From nobody Mon Sep 16 19:33:00 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114629+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706307236788360.86425808440436; Fri, 26 Jan 2024 14:13:56 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=csIepQgrqL+2vPyaOWWli0HJ/KoXUwszQDo/+C22uv0=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307236; v=1; b=RQN0QttPEJ7lN5iiTKqDzA7fssvwdiTQexB1xiUcys3itLLH9wjYtgSIiwLuqqS+6IKwMsmQ uPQ3dq3cHxuBJhzGjIxROlxj816WdWLSvuhdNgocUWTmRsqc6oohTSl8/G6+zbQyM4wwd0iS8on 7YNfSt7EcF/FcmM0y2V+0Oz4= X-Received: by 127.0.0.2 with SMTP id NAD1YY1788612x5SaXIfYLp4; Fri, 26 Jan 2024 14:13:56 -0800 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.60]) by mx.groups.io with SMTP id smtpd.web11.2937.1706307235783362939 for ; Fri, 26 Jan 2024 14:13:55 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=J3cVFH/dVKUnemQB+A+hZKx8z3HllbaoNukar5C6vAnCcMO5qqF6Xn4cDoofA5r/pAwTrJT4BsqEMSO2xFn8f0TbQUmK1qdELnSSMkdWkPyOUGhJwrz/YxzMc3qKcxrtBB5eaMrAbMLh7EaWlmul4HntnLFrISoKvxRK82IWv0wXfL9yAj23TNExWj5FEdd5hSI7Y6iXm/Y6l93D2lXOk4sS5HXjo50uQfZ+YdeGZKSaFYSk7+RK7FOrFhAJ3lAvKTMtHxSY9vIV6A4+az1xwRY+tnrNEtazIiXq12M17T57b0wHLjW/bfwRFXLkcm777VbhrQVOQN13JkxmPXPxkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vsUwip5R/THu1l2vEm7Blrc/xu5q/TaivivI++r2C+Q=; b=R9gh6V0MZ/2eORRtEnW8q/IWuojCh3EEpHLG9APxEEtpLpIVPRLy54ioRe+GlY7arVKWLgUD2tGlTA8C78eMbU9PWew4p3cgXwsRdUSU2rAEv4vhvJMsDx44fVKTrIsMLFJ/YORxqaY4EctxIy9gIp+PD9TBgEzFv0gJaiwWKnC5fgCMJFpxKsjrh0lHnBLfeSFub9+5sHi9ehiG6nTaP+lHnT8bYMp0jyYduJ5aV9Mdl+LldU4OwO4bVMHe+Ajv6bJ9mCBDCQwxbB/CEE4WGt7qtIRyihNDghk+9QDXGAIr9gftGqveVHYjQfHv0rqFXONWcwWUjXgy1JVVoUiuwQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from CY5PR13CA0011.namprd13.prod.outlook.com (2603:10b6:930::16) by BL1PR12MB5947.namprd12.prod.outlook.com (2603:10b6:208:39a::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 22:13:52 +0000 X-Received: from CY4PEPF0000E9CD.namprd03.prod.outlook.com (2603:10b6:930:0:cafe::7b) by CY5PR13CA0011.outlook.office365.com (2603:10b6:930::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.15 via Frontend Transport; Fri, 26 Jan 2024 22:13:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114629+1787277+3901457@groups.io; helo=mail02.groups.io; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9CD.mail.protection.outlook.com (10.167.241.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:13:52 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:13:50 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 03/16] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Date: Fri, 26 Jan 2024 16:13:02 -0600 Message-ID: <38bd6d829d25b89d416fa0f40eb5cc4487a0290f.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9CD:EE_|BL1PR12MB5947:EE_ X-MS-Office365-Filtering-Correlation-Id: 9ee22e62-10ce-47c2-ffd3-08dc1ebc1463 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: 2Yi9qhNqy16waTeiZg2QorNScUIqT8PXVmm2WJyxrcOM2DWoDbxvykbTRNfyEXEB3fgx2CQNOe8oYqLuSu15oUhGPA713AnqjF2QQ3Cvmfo80LLMH13by38770fsSitV3Iy+QKxKVGXb5eq0xOev6FqRpeK6Mm683PHixsLqbxwwDDz6SEWWi4YlWcLei4KKi2EcFyP62Fba55CvlkgnoRJf2EdtYSqcRZnJOqDw8QMuKzFNMCjh6hKcP1kpy4UKlsVM8HsSuF2z8bbGHilJ9UzYfMeH3uauQmsbTclqGtIbRA5kRkJqoRFqUbcaEROXhRd+M92ITh/qSuC8ifAHu70EPR+px8DqeGG2JwMIMn3OEv2hdDbHLZwf42T//u6V62ugbrXbVDa8aZeTxjEm3OeiUaZ/RvNMY+TUfSSDbH6nYgVhCVkHzF9v3ZqGWtP7iNqd+coPPqZkUKA303pUz8y/38gXobbUcBKY+7kiWtzQHnalOWcUeB0jpRGcQ2NFef/al5QRwg4dqQ+XpFOuZmN8fdxKscOXfU+zIZdn8/CxsVOvQ6SqFXO2ZcLY+jfrOqL8rMht4OEt3Df/CklVQcLGajENw0/k2U6XO43rjU7fxWh+yGcxcvPpEoOYhdiNYiEUb9X17B19m0/9piV2kuj2K3qlaxzCEeMZU4ao1jQjsmGWCBYTx1+VsCHt7dh7Kq0yLhS5jxkMxDLJYt146p6ojJZ/q+7NfGoS2ozZ+Ll3kvSrb87swvxnmLNS1y84xmYheBlqj1pWAgZpKOhrvA== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:13:52.3456 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9ee22e62-10ce-47c2-ffd3-08dc1ebc1463 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9CD.