From nobody Mon Feb 9 01:49:05 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86768+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86768+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1645271847; cv=none; d=zohomail.com; s=zohoarc; b=bCsdY7cEU9qklmBVg45uOHlyiI8pG0OeC33FVPnB4SOabGnF8PBDKmO/HEStRepj/b3FKaXE3FufV4RwgIm6HnriDiQBN9rfKHwQTaQuPuELDDqzNZAyD4vqlrmwCtpPCPeBz8O/cK2uj4GbpKFqYsZnACe1MSyMqdG6f0DCn18= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1645271847; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/bsWCQkkJR7yrLpxdMHZ63mJmLp+KSHuY8PUMJmDZ8M=; b=SQG2DDd8FnktYBJRYJvqv1GfL7WVKcwb/8cQbggr/toOZ3bJUa8L7WCV4IHpDgaVMAqGpMjxxkXBEXnWLUxTMeAdlvBBBZRq7Yf18veXRb1eWEIZdDy5qsA9IsDV646hSC0FsUGJnBLIuB/fPuRRRI4uswQeZtIXZxSMUgOtHuE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86768+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1645271847070641.2920594791209; Sat, 19 Feb 2022 03:57:27 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 2rn7YY1788612xAPIAUOCTZI; Sat, 19 Feb 2022 03:57:26 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web08.9091.1645271832752102625 for ; Sat, 19 Feb 2022 03:57:26 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10262"; a="231915202" X-IronPort-AV: E=Sophos;i="5.88,381,1635231600"; d="scan'208";a="231915202" X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Feb 2022 03:57:25 -0800 X-IronPort-AV: E=Sophos;i="5.88,381,1635231600"; d="scan'208";a="546690960" X-Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.175.253]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Feb 2022 03:57:23 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Ard Biesheuvel , Jiewen Yao , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Tom Lendacky , Gerd Hoffmann Subject: [edk2-devel] [PATCH V6 05/42] OvmfPkg: Extend VmgExitLib to handle #VE exception Date: Sat, 19 Feb 2022 19:56:18 +0800 Message-Id: <6c5596ef1617b9d6b6beddae62490d2b77e559c2.1645261990.git.min.m.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com X-Gm-Message-State: dJjxsIVDaL0w0ELWEtfk8qQxx1787277AA= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1645271846; bh=IxfTnRiiIE7X7/E/ys8SYYSmPLpm7v9hjFX6EMHq8yM=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=aWfO8tfgZRwnP8o/RgXke0Y0xyOZsxcFthrhIdbMQNHspOcTcwDImS3TpCFAGeRSdoc /+dkN89Oo47aD2mqYjpHTdBPGOyqhdallJoNZ8zuvvGyFfb/dp8Qk/0DMwC0S1gM+9FZQ 1pvZ9yDKXB0ReC7vWUohIsTaiN+txv2Bsy8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1645271847640100007 RFC=EF=BC=9A https://bugzilla.tianocore.org/show_bug.cgi?id=3D3429 The base VmgExitLib library provides a default limited interface to handle #VE exception. To provide full support, the OVMF version of VmgExitLib is extended to provide full support of #VE handler. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Cc: Gerd Hoffmann Acked-by: Gerd Hoffmann Signed-off-by: Min Xu --- OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 3 +- OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h | 32 + .../Library/VmgExitLib/VmTdExitVeHandler.c | 559 ++++++++++++++++++ OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 2 + .../Library/VmgExitLib/X64/TdVmcallCpuid.nasm | 146 +++++ 5 files changed, 741 insertions(+), 1 deletion(-) create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h create mode 100644 OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c create mode 100644 OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm