From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79518+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79518+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321676; cv=none; d=zohomail.com; s=zohoarc; b=cZwxFoM7aEOrTHSGwu9/Ty6SWLUf4kcu1dGse/QV9Vw7KWrU7BLSf+2aCpCeA6QOah6CNV5oQQtt1kYodtZfrhWcFhwsoaa4P9JXvyDCSIlT0GZolAzEKaRzGATIlKHl3dk/n2T11dgbs1q6lmcMfLrwIzOffp9givD6AjsrBXM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321676; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=OZp02TXQqZ5DQN4H/Do8ZiDBlInZMiKFumNBU/ln3/g=; b=EcA3Re1WntZrvrAnlbL5ul7zIUOmH/meF47WwO4FacjPsB2blE7sTdWAOZo6f8oV/2Dai1j/wgg3eGSl4guRg1naV6i3qGFyzhs8DOf9oLgvhCv6pAVD1wIXNshWwTpjwxzGHYlfYBRXQp2c21Z7IHZqja+545DG0gRnPX6BMGQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79518+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321676078594.4870942662487; Wed, 18 Aug 2021 14:21:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 9e8iYY1788612xJM043lYv3n; Wed, 18 Aug 2021 14:21:15 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.61414.1629321675189865535 for ; Wed, 18 Aug 2021 14:21:15 -0700 X-Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL30p8028137; Wed, 18 Aug 2021 17:21:10 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcsrjfqt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:10 -0400 X-Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL4C7f031237; Wed, 18 Aug 2021 17:21:10 -0400 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcsrjfq9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:10 -0400 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILILBg002948; Wed, 18 Aug 2021 21:21:08 GMT X-Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma03dal.us.ibm.com with ESMTP id 3ae5ffhua0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:08 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILL7UV38994370 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:07 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E5192BE051; Wed, 18 Aug 2021 21:21:06 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CF34CBE056; Wed, 18 Aug 2021 21:21:05 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:05 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 1/9] OvmfPkg/AmdSev: Base for Confidential Migration Handler Date: Wed, 18 Aug 2021 17:20:40 -0400 Message-Id: <20210818212048.162626-2-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: DNYqFva_65Z21x64y0LIuFtKppEHhaHR X-Proofpoint-GUID: eyuEMVbKuWJfKJd7poyQ6tJE3Rsx3DfP Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: lVfPnSyv9x3GLis9jOIdEWmcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321675; bh=5mtrBzJyvuWwXiC5xYC25wdonvRroRKxCRIltKJXb8w=; h=Date:From:Reply-To:Subject:To; b=ShZiacmcNYMcZ8gBw1YNsDEyIj91dZCI/74WMn38loRW5NLMjqQgQLZ4O4XG4IOCzha 3g87HOivL6jFd0rqfXbTuDFQp9imfGhGg5Z+Sh0ktmQvrv3kM6FXiTVhO/TC4HoY6ehFz fx51HKNwJVML0Be12rhZz3YBKGjyPtfNtls= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321677623100006 Content-Type: text/plain; charset="utf-8" Base enablement of DXE driver that supports confidential migration. Signed-off-by: Tobin Feldman-Fitzthum --- OvmfPkg/OvmfPkg.dec | 5 ++ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 1 + .../ConfidentialMigrationDxe.inf | 34 ++++++++++++ .../ConfidentialMigrationDxe.c | 53 +++++++++++++++++++ 5 files changed, 94 insertions(+) create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionDxe.inf create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionDxe.c diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 3978852557..cfc645619d 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -370,6 +370,11 @@ # instance in PiSmmCpuDxeSmm, and CpuHotplugSmm. gUefiOvmfPkgTokenSpaceGuid.PcdCpuHotEjectDataAddress|0|UINT64|0x46 =20 + ## Set via FW_CFG to enable confidential migration as source or target. + # + gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget|FALSE|BOOLEA= N|0x49 + gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler|FALSE|BO= OLEAN|0x4a + [PcdsFeatureFlag] gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderPciTranslation|TRUE|BOOLEAN|0= x1c gUefiOvmfPkgTokenSpaceGuid.PcdQemuBootOrderMmioTranslation|FALSE|BOOLEAN= |0x1d diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index e6cd10b759..982ecaf70e 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -790,6 +790,7 @@ !endif OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf OvmfPkg/AmdSev/Grub/Grub.inf + OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf !if $(BUILD_SHELL) =3D=3D TRUE ShellPkg/Application/Shell/Shell.inf { diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 0a89749700..9bf17b8d51 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -274,6 +274,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrd= DynamicShellCommand.inf !endif INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf INF OvmfPkg/AmdSev/Grub/Grub.inf +INF OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf !if $(BUILD_SHELL) =3D=3D TRUE INF ShellPkg/Application/Shell/Shell.inf !endif diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf new file mode 100644 index 0000000000..6e3fa7e51c --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf @@ -0,0 +1,34 @@ +## @file +# +# Copyright (C) 2021 IBM Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D ConfidentialMigration + FILE_GUID =3D 5c2978f4-f175-434b-9e6c-9b03bd7e346f + MODULE_TYPE =3D DXE_RUNTIME_DRIVER + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D SetupMigrationHandler + +[Sources] + ConfidentialMigrationDxe.c + +[Packages] + MdePkg/MdePkg.dec + OvmfPkg/OvmfPkg.dec + +[LibraryClasses] + DebugLib + MemoryAllocationLib + UefiDriverEntryPoint + UefiLib + +[Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget + gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c new file mode 100644 index 0000000000..f0dfbd279e --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c @@ -0,0 +1,53 @@ +/** @file + In-guest support for confidential migration + + Copyright (C) 2021 IBM Coporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include + +VOID +EFIAPI +MigrationHandlerMain () +{ + DebugPrint (DEBUG_INFO,"Migration Handler Started\n"); + +} + +/** +SetupMigrationHandler runs in the firmware of the main VM to setup +regions of memory that the Migration Handler can use when executing +in the mirror VM. + +**/ +EFI_STATUS +EFIAPI +SetupMigrationHandler ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + + if (!PcdGetBool(PcdStartConfidentialMigrationHandler)) { + return 0; + } + + // + // If VM is migration target, wait until hypervisor modifies CPU state + // and restarts execution. + // + if (PcdGetBool(PcdIsConfidentialMigrationTarget)) { + DebugPrint (DEBUG_INFO,"Waiting for incoming confidential migration.