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5947 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: wq5o5mj4LajLgzoTt7WKeTaNx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706307237518100001 Content-Type: text/plain; charset="utf-8" BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The SVSM specification relies on a specific register calling convention to hold the parameters that are associated with the SVSM request. The SVSM is invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest using the GHCB MSR Protocol or a GHCB NAE event. Create a new version of the VMGEXIT instruction that will adhere to this calling convention and load the SVSM function arguments into the proper register before invoking the VMGEXIT instruction. On return, perform the atomic exchange on the SVSM call pending value as specified in the SVSM specification. Signed-off-by: Tom Lendacky --- MdePkg/Library/BaseLib/BaseLib.inf | 2 + MdePkg/Include/Library/BaseLib.h | 39 ++++++++ MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++++++++ MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++++++++++++++++++ 4 files changed, 174 insertions(+) diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/Ba= seLib.inf index 6b46949be332..2b3d9af36706 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -187,6 +187,7 @@ [Sources.Ia32] Ia32/XGetBv.nasm Ia32/XSetBv.nasm Ia32/VmgExit.nasm + Ia32/VmgExitSvsm.nasm =20 Ia32/DivS64x64Remainder.c Ia32/InternalSwitchStack.c | MSFT @@ -328,6 +329,7 @@ [Sources.X64] X64/XGetBv.nasm X64/XSetBv.nasm X64/VmgExit.nasm + X64/VmgExitSvsm.nasm ChkStkGcc.c | GCC =20 [Sources.EBC] diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base= Lib.h index ca0d06c7f335..149519d85233 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -7655,6 +7655,45 @@ AsmVmgExit ( VOID ); =20 +/// +/// The structure used to supply and return data to and from the SVSM. +/// +typedef struct { + VOID *Caa; + UINT64 RaxIn; + UINT64 RcxIn; + UINT64 RdxIn; + UINT64 R8In; + UINT64 R9In; + UINT64 RaxOut; + UINT64 RcxOut; + UINT64 RdxOut; + UINT64 R8Out; + UINT64 R9Out; + UINT8 *CallPending; +} SVSM_CALL_DATA; + +/** + Executes a VMGEXIT instruction (VMMCALL with a REP prefix) with arguments + and return code + + Executes a VMGEXIT instruction placing the specified arguments in the + corresponding registers before invocation. Upon return an XCHG is done to + atomically clear and retrieve the SVSM call pending value. The returned = RAX + register value becomes the function return code. This function is intend= ed + for use with an SVSM. This function is only available on IA-32 and x64. + + @param[in,out] SvsmCallPending Pointer to the location of the SVSM cal= l data + + @return Value of the RAX register on return + +**/ +UINT32 +EFIAPI +AsmVmgExitSvsm ( + IN OUT SVSM_CALL_DATA *SvsmCallData + ); + /** Patch the immediate operand of an IA32 or X64 instruction such that the = byte, word, dword or qword operand is encoded at the end of the instruction's diff --git a/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm b/MdePkg/Library/= BaseLib/Ia32/VmgExitSvsm.nasm new file mode 100644 