diff --git a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf b/OvmfPkg/Library= /VmgExitLib/SecVmgExitLib.inf index 78207fa0f9c9..f9bd4974f6dc 100644 --- a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf +++ b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf @@ -25,6 +25,8 @@ VmgExitVcHandler.c VmgExitVcHandler.h SecVmgExitVcHandler.c + VmTdExitVeHandler.c + X64/TdVmcallCpuid.nasm =20 [Packages] MdePkg/MdePkg.dec @@ -44,4 +46,3 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCpuidSize - diff --git a/OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h b/OvmfPkg/Library= /VmgExitLib/VmTdExitHandler.h new file mode 100644 index 000000000000..7eacd0872f46 --- /dev/null +++ b/OvmfPkg/Library/VmgExitLib/VmTdExitHandler.h @@ -0,0 +1,32 @@ +/** @file + + Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef VMTD_EXIT_HANDLER_H_ +#define VMTD_EXIT_HANDLER_H_ + +#include +#include + +/** + This function enable the TD guest to request the VMM to emulate CPUID + operation, especially for non-architectural, CPUID leaves. + + @param[in] Eax Main leaf of the CPUID + @param[in] Ecx Sub-leaf of the CPUID + @param[out] Results Returned result of CPUID operation + + @return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TdVmCallCpuid ( + IN UINT64 Eax, + IN UINT64 Ecx, + OUT VOID *Results + ); + +#endif diff --git a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c b/OvmfPkg/Libra= ry/VmgExitLib/VmTdExitVeHandler.c new file mode 100644 index 000000000000..b73e877c093b --- /dev/null +++ b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c @@ -0,0 +1,559 @@ +/** @file + + Copyright (c) 2021, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include "VmTdExitHandler.h" +#include +#include +#include +#include + +typedef union { + struct { + UINT32 Eax; + UINT32 Edx; + } Regs; + UINT64 Val; +} MSR_DATA; + +typedef union { + UINT8 Val; + struct { + UINT8 B : 1; + UINT8 X : 1; + UINT8 R : 1; + UINT8 W : 1; + } Bits; +} REX; + +typedef union { + UINT8 Val; + struct { + UINT8 Rm : 3; + UINT8 Reg : 3; + UINT8 Mod : 2; + } Bits; +} MODRM; + +typedef struct { + UINT64 Regs[4]; +} CPUID_DATA; + +/** + Handle an CPUID event. + + Use the TDVMCALL instruction to handle cpuid #ve + + @param[in, out] Regs x64 processor context + @param[in] Veinfo VE Info + + @retval 0 Event handled successfully + @return New exception value to propagate +**/ +STATIC +UINT64 +EFIAPI +CpuIdExit ( + IN EFI_SYSTEM_CONTEXT_X64 *Regs, + IN TDCALL_VEINFO_RETURN_DATA *Veinfo + ) +{ + CPUID_DATA CpuIdData; + UINT64 Status; + + Status =3D TdVmCallCpuid (Regs->Rax, Regs->Rcx, &CpuIdData); + + if (Status =3D=3D 0) { + Regs->Rax =3D CpuIdData.Regs[0]; + Regs->Rbx =3D CpuIdData.Regs[1]; + Regs->Rcx =3D CpuIdData.Regs[2]; + Regs->Rdx =3D CpuIdData.Regs[3]; + } + + return Status; +} + +/** + Handle an IO event. + + Use the TDVMCALL instruction to handle either an IO read or an IO write. + + @param[in, out] Regs x64 processor context + @param[in] Veinfo VE Info + + @retval 0 Event handled successfully + @return New exception value to propagate +**/ +STATIC +UINT64 +EFIAPI +IoExit ( + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, + IN TDCALL_VEINFO_RETURN_DATA *Veinfo + ) +{ + BOOLEAN Write; + UINTN Size; + UINTN Port; + UINT64 Val; + UINT64 RepCnt; + UINT64 Status; + + Val =3D 0; + Write =3D Veinfo->ExitQualification.Io.Direction ? FALSE : TRUE; + Size =3D Veinfo->ExitQualification.Io.Size + 1; + Port =3D Veinfo->ExitQualification.Io.Port; + + if (Veinfo->ExitQualification.Io.String) { + // + // If REP is set, get rep-cnt from Rcx + // + RepCnt =3D Veinfo->ExitQualification.Io.Rep ? Regs->Rcx : 1; + + while (RepCnt) { + Val =3D 0; + if (Write =3D=3D TRUE) { + CopyMem (&Val, (VOID *)Regs->Rsi, Size); + Regs->Rsi +=3D Size; + } + + Status =3D TdVmCall (EXIT_REASON_IO_INSTRUCTION, Size, Write, Port, = Val, (Write ? NULL : &Val)); + if (Status !