\n= "); + + while (1) { + CpuPause (); + } + } + + // + // If VM is migration source, continue with boot. + // + return 0; +} --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79518): https://edk2.groups.io/g/devel/message/79518 Mute This Topic: https://groups.io/mt/84982979/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79519+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79519+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321677; cv=none; d=zohomail.com; s=zohoarc; b=Hhh6TvRuiivWeZZPqgC4HLzBbEJQXbTL3xtjBv8Bciuyt9tBp4oH21oCHJE2wfIBMn0E2ecabJ4+T4dcGQQKWwW3USB3ccRGhZ/SOQ6AyfWnlSDDRke6fZy1qR/ZUsenpDhRHf03jTK5f1ik2U8QPS4YzIyvCcoRG9jLmHl0rtY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321677; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Vu3X2B5NARuHj6mlhTHwiecCr3rPuFQgBrendzdmWXQ=; b=KMQop3QCAc3FuLDKaoSnUunM145Na6mzVYYKmktygfOQWcxF9nUuxFVUS9FchjHVjAkTGjJNDBITIycUrwigNpFh+FezPzzZOfOOkZQX8iWs30u6GUw9/AUqL8/B4l8caylJpcBlwp+BOjbggpvmsR2YvKbn0LjxnEEuxAB++p0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79519+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321677488526.3182800810274; Wed, 18 Aug 2021 14:21:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id mQIhYY1788612xnY92aQZkup; Wed, 18 Aug 2021 14:21:17 -0700 X-Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web08.61091.1629321675693354102 for ; Wed, 18 Aug 2021 14:21:16 -0700 X-Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL3wGl034917; Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcdy2h4e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL4SNI039740; Wed, 18 Aug 2021 17:21:11 -0400 X-Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcdy2h43-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:11 -0400 X-Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILILvC012609; Wed, 18 Aug 2021 21:21:10 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma01dal.us.ibm.com with ESMTP id 3agfdmeb2r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:10 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILL88H30015952 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:08 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1D4FFBE054; Wed, 18 Aug 2021 21:21:08 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 131F2BE056; Wed, 18 Aug 2021 21:21:07 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:06 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 2/9] OvmfPkg/PlatfomPei: Set Confidential Migration PCD Date: Wed, 18 Aug 2021 17:20:41 -0400 Message-Id: <20210818212048.162626-3-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ZaF8qULgXFjqzhP0d_HUzkYa6x8nfazn X-Proofpoint-GUID: 1VZ5wOmy6d4px2NZ67zbXn4SsCvujjlc Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: JZj5q4XtEWvpPQGNSXt5t42vx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321677; bh=k7Gn0ZUiGI1WEv3H6qOjJ7lD2sR3MYNHHQ2nAFY1fB0=; h=Date:From:Reply-To:Subject:To; b=cgar13AF1XwCAu/EabIi90oBAFXS4ROCPioqg/b0f1NZc1vC+ajslBJGS9ABc9goahI b8NO7iIBA2eU6Zpu7DnGSrQ5rQaq/4a/iAuYeGCPX30oLNuS+tsko6uzE9reZGJAW0EHF dPavxlkJnJpL3AJxNtZvtYrTLzDLkt9p7r8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321677738100010 Content-Type: text/plain; charset="utf-8" Confidential Migration relies on two boolean PCDs set from FW_CFG Signed-off-by: Tobin Feldman-Fitzthum --- OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/PlatformPei/Platform.c | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index 89d1f76368..2d92184c19 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -89,6 +89,8 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDecompressionScratchEnd gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes gUefiOvmfPkgTokenSpaceGuid.PcdQ35SmramAtDefaultSmbase + gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler + gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c index d3a20122a2..f0963aaba9 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -272,6 +272,15 @@ NoexecDxeInitialization ( UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdSetNxForStack); } =20 +VOID +ConfidentialMigrationInitialization ( + VOID + ) +{ + UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdStartConfidentialMigrationHandler); + UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdIsConfidentialMigrationTarget); +} + VOID PciExBarInitialization ( VOID @@ -742,6 +751,7 @@ InitializePlatform ( =20 InstallClearCacheCallback (); AmdSevInitialize (); + ConfidentialMigrationInitialization (); MiscInitialization (); InstallFeatureControlCallback (); =20 --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79519): https://edk2.groups.io/g/devel/message/79519 Mute This Topic: https://groups.io/mt/84982980/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79520+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79520+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321678; cv=none; d=zohomail.com; s=zohoarc; b=Gg0hgAIQwQ3zvo45gDrO3jy03E5jm2ZiokFDPHCQiUQFhgsyBCPk/4pbpqLkrF0srDkp1lVtcv2SzsFyNXNgq1T5rnej73a56Dw/MatpQJZJumu7r/ePXxf0ExohmYfLVLAZqI4wvjuSGPcQi0ShAs78KQSjWjQHppDDxjs0q90= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321678; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hEiC+WsLGZMJ/d9CTzUuGnRUkXgEEqUSRrvkuE9eEac=; b=bzLMErLP0MDJx3nJoJ4g/2Lq4h2SGAio4a0DQs8/UY7aBbewwX3uKB6g7vgG/O6r6YaFWVsS+Qp13z+2TffybpVeVRqiOkPwMDFiXB7QPxqSXa1ExbWuohz0UaJFy2742rCc8ALrVZ0r56lvmKGAZYhXsQFSH7BJ/L9enG2gRxw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79520+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321678385310.484761406428; Wed, 18 Aug 2021 14:21:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id BmhGYY1788612xeXNjEm6qrk; Wed, 18 Aug 2021 14:21:18 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web09.61049.1629321677078319078 for ; Wed, 18 Aug 2021 14:21:17 -0700 X-Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL3RRM020554; Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcf6uap3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL7g8p034788; Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcf6uank-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:12 -0400 X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILIJpv012814; Wed, 18 Aug 2021 21:21:10 GMT X-Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma01wdc.us.ibm.com with ESMTP id 3ae5fdn7y3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:10 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILL9E214745898 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:09 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 551FDBE056; Wed, 18 Aug 2021 21:21:09 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4A64DBE05A; Wed, 18 Aug 2021 21:21:08 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:08 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 3/9] OvmfPkg/AmdSev: Setup Migration Handler Mailbox Date: Wed, 18 Aug 2021 17:20:42 -0400 Message-Id: <20210818212048.162626-4-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 1L_Ka9OvYWbGF-FVTHuuLICuftnA8kwf X-Proofpoint-GUID: Tg4NceNYBPaY2oBMXM20Jx8AjosgYNma Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: dG4UVfPuxA40TFQleoPGtE3Rx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321678; bh=hH9G+eI0iQ6B6/U+2OZG069VF4st/KA9epRUDDtnuVw=; h=Date:From:Reply-To:Subject:To; b=ozefc01qodk6byWaCb7Zd//pz1d22tCcfmRTSCMI0YY4L9JGwfUeLPb+7abooDuVuYA a6YUsr3ThGF/f/JZbCBWPqS9zvdfvCoKVgxxLQd5zuXedVoBDEjZFvtj8gN3lR0cHiTZO ID6TPOPTOem6GtcpYlLoKeHP0r+O1M374D4= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321679906100001 Content-Type: text/plain; charset="utf-8" The migration handler communicates with the hypervisor using a special mailbox, a page of shared memory where pending commands can be written. Another shared page is used to pass the incoming or outgoing guest memory pages. These pages are set aside in MEMFD, which this patch expands, and reserved as runtime memory in ConfidentialMigrationPei, which this patch introduces. Signed-off-by: Tobin Feldman-Fitzthum --- OvmfPkg/OvmfPkg.dec | 5 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/AmdSev/AmdSevX64.fdf | 12 ++++--- .../ConfidentialMigrationPei.inf | 35 +++++++++++++++++++ .../ConfidentialMigrationPei.c | 25 +++++++++++++ 5 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionPei.inf create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrat= ionPei.c diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index cfc645619d..1252582c99 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -331,6 +331,11 @@ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|0x0|UINT32|0x47 gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize|0x0|UINT32|0x48 =20 + ## Area used by the confidential migration handler to communicate with + # the hypervisor. + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|0x0|UINT3= 2|0x4b + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize|0x0|UINT3= 2|0x4c + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 982ecaf70e..cd6189f330 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -623,6 +623,7 @@ UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf UefiCpuPkg/CpuMpPei/CpuMpPei.inf OvmfPkg/AmdSev/SecretPei/SecretPei.inf + OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index 9bf17b8d51..a8e296e641 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -36,10 +36,10 @@ FV =3D SECFV =20 [FD.MEMFD] BaseAddress =3D $(MEMFD_BASE_ADDRESS) -Size =3D 0xD00000 +Size =3D 0xE00000 ErasePolarity =3D 1 BlockSize =3D 0x10000 -NumBlocks =3D 0xD0 +NumBlocks =3D 0xE0 =20 0x000000|0x006000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize @@ -71,11 +71,14 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUe= fiOvmfPkgTokenSpaceGuid.P 0x010000|0x010000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPeiTempRamSize =20 -0x020000|0x0E0000 +0x020000|0x003000 +gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|gUefiOvmfPk= gTokenSpaceGuid.PcdConfidentialMigrationMailboxSize + +0x120000|0x0E0000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfPeiMemFvSize FV =3D PEIFV =20 -0x100000|0xC00000 +0x200000|0xC00000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfDxeMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfDxeMemFvSize FV =3D DXEFV =20 @@ -148,6 +151,7 @@ INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf INF UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf +INF OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf new file mode 100644 index 0000000000..918cf22abd --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf @@ -0,0 +1,35 @@ +## @file +# PEI support for confidential migration. +# +# Copyright (C) 2021 IBM Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D ConfidentialMigration + FILE_GUID =3D a747792e-71a1-4c24-84a9-a76a0a279878 + MODULE_TYPE =3D PEIM + VERSION_STRING =3D 1.0 + ENTRY_POINT =3D InitializeConfidentialMigrationPei + +[Sources] + ConfidentialMigrationPei.c + +[Packages] + OvmfPkg/OvmfPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + HobLib + PeimEntryPoint + PcdLib + +[FixedPcd] + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize + +[Depex] + TRUE diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c new file mode 100644 index 0000000000..ce304bc07b --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c @@ -0,0 +1,25 @@ +/** @file + Reserve memory for confidential migration handler. + + Copyright (C) 2020 IBM Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include +#include +#include + +EFI_STATUS +EFIAPI +InitializeConfidentialMigrationPei ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + BuildMemoryAllocationHob ( + PcdGet32 (PcdConfidentialMigrationMailboxBase), + PcdGet32 (PcdConfidentialMigrationMailboxSize), + EfiRuntimeServicesData + ); + + return EFI_SUCCESS; +} --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79520): https://edk2.groups.io/g/devel/message/79520 Mute This Topic: https://groups.io/mt/84982982/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79521+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79521+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321679; cv=none; d=zohomail.com; s=zohoarc; b=Vc5JpZExbnc4JkX+6LDeU63jiSG81wJCd+PwVVDAxLtkMxDOeXpF5DQK2EoQvFrfG/TCQOtTdKaji5OHNY5RiYxW7aGZDdwYgyt05jVg+8AQHkGY2TuDEdwLx4EV/u5pMVGcsG9Th81CscD0AWdEdu5siLPK5iDmxXxgL0pCGs8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321679; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=VTz+TQBr5k1Njsswcjxc526lBCWTJKKD18t9TGrZLPY=; b=ZpotOjc4g97uKnLuegxvcMhWS/Ue6IVFXRtroJpMIwSMGlwwgFdJFgZtObXvbXLldmgIvcwslZLrONOfvE8KHNpgA7fdxNn/KNrcNoIHVoRWVBHhrajeKebjUlvFJ1WvWyzJDToYNFnXc5nnNFqh9lMvHj9YBpe7UkbRIC09t5Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79521+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321679840788.6304906742487; Wed, 18 Aug 2021 14:21:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 3xh9YY1788612xUX9VJMo5o3; Wed, 18 Aug 2021 14:21:19 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web12.61483.1629321677815119949 for ; Wed, 18 Aug 2021 14:21:18 -0700 X-Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL41tO041091; Wed, 18 Aug 2021 17:21:14 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agc2h2j7b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:13 -0400 X-Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17ILGr86076556; Wed, 18 Aug 2021 17:21:13 -0400 X-Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agc2h2j6u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:13 -0400 X-Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILGx71002790; Wed, 18 Aug 2021 21:21:12 GMT X-Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma03wdc.us.ibm.com with ESMTP id 3ae5fe595r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:12 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILLASM47841784 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:10 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 957EDBE054; Wed, 18 Aug 2021 21:21:10 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8158FBE059; Wed, 18 Aug 2021 21:21:09 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:09 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 4/9] OvmfPkg/AmdSev: MH support for mailbox protocol Date: Wed, 18 Aug 2021 17:20:43 -0400 Message-Id: <20210818212048.162626-5-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 1lSJQpp-_RIqxHBpsypM6p4d57tAnIo- X-Proofpoint-GUID: wtTMdvFtj_JFoDIzELmA0LuV7wIpcAdG Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: FfMfdFFf9qygQXzFFo8XcZlJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321679; bh=lM2pAbKysclDGPRAu5RhDmyTWJ0MsOgkW8hXPnW6yNQ=; h=Date:From:Reply-To:Subject:To; b=lyLqT+LOYnIplsFk0/mfKo+jOCClU38FNyugbo4PBosQpCA/DBBuTFqWgeieIInZfA8 zk6JQbvXQkSiVrjtkgmZKLn9uzHKxcw0B6wNqbPuQavOvIbYKCR6N2/cm/eSHgy6zgYY0 zPzKJYsLuJ6HxQP3SZq48PpjPvgJTeS9g7M= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321682004100007 Content-Type: text/plain; charset="utf-8" The migration handler communicates with the hypervisor via a shared mailbox page. The MH can perform four functions at the behest of the HV: init, save page, restore page, and reset. Signed-off-by: Tobin Feldman-Fitzthum --- .../ConfidentialMigrationDxe.inf | 1 + .../ConfidentialMigrationDxe.c | 74 +++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf index 6e3fa7e51c..cb5609271c 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf @@ -29,6 +29,7 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase =20 [Depex] TRUE diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c index f0dfbd279e..a981aaeac7 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c @@ -6,14 +6,88 @@ **/ =20 #include +#include #include =20 +// +// Functions implemented by the migration handler +// +#define MH_FUNC_INIT 0 +#define MH_FUNC_SAVE_PAGE 1 +#define MH_FUNC_RESTORE_PAGE 2 +#define MH_FUNC_RESET 3 + +// +// Return codes for MH functions +// +#define MH_SUCCESS 0 +#define MH_INVALID_FUNC (-1) +#define MH_AUTH_ERR (-2) + +// +// Mailbox for communication with hypervisor +// +typedef volatile struct { + UINT64 Nr; + UINT64 Gpa; + UINT32 DoPrefetch; + UINT32 Ret; + UINT32 Go; + UINT32 Done; +} MH_COMMAND_PARAMETERS; + + VOID EFIAPI MigrationHandlerMain () { + UINT64 MailboxStart; + MH_COMMAND_PARAMETERS *Params; + VOID *PageVa; + DebugPrint (DEBUG_INFO,"Migration Handler Started\n"); =20 + MailboxStart =3D PcdGet32 (PcdConfidentialMigrationMailboxBase); + Params =3D (VOID *)MailboxStart; + PageVa =3D (VOID *)(MailboxStart + 0x1000); + + DisableInterrupts (); + Params->Go =3D 0; + + while (1) { + while (!Params->Go) { + CpuPause (); + } + Params->Done =3D 0; + + switch (Params->Nr) { + case MH_FUNC_INIT: + Params->Ret =3D MH_SUCCESS; + break; + + case MH_FUNC_SAVE_PAGE: + CopyMem (PageVa, (VOID *)Params->Gpa, 4096); + Params->Ret =3D MH_SUCCESS; + break; + + case MH_FUNC_RESTORE_PAGE: + CopyMem ((VOID *)Params->Gpa, PageVa, 4096); + Params->Ret =3D MH_SUCCESS; + break; + + case MH_FUNC_RESET: + Params->Ret =3D MH_SUCCESS; + break; + + default: + Params->Ret =3D MH_INVALID_FUNC; + break; + } + + Params->Go =3D 0; + Params->Done =3D 1; + + } } =20 /** --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79521): https://edk2.groups.io/g/devel/message/79521 Mute This Topic: https://groups.io/mt/84982983/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79522+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79522+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321680; cv=none; d=zohomail.com; s=zohoarc; b=JGvbxLcblKjG6w+JUmsd8USyBVnU5hqPB3dW5u0sHa6k6IjZ2UFA+BkW0l2htfPHsIOr6BcGivojP7Lsj4EZE6l4ao5yzHNmKOvZ/BGa9Yq6QvWbzlVq2IBXo8LNASgU/Bz74zts//cA+p2SEP83ii2mWKNmpEStTnA0G8+iVew= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321680; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=+dFVH8EFuFnT4Y76h0yudf8qFLE07oOLNSYw5Kn6hZU=; b=UpzejupGQoeR4z8MJQFj7pv2T8c1qqrVZGjwN3SX5Cd+GkwnMJ+uyQvzBZ/eYy6lPndjMZ3fUIfsdMRLf26EqXFFS9ZGzGDCR21RpJsWct03xVZ07M9sBpkC9BEHrJvwo4JPYPqQIGSpfyHdYAsYtBAJ6NAmP48mx1ocDRQUViU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79522+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321680228850.3830358288006; Wed, 18 Aug 2021 14:21:20 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id xJRTYY1788612xjYjjARYM5x; Wed, 18 Aug 2021 14:21:19 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.61417.1629321679169020802 for ; Wed, 18 Aug 2021 14:21:19 -0700 X-Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL4VDS107939; Wed, 18 Aug 2021 17:21:15 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agfdy4ser-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:15 -0400 X-Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL6Sri112821; Wed, 18 Aug 2021 17:21:14 -0400 X-Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agfdy4seb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:14 -0400 X-Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILIJFx012813; Wed, 18 Aug 2021 21:21:13 GMT X-Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma01wdc.us.ibm.com with ESMTP id 3ae5fdn7yv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:13 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILLBTI12911288 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:12 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C5B47BE051; Wed, 18 Aug 2021 21:21:11 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B7FA4BE056; Wed, 18 Aug 2021 21:21:10 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:10 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 5/9] OvmfPkg/AmdSev: Build page table for migration handler Date: Wed, 18 Aug 2021 17:20:44 -0400 Message-Id: <20210818212048.162626-6-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: ntNUkNhxbsUUn01G9943s7zMSxB5hwCm X-Proofpoint-ORIG-GUID: 9ajYr1C_0LEbNPAQIZiuG3QNIZcyA029 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: j1nnQTRRUUcE26TVAWsjSSUmx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321679; bh=KSmGkRgFMR6BCKgNYF+7w8fhbRiadOaZdfYyGeIGUik=; h=Date:From:Reply-To:Subject:To; b=MjDkfrVIJy+kLeCj86khUTXi4ZSdcB/segY2JRRPACfWQnLmI7unniLMEKGNCQIJQlF YWFarwLeFUB9ZXXJ0eG940JlQLZ3MFAFeMe0+MlIPkRfilKGR0IItUN15sYSp0tGbyFT+ DT93Ik3DwPJaAt6/bJ8Immq0ha4RyrQ3vng= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321682110100009 Content-Type: text/plain; charset="utf-8" From: Dov Murik The migration handler builds its own page tables and switches to them. The MH pagetables are reserved as runtime memory. When the hypervisor asks the MH to import/export a page, the HV writes the guest physical address of the page in question to the mailbox. The MH uses an identity mapping so that it can read/write whatever GPA is requested by the HV. The hypervisor only asks the MH to import/export encrypted pages. Thus, the C-Bit can be set for every page in the identity map. The MH also needs to read shared pages, such as the mailbox. These are mapped at an offset. The offset must be added to the physical address before it can be resolved. Signed-off-by: Tobin Feldman-Fitzthum Signed-off-by: Dov Murik --- .../ConfidentialMigrationDxe.inf | 1 + .../ConfidentialMigration/VirtualMemory.h | 177 ++++++++++++++++++ .../ConfidentialMigrationDxe.c | 73 +++++++- 3 files changed, 249 insertions(+), 2 deletions(-) create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/VirtualMemory.h diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf index cb5609271c..42875095fc 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf @@ -15,6 +15,7 @@ =20 [Sources] ConfidentialMigrationDxe.c + VirtualMemory.h =20 [Packages] MdePkg/MdePkg.dec diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/VirtualMemory.h b/OvmfPkg= /AmdSev/ConfidentialMigration/VirtualMemory.h new file mode 100644 index 0000000000..c50cb64c63 --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/VirtualMemory.h @@ -0,0 +1,177 @@ +/** @file + Virtual Memory Management Services to set or clear the memory encryption= bit + Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
+ Copyright (c) 2017, AMD Incorporated. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + Code is derived from OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMem= ory.h + +**/ + +#ifndef __VIRTUAL_MEMORY__ +#define __VIRTUAL_MEMORY__ + +#include +#include +#include +#include +#include +#include + +#define SYS_CODE64_SEL 0x38 + +#pragma pack(1) + +// +// Page-Map Level-4 Offset (PML4) and +// Page-Directory-Pointer Offset (PDPE) entries 4K & 2MB +// + +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, + // 1 =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, + // 1 =3D Write-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, + // 1 =3D Accessed (set by CPU) + UINT64 Reserved:1; // Reserved + UINT64 MustBeZero:2; // Must Be Zero + UINT64 Available:3; // Available for use by system softw= are + UINT64 PageTableBaseAddress:40; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // No Execute bit + } Bits; + UINT64 Uint64; +} PAGE_MAP_AND_DIRECTORY_POINTER; + +// +// Page Table Entry 4KB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, + // 1 =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, + // 1 =3D Write-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, + // 1 =3D Accessed (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by + // processor on access to page + UINT64 PAT:1; // + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page + // TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PageTableBaseAddress:40; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, + // 1 =3D No Code Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_4K_ENTRY; + +// +// Page Table Entry 2MB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, + // 1 =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, + // 1=3DWrite-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, + // 1 =3D Accessed (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by + // processor on access to page + UINT64 MustBe1:1; // Must be 1 + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page + // TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PAT:1; // + UINT64 MustBeZero:8; // Must be zero; + UINT64 PageTableBaseAddress:31; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, + // 1 =3D No Code Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_ENTRY; + +// +// Page Table Entry 1GB +// +typedef union { + struct { + UINT64 Present:1; // 0 =3D Not present in memory, + // 1 =3D Present in memory + UINT64 ReadWrite:1; // 0 =3D Read-Only, 1=3D Read/Write + UINT64 UserSupervisor:1; // 0 =3D Supervisor, 1=3DUser + UINT64 WriteThrough:1; // 0 =3D Write-Back caching, + // 1 =3D Write-Through caching + UINT64 CacheDisabled:1; // 0 =3D Cached, 1=3DNon-Cached + UINT64 Accessed:1; // 0 =3D Not accessed, + // 1 =3D Accessed (set by CPU) + UINT64 Dirty:1; // 0 =3D Not Dirty, 1 =3D written by + // processor on access to page + UINT64 MustBe1:1; // Must be 1 + UINT64 Global:1; // 0 =3D Not global page, 1 =3D glob= al page + // TLB not cleared on CR3 write + UINT64 Available:3; // Available for use by system softw= are + UINT64 PAT:1; // + UINT64 MustBeZero:17; // Must be zero; + UINT64 PageTableBaseAddress:22; // Page Table Base Address + UINT64 AvabilableHigh:11; // Available for use by system softw= are + UINT64 Nx:1; // 0 =3D Execute Code, + // 1 =3D No Code Execution + } Bits; + UINT64 Uint64; +} PAGE_TABLE_1G_ENTRY; + +#pragma pack() + +#define IA32_PG_P BIT0 +#define IA32_PG_RW BIT1 +#define IA32_PG_PS BIT7 + +#define PAGING_PAE_INDEX_MASK 0x1FF + +#define PAGING_4K_ADDRESS_MASK_64 0x000FFFFFFFFFF000ull +#define PAGING_2M_ADDRESS_MASK_64 0x000FFFFFFFE00000ull +#define PAGING_1G_ADDRESS_MASK_64 0x000FFFFFC0000000ull + +#define PAGING_L1_ADDRESS_SHIFT 12 +#define PAGING_L2_ADDRESS_SHIFT 21 +#define PAGING_L3_ADDRESS_SHIFT 30 +#define PAGING_L4_ADDRESS_SHIFT 39 + +#define PAGING_PML4E_NUMBER 4 + +#define PAGETABLE_ENTRY_MASK ((1UL << 9) - 1) +#define PML4_OFFSET(x) ( (x >> 39) & PAGETABLE_ENTRY_MASK) +#define PDP_OFFSET(x) ( (x >> 30) & PAGETABLE_ENTRY_MASK) +#define PDE_OFFSET(x) ( (x >> 21) & PAGETABLE_ENTRY_MASK) +#define PTE_OFFSET(x) ( (x >> 12) & PAGETABLE_ENTRY_MASK) +#define PAGING_1G_ADDRESS_MASK_64 0x000FFFFFC0000000ull + +#define PAGE_TABLE_POOL_ALIGNMENT BASE_2MB +#define PAGE_TABLE_POOL_UNIT_SIZE SIZE_2MB +#define PAGE_TABLE_POOL_UNIT_PAGES \ + EFI_SIZE_TO_PAGES (PAGE_TABLE_POOL_UNIT_SIZE) +#define PAGE_TABLE_POOL_ALIGN_MASK \ + (~(EFI_PHYSICAL_ADDRESS)(PAGE_TABLE_POOL_ALIGNMENT - 1)) + +typedef struct { + VOID *NextPool; + UINTN Offset; + UINTN FreePages; +} PAGE_TABLE_POOL; + +#endif diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c index a981aaeac7..34d449fe10 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c @@ -9,6 +9,8 @@ #include #include =20 +#include "VirtualMemory.h" + // // Functions implemented by the migration handler // @@ -36,6 +38,71 @@ typedef volatile struct { UINT32 Done; } MH_COMMAND_PARAMETERS; =20 +// +// Offset for non-cbit mapping. +// +#define UNENC_VIRT_ADDR_BASE 0xffffff8000000000ULL + +STATIC PAGE_TABLE_POOL *mPageTablePool =3D NULL; +PHYSICAL_ADDRESS mMigrationHandlerPageTables =3D 0; + +/** + Allocates and fills in custom page tables for Migration Handler. + The MH must be able to write to any encrypted page. Thus, it + uses an identity map where the C-bit is set for every page. The + HV should never ask the MH to import/export a shared page. The + MH must also be able to read some shared pages. The first 1GB + of memory is mapped at offset UNENC_VIRT_ADDR_BASE. +**/ +VOID +PrepareMigrationHandlerPageTables ( + VOID + ) +{ + UINTN PoolPages; + VOID *Buffer; + VOID *Start; + PAGE_MAP_AND_DIRECTORY_POINTER *PageMapLevel4Entry; + PAGE_TABLE_1G_ENTRY *PageDirectory1GEntry; + PAGE_TABLE_1G_ENTRY *Unenc1GEntry; + UINT64 AddressEncMask; + + PoolPages =3D 1 + 10; + Buffer =3D AllocateAlignedRuntimePages (PoolPages, PAGE_TABLE_POOL_ALIGN= MENT); + mPageTablePool =3D Buffer; + mPageTablePool->NextPool =3D mPageTablePool; + mPageTablePool->FreePages =3D PoolPages - 1; + mPageTablePool->Offset =3D EFI_PAGES_TO_SIZE (1); + + Start =3D (UINT8 *)mPageTablePool + mPageTablePool->Offset; + ZeroMem(Start, mPageTablePool->FreePages * EFI_PAGE_SIZE); + + AddressEncMask =3D 1ULL << 47; + + PageMapLevel4Entry =3D Start; + PageDirectory1GEntry =3D (PAGE_TABLE_1G_ENTRY*)((UINT8*)Start + EFI_PAGE= _SIZE); + Unenc1GEntry =3D (PAGE_TABLE_1G_ENTRY*)((UINT8*)Start + 2 * EFI_PAGE_SIZ= E); + + PageMapLevel4Entry =3D Start; + PageMapLevel4Entry +=3D PML4_OFFSET(0x0ULL); + PageMapLevel4Entry->Uint64 =3D (UINT64)PageDirectory1GEntry | AddressEnc= Mask | 0x23; + + PageMapLevel4Entry =3D Start; + PageMapLevel4Entry +=3D PML4_OFFSET(UNENC_VIRT_ADDR_BASE); // should be = 511 + PageMapLevel4Entry->Uint64 =3D (UINT64)Unenc1GEntry | AddressEncMask | 0= x23; + + UINT64 PageAddr =3D 0; + for (int i =3D 0; i < 512; i++, PageAddr +=3D SIZE_1GB) { + PAGE_TABLE_1G_ENTRY *e =3D PageDirectory1GEntry + i; + e->Uint64 =3D PageAddr | AddressEncMask | 0xe3; // 1GB page + } + + UINT64 UnencPageAddr =3D 0; + Unenc1GEntry->Uint64 =3D UnencPageAddr | 0xe3; // 1GB page unencrypted + + mMigrationHandlerPageTables =3D (UINT64)Start | AddressEncMask; +} + =20 VOID EFIAPI @@ -48,8 +115,8 @@ MigrationHandlerMain () DebugPrint (DEBUG_INFO,"Migration Handler Started\n"); =20 MailboxStart =3D PcdGet32 (PcdConfidentialMigrationMailboxBase); - Params =3D (VOID *)MailboxStart; - PageVa =3D (VOID *)(MailboxStart + 0x1000); + Params =3D (VOID *)(MailboxStart + UNENC_VIRT_ADDR_BASE); + PageVa =3D (VOID *)(MailboxStart + UNENC_VIRT_ADDR_BASE + 0x1000); =20 DisableInterrupts (); Params->Go =3D 0; @@ -108,6 +175,8 @@ SetupMigrationHandler ( return 0; } =20 + PrepareMigrationHandlerPageTables (); + // // If VM is migration target, wait until hypervisor modifies CPU state // and restarts execution. --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79522): https://edk2.groups.io/g/devel/message/79522 Mute This Topic: https://groups.io/mt/84982985/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79523+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79523+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321681; cv=none; d=zohomail.com; s=zohoarc; b=NPk5a15jx1Gw73NgD+uPCUkCz2N0VG7h6alM5jVS37KxdsjwvPtr+YegLC48GqfBuf+TyhZydJeqy/38nQ13jlsAy+/4kBuhwk8eYDjjC6afGe7lCR5KgS9MLU0IB+KCG8ReBfZNf50AOPahw+LDlfMugzROy9NpDmlK85ZtDWY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321681; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=P4mgvGScpnNdWOk8OqTOq6x/hiKyucdKzsWriVBB4Jk=; b=SvViMSAuW75FywMaQwSlZsvGoBSIJlqU6Mg0gxAOk4dRtb48RiNehXqxQQHEjXnd0kvQgjj3tezl/RVOOZYylJ3qVcXnjqzwH0/3zWo6H5nqHfV4Lfv/Dv5IlxBa120KtlAYo9iOb/h4oEIZyg+K1/e3yEO1egq+4UDMrvzBVaw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79523+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321681927138.6291067273729; Wed, 18 Aug 2021 14:21:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 1v2eYY1788612xsUUNbbPm4a; Wed, 18 Aug 2021 14:21:21 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.61419.1629321681105517692 for ; Wed, 18 Aug 2021 14:21:21 -0700 X-Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL2xhG028046; Wed, 18 Aug 2021 17:21:16 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcsrjft6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:16 -0400 X-Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL37xx028450; Wed, 18 Aug 2021 17:21:15 -0400 X-Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcsrjfsn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:15 -0400 