From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46103+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301167439471.3056282832043; Tue, 20 Aug 2019 04:39:27 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:49 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g/O0dZ/wZ0ysu8KJSsF1tFn8WHGlUINxK1A0R6dWIxfACl8wR0XWF9VkrvReqyzgQRneT5laXfnd/G4WS4tFy3IJc7seh29A+qmhLQcnZ1WFcC2MuKHD7J+E/rrYaUyb480aSvniXNUNcP0dGxn+zK9iAd7OaoBlZReiWkKZF5UuJT3RGIMhPAXMwGkN+0J8zFYwZtuNDxnA4gf8RwUBAgldWPJP8TRkT1OaKnHL9lD5CjbPaeFxlwECuyaU23v3b+lwLc+OyASHgGxyF3BptoYnori2sJe4DoUSJIECTYeZ1pb57Awm48htCMIpCD1gKJepRIOIbWmseBVQGn/CEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tkNsWWZ5R0C/BCPQGn3a7qld1WCg1PCSBosb59WiJFk=; b=ghOWugwEtzaA/4xjY4jArIgrsoavrF77bhQV49mAp/ezq1OFXfZJRhhl4LbK46WyrSReeVDasBCDrzQjK2NUR73fNygyBfipBU08T5un8xZ4mKQYxR2vnULaIbgbNiAA16J7XSQG8/4ZFjOmWjnXpN6QxxrhU5SUz8kOn/fUsWazec47mhDtgD9S2GltOqTbNjL0SfmtumVF/+VG2wM71WAKDgukGepd/hQcAUMJ9HqqjwI3JmlztFj25/tgx5FOoeVBN5HBRuQeS3ZdLkPobiPho8fEy2dWqTWt/Mg0HBoRVH9jOdM0utAluRkkNKRJPH383ox90xd4nXpkS5NzDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:35:48 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:48 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 01/28] OvmfPkg/Sec: Enable cache early to speed up booting Thread-Topic: [RFC PATCH 01/28] OvmfPkg/Sec: Enable cache early to speed up booting Thread-Index: AQHVVtYQwtbGWnPlRU21i0AUmukzUQ== Date: Mon, 19 Aug 2019 21:35:47 +0000 Message-ID: <6a37c84f4989304b21205d6263c6491f81da3233.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cdd0c0e7-2f03-4be7-d5a8-08d724ed32ce x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46103+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Ral7ecc9Aqqgr4xMF2c4nIM7taCsg8BhywnIhhlc+cRzuxerx4EqiNoR3YkxN+eDBJaiX9l0rPYJqmEIWprOeq4+gDYBzTCPDsHkLQVKHy8OWHASVVzu9Nbj50CypPMb94HVluteuiPzyj8CVzqSVfzmQ+IyAJNShzG2fSLqjXIZfLB+tcLjD2o6h7Q6SXjZA+YEDo/3Gq0NoleveHVZ7gj7cbxPeyBBms/7Nz1YMqiEM0W6A3DkjWrPxm9b1mYvglR6QrkJcB95iEp+O+g5+4WcDJR+7KsxrsK5/GYa8J/RL7q9FRrQZWyEauGoI1Ylexp2+3JtE5JhjjN/HQOVs9FEGAc31T0PXWKBTuIahN8b/rQWNfkRd02/M6NBehblB963Ar6GUsPKUvwN+dJkRSpth1Gs1JccSwEJhxUT8ww= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cdd0c0e7-2f03-4be7-d5a8-08d724ed32ce X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:47.8327 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: IBY6nCsTSIMSd5u8kgyNvORpIufRkSjDakHDgRdpwuJNyITFzuKxF5e6WrTIhaqS3ykiu9N/aLBcijt/6q3jgA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301167; bh=uxse9TKNuZuMlwLk9Yv1bj9KmISHyCqzjUc4D7xj+Rw=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=p8VBsEeH0ZazVkCYAoeWQHCZJ1GuWsMcwDFjK6XMQA6A3QBcQAoAGVr+vf2585avx07 Po8e0vXS61AAl0I9Ph1XeItj9pjMb65N7LrfxsEAsImxD3bAV1EuhUFlHb1dD030kjXM6 WLhKHyNkiACsZntxdtz7nFBPe0TPbHfA1uE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Currently, the OVMF code relies on the hypervisor to enable the cache support on the processor in order to improve the boot speed. However, with SEV-ES, the hypervisor is not allowed to change the CR0 register to enable caching. Update the OVMF Sec support to enable caching in order to improve the boot speed. Signed-off-by: Tom Lendacky --- OvmfPkg/Sec/SecMain.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 3914355cd17b..2448be0cd408 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -739,6 +739,11 @@ SecCoreStartupWithStack ( =20 ProcessLibraryConstructorList (NULL, NULL); =20 + // + // Enable caching + // + AsmEnableCache (); + DEBUG ((EFI_D_INFO, "SecCoreStartupWithStack(0x%x, 0x%x)\n", (UINT32)(UINTN)BootFv, --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46103): https://edk2.groups.io/g/devel/message/46103 Mute This Topic: https://groups.io/mt/32966275/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46110+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301168689590.9373103646099; Tue, 20 Aug 2019 04:39:28 -0700 (PDT) Return-Path: X-Received: from NAM05-DM3-obe.outbound.protection.outlook.com (NAM05-DM3-obe.outbound.protection.outlook.com [40.107.73.51]) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:51 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=acg9+XvNGRUvrMkji6jDck0jRaD22mLGkAtRNxMeWhup/WH1PMDiBMMv7wcROLFBZj0Y/Qw5sikyxk/FNvxYpFlT0BLi7btz9g5nujc51fEx8T+3n5tYYRZGkhDPjakneV1J80L3S17cJKlch2kfdCBFNTlnfEXL2OXzZOMI3CJ6hBG/bGpQoafJLsda3kvs6mtSzz3522Q64hjFzLllCtHwetd5i43cxlddjm4AkOmo/LhwyYSGBQeMh841Es585HJwRW0djdPvm6WhJLWMPABbXUcyWhDdyzIBabFpWSZVq14sCtqUOZHdOUo/BMOPChRSAk1o9F6kNrBYdmO8Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HQvt2NGk6ajETxiUyoKUajkSvrEb+/fJ5WAvYmJBiRs=; b=Onm8EH01d1hZwURDe2/H2xauIE+aDyAossdIl3rwZO6YG5NRJjAa3utGDF+rKvRn1qy69bEBP+fHsGN9IGyJxJIlr1B7ca62AFqBD1/vfrtG9SEtPtU6Qf7dwwaTH3dabRdPG+lv6QjkvZO0nu7GLX1r4LFJAQD7xYP/a1qd1gcytlmrQq+FGHIYXKvCxuuoISguIcPtIryiPZmjErgSuWYk99ACDR0YUMBZLTEYlqXiJLsHvIStAkrRfVrzNav/o8nEXZ/FO3apbhfeZ1XuVGDtQ3epRlZGw8NbWrkcqyHwEYhXgAAN48TrPEpkGu/Wl+Ss2X8PeF3jvdtgMvoLuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:35:49 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:49 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 02/28] OvmfPkg/ResetVector: Add support for a 32-bit SEV check Thread-Topic: [RFC PATCH 02/28] OvmfPkg/ResetVector: Add support for a 32-bit SEV check Thread-Index: AQHVVtYRe7UyK6z5KUGPu1fyMOEv/Q== Date: Mon, 19 Aug 2019 21:35:49 +0000 Message-ID: <91782da0444dc5238d4623e96bfa1ab203586390.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 95c7682f-c74a-46a5-1008-08d724ed33a9 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46110+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: O/4ao9kRkY4g/Fngb0FIwa+Dbfrma6XteqAlz9WL+nc1H0o1x14+UdfFcpNkKEHF7AJHInh6znej3cMWhac6Z/5M9YgGwShys8EXd/08iCBQ/cCmUxG/mes3nEmvYNyX1YvSEjLxWneFV3uoyMiX8FfFJl9Jj5vtSHyKkAHFndt95o3wvPY/UnXm1tIh1YH06DvabuYb0iVZlMD0sewqbCjQonEEGoA45SeWjiQRXB8KN9IRIrE0gwgkPPPf9rL5SMuuiz8RV5YTf1YnA4ANzNi8+u7XqZ8y+LMzMIUwMtgVwCwn+pllJ/CKkFbwIUyNanpLEUKuKXYjruvBTsXmunNOuVBaQsVOfgFCV3Ryj9fAaL/42xdC8E1agR6V8aRSFrrJN0Ju2owlMnk4/6uWH5QnwXWwdM+qOe1R1UtTkzA= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 95c7682f-c74a-46a5-1008-08d724ed33a9 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:49.2079 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wMHxAF5d5xGVDtzMf/p3SaSN985AWGJPtzuAk+NoUIYEjBi/GhuRvZR3THaVWI0cRMKnUmSHQBG0rZzX4y+Hww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301168; bh=RJdT7DA1iwZo3WOBSq2iEvrAkQcpJWIzfDpykMdVvU8=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=X8HjMvHEAUqhvVjDTVQRa/VPQ0opVwdhDNlWtYF1nNEzMqO5VioiNFDfTzE3thg9SQH AXr6sZpiREIoC1imk46FCtSL/MMM/yR6Fv9eDOGj0PE74PE57fzc09qbI07x0ybUt8xmb KOXcqXVX8a8hUpAsomJylGZxqHmC7yMcG6Q= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky When running as an SEV-ES guest in 32-bit mode, it is not possible to perform a CPUID instruction because it will require communicating with the hypervisor using the GHCB. However, writes to the GHCB when in 32-bit mode will be will be encrypted and thus not able to be read by the hypervisor. To get around this, add an IDT entry for the #VC exception. The #VC handler will use the GHCB CPUID request/response protocol to obtain the requested CPUID function values and provide these to the guest. Signed-off-by: Tom Lendacky --- OvmfPkg/ResetVector/ResetVector.inf | 2 + OvmfPkg/ResetVector/Ia32/PageTables64.asm | 173 ++++++++++++++++++++++ OvmfPkg/ResetVector/ResetVector.nasmb | 1 + 3 files changed, 176 insertions(+) diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index b0ddfa5832a2..960b47cd0797 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -35,3 +35,5 @@ [BuildOptions] [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index abad009f20f5..c6071fe934de 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -37,6 +37,15 @@ BITS 32 ; If SEV is disabled then EAX will be zero. ; CheckSevFeature: + ; + ; Set up exception handlers to check for SEV-ES + ; Load temporary RAM stack based on PCDs + ; Establish exception handlers + ; + mov esp, SEV_TOP_OF_STACK + mov eax, ADDR_OF(idtr) + lidt [cs:eax] + ; Check if we have a valid (0x8000_001F) CPUID leaf mov eax, 0x80000000 cpuid @@ -73,6 +82,15 @@ NoSev: xor eax, eax =20 SevExit: + ; + ; Clear exception handlers and stack + ; + push eax + mov eax, ADDR_OF(idtr_clear) + lidt [cs:eax] + pop eax + mov esp, 0 + OneTimeCallRet CheckSevFeature =20 ; @@ -146,3 +164,158 @@ pageTableEntriesLoop: mov cr3, eax =20 OneTimeCallRet SetCr3ForPageTables64 + +SevEsIdtCommon: + hlt + jmp SevEsIdtCommon + iret + +SevEsIdtVmmComm: + ; + ; If we're here, then we are an SEV-ES guest and this + ; was triggered by a CPUID instruction + ; + pop ecx ; Error code + cmp ecx, 0x72 ; Be sure it was CPUID + jne SevEsIdtCommon + + ; + ; Set up local variable room on the stack + ; CPUID function : + 28 + ; CPUID register : + 24 + ; GHCB MSR (EAX) : + 20 + ; GHCB MSR (EDX) : + 16 + ; CPUID result (EDX) : + 12 + ; CPUID result (ECX) : + 8 + ; CPUID result (EBX) : + 4 + ; CPUID result (EAX) : + 0 + sub esp, 32 + + ; Save CPUID function and initial register request + mov [esp + 28], eax + xor eax, eax + mov [esp + 24], eax + + ; Save current GHCB MSR value + mov ecx, 0xc0010130 + rdmsr + mov [esp + 20], eax + mov [esp + 16], edx + +NextReg: + ; + ; Setup GHCB MSR + ; GHCB_MSR[63:32] =3D CPUID function + ; GHCB_MSR[31:30] =3D CPUID register + ; GHCB_MSR[11:0] =3D CPUID request protocol + ; + mov eax, [esp + 24] + cmp eax, 4 + jge VmmDone + + shl eax, 30 + or eax, 0x004 + mov edx, [esp + 28] + mov ecx, 0xc0010130 + wrmsr + + ; Issue VMGEXIT (rep; vmmcall) + db 0xf3 + db 0x0f + db 0x01 + db 0xd9 + + ; + ; Read GHCB MSR + ; GHCB_MSR[63:32] =3D CPUID register value + ; GHCB_MSR[31:30] =3D CPUID register + ; GHCB_MSR[11:0] =3D CPUID response protocol + ; + mov ecx, 0xc0010130 + rdmsr + mov ecx, eax + and ecx, 0xfff + cmp ecx, 0x005 + jne SevEsIdtCommon + + ; Save returned value + shr eax, 30 + and eax, 0x3 + shl eax, 2 + mov ecx, esp + add ecx, eax + mov [ecx], edx + + ; Next register + inc word [esp + 24] + + jmp NextReg + +VmmDone: + ; + ; At this point we have all CPUID register values. Restore the GHCB MS= R, + ; set the return register values and return. + ; + mov eax, [esp + 20] + mov edx, [esp + 16] + mov ecx, 0xc0010130 + wrmsr + + mov eax, [esp + 0] + mov ebx, [esp + 4] + mov ecx, [esp + 8] + mov edx, [esp + 12] + + add esp, 32 + add word [esp], 2 ; Skip over the CPUID instruction + iret + +ALIGN 2 + +idtr: + dw IDT_END - IDT_BASE - 1 ; Limit + dd ADDR_OF(IDT_BASE) ; Base + +idtr_clear: + dw 0 ; Limit + dd 0 ; Base + +ALIGN 16 + +; +; The Interrupt Descriptor Table (IDT) +; This will be used to determine if SEV-ES is enabled. Upon execution +; of the CPUID instruction, a VMM Communication Exception will occur. +; This will tell us if SEV-ES is enabled. We can use the current value +; of the GHCB MSR to determine the SEV attributes. +; +IDT_BASE: +; +; Vectors 0 - 28 +; +%rep 29 + dw (ADDR_OF(SevEsIdtCommon) & 0xffff) ; Offset low bits 15..0 + dw 0x10 ; Selector + db 0 ; Reserved + db 0x8E ; Gate Type (IA32_IDT_GAT= E_TYPE_INTERRUPT_32) + dw (ADDR_OF(SevEsIdtCommon) >> 16) ; Offset high bits 31..16 +%endrep +; +; Vector 29 (VMM Communication Exception) +; + dw (ADDR_OF(SevEsIdtVmmComm) & 0xffff) ; Offset low bits 15..0 + dw 0x10 ; Selector + db 0 ; Reserved + db 0x8E ; Gate Type (IA32_IDT_GAT= E_TYPE_INTERRUPT_32) + dw (ADDR_OF(SevEsIdtVmmComm) >> 16) ; Offset high bits 31..16 +; +; Vectors 30 - 31 +; +%rep 2 + dw (ADDR_OF(SevEsIdtCommon) & 0xffff) ; Offset low bits 15..0 + dw 0x10 ; Selector + db 0 ; Reserved + db 0x8E ; Gate Type (IA32_IDT_GAT= E_TYPE_INTERRUPT_32) + dw (ADDR_OF(SevEsIdtCommon) >> 16) ; Offset high bits 31..16 +%endrep +IDT_END: diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 75cfe16654b1..3b213cd05ab2 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -55,6 +55,7 @@ =20 %define PT_ADDR(Offset) (FixedPcdGet32 (PcdOvmfSecPageTablesBase) + (Off= set)) %include "Ia32/Flat32ToFlat64.asm" + %define SEV_TOP_OF_STACK (FixedPcdGet32 (PcdOvmfSecPeiTempRamBase) + Fix= edPcdGet32 (PcdOvmfSecPeiTempRamSize)) %include "Ia32/PageTables64.asm" %endif =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46110): https://edk2.groups.io/g/devel/message/46110 Mute This Topic: https://groups.io/mt/32966282/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46095+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301165865810.0927154232714; Tue, 20 Aug 2019 04:39:25 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AK7NTv7DE255glbdKZz1x9NQVBCI37TIN9ASsVjN7//8yT+k6RPUPnoGKqmbRE4qJQT0zqZt3JGmq4xCsTIR0EHf+tyxLzXyswccQgTeil1SMja3teCnWBr1Lz81uCiu0SeHA05C6nox3M66ixA26zFHZnqEdSjx0ELzS7kthsbFC+i2uky77MN0kcDYIaINQIXKMnFO9uHVulAiFPU9MAUEVl609jrzjT8sbZXRWDToYg1ho5MOG88ECazRItTQ05RqFgLK3fb7bk+mOhgGS3wjV5G9t7MBrxW9PyNvyal84NxpiwU3UupZsK6pfacKAB/OIE1hH3pK0gnkEftyVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/4BmvwnvOw4MiD5QKQnHAtv/vlcq4utQ2PAVYs/hUWM=; b=V3fZZBOyP1xXbcGHqJlmxyi1JhbJFiqHmi3iBWFYD0KfR5GItWB+kLJhdmU40qLh751/xTbhADm2OsMHaJT5IZmcMb0dEWwaGDLvxu7Ks9P2OAmHkmw5UqyRwxWJvKjioAz8T1MpSwXDO2WkuP4R/cZDgonT3km1r67KvP9k6kh22v8tCZbCpiv/4sstN5Y3fsgFOTmAKprPS0bNYGfXz6hJECJPWJhV2okGZG1NxO0/ZXlMVEegvyJZCXRfa0siAleBF6s3WsgK40ZUVtGiUGAKslHDB0XZQC8zJvaqa8k30vpCikGUhhsgO9Ryy8EwDYcyvCBtEB0CaqHzv7fvBg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:50 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:50 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 03/28] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function Thread-Topic: [RFC PATCH 03/28] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function Thread-Index: AQHVVtYSTdja6yIymkmrJ2qBfbMDfw== Date: Mon, 19 Aug 2019 21:35:50 +0000 Message-ID: <245fa1e02ca67ac85174af8e68b1c7a7f5278c81.