=3D 0) { + break; + } + + if (Write =3D=3D FALSE) { + CopyMem ((VOID *)Regs->Rdi, &Val, Size); + Regs->Rdi +=3D Size; + } + + if (Veinfo->ExitQualification.Io.Rep) { + Regs->Rcx -=3D 1; + } + + RepCnt -=3D 1; + } + } else { + if (Write =3D=3D TRUE) { + CopyMem (&Val, (VOID *)&Regs->Rax, Size); + } + + Status =3D TdVmCall (EXIT_REASON_IO_INSTRUCTION, Size, Write, Port, Va= l, (Write ? NULL : &Val)); + if ((Status =3D=3D 0) && (Write =3D=3D FALSE)) { + CopyMem ((VOID *)&Regs->Rax, &Val, Size); + } + } + + return Status; +} + +/** + Handle an READ MSR event. + + Use the TDVMCALL instruction to handle msr read + + @param[in, out] Regs x64 processor context + @param[in] Veinfo VE Info + + @retval 0 Event handled successfully + @return New exception value to propagate +**/ +STATIC +UINT64 +ReadMsrExit ( + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, + IN TDCALL_VEINFO_RETURN_DATA *Veinfo + ) +{ + MSR_DATA Data; + UINT64 Status; + + Status =3D TdVmCall (EXIT_REASON_MSR_READ, Regs->Rcx, 0, 0, 0, &Data); + if (Status =3D=3D 0) { + Regs->Rax =3D Data.Regs.Eax; + Regs->Rdx =3D Data.Regs.Edx; + } + + return Status; +} + +/** + Handle an WRITE MSR event. + + Use the TDVMCALL instruction to handle msr write + + @param[in, out] Regs x64 processor context + @param[in] Veinfo VE Info + + @retval 0 Event handled successfully + @return New exception value to propagate +**/ +STATIC +UINT64 +WriteMsrExit ( + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, + IN TDCALL_VEINFO_RETURN_DATA *Veinfo + ) +{ + UINT64 Status; + MSR_DATA Data; + + Data.Regs.Eax =3D (UINT32)Regs->Rax; + Data.Regs.Edx =3D (UINT32)Regs->Rdx; + + Status =3D TdVmCall (EXIT_REASON_MSR_WRITE, Regs->Rcx, Data.Val, 0, 0, = NULL); + + return Status; +} + +STATIC +VOID +EFIAPI +TdxDecodeInstruction ( + IN UINT8 *Rip + ) +{ + UINTN i; + + DEBUG ((DEBUG_INFO, "TDX: #TD[EPT] instruction (%p):", Rip)); + for (i =3D 0; i < 15; i++) { + DEBUG ((DEBUG_INFO, "%02x:", Rip[i])); + } + + DEBUG ((DEBUG_INFO, "\n")); +} + +#define TDX_DECODER_BUG_ON(x) \ + if ((x)) { \ + TdxDecodeInstruction(Rip); \ + TdVmCall(TDVMCALL_HALT, 0, 0, 0, 0, 0); \ + } + +STATIC +UINT64 * +EFIAPI +GetRegFromContext ( + IN EFI_SYSTEM_CONTEXT_X64 *Regs, + IN UINTN RegIndex + ) +{ + switch (RegIndex) { + case 0: return &Regs->Rax; + break; + case 1: return &Regs->Rcx; + break; + case 2: return &Regs->Rdx; + break; + case 3: return &Regs->Rbx; + break; + case 4: return &Regs->Rsp; + break; + case 5: return &Regs->Rbp; + break; + case 6: return &Regs->Rsi; + break; + case 7: return &Regs->Rdi; + break; + case 8: return &Regs->R8; + break; + case 9: return &Regs->R9; + break; + case 10: return &Regs->R10; + break; + case 11: return &Regs->R11; + break; + case 12: return &Regs->R12; + break; + case 13: return &Regs->R13; + break; + case 14: return &Regs->R14; + break; + case 15: return &Regs->R15; + break; + } + + return NULL; +} + +/** + Handle an MMIO event. + + Use the TDVMCALL instruction to handle either an mmio read