X-Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILIJhO002793; Wed, 18 Aug 2021 21:21:14 GMT X-Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma03dal.us.ibm.com with ESMTP id 3ae5ffhucb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:14 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILLDYE31719906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:13 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1270EBE04F; Wed, 18 Aug 2021 21:21:13 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F1BC5BE056; Wed, 18 Aug 2021 21:21:11 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:11 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 6/9] OvmfPkg/AmdSev: Don't overwrite mailbox or pagetables Date: Wed, 18 Aug 2021 17:20:45 -0400 Message-Id: <20210818212048.162626-7-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: MwylJ3fTvh254AuoNNN2iXOqVtr6ZG5J X-Proofpoint-GUID: Bf8eIlRO0wpBjbJhFCu3tAQdLdJWq2XW Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: ofry5gYzr7htuS7nfvuYn3EYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321681; bh=Sx/2IXDSIPFXsYRwBymnn/+CrRgif3Bu6Xac3GMTYwc=; h=Date:From:Reply-To:Subject:To; b=NJIxiS1ihV9ezY/rLy5j6OBMU8PPfssHHUmK4SOtPzNjNYL89bWBxoFYmzgt0fIZ8So gv/HEegl//Ian7ObBnT2bV2YP1Urz6sRdBpij6BQEOo2GhlgDX547aSPnaGuncbairw7i ZQ38bh7//L7mITrOKPlYUDORcpFhiaRdQcE= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321682265100013 Content-Type: text/plain; charset="utf-8" While restoring pages, the MH should avoid overwriting its pagetables or the mailbox it uses to communicate with the HV. Signed-off-by: Tobin Feldman-Fitzthum --- .../ConfidentialMigrationDxe.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c index 34d449fe10..ee1466eb00 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c @@ -109,6 +109,9 @@ EFIAPI MigrationHandlerMain () { UINT64 MailboxStart; + UINT64 MailboxEnd; + UINT64 PagetableStart; + UINT64 PagetableEnd; MH_COMMAND_PARAMETERS *Params; VOID *PageVa; =20 @@ -118,6 +121,11 @@ MigrationHandlerMain () Params =3D (VOID *)(MailboxStart + UNENC_VIRT_ADDR_BASE); PageVa =3D (VOID *)(MailboxStart + UNENC_VIRT_ADDR_BASE + 0x1000); =20 + MailboxEnd =3D MailboxStart + 2 * EFI_PAGE_SIZE; + + PagetableStart =3D mMigrationHandlerPageTables; + PagetableEnd =3D PagetableStart + 11 * EFI_PAGE_SIZE; + DisableInterrupts (); Params->Go =3D 0; =20 @@ -138,7 +146,14 @@ MigrationHandlerMain () break; =20 case MH_FUNC_RESTORE_PAGE: - CopyMem ((VOID *)Params->Gpa, PageVa, 4096); + // + // Don't import a page that covers the mailbox or pagetables. + // + if (!((Params->Gpa >=3D MailboxStart && Params->Gpa < MailboxEnd) || + (Params->Gpa >=3D PagetableStart && Params->Gpa < PagetableEnd))= ) { + + CopyMem ((VOID *)Params->Gpa, PageVa, 4096); + } Params->Ret =3D MH_SUCCESS; break; =20 --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79523): https://edk2.groups.io/g/devel/message/79523 Mute This Topic: https://groups.io/mt/84982986/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79524+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79524+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321683667513.6240818765083; Wed, 18 Aug 2021 14:21:23 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bqU2YY1788612xsmUcsGqVHL; Wed, 18 Aug 2021 14:21:23 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web10.61420.1629321682316478233 for ; Wed, 18 Aug 2021 14:21:22 -0700 X-Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL3Ngt156667; Wed, 18 Aug 2021 17:21:17 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcvsj97g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:17 -0400 X-Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17IL3VAT157371; Wed, 18 Aug 2021 17:21:17 -0400 X-Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agcvsj96p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:17 -0400 X-Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILI7hY021080; Wed, 18 Aug 2021 21:21:15 GMT X-Received: from b03cxnp08025.gho.boulder.ibm.com (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17]) by ppma05wdc.us.ibm.com with ESMTP id 3ae5fdw9fy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:15 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILLEsI51380620 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:14 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4A854BE04F; Wed, 18 Aug 2021 21:21:14 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 351ECBE053; Wed, 18 Aug 2021 21:21:13 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:13 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 7/9] OvmfPkg/AmdSev: Don't overwrite MH stack Date: Wed, 18 Aug 2021 17:20:46 -0400 Message-Id: <20210818212048.162626-8-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: PpAhBoufF4cbi7FDEdp3sJFfzpKWnFG3 X-Proofpoint-GUID: 73K_IK9aGSpoQpAlu9iARgrwc2WgpiBx Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: xBSycpDfhJDkLoLFggSNY7dZx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321683; bh=GWHS+0Rti8vzOBQFoaH2Z3ABn04ywy6xsQqpLU3VkJU=; h=Date:From:Reply-To:Subject:To; b=ZkePBOmD7XNIqDujbdMd9njVi21bNxvsxrkQBPE7x7tiJIUqh7gTW2AWGTEbLQ7ZdTb WQcEHs1O0JaZjQnlEqdKYrO1uM9L2w2bUx63v1JkKmEPIjxStmIu+Bxc7w7ad+9FHPBw6 b2QJmOWxoF3mJPRQTKPSKHX0j6llQylPZ2E= X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1629321684423100017 Content-Type: text/plain; charset="utf-8" The Migration Handler uses its own stack and should avoid overwriting the stack when importing pages. Signed-off-by: Tobin Feldman-Fitzthum --- .../ConfidentialMigrationDxe.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c index ee1466eb00..2de35a7bb1 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c @@ -45,6 +45,8 @@ typedef volatile struct { =20 STATIC PAGE_TABLE_POOL *mPageTablePool =3D NULL; PHYSICAL_ADDRESS mMigrationHandlerPageTables =3D 0; +PHYSICAL_ADDRESS mMigrationHandlerStackBase =3D 0; +UINT32 mMigrationHandlerStackSize =3D 4; =20 /** Allocates and fills in custom page tables for Migration Handler. @@ -112,6 +114,8 @@ MigrationHandlerMain () UINT64 MailboxEnd; UINT64 PagetableStart; UINT64 PagetableEnd; + UINT64 StackStart; + UINT64 StackEnd; MH_COMMAND_PARAMETERS *Params; VOID *PageVa; =20 @@ -126,6 +130,9 @@ MigrationHandlerMain () PagetableStart =3D mMigrationHandlerPageTables; PagetableEnd =3D PagetableStart + 11 * EFI_PAGE_SIZE; =20 + StackStart =3D mMigrationHandlerStackBase; + StackEnd =3D StackStart + mMigrationHandlerStackSize; + DisableInterrupts (); Params->Go =3D 0; =20 @@ -147,10 +154,11 @@ MigrationHandlerMain () =20 case MH_FUNC_RESTORE_PAGE: // - // Don't import a page that covers the mailbox or pagetables. + // Don't import a page that covers the mailbox, pagetables, or stack. // if (!