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2d36aee5-36e3-432e-60ca-08d724ed3479 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4125; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46095+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 1pCo3qxgMnISWqRdnS7pwt0EsdJWqErlo+DOfNhY5nVbdp1O/hKaz9KTeQtxY9J7XJrlJ2OKg0Qt8LRdMwy0FEUJrQc9jPJFIdCupH6qjKttWg6QTXPZR9CtlWReREfmEQTLw6FkhTkixW9kmLGw4jSv9ES2FDVcP0wPLeTyAuOFt1LoFO23jxdDvgUrmoRpEB5oPiRgNd4jBMd+qzh8INahFSMd8dCZB3RbzNX05/QmDWuI23FVBrxW6797Vp0jzhWIYYBZ0bAuD/FQMQOHGiLY4r7BOIuWapUD/EmHw1ZJpkBTERl7CaSke3SMJjns56GOgSTzUulCKS0g3d2tHgSJZW/e1yeEmrcVS/xrMXLu9hrhXnGFt8ZODUtxaeZeQ0gEkTqGuAGLDeRtoaf3NwkuyhBCWy8jS8MGfh+ZX60= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2d36aee5-36e3-432e-60ca-08d724ed3479 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:50.4982 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: IchxSs3aj3nPpL+INvDQdDhpj437peU5Fpp0ras+BWG2r0dSYuHraaIcFFQtovnOIeVYEyfkktTBXpbWdoJieA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <012F2A0456AEB14EBF8834E46A7EFBF0@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301165; bh=oWC31QULOusUYa/zXX6DHSEgK4khB5k++5A4cJ6uVlQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Oi11MhlSaFHhlWXTMRxCcpjx8Y+ZOkFDQPfbzkRZt7zZdMGAdHD2zO8+uYlRgIw6TTM gbHQiMFZR/9IVAA2PVPVH5ubVZ55kfXF7xZVc2pFnxDA+Um5Z7mAIFthoQh1hJug7D0rX PWXwgiZz5FsFj8TnEZfgOZpAqj94DjD3FWI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Create a function that can be used to determine if the VM is running as an SEV-ES guest. Signed-off-by: Tom Lendacky --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 12 +++ .../MemEncryptSevLibInternal.c | 77 ++++++++++++------- 2 files changed, 62 insertions(+), 27 deletions(-) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 64dd6977b0f8..a50a0de9c870 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -13,6 +13,18 @@ =20 #include =20 +/** + Returns a boolean to indicate whether SEV-ES is enabled + + @retval TRUE SEV-ES is enabled + @retval FALSE SEV-ES is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevEsIsEnabled ( + VOID + ); + /** Returns a boolean to indicate whether SEV is enabled =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.= c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c index 96a66e373f11..9c1d68e017fe 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c @@ -20,19 +20,17 @@ #include =20 STATIC BOOLEAN mSevStatus =3D FALSE; +STATIC BOOLEAN mSevEsStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; =20 /** =20 - Returns a boolean to indicate whether SEV is enabled - - @retval TRUE SEV is enabled - @retval FALSE SEV is not enabled + Reads and sets the status of SEV features **/ STATIC -BOOLEAN +VOID EFIAPI -InternalMemEncryptSevIsEnabled ( +InternalMemEncryptSevStatus ( VOID ) { @@ -56,32 +54,57 @@ InternalMemEncryptSevIsEnabled ( // Msr.Uint32 =3D AsmReadMsr32 (MSR_SEV_STATUS); if (Msr.Bits.SevBit) { - return TRUE; + mSevStatus =3D TRUE; + } + + if (Eax.Bits.SevEsBit) { + // + // Check MSR_0xC0010131 Bit 1 (Sev-Es Enabled) + // + if (Msr.Bits.SevEsBit) { + mSevEsStatus =3D TRUE; + } } } } =20 - return FALSE; -} - -/** - Returns a boolean to indicate whether SEV is enabled - - @retval TRUE SEV is enabled - @retval FALSE SEV is not enabled -**/ -BOOLEAN -EFIAPI -MemEncryptSevIsEnabled ( - VOID - ) -{ - if (mSevStatusChecked) { - return mSevStatus; - } - - mSevStatus =3D InternalMemEncryptSevIsEnabled(); mSevStatusChecked =3D TRUE; +} + +/** + Returns a boolean to indicate whether SEV-ES is enabled + + @retval TRUE SEV-ES is enabled + @retval FALSE SEV-ES is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevEsIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus(); + } + + return mSevEsStatus; +} + +/** + Returns a boolean to indicate whether SEV is enabled + + @retval TRUE SEV is enabled + @retval FALSE SEV is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevIsEnabled ( + VOID + ) +{ + if (!mSevStatusChecked) { + InternalMemEncryptSevStatus(); + } =20 return mSevStatus; } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46095): https://edk2.groups.io/g/devel/message/46095 Mute This Topic: https://groups.io/mt/32966268/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46104+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301167452311.2976435639631; Tue, 20 Aug 2019 04:39:27 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mY978YI84URZZLfa7QjJMpKAG4eaqNDQM6cYAh3ZcJBQinteNzqs4IVIWN2Mi3P2bAcoVHnPkv02Gqzokyts2FOZhVV+ZoY/49ojD8DcqIZA0WzQNgnnJ8kwXJM42sqMmCdMMQ45yLQXdpaOqFXXK9MD9wF/nR7cjm8grnURrYmm1BwyDUyM3nL+gMyqqgGR8Irrn59rRe6PjK7bsl4GYBqR33LoLQR3Cghly3bZidfvvlGC1lUJ1EzpjIhVoibcv4sxsoqAoJu9Y119onD6+OHsYLzLCWtpD6S1uQbNHmgVXgnm7tcsv8lNN5nNqPbXKVoFO9Xs0lAwjuKNyUw/JA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O/ElI3zfus3NYkHUTH47QaSTnI9KGlMBICADaLRtos8=; b=H6lRiprr3yEfJIg8v2TwWSvXRIKB83gKFTqGq05ygRsww/Y6gona7Nvdxut55P1jKDQZp5JKjlEeSechKOR6t0DXuZpzDWRsMwRK9UuPIq1ScQLk5VTVzmu7V7u0oCWcy/bJj5UkEvIYSK5sfw8HKb7yFDCWNMZCIznlM4SfM636vskNWzQeOnmOZ2Nk9aPxsqQj2TPKGk9/kdG64HGN6OtaPfuM8q2B9JtHqorCT46SNcBqDxYe/Tx/6f9l6mUaGLvbBxEwpAgNV+H96GzpRAuvpFQvDmNbaZFBmhCcqFNIC9aWi1kBsewhcQHQfFa7om++xXpzwIoJ14tEMKGVPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:51 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:51 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 04/28] OvmfPkg: Create a GHCB page for use during Sec phase Thread-Topic: [RFC PATCH 04/28] OvmfPkg: Create a GHCB page for use during Sec phase Thread-Index: AQHVVtYSoQOpaoLYa0aA0ZRNFtsEdA== Date: Mon, 19 Aug 2019 21:35:51 +0000 Message-ID: <0be78309c1e69f907d36512661dc0843db531837.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: baf54d57-096c-482b-122b-08d724ed3539 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4125; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46104+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: +eBjajifY24BSknDLHB92/AQjFoICe4gw9KTh6z6Gy9JYsG558wqubgLvNJU9FYV91+5bg9wQZQ2zRFbxumLVRPoDchsr126JXdF4wbnY0mgKkV6yYK8Ch4IusxnJrAso45AWBbqTAi3MKtZcQz5QZiStBv2MDXPTkQhd1U70pMLR8ZDIjUAQGDX5rO3x0LP5RLdn8gv5GYsXqICYGAOQHTtF5I2uKbCAoAZ6YQjm7rmbSlfIj4HELEp3/FiTpcGgCoJFTacJMrJWEdLObIimJT4QHx0G8WxqGpiC/zQnoahbpcUj7h2Ybovr15Vgg/bw+CQliG+VLk8kGOZS2ijG5ALfV9c3kn6SzJVms/vJ//1fq9ez0YRY4E1WS/uKOwHxeVmFXWc6orG4IFxBLseDVBar1lY/5j8/e8Q44oYSpM= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: baf54d57-096c-482b-122b-08d724ed3539 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:51.7744 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6Xp42oGibN5/Yplf+Gd3bMA4ZK5csm8HDRNxZkxKCws5+xGoQYnaOxDK02nclKb56tbkTw03MJm9GYzbotAaxw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301167; bh=hJzwiVgrljoNdkjIiqqWbuEjsjN4D4g1ykA95xiv2V8=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=AvuT2cyiwjarc30OXFGhP180JDhMUeTGSmJkiXIVbPrX0Ce/vd7wGBBB2j6EIQWT0AG SgVkKKIWI0eUcpSEJ/pMXOF3ZNK6WjO4WdeRdixeq6Zs8PBZL/kTPVSC/PgIojF4IenCG 96xRTKYsB7e649UM77EYk+vxxkZ3TSL3fEY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky A GHCB page is needed during the Sec phase, so this new page must be created. Since the GHCB must be marked as an un-encrypted, or shared, page, an additional pagetable page is required so break down the 2MB region where the GHCB page lives into 4K pagetable entries. Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkg.dec | 5 +++ OvmfPkg/OvmfPkgX64.fdf | 11 ++++--- OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++ OvmfPkg/ResetVector/ResetVector.inf | 2 ++ UefiCpuPkg/Include/Register/Amd/Fam17Msr.h | 28 ++++++++++++++++ OvmfPkg/ResetVector/Ia32/PageTables64.asm | 37 +++++++++++++++++++++- OvmfPkg/ResetVector/ResetVector.nasmb | 2 +- 7 files changed, 81 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 9640360f6245..2ead9a944af4 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -218,6 +218,11 @@ [PcdsFixedAtBuild] # The value should be a multiple of 4KB. gUefiOvmfPkgTokenSpaceGuid.PcdHighPmmMemorySize|0x400000|UINT32|0x31 =20 + ## Specify the GHCB base address and size. + # The value should be a multiple of 4KB for each. + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|0x0|UINT32|0x32 + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize|0x0|UINT32|0x33 + [PcdsDynamic, PcdsDynamicEx] gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 74407072563b..2a2427092382 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -67,13 +67,16 @@ [FD.MEMFD] BlockSize =3D 0x10000 NumBlocks =3D 0xC0 =20 -0x000000|0x006000 +0x000000|0x007000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize =20 -0x006000|0x001000 -gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize - 0x007000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize + +0x008000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize + +0x009000|0x001000 gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgT= okenSpaceGuid.PcdGuidedExtractHandlerTableSize =20 0x010000|0x010000 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index d9fd9c8f05b3..aed1f64b7c93 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -72,6 +72,8 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageSize gUefiOvmfPkgTokenSpaceGuid.PcdGuidedExtractHandlerTableSize diff --git a/OvmfPkg/ResetVector/ResetVector.inf b/OvmfPkg/ResetVector/Rese= tVector.inf index 960b47cd0797..d66f4dc29737 100644 --- a/OvmfPkg/ResetVector/ResetVector.inf +++ b/OvmfPkg/ResetVector/ResetVector.inf @@ -37,3 +37,5 @@ [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesSize gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbSize diff --git a/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h b/UefiCpuPkg/Includ= e/Register/Amd/Fam17Msr.h index 37b935dcdb30..55a5723e164e 100644 --- a/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h +++ b/UefiCpuPkg/Include/Register/Amd/Fam17Msr.h @@ -17,6 +17,34 @@ #ifndef __FAM17_MSR_H__ #define __FAM17_MSR_H__ =20 +/** + Secure Encrypted Virtualization - Encrypted State (SEV-ES) GHCB register + +**/ +#define MSR_SEV_ES_GHCB 0xc0010130 + +/** + MSR information returned for #MSR_SEV_ES_GHCB +**/ +typedef union { + struct { + UINT32 GhcbNegotiateBit:1; + + UINT32 Reserved:31; + } Bits; + + struct { + UINT8 Reserved[3]; + UINT8 SevEncryptionBitPos; + UINT16 SevEsProtocolMin; + UINT16 SevEsProtocolMax; + } GhcbProtocol; + + VOID *Ghcb; + + UINT64 GhcbPhysicalAddress; +} MSR_SEV_ES_GHCB_REGISTER; + /** Secure Encrypted Virtualization (SEV) status register =20 diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVecto= r/Ia32/PageTables64.asm index c6071fe934de..fd4d5b1d8661 100644 --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm @@ -21,6 +21,11 @@ BITS 32 %define PAGE_2M_MBO 0x080 %define PAGE_2M_PAT 0x01000 =20 +%define PAGE_4K_PDE_ATTR (PAGE_ACCESSED + \ + PAGE_DIRTY + \ + PAGE_READ_WRITE + \ + PAGE_PRESENT) + %define PAGE_2M_PDE_ATTR (PAGE_2M_MBO + \ PAGE_ACCESSED + \ PAGE_DIRTY + \ @@ -120,7 +125,7 @@ SevNotActive: ; more permanent location by DxeIpl. ; =20 - mov ecx, 6 * 0x1000 / 4 + mov ecx, 7 * 0x1000 / 4 xor eax, eax clearPageTablesMemoryLoop: mov dword[ecx * 4 + PT_ADDR (0) - 4], eax @@ -157,6 +162,36 @@ pageTableEntriesLoop: mov [(ecx * 8 + PT_ADDR (0x2000 - 8)) + 4], edx loop pageTableEntriesLoop =20 + ; + ; The GHCB will live at 0x807000 (just after the page tables) + ; and needs to be un-encrypted. This requires the 2MB page + ; (index 4 in the first 1GB page) for this range be broken down + ; into 512 4KB pages. All will be marked as encrypted, except + ; for the GHCB. + ; + mov ecx, 4 + mov eax, PT_ADDR (0x6000) + PAGE_PDP_ATTR + mov [ecx * 8 + PT_ADDR (0x2000)], eax + + mov ecx, 512 +pageTableEntries4kLoop: + mov eax, ecx + dec eax + shl eax, 12 + add eax, 0x800000 + add eax, PAGE_4K_PDE_ATTR + mov [ecx * 8 + PT_ADDR (0x6000 - 8)], eax + mov [(ecx * 8 + PT_ADDR (0x6000 - 8)) + 4], edx + loop pageTableEntries4kLoop + + ; + ; Clear the encryption bit from the GHCB entry (index 7 in the + ; new PTE table - (0x807000 - 0x800000) >> 12). + ; + mov ecx, 7 + xor edx, edx + mov [(ecx * 8 + PT_ADDR (0x6000)) + 4], edx + ; ; Set CR3 now that the paging structures are available ; diff --git a/OvmfPkg/ResetVector/ResetVector.nasmb b/OvmfPkg/ResetVector/Re= setVector.nasmb index 3b213cd05ab2..56d9b86ed943 100644 --- a/OvmfPkg/ResetVector/ResetVector.nasmb +++ b/OvmfPkg/ResetVector/ResetVector.nasmb @@ -49,7 +49,7 @@ %ifdef ARCH_X64 #include =20 - %if (FixedPcdGet32 (PcdOvmfSecPageTablesSize) !=3D 0x6000) + %if (FixedPcdGet32 (PcdOvmfSecPageTablesSize) !=3D 0x7000) %error "This implementation inherently depends on PcdOvmfSecPageTables= Size" %endif =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46104): https://edk2.groups.io/g/devel/message/46104 Mute This Topic: https://groups.io/mt/32966276/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46098+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301166717127.38204439424987; Tue, 20 Aug 2019 04:39:26 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W58D+SWm+tP0Pnj4tQ0eGi6U91HHuWL/hZPswjs+ijJUf9g8DAT5hsXSwjSZUEe6icu1fEcWry1F1hrtX8vTBt8KUzZdW3J07p2W3q0CDNP2SS48o+06R9hdMNhVGi/WcuhGKMj4tDet93N7EgtzHZDIZDhKJoQIbMe6lIS25OqTMA8Zj3n4NOFZxyY6VKA2cdEFJ+4gNl8x3jgeWp+7TQ4OLrB2OtjuJcoipq2ncqZF/y3yTsQZp6T24hrPHOJNcnW9wu4N5+utHRNj/JkzmSneQQZbQixcigUFHWOg5hMUKE6cuIMgm1B3Ktqu6mCG8b9MixJfL+UjVoOHFXvzWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JIX5WUBW9cSrUz+hMRK11AR+CYdIjZfPruwCSpASMwY=; b=ndnVBwDGFOrp0qaygf/ltvNnuZPiqqGEwV3lCzfBtiuoSoqPdqhDBSXqu3XArfIgWHs61mh63JmlE575GVbmxDuDOTZixBaNWP6ZeRJ6Fa8uHL3pqacU4DQ+0hJjI6r38W/td6xXuACP16UIncmgNfSRb23+SgfW6izH5BDpZGsHriegdhoZfN6ZDsnnKFSLI1Rj2AKMeoEbY7cYFWdqIqv6iTWptjUGh3Qo+FUGXq3p7QIoQZ7Z8wrpnutBfF+2OJ0jc17GV5JH8NCQCSeuc4ajg7ygjJ7aMUvUOc9deUGcLjUwkxSoLv5BSnOoOnbKLdiLKfPw/avyMXE+EcscIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:53 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:53 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 05/28] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Thread-Topic: [RFC PATCH 05/28] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Thread-Index: AQHVVtYTRsM0mPTGh0OdCosfG5VAaQ== Date: Mon, 19 Aug 2019 21:35:53 +0000 Message-ID: <096c6641b2f228177ab3bb815211379c1f650028.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: cd1b65f5-4732-4bba-0d24-08d724ed35fb x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46098+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: c32uRtY0CYGYkYvG+cKezcQptqrcgdEfpkAN3d53riRyLRXW5yuYIHeTPS6Amv9HVWlXOdhQht+Ty74f9xVrj9yK2BQ21xtmUva1lTtYUBbMS1Q6Ht0bM9aFWaXYPr5PC8ztCDYm+yioNuPV8dGpn1KmeufMG9xaqwxt6wwXNyQxfxJGz4YxYuz2I+rJrESUE7V4l3M7Jzhqq3R9y30cnlV4gUrtFlcpv3htrXcanVAcYMGyLYeTi8v9G6/p1SbvGb5uwCkZNvFR8CJfQU0sVrSVhKEJ4oqC2/gPia7mnSHhkAI0o9wsTZ+9UM6t8Mu3NtympfR2IClfXfPEZiYkLJuCwp8O+0ihqJwFx0kVIFoW4JteVMPiqzyIGXHZb8vwmCkjWGiKB5TjKRmfTkZeY+piXJ3FHdUdJwyW3IdZIlM= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: cd1b65f5-4732-4bba-0d24-08d724ed35fb X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:53.0417 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: k7f/5sNwkK3NS5t5HCj+HZ5zduu7YzVeDE9ryoofZjHS8+WmRCDYjI4Aycb8BdAqlKofPFu2aHhW1m2w1JQLow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <4153BA704B6115469807B8603FD45080@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301166; bh=MoHv2kLUtsyGHYuB3bwJsXP2dq49WEsqZQ6bAvODncQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=IOuMl6aVMKc0GE640c/+LUobqmdQTILoY9k2TVPF4M24Z7vUvjiu7rLzReRj0xM9dxu 4XP6ZYXOmloNKfuEgaPLq337Iz7SXVt9zhR6X9Vw732l0QUSMLL/ABoAVh+xdFne9GU8s xiudhtKBO/TpHSAM5bDfB3W7NLMXc5hxHek= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Allocate memory for the GHCB pages during SEV initialization for use during Pei and Dxe phases. Since the GHCB pages must be mapped as shared pages, modify CreateIdentityMappingPageTables() so that pagetable entries are created without the encryption bit set. Signed-off-by: Tom Lendacky --- UefiCpuPkg/UefiCpuPkg.dec | 4 ++ OvmfPkg/OvmfPkgX64.dsc | 4 ++ MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf | 3 + OvmfPkg/PlatformPei/PlatformPei.inf | 2 + .../Core/DxeIplPeim/X64/VirtualMemory.h | 12 +++- .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 4 +- .../Core/DxeIplPeim/X64/DxeLoadFunc.c | 11 +++- .../Core/DxeIplPeim/X64/VirtualMemory.c | 49 ++++++++++---- .../MemEncryptSevLibInternal.c | 1 - .../BaseMemEncryptSevLib/X64/VirtualMemory.c | 33 ++++++++-- OvmfPkg/PlatformPei/AmdSev.c | 64 +++++++++++++++++++ 11 files changed, 164 insertions(+), 23 deletions(-) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 6ddf0cd22466..4d5a2593cf13 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -323,5 +323,9 @@ [PcdsDynamic, PcdsDynamicEx] # @ValidRange 0x80000001 | 0 - 1 gUefiCpuPkgTokenSpaceGuid.PcdCpuProcTraceOutputScheme|0x0|UINT8|0x600000= 15 =20 + ## Contains the GHCB page allocation information.

+ gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0|UINT64|0x60000016 + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0|UINT64|0x60000017 + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index dda8dac18441..d6fc7cdf7da8 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -569,6 +569,10 @@ [PcdsDynamicDefault] # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 =20 + # Set GHCB base address for SEV-ES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0 + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0 + !if $(SMM_REQUIRE) =3D=3D TRUE gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes|8 gUefiCpuPkgTokenSpaceGuid.PcdCpuSmmSyncMode|0x01 diff --git a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf b/MdeModulePkg/Core/Dx= eIplPeim/DxeIpl.inf index abc3217b0179..b994398633e3 100644 --- a/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf +++ b/MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf @@ -52,6 +52,7 @@ [Sources.ARM, Sources.AARCH64] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + UefiCpuPkg/UefiCpuPkg.dec =20 [Packages.ARM, Packages.AARCH64] ArmPkg/ArmPkg.dec @@ -110,6 +111,8 @@ [Pcd.IA32,Pcd.X64] gEfiMdeModulePkgTokenSpaceGuid.PcdNullPointerDetectionPropertyMask ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdHeapGuardPropertyMask ##= CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ##= CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase ##= CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize ##= CONSUMES =20 [Pcd.IA32,Pcd.X64,Pcd.ARM,Pcd.AARCH64] gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack ## SOMETIM= ES_CONSUMES diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index aed1f64b7c93..f53195e6dda5 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -102,6 +102,8 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase + gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h b/MdeModulePk= g/Core/DxeIplPeim/X64/VirtualMemory.h index 2d0493f109e8..6b7c38a441d6 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.h @@ -201,6 +201,8 @@ EnableExecuteDisableBit ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ VOID @@ -208,7 +210,9 @@ Split2MPageTo4K ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ); =20 /** @@ -217,6 +221,8 @@ Split2MPageTo4K ( =20 @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 @return The address of 4 level page map. =20 @@ -224,7 +230,9 @@ Split2MPageTo4K ( UINTN CreateIdentityMappingPageTables ( IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbkSize ); =20 =20 diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg= /Core/DxeIplPeim/Ia32/DxeLoadFunc.c index 172d7cd1c60c..630a3503f6ba 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c @@ -123,7 +123,7 @@ Create4GPageTablesIa32Pae ( // // Need to split this 2M page that covers stack range. // - Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + Split2MPageTo4K (PhysicalAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize, 0, 0); } else { // // Fill in the Page Directory entries @@ -278,7 +278,7 @@ HandOffToDxeCore ( // // Create page table and save PageMapLevel4 to CR3 // - PageTables =3D CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZ= E); + PageTables =3D CreateIdentityMappingPageTables (BaseOfStack, STACK_SIZ= E, 0, 0); =20 // // End of PEI phase signal diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c b/MdeModulePkg/= Core/DxeIplPeim/X64/DxeLoadFunc.c index 2867610bff4d..77da20e5c5c5 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/DxeLoadFunc.c @@ -35,6 +35,8 @@ HandOffToDxeCore ( UINT32 Index; EFI_VECTOR_HANDOFF_INFO *VectorInfo; EFI_PEI_VECTOR_HANDOFF_INFO_PPI *VectorHandoffInfoPpi; + VOID *GhcbBase; + UINTN GhcbSize; =20 if (IsNullDetectionEnabled ()) { ClearFirst4KPage (HobList.Raw); @@ -77,12 +79,19 @@ HandOffToDxeCore ( TopOfStack =3D (VOID *) ((UINTN) BaseOfStack + EFI_SIZE_TO_PAGES (STACK_= SIZE) * EFI_PAGE_SIZE - CPU_STACK_ALIGNMENT); TopOfStack =3D ALIGN_POINTER (TopOfStack, CPU_STACK_ALIGNMENT); =20 + // + // Get the address and size of the GHCB pages + // + GhcbBase =3D (VOID *) PcdGet64 (PcdGhcbBase); + GhcbSize =3D PcdGet64 (PcdGhcbSize); + PageTables =3D 0; if (FeaturePcdGet (PcdDxeIplBuildPageTables)) { // // Create page table and save PageMapLevel4 to CR3 // - PageTables =3D CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS)= (UINTN) BaseOfStack, STACK_SIZE); + PageTables =3D CreateIdentityMappingPageTables ((EFI_PHYSICAL_ADDRESS)= (UINTN) BaseOfStack, STACK_SIZE, + (EFI_PHYSICAL_ADDRESS) (= UINTN) GhcbBase, GhcbSize); } else { // // Set NX for stack feature also require PcdDxeIplBuildPageTables be T= RUE diff --git a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c b/MdeModulePk= g/Core/DxeIplPeim/X64/VirtualMemory.c index edc38e4525c4..b3c3c3276e6a 100644 --- a/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c +++ b/MdeModulePkg/Core/DxeIplPeim/X64/VirtualMemory.c @@ -180,6 +180,8 @@ EnableExecuteDisableBit ( @param Size Size of the given physical memory. @param StackBase Base address of stack. @param StackSize Size of stack. + @param GhcbBase Base address of GHCB pages. + @param GhcbSize Size of GHCB area. =20 @retval TRUE Page table should be split. @retval FALSE Page table should not be split. @@ -189,7 +191,9 @@ ToSplitPageTable ( IN EFI_PHYSICAL_ADDRESS Address, IN UINTN Size, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { if (IsNullDetectionEnabled () && Address =3D=3D 0) { @@ -208,6 +212,12 @@ ToSplitPageTable ( } } =20 + if (GhcbBase) { + if ((Address < GhcbBase + GhcbSize) && ((Address + Size) > GhcbBase)) { + return TRUE; + } + } + return FALSE; } /** @@ -321,6 +331,8 @@ AllocatePageTableMemory ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ VOID @@ -328,7 +340,9 @@ Split2MPageTo4K ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { EFI_PHYSICAL_ADDRESS PhysicalAddress4K; @@ -354,7 +368,12 @@ Split2MPageTo4K ( // // Fill in the Page Table entries // - PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncMask; + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K; + if (!GhcbBase + || (PhysicalAddress4K < GhcbBase) + || (PhysicalAddress4K >=3D GhcbBase + GhcbSize)) { + PageTableEntry->Uint64 |=3D AddressEncMask; + } PageTableEntry->Bits.ReadWrite =3D 1; =20 if ((IsNullDetectionEnabled () && PhysicalAddress4K =3D=3D 0) || @@ -382,6 +401,8 @@ Split2MPageTo4K ( @param[in, out] PageEntry1G Pointer to 1G page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ VOID @@ -389,7 +410,9 @@ Split1GPageTo2M ( IN EFI_PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry1G, IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { EFI_PHYSICAL_ADDRESS PhysicalAddress2M; @@ -412,11 +435,11 @@ Split1GPageTo2M ( =20 PhysicalAddress2M =3D PhysicalAddress; for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries < 51= 2; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M += =3D SIZE_2MB) { - if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSiz= e)) { + if (ToSplitPageTable (PhysicalAddress2M, SIZE_2MB, StackBase, StackSiz= e, GhcbBase, GhcbSize)) { // // Need to split this 2M page that covers NULL or stack range. // - Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + Split2MPageTo4K (PhysicalAddress2M, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries @@ -615,6 +638,8 @@ EnablePageTableProtection ( =20 @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB base address. + @param[in] GhcbSize GHCB size. =20 @return The address of 4 level page map. =20 @@ -622,7 +647,9 @@ EnablePageTableProtection ( UINTN CreateIdentityMappingPageTables ( IN EFI_PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN EFI_PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { UINT32 RegEax; @@ -734,8 +761,8 @@ CreateIdentityMappingPageTables ( PageDirectory1GEntry =3D (VOID *) PageDirectoryPointerEntry; =20 for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntries = < 512; IndexOfPageDirectoryEntries++, PageDirectory1GEntry++, PageAddress += =3D SIZE_1GB) { - if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize)= ) { - Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, S= tackBase, StackSize); + if (ToSplitPageTable (PageAddress, SIZE_1GB, StackBase, StackSize,= GhcbBase, GhcbSize)) { + Split1GPageTo2M (PageAddress, (UINT64 *) PageDirectory1GEntry, S= tackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries @@ -763,11 +790,11 @@ CreateIdentityMappingPageTables ( PageDirectoryPointerEntry->Bits.Present =3D 1; =20 for (IndexOfPageDirectoryEntries =3D 0; IndexOfPageDirectoryEntrie= s < 512; IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PageAddress += =3D SIZE_2MB) { - if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSiz= e)) { + if (ToSplitPageTable (PageAddress, SIZE_2MB, StackBase, StackSiz= e, GhcbBase, GhcbSize)) { // // Need to split this 2M page that covers NULL or stack range. // - Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize); + Split2MPageTo4K (PageAddress, (UINT64 *) PageDirectoryEntry, S= tackBase, StackSize, GhcbBase, GhcbSize); } else { // // Fill in the Page Directory entries diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.= c b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c index 9c1d68e017fe..1dce01dd7546 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/MemEncryptSevLibInternal.c @@ -109,7 +109,6 @@ MemEncryptSevIsEnabled ( return mSevStatus; } =20 - /** Locate the page range that covers the initial (pre-SMBASE-relocation) SM= RAM Save State Map. diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c b/Ovm= fPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c index 5e110c84ff81..3a4f223f8a86 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/VirtualMemory.c @@ -183,6 +183,8 @@ AllocatePageTableMemory ( @param[in, out] PageEntry2M Pointer to 2M page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ STATIC @@ -191,7 +193,9 @@ Split2MPageTo4K ( IN PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry2M, IN PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { PHYSICAL_ADDRESS PhysicalAddress4K; @@ -217,7 +221,12 @@ Split2MPageTo4K ( // // Fill in the Page Table entries // - PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K | AddressEncMask; + PageTableEntry->Uint64 =3D (UINT64) PhysicalAddress4K; + if (!GhcbBase + || (PhysicalAddress4K < GhcbBase) + || (PhysicalAddress4K >=3D GhcbBase + GhcbSize)) { + PageTableEntry->Uint64 |=3D AddressEncMask; + } PageTableEntry->Bits.ReadWrite =3D 1; PageTableEntry->Bits.Present =3D 1; if ((PhysicalAddress4K >=3D StackBase) && @@ -417,6 +426,8 @@ EnablePageTableProtection ( @param[in, out] PageEntry1G Pointer to 1G page entry. @param[in] StackBase Stack base address. @param[in] StackSize Stack size. + @param[in] GhcbBase GHCB page area base address. + @param[in] GhcbSize GHCB page area size. =20 **/ STATIC @@ -425,7 +436,9 @@ Split1GPageTo2M ( IN PHYSICAL_ADDRESS PhysicalAddress, IN OUT UINT64 *PageEntry1G, IN PHYSICAL_ADDRESS StackBase, - IN UINTN StackSize + IN UINTN StackSize, + IN PHYSICAL_ADDRESS GhcbBase, + IN UINTN GhcbSize ) { PHYSICAL_ADDRESS PhysicalAddress2M; @@ -450,8 +463,10 @@ Split1GPageTo2M ( (IndexOfPageDirectoryEntries++, PageDirectoryEntry++, PhysicalAddress2M +=3D SIZE_2MB)) { - if ((PhysicalAddress2M < StackBase + StackSize) && - ((PhysicalAddress2M + SIZE_2MB) > StackBase)) { + if (((PhysicalAddress2M < StackBase + StackSize) && + ((PhysicalAddress2M + SIZE_2MB) > StackBase)) || + ((PhysicalAddress2M < GhcbBase + GhcbSize) && + ((PhysicalAddress2M + SIZE_2MB) > GhcbBase))) { // // Need to split this 2M page that covers stack range. // @@ -459,7 +474,9 @@ Split1GPageTo2M ( PhysicalAddress2M, (UINT64 *)PageDirectoryEntry, StackBase, - StackSize + StackSize, + GhcbBase, + GhcbSize ); } else { // @@ -714,6 +731,8 @@ SetMemoryEncDec ( (UINT64)PageDirectory1GEntry->Bits.PageTableBaseAddress << 30, (UINT64 *)PageDirectory1GEntry, 0, + 0, + 0, 0 ); continue; @@ -768,6 +787,8 @@ SetMemoryEncDec ( (UINT64)PageDirectory2MEntry->Bits.PageTableBaseAddress << 21, (UINT64 *)PageDirectory2MEntry, 0, + 0, + 0, 0 ); continue; diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 2ae8126ccf8a..84896d4681f9 