or an mmio wr= ite. + + @param[in, out] Regs x64 processor context + @param[in] Veinfo VE Info + + @retval 0 Event handled successfully + @return New exception value to propagate +**/ +STATIC +INTN +EFIAPI +MmioExit ( + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, + IN TDCALL_VEINFO_RETURN_DATA *Veinfo + ) +{ + UINT64 Status; + UINT32 MmioSize; + UINT32 RegSize; + UINT8 OpCode; + BOOLEAN SeenRex; + UINT64 *Reg; + UINT8 *Rip; + UINT64 Val; + UINT32 OpSize; + MODRM ModRm; + REX Rex; + + Rip =3D (UINT8 *)Regs->Rip; + Val =3D 0; + Rex.Val =3D 0; + SeenRex =3D FALSE; + + // + // Default to 32bit transfer + // + OpSize =3D 4; + + do { + OpCode =3D *Rip++; + if (OpCode =3D=3D 0x66) { + OpSize =3D 2; + } else if ((OpCode =3D=3D 0x64) || (OpCode =3D=3D 0x65) || (OpCode =3D= =3D 0x67)) { + continue; + } else if ((OpCode >=3D 0x40) && (OpCode <=3D 0x4f)) { + SeenRex =3D TRUE; + Rex.Val =3D OpCode; + } else { + break; + } + } while (TRUE); + + // + // We need to have at least 2 more bytes for this instruction + // + TDX_DECODER_BUG_ON (((UINT64)Rip - Regs->Rip) > 13); + + OpCode =3D *Rip++; + // + // Two-byte opecode, get next byte + // + if (OpCode =3D=3D 0x0F) { + OpCode =3D *Rip++; + } + + switch (OpCode) { + case 0x88: + case 0x8A: + case 0xB6: + MmioSize =3D 1; + break; + case 0xB7: + MmioSize =3D 2; + break; + default: + MmioSize =3D Rex.Bits.W ? 8 : OpSize; + break; + } + + /* Punt on AH/BH/CH/DH unless it shows up. */ + ModRm.Val =3D *Rip++; + TDX_DECODER_BUG_ON (MmioSize =3D=3D 1 && ModRm.Bits.Reg > 4 && !SeenRex = && OpCode !=3D 0xB6); + Reg =3D GetRegFromContext (Regs, ModRm.Bits.Reg | ((int)Rex.Bits.R << 3)= ); + TDX_DECODER_BUG_ON (!Reg); + + if (ModRm.Bits.Rm =3D=3D 4) { + ++Rip; /* SIB byte */ + } + + if ((ModRm.Bits.Mod =3D=3D 2) || ((ModRm.Bits.Mod =3D=3D 0) && (ModRm.Bi= ts.Rm =3D=3D 5))) { + Rip +=3D 4; /* DISP32 */ + } else if (ModRm.Bits.Mod =3D=3D 1) { + ++Rip; /* DISP8 */ + } + + switch (OpCode) { + case 0x88: + case 0x89: + CopyMem ((void *)&Val, Reg, MmioSize); + Status =3D TdVmCall (TDVMCALL_MMIO, MmioSize, 1, Veinfo->GuestPA, Va= l, 0); + break; + case 0xC7: + CopyMem ((void *)&Val, Rip, OpSize); + Status =3D TdVmCall (TDVMCALL_MMIO, MmioSize, 1, Veinfo->GuestPA, Va= l, 0); + Rip +=3D OpSize; + default: + // + // 32-bit write registers are zero extended to the full register + // Hence 'MOVZX r[32/64], r/m16' is + // hardcoded to reg size 8, and the straight MOV case has a reg + // size of 8 in the 32-bit read case. + // + switch (OpCode) { + case 0xB6: + RegSize =3D Rex.Bits.W ? 8 : OpSize; + break; + case 0xB7: + RegSize =3D 8; + break; + default: + RegSize =3D MmioSize =3D=3D 4 ? 8 : MmioSize; + break; + } + + Status =3D TdVmCall (TDVMCALL_MMIO, MmioSize, 0, Veinfo->GuestPA, 0,= &Val); + if (Status =3D=3D 0) { + ZeroMem (Reg, RegSize); + CopyMem (Reg, (void *)&Val, MmioSize); + } + } + + if (Status =3D=3D 0) { + TDX_DECODER_BUG_ON (((UINT64)Rip - Regs->Rip) > 15); + + // + // We change instruction length to reflect true size so handler can + // bump rip + // + Veinfo->ExitInstructionLength =3D (UINT32)((UINT64)Rip - Regs->Rip); + } + + return Status; +} + +/** + Handle a #VE exception. + + Performs the necessary processing to handle a #VE exception. + + @param[in, out] ExceptionType Pointer to an EFI_EXCEPTION_TYPE to be s= et + as value to use on error. + @param[in, out] SystemContext Pointer to EFI_SYSTEM_CONTEXT + + @retval EFI_SUCCESS Exception