((Params->Gpa >=3D MailboxStart && Params->Gpa < MailboxEnd) || - (Params->Gpa >=3D PagetableStart && Params->Gpa < PagetableEnd))= ) { + (Params->Gpa >=3D PagetableStart && Params->Gpa < PagetableEnd) = || + (Params->Gpa >=3D StackStart && Params->Gpa < StackEnd))) { =20 CopyMem ((VOID *)Params->Gpa, PageVa, 4096); } @@ -190,6 +198,11 @@ SetupMigrationHandler ( return 0; } =20 + // + // Setup stack and pagetables for Migration Handler + // + mMigrationHandlerStackBase =3D (UINTN)AllocateAlignedRuntimePages (mMigr= ationHandlerStackSize, PAGE_TABLE_POOL_ALIGNMENT); + PrepareMigrationHandlerPageTables (); =20 // --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79524): https://edk2.groups.io/g/devel/message/79524 Mute This Topic: https://groups.io/mt/84982987/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79526+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79526+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321978; cv=none; d=zohomail.com; s=zohoarc; b=fubgCS5MdJqAACSzWCkBKLJVGsWgCq+4GGIMgOEMk6dyYWvkIRSlzJcdyfd6wUohuxlTvcl8FxEr2ckIpqlvqI4Wf+LCYTPOKnKPBWd6s92EanWlLWtsLJRsQULxM1V2KQ5U64dm8F7VDfdKozWr48YAM+QV8rsmlXeQVuXIQ9o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321978; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=DWXSQAsAbuyUiPf1txBVmuc8b18vk2QhQe6K4NI0PCY=; b=fbX4tlfs0UodvOh5ydzuSh3bv06V9vSfctaSu9M5gBoFMpRsKP68KBA/Z4jgHcbSd2ki4r3jvO7WBZDwWsn0d79jdrsrQLXGnpKplg7G0Ac+jZH6vCvnt6vJpbOFR8lga+r3pRKQI8nbn1aecHYiwoT373X0U1frk5iccop42OY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79526+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321978388658.0393525333235; Wed, 18 Aug 2021 14:26:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ze40YY1788612xVxWVG8SOfm; Wed, 18 Aug 2021 14:26:17 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web08.61151.1629321976882850922 for ; Wed, 18 Aug 2021 14:26:16 -0700 X-Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL2wqM092534; Wed, 18 Aug 2021 17:26:08 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agg0ajhm6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:26:08 -0400 X-Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17ILQ7X6164628; Wed, 18 Aug 2021 17:26:07 -0400 X-Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com with ESMTP id 3agg0ajgw7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:26:07 -0400 X-Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILHcl0022423; Wed, 18 Aug 2021 21:21:17 GMT X-Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma04wdc.us.ibm.com with ESMTP id 3ae5fdw6ap-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:17 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILLFLQ31261176 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:15 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 81E23BE04F; Wed, 18 Aug 2021 21:21:15 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6D283BE051; Wed, 18 Aug 2021 21:21:14 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:14 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 8/9] OvmfPkg/AmdSev: Add Migration Handler entry point Date: Wed, 18 Aug 2021 17:20:47 -0400 Message-Id: <20210818212048.162626-9-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: rWdZaIFeT6sLr3UevnZlJcD6sIL9KiAF X-Proofpoint-GUID: X3wUYLEyrSytI0FA5wO8QDqietySz4iK Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: Aetu1B8IZJxyercnkRko2495x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321977; bh=KzoRoYjlP0vOuPRi6NqdwhTSnlCpASpzqU6JoWtr5p0=; h=Date:From:Reply-To:Subject:To; b=etasCLIXNT9QGkOdsnDHCADROJjW+sEBniSmGEuX34Uje54l8h1gpgywFCeqzVZlH7Z 55at0LBdYhpwAxTwSCi2hNWmUYRx9pCyEBr1ij2E/PLZILHXO0WiGOCBmHOOnYAEUT+/j JimOFkfE/KszLwxlUrvx6aYIsyyqnGWk1Mk= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321979785100001 Content-Type: text/plain; charset="utf-8" The Migration Handler runs in the mirror VM. The MH is started directly by the hypervisor. SetupMigrationHandler runs in the main VM and sets up the migration entry point. The HV starts execution of the mirror vCPU at the entry point, which trampolines to MigrationHandlerMain Signed-off-by: Tobin Feldman-Fitzthum --- OvmfPkg/OvmfPkg.dec | 3 ++ OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++ .../ConfidentialMigrationDxe.inf | 2 + .../ConfidentialMigrationPei.inf | 2 + .../ConfidentialMigrationDxe.c | 48 +++++++++++++++++ .../ConfidentialMigrationPei.c | 6 +++ .../MigrationEntryPoint.nasm | 51 +++++++++++++++++++ 7 files changed, 115 insertions(+) create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoin= t.nasm diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 1252582c99..c6e07accf6 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -336,6 +336,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|0x0|UINT3= 2|0x4b gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize|0x0|UINT3= 2|0x4c =20 + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase|0x0|UINT32|= 0x4d + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntrySize|0x0|UINT32|= 0x4e + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index a8e296e641..8687fadfcc 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -74,6 +74,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefi= OvmfPkgTokenSpaceGuid.P 0x020000|0x003000 gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|gUefiOvmfPk= gTokenSpaceGuid.PcdConfidentialMigrationMailboxSize =20 +0x023000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase|gUefiOvmfPkgT= okenSpaceGuid.PcdConfidentialMigrationEntrySize + 0x120000|0x0E0000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.= PcdOvmfPeiMemFvSize FV =3D PEIFV diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf index 42875095fc..b879037586 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf @@ -16,6 +16,7 @@ [Sources] ConfidentialMigrationDxe.c VirtualMemory.h + MigrationEntryPoint.nasm =20 [Packages] MdePkg/MdePkg.dec @@ -31,6 +32,7 @@ gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase =20 [Depex] TRUE diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.= inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf index 918cf22abd..6233b82cc2 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf @@ -30,6 +30,8 @@ [FixedPcd] gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntrySize =20 [Depex] TRUE diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c index 2de35a7bb1..5e96206d17 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c @@ -38,11 +38,23 @@ typedef volatile struct { UINT32 Done; } MH_COMMAND_PARAMETERS; =20 +// +// Addresses to be used in the entry point +// +typedef struct { + UINT32 Cr3; + UINT64 StackBase; + UINT64 MhBase; +} ENTRY_ADDRS; + // // Offset for non-cbit mapping. // #define UNENC_VIRT_ADDR_BASE 0xffffff8000000000ULL =20 +void MigrationHandlerEntryPoint(void); +void MigrationHandlerEntryPoint64(void); + STATIC PAGE_TABLE_POOL *mPageTablePool =3D NULL; PHYSICAL_ADDRESS mMigrationHandlerPageTables =3D 0; PHYSICAL_ADDRESS mMigrationHandlerStackBase =3D 0; @@ -193,6 +205,16 @@ SetupMigrationHandler ( IN EFI_SYSTEM_TABLE *SystemTable ) { + UINT32 LongModeOffset; + UINT32 EntryAddrsOffset; + UINT32 GdtOffset; + IA32_DESCRIPTOR GdtPtr; + UINT64 EntryPoint; + ENTRY_ADDRS *EntryData; + + LongModeOffset =3D 0x200; + EntryAddrsOffset =3D 0x400; + GdtOffset =3D 0x600; =20 if (!PcdGetBool(PcdStartConfidentialMigrationHandler)) { return 0; @@ -205,6 +227,32 @@ SetupMigrationHandler ( =20 PrepareMigrationHandlerPageTables (); =20 + // + // Copy Migration Handler entry point to a known location. + // + EntryPoint =3D PcdGet32 (PcdConfidentialMigrationEntryBase); + CopyMem ((void *)EntryPoint, MigrationHandlerEntryPoint, 0x50); + + CopyMem ((void *)(EntryPoint + LongModeOffset), + MigrationHandlerEntryPoint64, 0x50); + + // + // Copy Migration Handler GDT to a known location. + // + AsmReadGdtr (&GdtPtr); + CopyMem ((void *)(EntryPoint + GdtOffset), (void *)GdtPtr.Base, + GdtPtr.Limit); + + // + // Populate entry point with address of page tables, stack, + // and MigrationHandlerMain + // + EntryData =3D (void *)(EntryPoint + EntryAddrsOffset); + + EntryData->Cr3 =3D mMigrationHandlerPageTables; + EntryData->StackBase =3D mMigrationHandlerStackBase; + EntryData->MhBase =3D (UINT64)MigrationHandlerMain; + // // If VM is migration target, wait until hypervisor modifies CPU state // and restarts execution. diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.