76157021 JF	579	cli\r
76157021 JF	580	hlt\r
20da7ca4 TL	581	jmp DoHlt\r
20da7ca4 TL	582	\r
76157021 JF	583	BITS 64\r
	584	AsmRelocateApLoopEnd:\r
	585	\r
d94e5f67 JF	586	;-------------------------------------------------------------------------------------\r
	587	; AsmGetAddressMap (&AddressMap);\r
	588	;-------------------------------------------------------------------------------------\r
	589	global ASM_PFX(AsmGetAddressMap)\r
	590	ASM_PFX(AsmGetAddressMap):\r
76323c31	591	lea rax, [RendezvousFunnelProcStart]\r
2fba7d4e RN	592	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RendezvousFunnelAddress], rax\r
	593	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.ModeEntryOffset], LongModeStart - RendezvousFunnelProcStart\r
	594	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RendezvousFunnelSize], RendezvousFunnelProcEnd - RendezvousFunnelProcStart\r
76323c31	595	lea rax, [AsmRelocateApLoopStart]\r
2fba7d4e RN	596	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RelocateApLoopFuncAddress], rax\r
	597	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.RelocateApLoopFuncSize], AsmRelocateApLoopEnd - AsmRelocateApLoopStart\r
	598	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.ModeTransitionOffset], Flat32Start - RendezvousFunnelProcStart\r
	599	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealSize], SwitchToRealProcEnd - SwitchToRealProcStart\r
	600	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealOffset], SwitchToRealProcStart - RendezvousFunnelProcStart\r
	601	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealNoNxOffset], SwitchToRealProcStart - Flat32Start\r
	602	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealPM16ModeOffset], PM16Mode - RendezvousFunnelProcStart\r
	603	mov qword [rcx + MP_ASSEMBLY_ADDRESS_MAP.SwitchToRealPM16ModeSize], SwitchToRealProcEnd - PM16Mode\r
d94e5f67 JF	604	ret\r
	605	\r
	606	;-------------------------------------------------------------------------------------\r
	607	;AsmExchangeRole procedure follows. This procedure executed by current BSP, that is\r
8396e2dd	608	;about to become an AP. It switches its stack with the current AP.\r
d94e5f67 JF	609	;AsmExchangeRole (IN CPU_EXCHANGE_INFO MyInfo, IN CPU_EXCHANGE_INFO OthersInfo);\r
	610	;-------------------------------------------------------------------------------------\r
	611	global ASM_PFX(AsmExchangeRole)\r
	612	ASM_PFX(AsmExchangeRole):\r
	613	; DO NOT call other functions in this function, since 2 CPU may use 1 stack\r
	614	; at the same time. If 1 CPU try to call a function, stack will be corrupted.\r
	615	\r
	616	push rax\r
	617	push rbx\r
	618	push rcx\r
	619	push rdx\r
	620	push rsi\r
	621	push rdi\r
	622	push rbp\r
	623	push r8\r
	624	push r9\r
	625	push r10\r
	626	push r11\r
	627	push r12\r
	628	push r13\r
	629	push r14\r
	630	push r15\r
	631	\r
	632	mov rax, cr0\r
	633	push rax\r
	634	\r
	635	mov rax, cr4\r
	636	push rax\r
	637	\r
	638	; rsi contains MyInfo pointer\r
	639	mov rsi, rcx\r
	640	\r
	641	; rdi contains OthersInfo pointer\r
	642	mov rdi, rdx\r
	643	\r
	644	;Store EFLAGS, GDTR and IDTR regiter to stack\r
	645	pushfq\r
2fba7d4e RN	646	sgdt [rsi + CPU_EXCHANGE_ROLE_INFO.Gdtr]\r
2fba7d4e RN	647	sidt [rsi + CPU_EXCHANGE_ROLE_INFO.Idtr]\r
d94e5f67 JF	648	\r
d94e5f67 JF	649	; Store the its StackPointer\r
2fba7d4e	650	mov [rsi + CPU_EXCHANGE_ROLE_INFO.StackPointer], rsp\r
d94e5f67 JF	651	\r
d94e5f67 JF	652	; update its switch state to STORED\r
2fba7d4e	653	mov byte [rsi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_STORED\r
d94e5f67 JF	654	\r
	655	WaitForOtherStored:\r
	656	; wait until the other CPU finish storing its state\r
2fba7d4e	657	cmp byte [rdi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_STORED\r
d94e5f67 JF	658	jz OtherStored\r
	659	pause\r
	660	jmp WaitForOtherStored\r
	661	\r
	662	OtherStored:\r
	663	; Since another CPU already stored its state, load them\r
	664	; load GDTR value\r
2fba7d4e	665	lgdt [rdi + CPU_EXCHANGE_ROLE_INFO.Gdtr]\r
d94e5f67 JF	666	\r
d94e5f67 JF	667	; load IDTR value\r
2fba7d4e	668	lidt [rdi + CPU_EXCHANGE_ROLE_INFO.Idtr]\r
d94e5f67 JF	669	\r
d94e5f67 JF	670	; load its future StackPointer\r
2fba7d4e	671	mov rsp, [rdi + CPU_EXCHANGE_ROLE_INFO.StackPointer]\r
d94e5f67 JF	672	\r
d94e5f67 JF	673	; update the other CPU's switch state to LOADED\r
2fba7d4e	674	mov byte [rdi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_LOADED\r
d94e5f67 JF	675	\r
	676	WaitForOtherLoaded:\r
	677	; wait until the other CPU finish loading new state,\r
	678	; otherwise the data in stack may corrupt\r
2fba7d4e	679	cmp byte [rsi + CPU_EXCHANGE_ROLE_INFO.State], CPU_SWITCH_STATE_LOADED\r
d94e5f67 JF	680	jz OtherLoaded\r
	681	pause\r
	682	jmp WaitForOtherLoaded\r
	683	\r
	684	OtherLoaded:\r
	685	; since the other CPU already get the data it want, leave this procedure\r
	686	popfq\r
	687	\r
	688	pop rax\r
	689	mov cr4, rax\r
	690	\r
	691	pop rax\r
	692	mov cr0, rax\r
	693	\r
	694	pop r15\r
	695	pop r14\r
	696	pop r13\r
	697	pop r12\r
	698	pop r11\r
	699	pop r10\r
	700	pop r9\r
	701	pop r8\r
	702	pop rbp\r
	703	pop rdi\r
	704	pop rsi\r
	705	pop rdx\r
	706	pop rcx\r
	707	pop rbx\r
	708	pop rax\r
	709	\r
	710	ret\r