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -16,9 +16,68 @@ #include #include #include +#include +#include +#include =20 #include "Platform.h" =20 +/** + + Initialize SEV-ES support if running an SEV-ES guest. + + **/ +STATIC +VOID +AmdSevEsInitialize ( + VOID + ) +{ + VOID *GhcbBase; + PHYSICAL_ADDRESS GhcbBasePa; + UINTN GhcbPageCount; + RETURN_STATUS DecryptStatus, PcdStatus; + + if (!MemEncryptSevEsIsEnabled ()) { + return; + } + + GhcbPageCount =3D mMaxCpuCount; + + // + // Allocate GHCB pages. + // + GhcbBase =3D AllocatePages (GhcbPageCount); + ASSERT (GhcbBase); + + GhcbBasePa =3D (PHYSICAL_ADDRESS)(UINTN) GhcbBase; + + DecryptStatus =3D MemEncryptSevClearPageEncMask ( + 0, + GhcbBasePa, + GhcbPageCount, + TRUE + ); + ASSERT_RETURN_ERROR (DecryptStatus); + + BuildMemoryAllocationHob ( + GhcbBasePa, + EFI_PAGES_TO_SIZE (GhcbPageCount), + EfiBootServicesData + ); + + SetMem (GhcbBase, GhcbPageCount * SIZE_4KB, 0); + + PcdStatus =3D PcdSet64S (PcdGhcbBase, (UINT64)GhcbBasePa); + ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet64S (PcdGhcbSize, (UINT64)EFI_PAGES_TO_SIZE (GhcbPag= eCount)); + ASSERT_RETURN_ERROR (PcdStatus); + + DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting= at 0x%lx\n", GhcbPageCount, GhcbBase)); + + AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa); +} + /** =20 Function checks if SEV support is available, if present then it sets @@ -89,4 +148,9 @@ AmdSevInitialize ( EfiBootServicesData // MemoryType ); } + + // + // Check and perform SEV-ES initialization if required. + // + AmdSevEsInitialize (); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46098): https://edk2.groups.io/g/devel/message/46098 Mute This Topic: https://groups.io/mt/32966270/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46097+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 15663011663351018.8188840084395; Tue, 20 Aug 2019 04:39:26 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.77.57]) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hQhEMCjqeh3KQnzhwOlVAIkNLA1Owdb0f4d4XxzbGcw+sIX0M38Wq3cc3IaZ4cu1fgr13zCbPfHDGGLA+rq4IdptMp38l+Vn4K10+R48HjYhqzkZNRyiemY/G32+E5P+KmZOMo9UyaRDwdwUx/dGQ3LYiPEjgIUXXErVJgIPcz/TmEkzl8b/WzJ/zx1pqTmwNO59s4IyvavRCSsmcAJh5p164g4H7uf2s3zlGKZwFf7hcDqRp/CdNnYP9dn6tMbAls9bd/bA0F2wiks7lDtlI3xiEXlkWEDbxViYxgB0UDEmxicVmTag65iTrE2z0qxlIa6SNTDGiyeWEI801+mPmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MyRetcf+yn/3HCLYTXVf4pHQiKU4YRETo3ZN5m9cPxg=; b=JBXwIlJngVpdR6LeKUz/nQh8TU8yjlKWhCRC7WkFeq+mEMla1J5icgcn4MFwncuQoboqaN4THHxTIem9Ekg2xYMlKhqQzfiZHForAc5BQiBPkkc3jk20++Bk7OfYAVUaR3nIunGyCxWOHjZqFoYr0wSLjTEdKmu2HYUcHmErk/LfBuJcI0Q1GX7cgjkSKBJP/tHIZl7cwe8/hVh9ivYCnXXklUnldr6HyHo+86l7u9T0rXd1cQTL4TYJBcutaZ5vpX/BNRNftKUwSQuolQwnBHry9p05dZFxFXSTlfMR9i4jRH+kIevmSE/XnIugB/nUXPAl9daDidpjK9ZikUgaMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:54 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:54 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 06/28] OvmfPkg: A per-CPU variable area for #VC usage Thread-Topic: [RFC PATCH 06/28] OvmfPkg: A per-CPU variable area for #VC usage Thread-Index: AQHVVtYUanvxBD+q6E2MuwUQV/mnvg== Date: Mon, 19 Aug 2019 21:35:54 +0000 Message-ID: <1f3b874316842a078338be79d246e5fcafc40bd4.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 85d61f24-4b98-4dc6-9b58-08d724ed36c1 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46097+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: E40UVJraVvi+E1SZrDHUHPfv7ZN9mOxwillcN7KShSVVCOOG9BGXT8TqEvAIcdVM3Cv37ZRI8cuRDGirHSWsiNxGcSQVMWDSj0GRP2bNyO0tbe3/zwRWbnhw8K4w+1HZs/gc0wYTdeUT4Ndkgc+6398EjJuqSKxsoMQosB6WiG8dZuFxuIy760ZOHqq419Aaaw8OdNjdp5fzf0gJjonCpvNSxnOypgEFVZChErBg6Cg6G0+Z3qIbgKRwHZIuMcY/HA56OQ3uMDR7cL//CM7rOazLnjX13R30t+LVDQdV94jrIVaxkszxdsUPYUPnwGdFOQG83i7x65yUJKU9GO69c89Rt5dMaMDy9LcAzUr2Q8/YqPWU+Qk3mVEOoqVbELkRX3mGC0aZnW532gbFCfb9BWBH00jZfhNjOQjnk8WUnPg= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 85d61f24-4b98-4dc6-9b58-08d724ed36c1 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:54.3959 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nHFJQYlVD9Zu8Xk05m3L7nke5Zl8OBGJtnepBCDHHNdeW0b0yTwoG8XzK1iOSnxWrUV4KLpGWz5KlCyfaZPBGw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301166; bh=TAP9YUF3KCFZM4WSRixG+2ZwPiAFMIqSWWsjkV7bTXo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=IKu5YszBm1V77lUv0qgBe2XPjlHBpkAj96d5IB0ZHBPsrWvmGyO5NVBecznT5+yhfcq bvi9uUXAEsWeq2opLP6GpXAbRyN7HxUrGnQ9WJqo8nXBWPqO5Xt8LBHUYd6L8ck8zekwn Db3OmIFNya5thjQW2OVnufa1rT0sR8uVCOU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky A per-CPU implementation for holding values specific to a CPU when running as an SEV-ES guest, specifically to hold the Debug Register value. Allocate an extra page immediately after the GHCB page for each AP. Using the page after the GHCB ensures that it is unique per AP. But, it also ends up being marked shared/unencrypted when it doesn't need to be. It is possible, during PEI, to mark only the GHCB pages as shared, but DXE is not as easy. There needs to be a way to change the pagetables created for DXE using CreateIdentityMappingPageTables() before switching to them. Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkgX64.fdf | 8 ++++---- OvmfPkg/PlatformPei/AmdSev.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 2a2427092382..3ba3d7384745 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -70,13 +70,13 @@ [FD.MEMFD] 0x000000|0x007000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPageTablesBase|gUefiOvmfPkgTokenSpace= Guid.PcdOvmfSecPageTablesSize =20 -0x007000|0x001000 +0x007000|0x002000 gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBase|gUefiOvmfPkgTokenSpaceGuid.P= cdOvmfSecGhcbSize =20 -0x008000|0x001000 -gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize - 0x009000|0x001000 +gUefiOvmfPkgTokenSpaceGuid.PcdOvmfLockBoxStorageBase|gUefiOvmfPkgTokenSpac= eGuid.PcdOvmfLockBoxStorageSize + +0x00A000|0x001000 gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|gUefiOvmfPkgT= okenSpaceGuid.PcdGuidedExtractHandlerTableSize =20 0x010000|0x010000 diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 84896d4681f9..87ac842a1590 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -42,7 +42,7 @@ AmdSevEsInitialize ( return; } =20 - GhcbPageCount =3D mMaxCpuCount; + GhcbPageCount =3D mMaxCpuCount * 2; =20 // // Allocate GHCB pages. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46097): https://edk2.groups.io/g/devel/message/46097 Mute This Topic: https://groups.io/mt/32966269/1787277 Mute #vc: https://groups.io/mk?hashtag=3Dvc&subid=3D3901457 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46111+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301168868759.589554132065; Tue, 20 Aug 2019 04:39:28 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K3G9P7LlUYm5KUME/FVyHQE7BeR0nE2Y116xDZmrOXE/PE0+iHYrYq7DI2pDfkydqutwmu0FD6+LINziskfsX0nYqBzdbKiY4cpwJjm6Qq+TNXYtYLfL3wfItt4cZATLprWVcBjrK2+S44StWYj6xW2Zzv7K1rXVpm/Dav3watzcWcyc7vykf1uJBE4NfGVh8QpsFQmC3Jq3bc4dXN59sy9dNfz63zpIk/2cSWuCyrQE0XVyeTwO8nZHeVTSLbZDgbgDFiBpyLhCT4ztuLnK4evTCWbpQE++k3mqpni5j4UOeWPtXn/91b+ImOCejrLC7e+h0vmM/RjeaGZ8LGimeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eBNu9cI2kiYnFdSGqYg51XXLaJpdHpfAO8W+UzHTCGU=; b=cjvusd8bpX8QthkDUWq9/UMvPF3OK/Qef6eoxQsIB52lOjXUKxe4TSd0HlHABIKT13Lg53yipjRjt8tuuKlq42p7yaD8My0ZbJ1+hBv1giXwhZYrCdguL1mb7lMNFQF4qyFqeSrTxBKDVl0Bs8i51vLwogYcyHeExim5sfq7klq1XTSme5ItwnhwGIGwuhvZRiFH19omg+Xz0m3f40bWjjYqvL7y1Z1eaqeEUwIPjB1giVTkz+HIovrEwTz/BCyt0KSw5aEicZNUuGsiOLZbvV4lsE3L0P/YCc6CLbsVcvchc9bOdwVcS6CTNmcP6yS6tKO+soDxHsnuXRNtXRliwQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:55 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:55 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 07/28] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled Thread-Topic: [RFC PATCH 07/28] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled Thread-Index: AQHVVtYVQwjttoEikE67yaNazZWrMg== Date: Mon, 19 Aug 2019 21:35:55 +0000 Message-ID: <79bac50e4cea5e261c694a2b875cc2eff32bea68.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2fa6bec7-4dd2-485d-8469-08d724ed378b x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46111+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: S6j5gbIClAaa9R+2hfXO3+Xq+dMhl1bOmCuwunthFkpDwljI2rjPLiBbYqzYrauy9cwkzyXE7465YA18SxGqbhkBN1M6A1VNE+5vQRSFcaFMeGW3jO7UVe7VwvjGURmE3w3Jy7gfxHWlaYPzfAqtGzA2+dks9ka8f8m9kzdzEjR0l8QD0xFgf+nmU7chShBA7mTllyQt3K8g9Q2tO1KYyN+howwMOQj274Waae1qaw1NL44O1stUibc68gt5U3pBVs2HaKNbbOVh+Unx/gwpqWv5LmhR/INVwjDk9Za4MgIogfJF2m9YR0tD5x0sKTI2j54czvp/93BAe700rNRDI0GdThfKlOQUEnYi3K0aRjKTHYrHFbPRA5KEWGTcDlo0yVRwEJdrwotOnqSnqFulJnD4hWgtLyCUwqOC1w0Qczw= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2fa6bec7-4dd2-485d-8469-08d724ed378b X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:55.6442 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ovF80LpqZYXHYtYcIdrmsmfuln5gMo3mRenC2R0KZwSz1XhvPNOfQcJ6DFXwPt/I478V5UaKntsBT8Kvof8ROQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301168; bh=J7EPc8/OTVse3s/hf7H5RK6MqOoNdCXXoBJcU0Xrr3I=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=DNDTGphbD3yLa89XCm4SZ+5AUvE377q4C9xQU6Y2la6CjmH5gw9Fjw6/FaZVw7kKReb 1yqSQ5mgxwUsmfzpPwFWFMss1Q/cS28h1q2xxCy1hUCznRq0vN7odKfPcv2BUWt9L0KVO k3ZxX/oH/XX0XzC7qRqYUFdFM2mQvsyu4bM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky The SEV support will clear the C-bit from non-RAM areas. The early GDT lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT will be read as un-encrypted even though it is encrypted. This will result in a failure to be able to handle the exception. Move the GDT into RAM so it can be accessed without error when running as an SEV-ES guest. Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/AmdSev.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 87ac842a1590..5f4983fd36d8 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -37,6 +37,8 @@ AmdSevEsInitialize ( PHYSICAL_ADDRESS GhcbBasePa; UINTN GhcbPageCount; RETURN_STATUS DecryptStatus, PcdStatus; + IA32_DESCRIPTOR Gdtr; + VOID *Gdt; =20 if (!MemEncryptSevEsIsEnabled ()) { return; @@ -76,6 +78,20 @@ AmdSevEsInitialize ( DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting= at 0x%lx\n", GhcbPageCount, GhcbBase)); =20 AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa); + + // + // The SEV support will clear the C-bit from the non-RAM areas. Since + // the GDT initially lives in that area and it will be read when a #VC + // exception happens, it needs to be moved to RAM for an SEV-ES guest. + // + AsmReadGdtr (&Gdtr); + + Gdt =3D AllocatePool (Gdtr.Limit + 1); + ASSERT (Gdt); + + CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1); + Gdtr.Base =3D (UINTN) Gdt; + AsmWriteGdtr (&Gdtr); } =20 /** --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46111): https://edk2.groups.io/g/devel/message/46111 Mute This Topic: https://groups.io/mt/32966283/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46096+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301166166568.8608793136793; Tue, 20 Aug 2019 04:39:26 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:35:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vu9lX+9as30uEEQ+GvYsugnclsrgxxu7+Yddn8kywwjBiT8SB5Qt7lP80cLmVYz40wppJAL9b2JA4zEVq4FnlSbruStp3FV2Ivr/oy6Y0giB2icQCozaDU4TNTUy+pnWUP9XlO5rSjwizaTu/ONE4HFpLIu4LvOIXU73NT8Q9bMVW2YwYl0c0x+fj4ldWyn7XRNBlMbwa2rMAF6yYUv6g//oHV4V4ozV4ES/DuMeUzXow2oFkYgv7NUGKg2xJx53ibPoODluVp8PHh2AafXPRRX0Al+VIen7GORPAYuzHFCzwzFKL1Yi/V7nLj//a6iedluevLq/a0IfnQkReC53Og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OYXDCEodd2KhEPtNMYXDAvBiFCHk1HcbMDev7ekw9a0=; b=Uvd5Ck6qlgid2fuJ4pEKCTIy4qVa1iMfFBj+FcsYPc4WLpapOe1iAT1JM1N9FtGRsphGwV8ESPcwuVB2j78019DouNgzltMVtXyglYdT3oYJe7VHoS949b9Ry1seLna9OW5Ng4HyU0nPFUni8LBwPQRQ466/3m3alEONpdIhqlgjtcMTG1xVFszXilpESOg2QVxx2H5ykQc34xKyMcBJHcpXUZ0SNtuVJB9IGxqvqLkCOskZM02zxmupE7/Qp6xRF5ChpnAA2ZNpIEtypb4qBYcQYAp7biDC7PKLqnNohOtvue96pgih4297Dt3SWk66pnUkO/vKgvgcSAeZyeK65w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:57 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:57 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 08/28] MdePkg/BaseLib: Implement the VMGEXIT support Thread-Topic: [RFC PATCH 08/28] MdePkg/BaseLib: Implement the VMGEXIT support Thread-Index: AQHVVtYV6ovIQ0EYA0mbP9JSyXPRug== Date: Mon, 19 Aug 2019 21:35:56 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 446b6dac-e718-477b-2488-08d724ed384a x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46096+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: p0SOorQ0thc1i4auviz6ArddVVy/Fv9BRLxRZu3oS43dwa0e1uZkuhml7ZMv3JWkVTVb+AdOrWvEkxj135JAaOQIInhhIF1hLmJs9QHlIm8qQAT3arjTcBnC2F4s0/shbLLHdNaimT46wj1io8ZbNs3yZQKRw3vYOYZbfM4naCPrNxb4eqrL8OmCJd5wc+yHVS5VyKnicAVLeQX5jH+Bh+dX9CGTgAB4A7VhlZUzg3Y2imcR/oahHtWPfx8clrggMoyOr5TIzSWtOp+rw4asgWfX2J8VRuvO2UYE37AFSK7mYtd0j/d3uMtuhqrGtorRW2DFoWHd0dZR4Cv29Obgv8vOFdhaDDnT/Mw2Dtoj6WBDcP5yC2x/BXAOUKe+dm77sQL4ev+0C1VPPqIFW0ux1QDIEQEK5fbE8LcxoiiEjWg= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 446b6dac-e718-477b-2488-08d724ed384a X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:56.8875 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Hbk0UCwxnnzZgccpMJ/IL+HsYX8TMzCsQD7hdaGMt2ApUt0l4OzfKqdtGIovoMD0fXruxmvFqw4tklwMQH66QQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301165; bh=/ic8lkLExIqt+OkayT1oZ6fAKTp+bf4HSsGvCLDUSKc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=w2hxk3rFL3NkpA2crAk5aLQp+tEx+NDlbIfLpVsXM8CU7IjByaNNG038abvghluRiNF reYsWxvGAp4WVu/24OlruUHZ/idD5eSAf5MeQcS4gLvE7y0fq7cLMFaDRYJxhHj8uOfhN J5dVWW9Q0jkv15ZC/VeKai+TEsW8GYU68oQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky VMGEXIT is a new instruction used for Hypervisor/Guest communication when running as an SEV-ES guest. A VMGEXIT will cause an automatic exit (AE) to occur, resulting in a #VMEXIT with an exit code value of 0x403. To support VMGEXIT, define the VMGEXIT assember routine to issue the instruction (rep; vmmcall), the GHCB structure and some helper functions for communicating register information to and from the hypervisor and the guest. Signed-off-by: Tom Lendacky --- MdePkg/Library/BaseLib/BaseLib.inf | 1 + MdePkg/Include/Library/BaseLib.h | 14 ++ UefiCpuPkg/Include/Register/Amd/Ghcb.h | 197 ++++++++++++++++++++++++ MdePkg/Library/BaseLib/X64/GccInline.c | 17 ++ MdePkg/Library/BaseLib/X64/VmgExit.nasm | 38 +++++ 5 files changed, 267 insertions(+) create mode 100644 UefiCpuPkg/Include/Register/Amd/Ghcb.h create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/Ba= seLib.inf index 3586beb0ab5c..a41401340f95 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -286,6 +286,7 @@ [Sources.X64] X64/ReadCr2.nasm| MSFT X64/ReadCr0.nasm| MSFT X64/ReadEflags.nasm| MSFT + X64/VmgExit.nasm | MSFT =20 =20 X64/Non-existing.c diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base= Lib.h index 2a75bc023f56..80bd5cf57a72 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -7880,6 +7880,20 @@ AsmLfence ( VOID ); =20 +/** + Executes a VMGEXIT instruction (VMMCALL with a REP prefix) + + Executes a VMGEXIT instruction. This function is only available on IA-32= and + x64. + +**/ +VOID +EFIAPI +AsmVmgExit ( + VOID + ); + + /** Patch the immediate operand of an IA32 or X64 instruction such that the = byte, word, dword or qword operand is encoded at the end of the instruction's diff --git a/UefiCpuPkg/Include/Register/Amd/Ghcb.h b/UefiCpuPkg/Include/Re= gister/Amd/Ghcb.h new file mode 100644 index 000000000000..e9fd116fac25 --- /dev/null +++ b/UefiCpuPkg/Include/Register/Amd/Ghcb.h @@ -0,0 +1,197 @@ + +#ifndef __GHCB_H__ +#define __GHCB_H__ + +#include +#include +#include + +#define UD_EXCEPTION 6 +#define GP_EXCEPTION 13 + +#define GHCB_VERSION_MIN 1 +#define GHCB_VERSION_MAX 1 + +#define GHCB_STANDARD_USAGE 0 + +typedef enum { + SvmExitDr7Read =3D 0x27, + SvmExitDr7Write =3D 0x37, + SvmExitRdtsc =3D 0x6E, + SvmExitRdpmc, + SvmExitCpuid =3D 0x72, + SvmExitInvd =3D 0x76, + SvmExitIoioProt =3D 0x7B, + SvmExitMsr, + SvmExitVmmCall =3D 0x81, + SvmExitRdtscp =3D 0x87, + SvmExitWbinvd =3D 0x89, + SvmExitMonitor, + SvmExitMwait, + SvmExitNpf =3D 0x400, + + // VMG special exits + SvmExitMmioRead =3D 0x80000001, + SvmExitMmioWrite, + SvmExitNmiComplete, + SvmExitApResetHold, + + SvmExitUnsupported =3D 0x8000FFFF, +} SVM_EXITCODE; + +typedef enum { + GhcbCpl =3D 25, + GhcbRflags =3D 46, + GhcbRip, + GhcbRsp =3D 59, + GhcbRax =3D 63, + GhcbRcx =3D 97, + GhcbRdx, + GhcbRbx, + GhcbRbp =3D 101, + GhcbRsi, + GhcbRdi, + GhcbR8, + GhcbR9, + GhcbR10, + GhcbR11, + GhcbR12, + GhcbR13, + GhcbR14, + GhcbR15, + GhcbXCr0 =3D 125, +} GHCB_REGISTER; + +typedef struct { + UINT8 Reserved1[203]; + UINT8 Cpl; + UINT8 Reserved2[148]; + UINT64 Dr7; + UINT8 Reserved3[144]; + UINT64 Rax; + UINT8 Reserved4[264]; + UINT64 Rcx; + UINT64 Rdx; + UINT64 Rbx; + UINT8 Reserved5[112]; + UINT64 SwExitCode; + UINT64 SwExitInfo1; + UINT64 SwExitInfo2; + UINT64 SwScratch; + UINT8 Reserved6[56]; + UINT64 XCr0; + UINT8 ValidBitmap[16]; + UINT64 X87StateGpa; + UINT8 Reserved7[1016]; +} __attribute__ ((__packed__)) GHCB_SAVE_AREA; + +typedef struct { + GHCB_SAVE_AREA SaveArea; + UINT8 SharedBuffer[2032]; + UINT8 Reserved1[10]; + UINT16 ProtocolVersion; + UINT32 GhcbUsage; +} __attribute__ ((__packed__)) __attribute__ ((aligned(SIZE_4KB))) GHCB; + +typedef union { + struct { + UINT32 Lower32Bits; + UINT32 Upper32Bits; + } Elements; + + UINT64 Uint64; +} GHCB_EXIT_INFO; + +static inline +BOOLEAN +GhcbIsRegValid( + GHCB *Ghcb, + GHCB_REGISTER Reg + ) +{ + UINT32 RegIndex =3D Reg / 8; + UINT32 RegBit =3D Reg & 0x07; + + return (Ghcb->SaveArea.ValidBitmap[RegIndex] & (1 << RegBit)); +} + +static inline +VOID +GhcbSetRegValid( + GHCB *Ghcb, + GHCB_REGISTER Reg + ) +{ + UINT32 RegIndex =3D Reg / 8; + UINT32 RegBit =3D Reg & 0x07; + + Ghcb->SaveArea.ValidBitmap[RegIndex] |=3D (1 << RegBit); +} + +static inline +VOID +VmgException( + UINTN Exception + ) +{ + switch (Exception) { + case UD_EXCEPTION: + case GP_EXCEPTION: + break; + default: + ASSERT (0); + } +} + +static inline +UINTN +VmgExit( + GHCB *Ghcb, + UINT64 ExitCode, + UINT64 ExitInfo1, + UINT64 ExitInfo2 + ) +{ + GHCB_EXIT_INFO ExitInfo; + UINTN Reason, Action; + + Ghcb->SaveArea.SwExitCode =3D ExitCode; + Ghcb->SaveArea.SwExitInfo1 =3D ExitInfo1; + Ghcb->SaveArea.SwExitInfo2 =3D ExitInfo2; + AsmVmgExit (); + + if (!Ghcb->SaveArea.SwExitInfo1) { + return 0; + } + + ExitInfo.Uint64 =3D Ghcb->SaveArea.SwExitInfo1; + Reason =3D ExitInfo.Elements.Upper32Bits; + Action =3D ExitInfo.Elements.Lower32Bits; + switch (Action) { + case 1: + VmgException (Reason); + break; + default: + ASSERT (0); + } + + return Reason; +} + +static inline +VOID +VmgInit( + GHCB *Ghcb + ) +{ + SetMem (&Ghcb->SaveArea, sizeof (Ghcb->SaveArea), 0); +} + +static inline +VOID +VmgDone( + GHCB *Ghcb + ) +{ +} +#endif diff --git a/MdePkg/Library/BaseLib/X64/GccInline.c b/MdePkg/Library/BaseLi= b/X64/GccInline.c index 154ce1f57e92..17539caa0798 100644 --- a/MdePkg/Library/BaseLib/X64/GccInline.c +++ b/MdePkg/Library/BaseLib/X64/GccInline.c @@ -1798,3 +1798,20 @@ AsmFlushCacheLine ( } =20 =20 +/** + Executes a VMGEXIT instruction. + + Executes a VMGEXIT instruction. This function is only available on IA-32= and + X64. + +**/ +VOID +EFIAPI +AsmVmgExit ( + VOID + ) +{ + __asm__ __volatile__ ("rep; vmmcall":::"memory"); +} + + diff --git a/MdePkg/Library/BaseLib/X64/VmgExit.nasm b/MdePkg/Library/BaseL= ib/X64/VmgExit.nasm new file mode 100644 index 000000000000..b673bb94b60d --- /dev/null +++ b/MdePkg/Library/BaseLib/X64/VmgExit.nasm @@ -0,0 +1,38 @@ +;-------------------------------------------------------------------------= ----- +; +; Copyright (c) 2019, Advanced Micro Device, Inc. All rights reserved.
+; This program and the accompanying materials +; are licensed and made available under the terms and conditions of the BS= D License +; which accompanies this distribution. The full text of the license may b= e found at +; http://opensource.org/licenses/bsd-license.php. +; +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +; +; Module Name: +; +; VmgExit.Asm +; +; Abstract: +; +; AsmVmgExit function +; +; Notes: +; +;-------------------------------------------------------------------------= ----- + + DEFAULT REL + SECTION .text + +;-------------------------------------------------------------------------= ----- +; VOID +; EFIAPI +; AsmVmgExit ( +; VOID +; ); +;-------------------------------------------------------------------------= ----- +global ASM_PFX(AsmVmgExit) +ASM_PFX(AsmVmgExit): + rep; vmmcall + ret + --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46096): https://edk2.groups.io/g/devel/message/46096 Mute This Topic: https://groups.io/mt/32960649/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46112+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301169057436.39123927663707; Tue, 20 Aug 2019 04:39:29 -0700 (PDT) Return-Path: X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.77.53]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:00 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SlVd9JiUGhj776tV8AzBvQV4kJ0YaBHtDkeP5SgJ1bNJab5oBnw+zaEXAuZWRMaf7vjPQMxqBBxx0phjFpC1Tx1sx/3ZY9VadiFn+GxOz/ZZw3qzU2jcrqm5S0bZtOR3RxJmP0MydlJKjigwKWUdBpYWvtxCSKxY3AWLK4Zu27bAWNpby3IL9WXYAlsnxPse6zsPPjmIjEDdQAmeah8JPiE3lnXf3KFCGL74XYD2BgCkbsj3RW6TaQfng9y1EhcYPEwDHINKl9UOpvFQh665/UEEW7DcajyKxOrAEhXxlU9vvx0uGgZKlIIwCQcivve9xLzHfcm4A2PN0TIwwz7ytg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eVgT3psR97sAECyp0sDdgbEUTwZq11eJhts1TfIZ9RU=; b=K34EX+vy1XjuHWeB26r7fuKLx6Y/lBBdYg/EvBriEbkxEbCokXGOvIeWyMRTsocSBvUujuOss60FQj5Kir/PpjQvGwjc5cVmkFPXQ9EwnAbNS27IFSsWRWzWZy3UXMC2H6AlDYubJz2hkszikg7JhmdBsTHTIcFfETvDq0a0b/1S9s3gU2tkU20i+E/N8a0WKDbAo+9SPENUOqj9K0zwpHOw53UlwDJBnpQLU7gatu51+OKX9ZKlGlg+BhESP2jEb0eElT7zarmJW+mkJI5GC8fEsEw+QNszzbdU/vKDs0+gHFCEDlMuSgm+kI1eUEi4lsQeKgIiBt/XvtGDzP/7bg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:35:58 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:58 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 09/28] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception Thread-Topic: [RFC PATCH 09/28] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception Thread-Index: AQHVVtYWuB1gx3cKxUihpXcQ8P/SXQ== Date: Mon, 19 Aug 2019 21:35:58 +0000 Message-ID: <81a4c47369cb5566274143dc09fc0917d0928050.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b5cabe1f-92a8-40ee-8357-08d724ed390b x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46112+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: H5jL4rztHV3dsKTQlL9UldAsaYgwB5sTqhC6ODHakH6Jxuzs86YeHFb8ToqOXhi0KNyShBa6hLbPE5BreBRpU3dWzOPAYre7JMpYZjeK5+YCdVCpSvcI1WnOwETL2ckpteW0YARxRKr8/oMIs307q3qhnJDNMYjek2UNEWIeZo8xKDcA8i5Qi+NmouJBi2mu50SMOhR/CcLmCMSb2D+Wl3BKL9HjtAaidHuNIlN602FTXRVb6gVXBpUyzkQ+sDeA+cr0ZUd4bdETbn4J7e61owT3bLqX3CYy2kZmmfrxxYWgkw0Uci1yaxA5AwcHMTlSGS8utuj1UaYIaBGvzj8Zh9U+lELMzcmnwHMbVxtXG6KDP+XtULddGNyGToW0PeW05U16HyiChYJWgtG3XmHo6KCV8cS0YWOm55aShQmSsko= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b5cabe1f-92a8-40ee-8357-08d724ed390b X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:58.2287 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yhguUQ81GOGQbpFULSSFb6fNP2sMpF16GnHg1ijabIxssT5djL3//98zGtOmiOBmAmzTAtcf1oLVsIlJ31yE+A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <5B60B824893F494AB357A3250EA9ECD5@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301168; bh=l03Eeg9MSJ1Pw4GPxgf7x1CaJ3eyFxRkmdRDNbpYmHA=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=pQt7B3hBuvXSF64xzNHG9YtosG0o1XhVxfvYa8XxrW1pyFBeRPm5sreqaImQZzbXdIg 8hhI8JCDHPLAK3biqtWILidVuxU0JSrsz+8jBjjLDrnCJPcQFdJOBFSETDippqupVdlyX lhU1FCfrrJTlI0xT55dz3nAh3sL5quFET9U= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Add base support to handle #VC exceptions. This includes a stub routine to invoke when a #VC exception occurs and special checks in the common exception handlers to invoke the #VC exception handler routine. Signed-off-by: Tom Lendacky --- .../DxeCpuExceptionHandlerLib.inf | 2 ++ .../PeiCpuExceptionHandlerLib.inf | 2 ++ .../SecPeiCpuExceptionHandlerLib.inf | 2 ++ .../CpuExceptionHandlerLib/AMDSevVcCommon.h | 12 ++++++++++++ .../CpuExceptionHandlerLib/CpuExceptionCommon.h | 2 ++ .../CpuExceptionHandlerLib/CpuExceptionCommon.c | 2 +- .../PeiDxeAMDSevVcHandler.c | 11 +++++++++++ .../PeiDxeSmmCpuException.c | 16 ++++++++++++++++ .../CpuExceptionHandlerLib/SecAMDSevVcHandler.c | 11 +++++++++++ .../CpuExceptionHandlerLib/SecPeiCpuException.c | 16 ++++++++++++++++ 10 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommo= n.h create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevV= cHandler.c create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHa= ndler.c diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandl= erLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandle= rLib.inf index e41383573043..331ae7334c45 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.i= nf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.i= nf @@ -37,6 +37,8 @@ [Sources.common] CpuExceptionCommon.c PeiDxeSmmCpuException.c DxeException.c + PeiDxeAMDSevVcHandler.c + AMDSevVcCommon.h =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandl= erLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandle= rLib.inf index f31423ac0f91..89b5d496e56f 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.i= nf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.i= nf @@ -37,6 +37,8 @@ [Sources.common] CpuExceptionCommon.c PeiCpuException.c PeiDxeSmmCpuException.c + PeiDxeAMDSevVcHandler.c + AMDSevVcCommon.h =20 [Packages] MdePkg/MdePkg.dec diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHa= ndlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException= HandlerLib.inf index 6d25cafe2ca3..5e5ab6244b11 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLi= b.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLi= b.inf @@ -36,6 +36,8 @@ [Sources.common] CpuExceptionCommon.h CpuExceptionCommon.c SecPeiCpuException.c + SecAMDSevVcHandler.c + AMDSevVcCommon.h =20 [Packages] MdePkg/MdePkg.dec diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h b/U= efiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h new file mode 100644 index 000000000000..ee52f3b5220d --- /dev/null +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h @@ -0,0 +1,12 @@ + +#ifndef _AMD_SEV_VC_COMMON_H_ +#define _AMD_SEV_VC_COMMON_H_ + +#include + +UINTN +DoVcException( + EFI_SYSTEM_CONTEXT Context + ); + +#endif diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h index 805dd9cbb4ff..0f274e7ea328 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.h @@ -24,6 +24,8 @@ #define CPU_INTERRUPT_NUM 256 #define HOOKAFTER_STUB_SIZE 16 =20 +#define VC_EXCEPTION 29 + // // Exception Error Code of Page-Fault Exception // diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c index 8adbd43fefb4..39e4dd9e9417 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/CpuExceptionCommon.c @@ -14,7 +14,7 @@ // // 1 means an error code will be pushed, otherwise 0 // -CONST UINT32 mErrorCodeFlag =3D 0x00227d00; +CONST UINT32 mErrorCodeFlag =3D 0x20227d00; =20 // // Define the maximum message length diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevVcHandle= r.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevVcHandler.c new file mode 100644 index 000000000000..1e027b3f2964 --- /dev/null +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevVcHandler.c @@ -0,0 +1,11 @@ + +#include "CpuExceptionCommon.h" +#include "AMDSevVcCommon.h" + +UINTN +DoVcException( + EFI_SYSTEM_CONTEXT Context + ) +{ + return 0; +} diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuExceptio= n.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c index 72c2aeca4c13..0c248e7eb904 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeSmmCpuException.c @@ -7,6 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "CpuExceptionCommon.h" +#include "AMDSevVcCommon.h" #include =20 /** @@ -86,6 +87,21 @@ CommonExceptionHandlerWorker ( break; } =20 + if (ExceptionType =3D=3D VC_EXCEPTION) { + UINTN Status; + // + // #VC must be handled for an SEV-ES guest + // + Status =3D DoVcException(SystemContext); + if (Status) { + // Exception not handled - Status contains the desired exception now + ExceptionType =3D Status; + } else { + // Exception handled + return; + } + } + if (ExternalInterruptHandler !=3D NULL && ExternalInterruptHandler[ExceptionType] !