handled + @retval EFI_UNSUPPORTED #VE not supported, (new) exception value= to + propagate provided + @retval EFI_PROTOCOL_ERROR #VE handling failed, (new) exception val= ue to + propagate provided + +**/ +EFI_STATUS +EFIAPI +VmTdExitHandleVe ( + IN OUT EFI_EXCEPTION_TYPE *ExceptionType, + IN OUT EFI_SYSTEM_CONTEXT SystemContext + ) +{ + UINT64 Status; + TD_RETURN_DATA ReturnData; + EFI_SYSTEM_CONTEXT_X64 *Regs; + + Regs =3D SystemContext.SystemContextX64; + Status =3D TdCall (TDCALL_TDGETVEINFO, 0, 0, 0, &ReturnData); + ASSERT (Status =3D=3D 0); + if (Status !=3D 0) { + DEBUG ((DEBUG_ERROR, "#VE happened. TDGETVEINFO failed with Status =3D= 0x%llx\n", Status)); + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + + switch (ReturnData.VeInfo.ExitReason) { + case EXIT_REASON_CPUID: + Status =3D CpuIdExit (Regs, &ReturnData.VeInfo); + DEBUG (( + DEBUG_VERBOSE, + "CPUID #VE happened, ExitReasion is %d, ExitQualification =3D 0x%x= .\n", + ReturnData.VeInfo.ExitReason, + ReturnData.VeInfo.ExitQualification.Val + )); + break; + + case EXIT_REASON_HLT: + Status =3D TdVmCall (EXIT_REASON_HLT, 0, 0, 0, 0, 0); + break; + + case EXIT_REASON_IO_INSTRUCTION: + Status =3D IoExit (Regs, &ReturnData.VeInfo); + DEBUG (( + DEBUG_VERBOSE, + "IO_Instruction #VE happened, ExitReasion is %d, ExitQualification= =3D 0x%x.\n", + ReturnData.VeInfo.ExitReason, + ReturnData.VeInfo.ExitQualification.Val + )); + break; + + case EXIT_REASON_MSR_READ: + Status =3D ReadMsrExit (Regs, &ReturnData.VeInfo); + DEBUG (( + DEBUG_VERBOSE, + "RDMSR #VE happened, ExitReasion is %d, ExitQualification =3D 0x%x= . Regs->Rcx=3D0x%llx, Status =3D 0x%llx\n", + ReturnData.VeInfo.ExitReason, + ReturnData.VeInfo.ExitQualification.Val, + Regs->Rcx, + Status + )); + break; + + case EXIT_REASON_MSR_WRITE: + Status =3D WriteMsrExit (Regs, &ReturnData.VeInfo); + DEBUG (( + DEBUG_VERBOSE, + "WRMSR #VE happened, ExitReasion is %d, ExitQualification =3D 0x%x= . Regs->Rcx=3D0x%llx, Status =3D 0x%llx\n", + ReturnData.VeInfo.ExitReason, + ReturnData.VeInfo.ExitQualification.Val, + Regs->Rcx, + Status + )); + break; + + case EXIT_REASON_EPT_VIOLATION: + Status =3D MmioExit (Regs, &ReturnData.VeInfo); + DEBUG (( + DEBUG_VERBOSE, + "MMIO #VE happened, ExitReasion is %d, ExitQualification =3D 0x%x.= \n", + ReturnData.VeInfo.ExitReason, + ReturnData.VeInfo.ExitQualification.Val + )); + break; + + case EXIT_REASON_VMCALL: + case EXIT_REASON_MWAIT_INSTRUCTION: + case EXIT_REASON_MONITOR_INSTRUCTION: + case EXIT_REASON_WBINVD: + case EXIT_REASON_RDPMC: + /* Handle as nops. */ + break; + + default: + DEBUG (( + DEBUG_ERROR, + "Unsupported #VE happened, ExitReason is %d, ExitQualification =3D= 0x%x.\n", + ReturnData.VeInfo.ExitReason, + ReturnData.VeInfo.ExitQualification.Val + )); + + ASSERT (FALSE); + CpuDeadLoop (); + } + + if (Status) { + DEBUG (( + DEBUG_ERROR, + "#VE Error (0x%llx) returned from host, ExitReason is %d, ExitQualif= ication =3D 0x%x.