= c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c index ce304bc07b..5371ef23a9 100644 --- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c +++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c @@ -21,5 +21,11 @@ InitializeConfidentialMigrationPei ( EfiRuntimeServicesData ); =20 + BuildMemoryAllocationHob ( + PcdGet32 (PcdConfidentialMigrationEntryBase), + PcdGet32 (PcdConfidentialMigrationEntrySize), + EfiRuntimeServicesData + ); + return EFI_SUCCESS; } diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm = b/OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm new file mode 100644 index 0000000000..9375771b88 --- /dev/null +++ b/OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm @@ -0,0 +1,51 @@ +; Entrypoint for Migration Handler + + DEFAULT REL + SECTION .text + +%define ENABLE_DEBUG 1 +%define X86_CR0_PG BIT31 +%define X86_EFER_LME BIT8 +%define X86_CR4_PAE BIT5 + +%define ENTRY_BASE FixedPcdGet32 (PcdConfidentialMigrationEntryBase) + +%define LONG_MODE_OFFSET 0x200; +%define ENTRY_ADDRS_OFFSET 0x400 +%define GDT_OFFSET 0x600 + +%define LONG_MODE_ADDR ENTRY_BASE + LONG_MODE_OFFSET +%define LINEAR_CODE64_SEL 0x38 + +BITS 32 + +global ASM_PFX(MigrationHandlerEntryPoint) +ASM_PFX(MigrationHandlerEntryPoint): + + ; CR3 + mov edi, [ENTRY_BASE + ENTRY_ADDRS_OFFSET] + mov cr3, edi + + ; EFER.LME + mov ecx, 0xc0000080 + rdmsr + bts eax, 8 + wrmsr + + ; CR0.PG + mov eax, cr0 + bts eax, 31 + mov cr0, eax + + ; Far jump to enter long mode + jmp LINEAR_CODE64_SEL:LONG_MODE_ADDR + +BITS 64 +global ASM_PFX(MigrationHandlerEntryPoint64) +ASM_PFX(MigrationHandlerEntryPoint64): + + ; RSP + mov rsp, [ENTRY_BASE + ENTRY_ADDRS_OFFSET + 0x8] + + ; Jump to MH + jmp [ENTRY_BASE + ENTRY_ADDRS_OFFSET + 0x10] --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79526): https://edk2.groups.io/g/devel/message/79526 Mute This Topic: https://groups.io/mt/84983099/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Tue Apr 23 16:12:41 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+79525+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79525+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1629321686; cv=none; d=zohomail.com; s=zohoarc; b=ZlceBHnd12cFy9Rd9Jt5V7A96Ew0pjlyr6FUmN8IyIN8z/Fe2DyJ3iqOqwmQG7dAP2GhSYn3P3C4uRGshJANPD5y27IbJiOE1hDyXqHc5QYBAs0iP4O1jT+mBlf/AovpEXEJKk19NCAz01/Ox34YssRF+sz9vAhFkHbwTEmip9Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1629321686; h=Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=duDapJEy6p0JXWigaDrIgtk8JE2UuF3BgrSTGlOrzas=; b=bqP2emeEowBTPb8WmvUNM018YQg0gUWIdOYUv4B3VjbusGK1q5o/Rep6wlEJr+BAf1PFFqoVphspEGv4Kud9U1CJMgr1yJBQMMbxuThQJlV7DcePDm9Qr+SRVIHJM0vgD+lZ3QoXzncHdvd/3ORsymTQE8RauZv/LdgP08UGDfU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+79525+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1629321686365482.7368264235579; Wed, 18 Aug 2021 14:21:26 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id GJvxYY1788612xRkuqDLc3d0; Wed, 18 Aug 2021 14:21:26 -0700 X-Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by mx.groups.io with SMTP id smtpd.web11.60780.1629321685346028647 for ; Wed, 18 Aug 2021 14:21:25 -0700 X-Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17IL34kE193862; Wed, 18 Aug 2021 17:21:20 -0400 X-Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ah56hg0y4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:20 -0400 X-Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 17ILBvmS039028; Wed, 18 Aug 2021 17:21:19 -0400 X-Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 3ah56hg0xr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 17:21:19 -0400 X-Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 17ILIOPp022468; Wed, 18 Aug 2021 21:21:18 GMT X-Received: from b03cxnp07027.gho.boulder.ibm.com (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14]) by ppma02wdc.us.ibm.com with ESMTP id 3ae5fe591h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Aug 2021 21:21:18 +0000 X-Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236]) by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 17ILLGr314745920 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Aug 2021 21:21:16 GMT X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B7246BE059; Wed, 18 Aug 2021 21:21:16 +0000 (GMT) X-Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A3DB2BE051; Wed, 18 Aug 2021 21:21:15 +0000 (GMT) X-Received: from amdrome1.watson.ibm.com (unknown [9.2.130.16]) by b03ledav005.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 18 Aug 2021 21:21:15 +0000 (GMT) From: "Tobin Feldman-Fitzthum" To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com, frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, dgilbert@redhat.com, srutherford@google.com, devel@edk2.groups.io, ard.biesheuvel@arm.com, jiewen.yao@intel.com Subject: [edk2-devel] [RFC PATCH 9/9] OvmfPkg/ResetVector: Expose Migration Handler Entry Addresses Date: Wed, 18 Aug 2021 17:20:48 -0400 Message-Id: <20210818212048.162626-10-tobin@linux.ibm.com> In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com> References: <20210818212048.162626-1-tobin@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: dEPqVn2caAmAV_gFfYjwBXKQGll7Fdb6 X-Proofpoint-GUID: 7G3vU1krPSmwMwlKUAlTE3rKOlFQQcgw Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,tobin@linux.ibm.com X-Gm-Message-State: TQ6kip8f58moi3Y5OUIWw46Vx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1629321686; bh=j67x332GZM7mMX2r3FSsT74ty3fM9VBeaz+bywt2R54=; h=Date:From:Reply-To:Subject:To; b=rCtq6fNaOIWLl2PzCtdPvtM30byK+1Bw+HwO0cixsdZrOxP1A27TfOPK05SHeb8xhFR Qn7Fo9NU3N28c8CAAShIuKP7uq/oPI6m5o7Pb4nUsjbLbkfWGoAMwdn4vC0iIG/2CM0ti A/S2nLDMAN3shGtrU6ONu10xr1rIQBRT9RI= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1629321686976100002 Content-Type: text/plain; charset="utf-8" Exposes the address of the Migration Handler entry point via a GUIDed struct. To support migration, the HV should find this struct and start one vCPU at the entry point address. Signed-off-by: Tobin Feldman-Fitzthum --- OvmfPkg/ResetVector/ResetVector.inf | 1 + OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 13 +++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 3 files changed, 15 insertions(+) diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index d028c92d8c..642757796c 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -49,3 +49,4 @@ gUefiOvmfPkgTokenSpaceGuid.PcdSevLaunchSecretSize gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableSize + gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm index 7ec3c6e980..fc38bd927d 100644 --- a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -86,6 +86,19 @@ sevSecretBlockStart: DB 0x80, 0x81, 0x12, 0x7C, 0x90, 0xD3, 0xD2, 0x94 sevSecretBlockEnd: =20 +; +; The IP of the migration handler. The hypervisor should start +; the mirror with this address. +; +; GUID =3D 5c7db037-ab87-4282-b33c-7894f01471ec +; +sevMigrationBlockStart: + DD SEV_MIGRATION_ENTRY_IP + DW sevMigrationBlockStart - sevMigrationBlockEnd + DB 0x5C, 0x7D, 0xB0, 0x37, 0x87, 0xAB, 0x82, 0x42 + DB 0xB3, 0x3C, 0x78, 0x94, 0xF0, 0x14, 0x71, 0xEC +sevMigrationBlockEnd: + ; ; SEV-ES Processor Reset support ; diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index acec46a324..344713bfbb 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -91,5 +91,6 @@ %define SEV_LAUNCH_SECRET_SIZE FixedPcdGet32 (PcdSevLaunchSecretSize) %define SEV_FW_HASH_BLOCK_BASE FixedPcdGet32 (PcdQemuHashTableBase) %define SEV_FW_HASH_BLOCK_SIZE FixedPcdGet32 (PcdQemuHashTableSize) + %define SEV_MIGRATION_ENTRY_IP FixedPcdGet32 (PcdConfidentialMigrationE= ntryBase) %include "Ia16/ResetVectorVtf0.asm" =20 --=20 2.20.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#79525): https://edk2.groups.io/g/devel/message/79525 Mute This Topic: https://groups.io/mt/84982990/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-