index 000000000000..14717bd1af02 --- /dev/null +++ b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm @@ -0,0 +1,39 @@ +;-------------------------------------------------------------------------= ----- +; +; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Module Name: +; +; VmgExitSvsm.Asm +; +; Abstract: +; +; AsmVmgExitSvsm function +; +; Notes: +; +;-------------------------------------------------------------------------= ----- + + DEFAULT REL + SECTION .text + +;-------------------------------------------------------------------------= ----- +; UINT32 +; EFIAPI +; AsmVmgExitSvsm ( +; SVSM_CALL_DATA *SvsmCallData +; ); +;-------------------------------------------------------------------------= ----- +global ASM_PFX(AsmVmgExitSvsm) +ASM_PFX(AsmVmgExitSvsm): +; +; NASM doesn't support the vmmcall instruction in 32-bit mode and NASM ver= sions +; before 2.12 cannot translate the 64-bit "rep vmmcall" instruction into e= lf32 +; format. Given that VMGEXIT does not make sense on IA32, provide a stub +; implementation that is identical to CpuBreakpoint(). In practice, +; AsmVmgExitSvsm() should never be called on IA32. +; + int 3 + ret + diff --git a/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm b/MdePkg/Library/B= aseLib/X64/VmgExitSvsm.nasm new file mode 100644 index 000000000000..b8af78890611 --- /dev/null +++ b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm @@ -0,0 +1,94 @@ +;-------------------------------------------------------------------------= ----- +; +; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.
+; SPDX-License-Identifier: BSD-2-Clause-Patent +; +; Module Name: +; +; VmgExitSvsm.Asm +; +; Abstract: +; +; AsmVmgExitSvsm function +; +; Notes: +; +;-------------------------------------------------------------------------= ----- + + DEFAULT REL + SECTION .text + +;-------------------------------------------------------------------------= ----- +; typedef struct { +; VOID *Caa; +; UINT64 RaxIn; +; UINT64 RcxIn; +; UINT64 RdxIn; +; UINT64 R8In; +; UINT64 R9In; +; UINT64 RaxOut; +; UINT64 RcxOut; +; UINT64 RdxOut; +; UINT64 R8Out; +; UINT64 R9Out; +; UINT8 *CallPending; +; } SVSM_CALL_DATA; +; +; UINT32 +; EFIAPI +; AsmVmgExitSvsm ( +; SVSM_CALL_DATA *SvsmCallData +; ); +;-------------------------------------------------------------------------= ----- +global ASM_PFX(AsmVmgExitSvsm) +ASM_PFX(AsmVmgExitSvsm): + push r10 + push r11 + push r12 + +; +; Calling convention has SvsmCallData in RCX. Move RCX to R12 in order to +; properly populate the SVSM register state. +; + mov r12, rcx + + mov rax, [r12 + 8] + mov rcx, [r12 + 16] + mov rdx, [r12 + 24] + mov r8, [r12 + 32] + mov r9, [r12 + 40] + +; +; Set CA call pending +; + mov r10, [r12] + mov byte [r10], 1 + + rep vmmcall + + mov [r12 + 48], rax + mov [r12 + 56], rcx + mov [r12 + 64], rdx + mov [r12 + 72], r8 + mov [r12 + 80], r9 + +; +; Perform the atomic exchange and return the CA call pending value. +; The call pending value is a one-byte field at offset 0 into the CA, +; which is currently the value in R10. +; + + mov r11, [r12 + 88] ; Get CallPending address + mov cl, byte [r11] + xchg byte [r10], cl + mov byte [r11], cl ; Return the exchanged value + + pop r12 + pop r11 + pop r10 + +; +; RAX has the value to be returned from the SVSM +; + ret + --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114629): https://edk2.groups.io/g/devel/message/114629 Mute This Topic: https://groups.io/mt/103986440/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-