\n", + Status, + ReturnData.VeInfo.ExitReason, + ReturnData.VeInfo.ExitQualification.Val + )); + + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + + SystemContext.SystemContextX64->Rip +=3D ReturnData.VeInfo.ExitInstructi= onLength; + return EFI_SUCCESS; +} diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf b/OvmfPkg/Library/Vm= gExitLib/VmgExitLib.inf index 7963670e7d30..255b0c1a2f7f 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf @@ -25,6 +25,8 @@ VmgExitVcHandler.c VmgExitVcHandler.h PeiDxeVmgExitVcHandler.c + VmTdExitVeHandler.c + X64/TdVmcallCpuid.nasm =20 [Packages] MdePkg/MdePkg.dec diff --git a/OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm b/OvmfPkg/Li= brary/VmgExitLib/X64/TdVmcallCpuid.nasm new file mode 100644 index 000000000000..fa86440904fe --- /dev/null +++ b/OvmfPkg/Library/VmgExitLib/X64/TdVmcallCpuid.nasm @@ -0,0 +1,146 @@ +;-------------------------------------------------------------------------= ----- +;* +;* Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+;* SPDX-License-Identifier: BSD-2-Clause-Patent +;* +;* +;-------------------------------------------------------------------------= ----- + +DEFAULT REL +SECTION .text + +%define TDVMCALL_EXPOSE_REGS_MASK 0xffec +%define TDVMCALL 0x0 +%define EXIT_REASON_CPUID 0xa + +%macro tdcall 0 + db 0x66,0x0f,0x01,0xcc +%endmacro + +%macro tdcall_push_regs 0 + push rbp + mov rbp, rsp + push r15 + push r14 + push r13 + push r12 + push rbx + push rsi + push rdi +%endmacro + +%macro tdcall_pop_regs 0 + pop rdi + pop rsi + pop rbx + pop r12 + pop r13 + pop r14 + pop r15 + pop rbp +%endmacro + +%define number_of_regs_pushed 8 +%define number_of_parameters 4 + +; +; Keep these in sync for push_regs/pop_regs, code below +; uses them to find 5th or greater parameters +; +%define first_variable_on_stack_offset \ + ((number_of_regs_pushed * 8) + (number_of_parameters * 8) + 8) +%define second_variable_on_stack_offset \ + ((first_variable_on_stack_offset) + 8) + +%macro tdcall_regs_preamble 2 + mov rax, %1 + + xor rcx, rcx + mov ecx, %2 + + ; R10 =3D 0 (standard TDVMCALL) + + xor r10d, r10d + + ; Zero out unused (for standard TDVMCALL) registers to avoid leaking + ; secrets to the VMM. + + xor ebx, ebx + xor esi, esi + xor edi, edi + + xor edx, edx + xor ebp, ebp + xor r8d, r8d + xor r9d, r9d + xor r14, r14 + xor r15, r15 +%endmacro + +%macro tdcall_regs_postamble 0 + xor ebx, ebx + xor esi, esi + xor edi, edi + + xor ecx, ecx + xor edx, edx + xor r8d, r8d + xor r9d, r9d + xor r10d, r10d + xor r11d, r11d +%endmacro + +;-------------------------------------------------------------------------= ----- +; 0 =3D> RAX =3D TDCALL leaf / TDVMCALL +; M =3D> RCX =3D TDVMCALL register behavior +; 0xa =3D> R11 =3D TDVMCALL function / CPUID +; RCX =3D> R12 =3D p1 +; RDX =3D> R13 =3D p2 +; +; UINT64 +; EFIAPI +; TdVmCallCpuid ( +; UINT64 EaxIn, // Rcx +; UINT64 EcxIn, // Rdx +; UINT64 *Results // R8 +; ) +global ASM_PFX(TdVmCallCpuid) +ASM_PFX(TdVmCallCpuid): + tdcall_push_regs + + mov r11, EXIT_REASON_CPUID + mov r12, rcx + mov r13, rdx + + ; Save *results pointers + push r8 + + tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK + + tdcall + + ; ignore return data if TDCALL reports failure. + test rax, rax + jnz .no_return_data + + ; Propagate TDVMCALL success/failure to return value. + mov rax, r10 + test rax, rax + jnz .no_return_data + + ; Retrieve *Results + pop r8 + test r8, r8 + jz .no_return_data + ; Caller pass in buffer so store results r12-r15 contains eax-edx + mov [r8 + 0], r12 + mov [r8 + 8], r13 + mov [r8 + 16], r14 + mov [r8 + 24], r15 + +.no_return_data: + tdcall_regs_postamble + + tdcall_pop_regs + + ret --=20 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86768): https://edk2.groups.io/g/devel/message/86768 Mute This Topic: https://groups.io/mt/89252026/1787277 Mute #ve:https://edk2.groups.io/g/devel/mutehashtag/ve Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-