=3D NULL) { (ExternalInterruptHandler[ExceptionType]) (ExceptionType, SystemContex= t); diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c new file mode 100644 index 000000000000..1e027b3f2964 --- /dev/null +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c @@ -0,0 +1,11 @@ + +#include "CpuExceptionCommon.h" +#include "AMDSevVcCommon.h" + +UINTN +DoVcException( + EFI_SYSTEM_CONTEXT Context + ) +{ + return 0; +} diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c index 20148db74cf8..998a90ba61a6 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException.c @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include #include "CpuExceptionCommon.h" +#include "AMDSevVcCommon.h" =20 CONST UINTN mDoFarReturnFlag =3D 0; =20 @@ -24,6 +25,21 @@ CommonExceptionHandler ( IN EFI_SYSTEM_CONTEXT SystemContext ) { + if (ExceptionType =3D=3D VC_EXCEPTION) { + UINTN Status; + // + // #VC must be handled for an SEV-ES guest + // + Status =3D DoVcException(SystemContext); + if (Status) { + // Exception not handled - Status contains the desired exception now + ExceptionType =3D Status; + } else { + // Exception handled + return; + } + } + // // Initialize the serial port before dumping. // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46112): https://edk2.groups.io/g/devel/message/46112 Mute This Topic: https://groups.io/mt/32966284/1787277 Mute #vc: https://groups.io/mk?hashtag=3Dvc&subid=3D3901457 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46105+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301167878706.0668036587116; Tue, 20 Aug 2019 04:39:27 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.63]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:01 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iLnrSHkifv8c2kvginqsw1Z06OOMKO3Kmryl5AW03olL4AFJm7+989rCFC+P/RVZk6x0Y1l4EtU5d+AtqwtajTJ5PKAYowR6+xhj7nzML30+1KDj/AIBYDXh027q305++XUKCqWnsZ8ueaK2X81gyczlwHXD1je+A6eUqIs8szS/ILBy6TUGT6ofAr1HNHibI2VJA/gPhW41I4tXmB6SWyaMhVtiESyZbg+uT/Lz0ooR4u3dCzYskbyTIh+gChcqg0Q/EbDoPnz6KinIXvTs9ENxhNt37/4Q2JJosyR6ONB5OnvaUKW1jQbGS6irWd6J0dAc+7Su2pzD/28LrfsfJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bLoMFf82FiUF8KWca7Jj5hJ7fQO3A+oTay0RbiiRpg0=; b=iaDefCQ9JaNNE9dMMX3PG/5sPKirWtmiZk7/2m8stu+pk1+Sz/b5seQe/A4z0dYIg4YXS3kMqyf3r6pjcUidZrb0moS7G90xOXtFuGlQ5xQQK52M6mwDlgh+Dz6M4uKcE9UCv0oOohbI1kYQFeCNe4Vb4Fsz7/2CDvzgMUXVdOvorxIgQy6zDMEBWKB5AWHCzfyJj3DFsPDlT6GvUq+jdcTe3uk0yllpqRmaxmufMTYD1Ih5uKzSu8AoJe7+Bso0ooY0ABwzuZaBg0xs67OulLoZJc57N2PSEo5wChRDWX+kT8B/Smu/pT2nUGphFIpPMdRsiSlcKYtxO69Kul31sA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:35:59 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:59 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 10/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Sec phase Thread-Topic: [RFC PATCH 10/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Sec phase Thread-Index: AQHVVtYXXVuQbRGlrUCvu8MUEo5B2A== Date: Mon, 19 Aug 2019 21:35:59 +0000 Message-ID: <0eb5cfa2ec3ba07a06da84a2bb8ed6f5feca54bf.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4520f619-90ac-4dcb-7db2-08d724ed39d6 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46105+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: kXTV+vGQEJM8Jc6L9sxZy/zT6wM2UNt89nsvE7h89+JQ8/IGIxqKaI5AGI/Yr2MOpbvmdd24PlGNXGTWTWKWDH6PIA7ooWYmVcl7nfYa6jJwgE7j0psERzZCQBwkJ8dinOuCTWoUkU4X2AwpgKwWj7syE17oYldQ3Naj/X2tcy4v3bspg/8RnFxAhCAEuk4o//qlv7/Q/bKty3mTqswk8KXie6D1xO0/s41jfiHwNoVDt0z9ek4OsSRsTrihJTXmLcHBj4Z2wX97lNwvv3Ji4WmxKJLwC3Qx+7efunoPjPN2QTJPZ0M6HDMarARyjjNultQz7amd6kqU1mzfmbU7Q83FXZbh5YCE10Qk+s9B0PCihNODudUGksgTNrjRUW6gxrfuenYNn7rt7B1FZsHbq+pMvMm7oOQPYhpkhGogyYA= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4520f619-90ac-4dcb-7db2-08d724ed39d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:59.5050 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: w1oErIJzOVdr3pB2Ha+PjYKWtaCjQlrRV3BWH34WQPLdwW/Y2OchK69MYYxAc3/QD8U01igiPi7mvcbTEY75fA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <7678AB5A0505084C8393C7D5E4FC264D@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301167; bh=Uns10FNxsOWFiiCuB2F29NYB1maqWurX1DBhHyhtQbg=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=sU5O1sDMeLawyFOo0+gZmVZTeb6zgO1xWj7Soqq0+M8pB1WZ10poCEDAL18x5ImZHbB 0anaTgL5xMJWGaGY5nrKLAU8Y2XPX+eLOhNrUIj8/zCfkbaHRLwBN52I2A+Ljxz4te2Xq G67INB6WR7aEiKCSkZb6iEDLIQRRpMiSYqs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky An SEV-ES guest will generate a #VC exception when it encounters a non-automatic exit (NAE) event. It is expected that the #VC exception handler will communicate with the hypervisor using the GHCB to handle the NAE event. NAE events can occur during the Sec phase, so initialize exception handling early in the OVMF Sec support. Add to the basic #VC exception handler to set the GHCB MSR to a pre-allocated GHCB and call a common #VC handler. Signed-off-by: Tom Lendacky --- OvmfPkg/Sec/SecMain.inf | 1 + .../SecPeiCpuExceptionHandlerLib.inf | 2 ++ .../CpuExceptionHandlerLib/AMDSevVcCommon.h | 7 ++++ MdePkg/Library/BaseLib/Ia32/GccInline.c | 17 +++++++++ OvmfPkg/Sec/SecMain.c | 29 ++++++++------- .../Ia32/AMDSevVcCommon.c | 13 +++++++ .../SecAMDSevVcHandler.c | 36 ++++++++++++++++++- .../X64/AMDSevVcCommon.c | 27 ++++++++++++++ 8 files changed, 118 insertions(+), 14 deletions(-) create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVc= Common.c create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcC= ommon.c diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 63ba4cb555fb..7f53845f5436 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -50,6 +50,7 @@ [LibraryClasses] PeCoffExtraActionLib ExtractGuidedSectionLib LocalApicLib + CpuExceptionHandlerLib =20 [Ppis] gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHa= ndlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException= HandlerLib.inf index 5e5ab6244b11..1b3605af5ca4 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLi= b.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLi= b.inf @@ -26,11 +26,13 @@ [Sources.Ia32] Ia32/ExceptionTssEntryAsm.nasm Ia32/ArchExceptionHandler.c Ia32/ArchInterruptDefs.h + Ia32/AMDSevVcCommon.c =20 [Sources.X64] X64/ExceptionHandlerAsm.nasm X64/ArchExceptionHandler.c X64/ArchInterruptDefs.h + X64/AMDSevVcCommon.c =20 [Sources.common] CpuExceptionCommon.h diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h b/U= efiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h index ee52f3b5220d..94f9e6e5122d 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h @@ -3,10 +3,17 @@ #define _AMD_SEV_VC_COMMON_H_ =20 #include +#include =20 UINTN DoVcException( EFI_SYSTEM_CONTEXT Context ); =20 +UINTN +DoVcCommon( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT Context + ); + #endif diff --git a/MdePkg/Library/BaseLib/Ia32/GccInline.c b/MdePkg/Library/BaseL= ib/Ia32/GccInline.c index 5287200f8754..55d2e12bcdc9 100644 --- a/MdePkg/Library/BaseLib/Ia32/GccInline.c +++ b/MdePkg/Library/BaseLib/Ia32/GccInline.c @@ -1763,3 +1763,20 @@ AsmFlushCacheLine ( } =20 =20 +/** + Executes a VMGEXIT instruction. + + Executes a VMGEXIT instruction. This function is only available on IA-32= and + X64. + +**/ +VOID +EFIAPI +AsmVmgExit ( + VOID + ) +{ + __asm__ __volatile__ ("rep; vmmcall":::"memory"); +} + + diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 2448be0cd408..021c1bd30711 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -24,6 +24,7 @@ #include #include #include +#include =20 #include =20 @@ -737,6 +738,21 @@ SecCoreStartupWithStack ( Table[Index] =3D 0; } =20 + // + // Initialize IDT + // + IdtTableInStack.PeiService =3D NULL; + for (Index =3D 0; Index < SEC_IDT_ENTRY_COUNT; Index ++) { + CopyMem (&IdtTableInStack.IdtTable[Index], &mIdtEntryTemplate, sizeof = (mIdtEntryTemplate)); + } + + IdtDescriptor.Base =3D (UINTN)&IdtTableInStack.IdtTable; + IdtDescriptor.Limit =3D (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); + + AsmWriteIdtr (&IdtDescriptor); + + InitializeCpuExceptionHandlers (NULL); + ProcessLibraryConstructorList (NULL, NULL); =20 // @@ -756,19 +772,6 @@ SecCoreStartupWithStack ( // InitializeFloatingPointUnits (); =20 - // - // Initialize IDT - // =20 - IdtTableInStack.PeiService =3D NULL; - for (Index =3D 0; Index < SEC_IDT_ENTRY_COUNT; Index ++) { - CopyMem (&IdtTableInStack.IdtTable[Index], &mIdtEntryTemplate, sizeof = (mIdtEntryTemplate)); - } - - IdtDescriptor.Base =3D (UINTN)&IdtTableInStack.IdtTable; - IdtDescriptor.Limit =3D (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); - - AsmWriteIdtr (&IdtDescriptor); - #if defined (MDE_CPU_X64) // // ASSERT that the Page Tables were set by the reset vector code to diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVcCommon.= c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVcCommon.c new file mode 100644 index 000000000000..1b0c44bd6a61 --- /dev/null +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVcCommon.c @@ -0,0 +1,13 @@ + +#include +#include +#include "AMDSevVcCommon.h" + +UINTN +DoVcCommon ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT Context + ) +{ + return GP_EXCEPTION; +} diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c index 1e027b3f2964..a32025d3481b 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c @@ -1,11 +1,45 @@ =20 +#include +#include #include "CpuExceptionCommon.h" #include "AMDSevVcCommon.h" =20 + +#define GHCB_INIT 0x807000 + UINTN DoVcException( EFI_SYSTEM_CONTEXT Context ) { - return 0; + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + if (Msr.Bits.GhcbNegotiateBit) { + if (Msr.GhcbProtocol.SevEsProtocolMin > Msr.GhcbProtocol.SevEsProtocol= Max) { + ASSERT (0); + return GP_EXCEPTION; + } + + if ((Msr.GhcbProtocol.SevEsProtocolMin > GHCB_VERSION_MAX) || + (Msr.GhcbProtocol.SevEsProtocolMax < GHCB_VERSION_MIN)) { + ASSERT (0); + return GP_EXCEPTION; + } + + Msr.GhcbPhysicalAddress =3D GHCB_INIT; + AsmWriteMsr64(MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + Ghcb =3D Msr.Ghcb; + SetMem (Ghcb, sizeof (*Ghcb), 0); + + /* Set the version to the maximum that can be supported */ + Ghcb->ProtocolVersion =3D MIN (Msr.GhcbProtocol.SevEsProtocolMax, GHCB= _VERSION_MAX); + Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE; + } + + return DoVcCommon(Ghcb, Context); } diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c new file mode 100644 index 000000000000..18e462ce80a2 --- /dev/null +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -0,0 +1,27 @@ + +#include +#include +#include "AMDSevVcCommon.h" + +UINTN +DoVcCommon ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT Context + ) +{ + EFI_SYSTEM_CONTEXT_X64 *Regs =3D Context.SystemContextX64; + UINTN ExitCode; + UINTN Status; + + VmgInit (Ghcb); + + ExitCode =3D Regs->ExceptionData; + switch (ExitCode) { + default: + Status =3D VmgExit (Ghcb, SvmExitUnsupported, ExitCode, 0); + } + + VmgDone (Ghcb); + + return Status; +} --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46105): https://edk2.groups.io/g/devel/message/46105 Mute This Topic: https://groups.io/mt/32966277/1787277 Mute #vc: https://groups.io/mk?hashtag=3Dvc&subid=3D3901457 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46113+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301169183808.5167836468892; Tue, 20 Aug 2019 04:39:29 -0700 (PDT) Return-Path: X-Received: from NAM01-BN3-obe.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com [40.107.74.87]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:03 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=N9Ui3PbHhpWAiluxGUzmt2sNT8TGXxhYqS0CXRO157g31cd5BF39+l19jgZKya0l+P3FAhXT8JtwH5wdNHQcjvZg/gBgn4o0cPQF2oQEYRt7HgEu00ND7pQtBXlDavXnT0bpsHqUrBsua/VVvKbmMHGtjqhh1IyOjADk0XsZOkKXyvNHq4MsWvu8DE54lPjQghbOGp39w3MgoqZ2/OiAHyNKefAlkOQropJAkF8jnCAk73HM2mFkrVEvvPsRnXsbZmJLF3/XMrvTKm0al+Uq4PlXuia5k5e8OfDtfYn8TeKoXJWTYVBmS4UnEbhu6Yu/LRTdT/ssEikPfWzCFE1GcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZUJPuSxk596uC+bEoWMTxlGvMa7K3qXJG7FxC0pZ6Io=; b=JbZ9+W+2vQuSeQkW+RO1AhSCgf+CYFyAXou8iMySjxvuDCCJVxxlB2xY6tTMiB4vhDF8cMSlOlDN9YNrqEXA+LdF5F101XYIF4U5nW7BZXFdgZyrkVZ/52nTjMzO2692DcPo8eSfbxwRLEskpi2qBtoHenWAQqbpDITgnH4qdo1+ZXLba1hYvKl2PDSBQM7BGhPtFxejl53phMPNQ/SKalfraXdE1y2kTjARC+Uagc5F/0pUi7IU/QRVD+XWxKd1SGlMeEKSvsIt9w6YmupccCIUxh9bXD0De+1ltrwVRaS0bsivvCBMlEwVHA1ge9jkiLql8oQfD/+1jRI5cmd+Bw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:36:01 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:01 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 11/28] UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE events Thread-Topic: [RFC PATCH 11/28] UefiCpuPkg/CpuExceptionHandler: Add support for IOIO_PROT NAE events Thread-Index: AQHVVtYYHJtCQV9XdEiFQuswsi0suw== Date: Mon, 19 Aug 2019 21:36:00 +0000 Message-ID: <3bd16f3302506b585185507c9f0282b06913f803.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 35ee6a1c-ed0b-426b-21a4-08d724ed3a9c x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46113+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: IXBFwk+ckItqDePdi85XbDTMWB1aEc31+D8mJqdPDRdJFtQwZk2a3ru0oicxHw8V7V9qgU3Lu4sbRdUo/4ZrFQR2ICQFR4heSNtiNps4tnzIrl58MUxBW05NahdW/1PgbJNlUY0mf2pAcyRaywepubDrtyPNV0WKZRwfe88MJ7efHBPurEqnDrDqDBcYwN/3ytApo0kI8QfXd6Q3tQdjMwjJN4rYhm73FEYG/y7AUxpZLhR23lDh2bygI+oANyPOMXna7wg7TVjBnh0Na2JEooqScI6uIpvBfUC0tfBaaLQ1z342UppCCnPcAv4MDoUhu4Zk1kT7ixHPvE8dF6ixbqonvbyM6xwgnUiaxTT81Eb9Nk9Jqtvlb6R4fI6L24Ta3PEBJc3DPW4Rgi7I48zDs+FiwFE5WnS4tJzt7NTWoG4= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 35ee6a1c-ed0b-426b-21a4-08d724ed3a9c X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:00.8672 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +2xv05xKCpqFvkihqFaKzCneHEd/41iJKFpwancwnwfq2p1opUXOjFctfCRWlFyvHtB6ObhwdH34QB/wvqT/DQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <395A312C47828D46977EC0F53228F65B@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301168; bh=0p27Kdfmz33q3dpuWpu6Lcrw+kUUxRd8XH61/XcTgqM=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=prnXA717tb6Ye8qVH0k2R5Hz8urcM2BbV1v7/sq6FccpvhCMMU2v9x6bKrMMKEsG69L bJCJguAyz6jrlfPrMCPHo3gx3xPT909KMvpGomti4rruWtsazakJBtWZv8BrMIUXmluIi NJRnfEVOKG2Plo3brl9jSBeBVyaUN7Ed0Ws= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a IOIO_PROT intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to construct the required GHCB values to support a IOIO_PROT NAE event. Parse the instruction that generated the #VC exception, setting the required register values in the GHCB and creating the proper SW_EXITINFO1 value in the GHCB. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 425 +++++++++++++++++- 1 file changed, 420 insertions(+), 5 deletions(-) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 18e462ce80a2..3b69aca48055 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -3,25 +3,440 @@ #include #include "AMDSevVcCommon.h" =20 +typedef enum { + LongMode64Bit =3D 0, + LongModeCompat32Bit, + LongModeCompat16Bit, +} SEV_ES_INSTRUCTION_MODE; + +typedef enum { + Size8Bits =3D 0, + Size16Bits, + Size32Bits, + Size64Bits, +} SEV_ES_INSTRUCTION_SIZE; + +typedef enum { + SegmentEs =3D 0, + SegmentCs, + SegmentSs, + SegmentDs, + SegmentFs, + SegmentGs, +} SEV_ES_INSTRUCTION_SEGMENT; + +typedef enum { + RepNone =3D 0, + RepZ, + RepNZ, +} SEV_ES_INSTRUCTION_REP; + +typedef union { + struct { + UINT8 B:1; + UINT8 X:1; + UINT8 R:1; + UINT8 W:1; + UINT8 REX:4; + } Bits; + + UINT8 Uint8; +} SEV_ES_INSTRUCTION_REX_PREFIX; + +typedef union { + struct { + UINT8 Rm:3; + UINT8 Reg:3; + UINT8 Mod:2; + } Bits; + + UINT8 Uint8; +} SEV_ES_INSTRUCTION_MODRM; + +typedef union { + struct { + UINT8 Base:3; + UINT8 Index:3; + UINT8 Scale:2; + } Bits; + + UINT8 Uint8; +} SEV_ES_INSTRUCTION_SIB; + +typedef struct { + struct { + UINT8 Rm; + UINT8 Reg; + UINT8 Mod; + } ModRm; + + struct { + UINT8 Base; + UINT8 Index; + UINT8 Scale; + } Sib; + + UINTN RegData; + UINTN RmData; +} SEV_ES_INSTRUCTION_OPCODE_EXT; + +typedef struct { + GHCB *Ghcb; + + SEV_ES_INSTRUCTION_MODE Mode; + SEV_ES_INSTRUCTION_SIZE DataSize; + SEV_ES_INSTRUCTION_SIZE AddrSize; + BOOLEAN SegmentSpecified; + SEV_ES_INSTRUCTION_SEGMENT Segment; + SEV_ES_INSTRUCTION_REP RepMode; + + UINT8 *Begin; + UINT8 *End; + + UINT8 *Prefixes; + UINT8 *OpCodes; + UINT8 *Displacement; + UINT8 *Immediate; + + SEV_ES_INSTRUCTION_REX_PREFIX RexPrefix; + + BOOLEAN ModRmPresent; + SEV_ES_INSTRUCTION_MODRM ModRm; + + BOOLEAN SibPresent; + SEV_ES_INSTRUCTION_SIB Sib; + + UINT8 PrefixSize; + UINT8 OpCodeSize; + UINT8 DisplacementSize; + UINT8 ImmediateSize; + + SEV_ES_INSTRUCTION_OPCODE_EXT Ext; +} SEV_ES_INSTRUCTION_DATA; + +typedef +UINTN +(*NAE_EXIT) ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ); + +STATIC +VOID +DecodePrefixes ( + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_MODE Mode; + SEV_ES_INSTRUCTION_SIZE ModeDataSize; + SEV_ES_INSTRUCTION_SIZE ModeAddrSize; + UINT8 *Byte; + + /*TODO: Determine current mode - 64-bit for now */ + Mode =3D LongMode64Bit; + ModeDataSize =3D Size32Bits; + ModeAddrSize =3D Size64Bits; + + InstructionData->Mode =3D Mode; + InstructionData->DataSize =3D ModeDataSize; + InstructionData->AddrSize =3D ModeAddrSize; + + InstructionData->Prefixes =3D InstructionData->Begin; + + Byte =3D InstructionData->Prefixes; + for ( ; ; Byte++, InstructionData->PrefixSize++) { + switch (*Byte) { + case 0x26: + case 0x2E: + case 0x36: + case 0x3E: + if (Mode !=3D LongMode64Bit) { + InstructionData->SegmentSpecified =3D TRUE; + InstructionData->Segment =3D (*Byte >> 3) & 3; + } + break; + + case 0x40 ... 0x4F: + InstructionData->RexPrefix.Uint8 =3D *Byte; + if (*Byte & 0x08) + InstructionData->DataSize =3D Size64Bits; + break; + + case 0x64: + InstructionData->SegmentSpecified =3D TRUE; + InstructionData->Segment =3D *Byte & 7; + break; + + case 0x66: + if (!InstructionData->RexPrefix.Uint8) { + InstructionData->DataSize =3D + (Mode =3D=3D LongMode64Bit) ? Size16Bits : + (Mode =3D=3D LongModeCompat32Bit) ? Size16Bits : + (Mode =3D=3D LongModeCompat16Bit) ? Size32Bits : 0; + } + break; + + case 0x67: + InstructionData->AddrSize =3D + (Mode =3D=3D LongMode64Bit) ? Size32Bits : + (Mode =3D=3D LongModeCompat32Bit) ? Size16Bits : + (Mode =3D=3D LongModeCompat16Bit) ? Size32Bits : 0; + break; + + case 0xF0: + break; + + case 0xF2: + InstructionData->RepMode =3D RepZ; + break; + + case 0xF3: + InstructionData->RepMode =3D RepNZ; + break; + + default: + InstructionData->OpCodes =3D Byte; + InstructionData->OpCodeSize =3D (*Byte =3D=3D 0x0F) ? 2 : 1; + + InstructionData->End =3D Byte + InstructionData->OpCodeSize; + InstructionData->Displacement =3D InstructionData->End; + InstructionData->Immediate =3D InstructionData->End; + return; + } + } +} + +STATIC +UINT64 +InstructionLength ( + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + return (UINT64) (InstructionData->End - InstructionData->Begin); +} + +STATIC +VOID +InitInstructionData ( + SEV_ES_INSTRUCTION_DATA *InstructionData, + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs + ) +{ + SetMem (InstructionData, sizeof (*InstructionData), 0); + InstructionData->Ghcb =3D Ghcb; + InstructionData->Begin =3D (UINT8 *) Regs->Rip; + InstructionData->End =3D (UINT8 *) Regs->Rip; + + DecodePrefixes (Regs, InstructionData); +} + +STATIC +UINTN +UnsupportedExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + Status =3D VmgExit (Ghcb, SvmExitUnsupported, Regs->ExceptionData, 0); + ASSERT (0); + + return Status; +} + +#define IOIO_TYPE_STR (1 << 2) +#define IOIO_TYPE_IN 1 +#define IOIO_TYPE_INS (IOIO_TYPE_IN | IOIO_TYPE_STR) +#define IOIO_TYPE_OUT 0 +#define IOIO_TYPE_OUTS (IOIO_TYPE_OUT | IOIO_TYPE_STR) + +#define IOIO_REP (1 << 3) + +#define IOIO_ADDR_64 (1 << 9) +#define IOIO_ADDR_32 (1 << 8) +#define IOIO_ADDR_16 (1 << 7) + +#define IOIO_DATA_32 (1 << 6) +#define IOIO_DATA_16 (1 << 5) +#define IOIO_DATA_8 (1 << 4) + +#define IOIO_SEG_ES (0 << 10) +#define IOIO_SEG_DS (3 << 10) + +STATIC +UINT64 +IoioExitInfo ( + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINT64 ExitInfo =3D 0; + + switch (*(InstructionData->OpCodes)) { + case 0xE4: /* IN AL, imm8 */ + InstructionData->ImmediateSize =3D 1; + InstructionData->End++; + ExitInfo |=3D IOIO_TYPE_IN; + ExitInfo |=3D IOIO_DATA_8; + ExitInfo |=3D ((*(InstructionData->OpCodes + 1)) << 16); + break; + case 0xE5: /* IN AX, imm8 / IN EAX, imm8 */ + InstructionData->ImmediateSize =3D 1; + InstructionData->End++; + ExitInfo |=3D IOIO_TYPE_IN; + ExitInfo |=3D (InstructionData->DataSize =3D=3D Size16Bits) ? IOIO_DAT= A_16 + : IOIO_DATA_32; + ExitInfo |=3D ((*(InstructionData->OpCodes + 1)) << 16); + break; + + case 0xEC: /* IN AL, DX */ + ExitInfo |=3D IOIO_TYPE_IN; + ExitInfo |=3D IOIO_DATA_8; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + case 0xED: /* IN AX, DX / IN EAX, DX */ + ExitInfo |=3D IOIO_TYPE_IN; + ExitInfo |=3D (InstructionData->DataSize =3D=3D Size16Bits) ? IOIO_DAT= A_16 + : IOIO_DATA_32; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + + case 0xE6: /* OUT imm8, AL */ + InstructionData->ImmediateSize =3D 1; + InstructionData->End++; + ExitInfo |=3D IOIO_TYPE_OUT; + ExitInfo |=3D IOIO_DATA_8; + ExitInfo |=3D ((*(InstructionData->OpCodes + 1)) << 16) | IOIO_TYPE_OU= T; + break; + case 0xE7: /* OUT imm8, AX / OUT imm8, EAX */ + InstructionData->ImmediateSize =3D 1; + InstructionData->End++; + ExitInfo |=3D IOIO_TYPE_OUT; + ExitInfo |=3D (InstructionData->DataSize =3D=3D Size16Bits) ? IOIO_DAT= A_16 + : IOIO_DATA_32; + ExitInfo |=3D ((*(InstructionData->OpCodes + 1)) << 16) | IOIO_TYPE_OU= T; + break; + + case 0xEE: /* OUT DX, AL */ + ExitInfo |=3D IOIO_TYPE_OUT; + ExitInfo |=3D IOIO_DATA_8; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + case 0xEF: /* OUT DX, AX / OUT DX, EAX */ + ExitInfo |=3D IOIO_TYPE_OUT; + ExitInfo |=3D (InstructionData->DataSize =3D=3D Size16Bits) ? IOIO_DAT= A_16 + : IOIO_DATA_32; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + + default: + return 0; + } + + switch (InstructionData->AddrSize) { + case Size16Bits: + ExitInfo |=3D IOIO_ADDR_16; + break; + + case Size32Bits: + ExitInfo |=3D IOIO_ADDR_32; + break; + + case Size64Bits: + ExitInfo |=3D IOIO_ADDR_64; + break; + + default: + break; + } + + if (InstructionData->RepMode) { + ExitInfo |=3D IOIO_REP; + } + + return ExitInfo; +} + +STATIC +UINTN +IoioExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINT64 ExitInfo1; + UINTN Status; + + ExitInfo1 =3D IoioExitInfo (Regs, InstructionData); + if (!ExitInfo1) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitIoioProt, 0); + ASSERT (0); + } + + if (!(ExitInfo1 & IOIO_TYPE_IN)) { + Ghcb->SaveArea.Rax =3D Regs->Rax; + GhcbSetRegValid (Ghcb, GhcbRax); + } + + //FIXME: This is likely needed for the merging cases (size<32 bits) + // Pass in zero and perform merge here (only for non-string) + Ghcb->SaveArea.Rax =3D Regs->Rax; + GhcbSetRegValid (Ghcb, GhcbRax); + + Status =3D VmgExit (Ghcb, SvmExitIoioProt, ExitInfo1, 0); + if (Status) { + return Status; + } + + if (ExitInfo1 & IOIO_TYPE_IN) { + if (!GhcbIsRegValid (Ghcb, GhcbRax)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitIoioProt, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; + } + + return 0; +} + UINTN DoVcCommon ( GHCB *Ghcb, EFI_SYSTEM_CONTEXT Context ) { - EFI_SYSTEM_CONTEXT_X64 *Regs =3D Context.SystemContextX64; - UINTN ExitCode; - UINTN Status; + EFI_SYSTEM_CONTEXT_X64 *Regs =3D Context.SystemContextX64; + SEV_ES_INSTRUCTION_DATA InstructionData; + NAE_EXIT NaeExit; + UINTN ExitCode; + UINTN Status; =20 VmgInit (Ghcb); =20 ExitCode =3D Regs->ExceptionData; switch (ExitCode) { + case SvmExitIoioProt: + NaeExit =3D IoioExit; + break; + default: - Status =3D VmgExit (Ghcb, SvmExitUnsupported, ExitCode, 0); + NaeExit =3D UnsupportedExit; + } + + InitInstructionData (&InstructionData, Ghcb, Regs); + + Status =3D NaeExit (Ghcb, Regs, &InstructionData); + if (!Status) { + Regs->Rip +=3D InstructionLength(&InstructionData); } =20 VmgDone (Ghcb); =20 - return Status; + return 0; } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46113): https://edk2.groups.io/g/devel/message/46113 Mute This Topic: https://groups.io/mt/32966285/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46106+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301167987453.143287697544; Tue, 20 Aug 2019 04:39:27 -0700 (PDT) Return-Path: X-Received: from NAM01-BN3-obe.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:03 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NcoQyiBd78bGSz76/3dI2uA9rPFmvhXqclsGBXur3tzl+nofnSmNWmBshBt0uANsq6dPaTCBNfVMlR6mFjjwyy3SfdoGROE1G7IE/XArWh5xjGpywUxizVngxEM+ti6vlpdmMnq6kKvoap01Gq5MsT7UpcAAC1/eNBG4L6UGnfcERcsGgx7EnBJV+t3NF5KGLpQAB0/fOScX3Oykux+em8VD2mlnHglZjNe153srIcRhV/1txyVitnQrPdledBvKihZJe2yku8aI28YeFb5/M5E90oB8hAddiusRPXAwPPBXJQmQgyC98Ax07tdx0q/p1V+XoLxouCTMpXTFAUHtuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DIVdaFrfnhkddBwWcMDPfcd4QLzcpfYr1GtSrPLf3QY=; b=g6R4wBWntI4EIA2ghj3NVfRI3/RTMkZPnJdcaEri2Ic8+eJPhjbcMfGFY6GK/r1VHRd64IzlTsN+gdO3FEbTVaQzPu3LsC+7YCqgpEuKJUxJW+fROQrf0jGkFoAPPdhbhkkLw0r+1bUBuD3Z59+/H4qcI5+P+F2YMycenIFJcXzA1KZklb9kftNgkrU3kqbefByE7DpTDZaYaASA9vO0Z9ZJGfvPG4AEkNl+vzQ2wBdNbFnbTLGkYhhgN/y+WHxfE/l++JRRv+77fEAzmWRyvxD8MDeTH9x9QFYp+UpDOe/I+5SmOL90b0PBXZ+EZRaJKmAtbnXLBEnAiwpCMTrolw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:36:02 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:02 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 12/28] UefiCpuPkg/CpuExceptionHandler: Support string IO for IOIO_PROT NAE events Thread-Topic: [RFC PATCH 12/28] UefiCpuPkg/CpuExceptionHandler: Support string IO for IOIO_PROT NAE events Thread-Index: AQHVVtYZKQjhj8NYP0KajIGU36TiVA== Date: Mon, 19 Aug 2019 21:36:02 +0000 Message-ID: <43b23558db24d8f33039e2dbee59d369a20bda18.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e7b5eec2-28ef-44b8-6e95-08d724ed3b65 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46106+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: xGqBB6e79hGyRde0A8pm8Dpy08dbIXsCnfDmi9rM+QUbmQ2DLQeLAnXq8bj+SYk+76tq9LT/gj4FZCISoiGhCIs1N8Vwjj9HMde4JWaZOqZFFawbhFLiZwdp2+FBAjN77sZUdwUZW/BmOwc/wDG2ujvO5RsEMTQeXFvJ2d7eacW2ub7U7LkWCIEx0V2GMZPDQPiwUuStcfU8ckF+g1xCt0p4n1auppHb36B+zCOfukbBDGkk5Cz/7A+tg2DWWy4/eue57WMPV0ou/+UGLbFNuu7VdeCII6uApDr5UuvjktEnflqp1LYx4VmcMolq2uLhZCECAyh24ejNBZXCtegNeT4LzcnLkmpIWwn2tLqqRraDglYZPyyLjZWBeoXH1bFz/FOTn+nmQVgtyoHRnU8KS2ioM/lrnPVyeKjfkEkUnK0= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e7b5eec2-28ef-44b8-6e95-08d724ed3b65 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:02.1055 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 5WxwRYGUZpskNzcH/aGfsGE3zm/C1P8IH2D5FhNd8kyquriegPkFcpkLPCbGiINzF+GOosCXKhTaCeim7HzGPg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <59CD7F3C207828458A04B67A2CC1FD7F@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301167; bh=8zKnnZQTF7MfhWbbE5MnQ5EFnEY8eLdNVyuA2V2cMMc=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=cyaRR1f+vi7h4EjnJNzSH19yA4IJObj6rEu7FykpuqTStQg4O8eNXyd/PlUNw78kjDH 1Edoi2IGdr/40yxVWw1vbkg6EpG/6TRVQqKQhGZkn7aXqt66SglRLNqumAnlkYCbPpS0n iRwNNGxcMCNVY1C9Igpvf2fbEbZdPkQLz9E= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Add support to the #VC exception handler to handle string IO. This requires expanding the IO instruction parsing to recognize string based IO instructions as well as preparing an un-encrypted buffer to be used to transfer (either to or from the guest) the string contents for the IO operation. The SW_EXITINFO2 and SW_SCRATCH fields of the GHCB are set appropriately for the operation. Multiple VMGEXIT invocations may be needed to complete the string IO operation. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 92 ++++++++++++++++--- 1 file changed, 80 insertions(+), 12 deletions(-) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 3b69aca48055..2bc156840e74 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -278,6 +278,34 @@ IoioExitInfo ( UINT64 ExitInfo =3D 0; =20 switch (*(InstructionData->OpCodes)) { + case 0x6C: /* INSB / INS mem8, DX */ + ExitInfo |=3D IOIO_TYPE_INS; + ExitInfo |=3D IOIO_DATA_8; + ExitInfo |=3D IOIO_SEG_ES; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + case 0x6D: /* INSW / INS mem16, DX / INSD / INS mem32, DX */ + ExitInfo |=3D IOIO_TYPE_INS; + ExitInfo |=3D (InstructionData->DataSize =3D=3D Size16Bits) ? IOIO_DAT= A_16 + : IOIO_DATA_32; + ExitInfo |=3D IOIO_SEG_ES; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + + case 0x6E: /* OUTSB / OUTS DX, mem8 */ + ExitInfo |=3D IOIO_TYPE_OUTS; + ExitInfo |=3D IOIO_DATA_8; + ExitInfo |=3D IOIO_SEG_DS; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + case 0x6F: /* OUTSW / OUTS DX, mem16 / OUTSD / OUTS DX, mem32 */ + ExitInfo |=3D IOIO_TYPE_OUTS; + ExitInfo |=3D (InstructionData->DataSize =3D=3D Size16Bits) ? IOIO_DAT= A_16 + : IOIO_DATA_32; + ExitInfo |=3D IOIO_SEG_DS; + ExitInfo |=3D ((Regs->Rdx & 0xffff) << 16); + break; + case 0xE4: /* IN AL, imm8 */ InstructionData->ImmediateSize =3D 1; InstructionData->End++; @@ -370,8 +398,9 @@ IoioExit ( SEV_ES_INSTRUCTION_DATA *InstructionData ) { - UINT64 ExitInfo1; - UINTN Status; + UINT64 ExitInfo1, ExitInfo2; + UINTN Status; + BOOLEAN String; =20 ExitInfo1 =3D IoioExitInfo (Regs, InstructionData); if (!ExitInfo1) { @@ -389,17 +418,56 @@ IoioExit ( Ghcb->SaveArea.Rax =3D Regs->Rax; GhcbSetRegValid (Ghcb, GhcbRax); =20 - Status =3D VmgExit (Ghcb, SvmExitIoioProt, ExitInfo1, 0); - if (Status) { - return Status; - } - - if (ExitInfo1 & IOIO_TYPE_IN) { - if (!GhcbIsRegValid (Ghcb, GhcbRax)) { - VmgExit (Ghcb, SvmExitUnsupported, SvmExitIoioProt, 0); - ASSERT (0); + String =3D (ExitInfo1 & IOIO_TYPE_STR) ? TRUE : FALSE; + if (String) { + UINTN IoBytes, VmgExitBytes; + UINTN GhcbCount, OpCount; + + Status =3D 0; + + IoBytes =3D (ExitInfo1 >> 4) & 0x7; + GhcbCount =3D sizeof (Ghcb->SharedBuffer) / IoBytes; + + OpCount =3D (ExitInfo1 & IOIO_REP) ? Regs->Rcx : 1; + while (OpCount) { + ExitInfo2 =3D MIN (OpCount, GhcbCount); + VmgExitBytes =3D ExitInfo2 * IoBytes; + + if (!(ExitInfo1 & IOIO_TYPE_IN)) { + CopyMem (Ghcb->SharedBuffer, (VOID *) Regs->Rsi, VmgExitBytes); + Regs->Rsi +=3D VmgExitBytes; + } + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + Status =3D VmgExit (Ghcb, SvmExitIoioProt, ExitInfo1, ExitInfo2); + if (Status) { + return Status; + } + + if (ExitInfo1 & IOIO_TYPE_IN) { + CopyMem ((VOID *) Regs->Rdi, Ghcb->SharedBuffer, VmgExitBytes); + Regs->Rdi +=3D VmgExitBytes; + } + + if (ExitInfo1 & IOIO_REP) { + Regs->Rcx -=3D ExitInfo2; + } + + OpCount -=3D ExitInfo2; + } + } else { + Status =3D VmgExit (Ghcb, SvmExitIoioProt, ExitInfo1, 0); + if (Status) { + return Status; + } + + if (ExitInfo1 & IOIO_TYPE_IN) { + if (!GhcbIsRegValid (Ghcb, GhcbRax)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitIoioProt, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; } - Regs->Rax =3D Ghcb->SaveArea.Rax; } =20 return 0; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46106): https://edk2.groups.io/g/devel/message/46106 Mute This Topic: https://groups.io/mt/32966278/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46099+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301166825507.32614223515316; Tue, 20 Aug 2019 04:39:26 -0700 (PDT) Return-Path: X-Received: from NAM01-BN3-obe.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com [40.107.74.84]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:06 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R4dfnr4iB1ODC9jy3LRdvSNk/IqhDo6C8uOUY2YCaRJU1wk416HwocHpxjlcVdQkoM9UVyiIjHE1rhlbdKmJDkvo19q4kig8bJ4Ku1AHt70rz+5aTCVcqINi4msWk/DM8/QDJ/E+G/IPnFQ/EyeO+K6499VvP7+2357owopR867WA43Q5tzMuHU9hbAYW1PInpxGk2LzhFnlWslg3RBY/8eWZOdKvLv8W5P8wh/Z0OxyxHKrscuGiy5qX0nF/LHOfa2pvnrTgBdi/kF6ut4rKijfw2nadIBIZS0Dp4CBALEZluxfd0Hq6QzrWzKXbw/xchyKEYI9tH3B+N4oIkiWmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q2lifBSHi5LOUMoYJpuSaUdBNl5PcdkqSh3drdl5Ccs=; b=iLKvzOqH9K+rEOyZ8GEWxWlKD4bfGj9jy5npPEtZWQCzZsjkmD7l6rWlzt2bHyfeN0uQ95U2pijvMYtqk9KOJiHtHqrjOaMYJSsudSB0wOe3bT9mQXEqRscNUE3dhX4xzd4dttyLreoRyqCI4HlGENPdnQQEFFP9G0bn7n9V5tSy4pHbEfGTlUNVMSALQrsuaR6L+ih06Zx55TlCNjdWG0mUU4EhodUv8TthOUpoUlZHH9S1uMUjcr/KR5QBZ6AFDyD5An3eF9Fa44zLGfkeEVLCb4ySsPAmxq5I/UCNTrCKm8r2GVFpcYo6qJqa2V+L4VRF7c++OCLVp4F8DKuy1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:36:04 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:04 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 13/28] UefiCpuPkg/CpuExceptionHandler: Add support for CPUID NAE events Thread-Topic: [RFC PATCH 13/28] UefiCpuPkg/CpuExceptionHandler: Add support for CPUID NAE events Thread-Index: AQHVVtYasnqA0UoIf0epM4taCoCEnw== Date: Mon, 19 Aug 2019 21:36:04 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 41beaa64-1f71-437c-01fa-08d724ed3cd8 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46099+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: PEiTgQr7Cd3LCVTe53HVuYrL/m9OMP9oLyiNB2Gx1Ifn+h337HUwBmkWFYVwvDGtvJ9eT7WAXca1rYdJLG9bzva0tC2x9aSZJ1os7ze+uBFswo72CxfcsZ0DzE6cOecHmSru/UJ3JUl5zREzpuJYc99rXgK5ye99faksBrPd/y8lJ8cQo5u5+fNVJouOEytJlqRbfbRfIrhxeA1FrroNfEtZwddJWvW+uugSiBS7gguFIeoTQG1C8aa9dSe1kzpKUXrL3+33sp25IohndRYqHEIGTuvjWwmWqLu0js25T3aVZj5N2oBTZ9A/zTvXjOnpUr/Bpg61kC8rVz9iqqpHoxe5RlOEE/pyR+wBtstE+ffRl/OvqmjfTZFrxYqWS/XkQ3icDfeDt4wTWg13fudkokfAs4+Nqgk9ucXftB9wFPw= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 41beaa64-1f71-437c-01fa-08d724ed3cd8 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:04.5681 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Vp3p3XO7v2/E2uXFFg9B3eFGyn4J7Qsrpu9ZaeKu4ovUhfxMcCvliOq+WEecQV0YL3b5GTnx3ADznF2R1AtlAQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301166; bh=y9GJIYThMdu50r4ExYevFxrhwJRZBUoDQY//6WQHAY0=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=FObgD4EWrwkTYy13l0JC9DRJNGZ2AJKakxTPKzKXeuYERodiK+FGrAYARdO28N7yHiU htThlwHCmOEVDb//FsmSNRbCvmBaOPg+UWoetx2IXVBVOBqzIGB5A2cnjD3RQQPOReNmV pzjXMMTUfBkHxqNOChH/XKqT3QfnWwOvM3w= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a CPUID intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to construct the required GHCB values to support a CPUID NAE event. Additionally, CPUID 0x0000_000d requires XCR0 to be supplied in the GHCB, so add support to issue the XGETBV instruction. Signed-off-by: Tom Lendacky --- MdePkg/Library/BaseLib/BaseLib.inf | 1 + MdePkg/Include/Library/BaseLib.h | 16 +++++++ MdePkg/Library/BaseLib/X64/GccInline.c | 28 ++++++++++++ .../X64/AMDSevVcCommon.c | 45 +++++++++++++++++++ MdePkg/Library/BaseLib/X64/XGetBv.nasm | 39 ++++++++++++++++ 5 files changed, 129 insertions(+) create mode 100644 MdePkg/Library/BaseLib/X64/XGetBv.nasm diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/Ba= seLib.inf index a41401340f95..7c1c077c63a9 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -287,6 +287,7 @@ [Sources.X64] X64/ReadCr0.nasm| MSFT X64/ReadEflags.nasm| MSFT X64/VmgExit.nasm | MSFT + X64/XGetBv.nasm | MSFT =20 =20 X64/Non-existing.c diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base= Lib.h index 80bd5cf57a72..ae16fa6f1c52 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -7893,6 +7893,22 @@ AsmVmgExit ( VOID ); =20 +/** + Executes a XGETBV instruction + + Executes a XGETBV instruction. This function is only available on IA-32 = and + x64. + + @param[in] Index Extended control register index + + @retval The current value of the extended control regist= er +**/ +UINT64 +EFIAPI +AsmXGetBv ( + IN UINT32 Index + ); + =20 /** Patch the immediate operand of an IA32 or X64 instruction such that the = byte, diff --git a/MdePkg/Library/BaseLib/X64/GccInline.c b/MdePkg/Library/BaseLi= b/X64/GccInline.c index 17539caa0798..46aa96d67ab9 100644 --- a/MdePkg/Library/BaseLib/X64/GccInline.c +++ b/MdePkg/Library/BaseLib/X64/GccInline.c @@ -1814,4 +1814,32 @@ AsmVmgExit ( __asm__ __volatile__ ("rep; vmmcall":::"memory"); } =20 +/** + Executes a XGETBV instruction + + Executes a XGETBV instruction. This function is only available on IA-32 = and + x64. + + @param[in] Index Extended control register index + + @retval The current value of the extended control regist= er +**/ +UINT64 +EFIAPI +AsmXGetBv ( + IN UINT32 Index + ) +{ + UINT32 LowData; + UINT32 HighData; + + __asm__ __volatile__ ( + "xgetbv" + : "=3Da" (LowData), // %0 + "=3Dd" (HighData) // %1 + : "c" (Index) // %2 + ); + + return (((UINT64)HighData) << 32) | LowData; +} =20 diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 2bc156840e74..66cd0f9eb196 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -3,6 +3,8 @@ #include #include "AMDSevVcCommon.h" =20 +#define CR4_OSXSAVE (1 << 18) + typedef enum { LongMode64Bit =3D 0, LongModeCompat32Bit, @@ -473,6 +475,45 @@ IoioExit ( return 0; } =20 +STATIC +UINTN +CpuidExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + Ghcb->SaveArea.Rax =3D Regs->Rax; + GhcbSetRegValid (Ghcb, GhcbRax); + Ghcb->SaveArea.Rcx =3D Regs->Rcx; + GhcbSetRegValid (Ghcb, GhcbRcx); + if (Regs->Rax =3D=3D 0x0000000d) { + Ghcb->SaveArea.XCr0 =3D (AsmReadCr4 () & CR4_OSXSAVE) ? AsmXGetBv (0) = : 1; + GhcbSetRegValid (Ghcb, GhcbXCr0); + } + + Status =3D VmgExit (Ghcb, SvmExitCpuid, 0, 0); + if (Status) { + return Status; + } + + if (!GhcbIsRegValid (Ghcb, GhcbRax) || + !GhcbIsRegValid (Ghcb, GhcbRbx) || + !GhcbIsRegValid (Ghcb, GhcbRcx) || + !GhcbIsRegValid (Ghcb, GhcbRdx)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitCpuid, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; + Regs->Rbx =3D Ghcb->SaveArea.Rbx; + Regs->Rcx =3D Ghcb->SaveArea.Rcx; + Regs->Rdx =3D Ghcb->SaveArea.Rdx; + + return 0; +} + UINTN DoVcCommon ( GHCB *Ghcb, @@ -489,6 +530,10 @@ DoVcCommon ( =20 ExitCode =3D Regs->ExceptionData; switch (ExitCode) { + case SvmExitCpuid: + NaeExit =3D CpuidExit; + break; + case SvmExitIoioProt: NaeExit =3D IoioExit; break; diff --git a/MdePkg/Library/BaseLib/X64/XGetBv.nasm b/MdePkg/Library/BaseLi= b/X64/XGetBv.nasm new file mode 100644 index 000000000000..83c10b40e369 --- /dev/null +++ b/MdePkg/Library/BaseLib/X64/XGetBv.nasm @@ -0,0 +1,39 @@ +;-------------------------------------------------------------------------= ----- +; +; Copyright (c) 2019, Advanced Micro Device, Inc. All rights reserved.
+; This program and the accompanying materials +; are licensed and made available under the terms and conditions of the BS= D License +; which accompanies this distribution. The full text of the license may b= e found at +; http://opensource.org/licenses/bsd-license.php. +; +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +; +; Module Name: +; +; XGetBv.Asm +; +; Abstract: +; +; AsmXgetBv function +; +; Notes: +; +;-------------------------------------------------------------------------= ----- + + DEFAULT REL + SECTION .text + +;-------------------------------------------------------------------------= ----- +; VOID +; EFIAPI +; AsmXGetBv ( +; IN UINT32 Index +; ); +;-------------------------------------------------------------------------= ----- +global ASM_PFX(AsmXGetBv) +ASM_PFX(AsmXGetBv): + xgetbv + shl rdx, 0x20 + or rax, rdx + ret --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46099): https://edk2.groups.io/g/devel/message/46099 Mute This Topic: https://groups.io/mt/32966271/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46114+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301169291316.672354405507; Tue, 20 Aug 2019 04:39:29 -0700 (PDT) Return-Path: X-Received: from NAM01-BN3-obe.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:07 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WYDUQDE6yYE1jExFpp/JPqbb1X6Rtq6ai4hK1sOXSdHNLLwLSCNkovsk+AUrKU4Im7G7zYzzbpQTQXV8xUtQ+kXAIZ6+QZNeV0WiCFmDunonRKEwFd2NWNPHyx9uHkPO9827vcRXID7/ylDqMuNCHBc4x4jhUZZkE/US1BwF66/hlHDV5ogE3sOfUGW+bmRD0mgwSLLGoiFcU95hZXZPn8Alhz3y3xfuKMCpak8pcpZVCPxqgGp8m355i6T2mjTWCDjoMI8b6GqmMvtjclGXTJJs5yFf1Dbim4He6bBa0nzN9pBRRtiznDGRSCATfOKm7W33WauyKpj6qhA8AK1iKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l8PPfUWthEPTqDD9fJLNCDnNJ5hDPkRTr6hAUOo7EyM=; b=MiQ8psTwTAhOYT8yfsWlmspSd7mAREzDFncSwA4jMq3MhUJIWuTF7SVMqV+GPeTbrgDAnFGqyQGrR4XnelQzGRhWiYk3zTFPZ84tGmhygbIDuVGpvCBWmcRsDF1AtDI4KrVSDyLdfpV1yASQeiQIetSe6sL9cg5kTd6xKeUG5K8wDKS5boDnrCkm6GdH/1pfu8o7y/n6kDmoP6Uc/WsrF1LXjPUcO5K0VC/FnRByG1EnCQNCVdJzMQjMOnNbGYcgqtgajGLPoTkbNBTEaMX8Bda7qrDz3s+ieJbap8T1ITDdHAhKOBJUJHWwn7glEHIAy8n3uyOcMg3PPJJIM1yMkg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:36:06 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:06 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 14/28] UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT NAE events Thread-Topic: [RFC PATCH 14/28] UefiCpuPkg/CpuExceptionHandler: Add support for MSR_PROT NAE events Thread-Index: AQHVVtYbEJO7Or2++E2fcfgP9XzNPQ== Date: Mon, 19 Aug 2019 21:36:05 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 233f992d-41de-42a3-7553-08d724ed3daa x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46114+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: aTzD8ODIoXvBn0DHJBYTjL67bEUgwUK6qOAL7U6sh7waK/F/MKxMhzpmdMrjCeZakf8RkxpmSCwiXACOj7uhnoA1b1yfljYuVq+CmgbIj1OqSZ29vl389MI0XIODhTA6r3AeQr+9jt9aEvWC+CXuyQE+w9tYfUb25bSbovHutBjF22HYBiHgD92NOc0rzMH//paiaxxosqQtu+GzCCvaHUTjxvM94Zbz8nMTCC6g/DFk2kFA5l9FhB5BqFd6bLVrYlDKoUYTDzps2WTQXvsHwzED49Cbbuq3m0HHlpkTxftor/ReCWDyvzp2XKHBkVYiJIUvWMxK0yWTtlYeJRexwk/nRJGz4HOuFQM277MAKmXO8DdfZ7zmu8VZ/7qLpRihsOmknrsNMcNrusdY0UWa1FSYyNupEGlOPRVLe/r0gHI= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 233f992d-41de-42a3-7553-08d724ed3daa X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:05.9173 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: h3VrAIGHD/LeHGV0ixUxk/7HfD4F/dtCsR4d5HyNGbvHu7c3KBRV//qRwTs7Gv1qbFqes2H7Xy3m9DK1wbFMcw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <6D8112E1B147444696294A3AC6B59E7F@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301168; bh=fpIImBshabjRDWN1MN33/jW3aaaYwIQgzoe62IMcFRo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=H2Js7HE/4JyFKjwK6vOVBJa9tiYzHesgufi18S+xrc5KRpfs8k/o98r/NEMbMfK4lOY Nys73fei6hkYcnzHbSxlO0ZMmnuoTLfWfg6Az9FVScPsc16BdiGZklgi1pOrgG7AE8TcP ZlOPL3CJv3WEZuwl5R1Q6vddgWN0bX2LIcg= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a MSR_PROT intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to construct the required GHCB values to support an MSR_PROT NAE event. Parse the instruction that generated the #VC exception to determine whether it is RDMSR or WRMSR, setting the required register register values in the GHCB and creating the proper SW_EXIT_INFO1 value in the GHCB. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 66cd0f9eb196..2b25919ea496 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -251,6 +251,54 @@ UnsupportedExit ( return Status; } =20 +STATIC +UINTN +MsrExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINT64 ExitInfo1; + UINTN Status; + + ExitInfo1 =3D 0; + + switch (*(InstructionData->OpCodes + 1)) { + case 0x30: // WRMSR + ExitInfo1 =3D 1; + Ghcb->SaveArea.Rax =3D Regs->Rax; + GhcbSetRegValid (Ghcb, GhcbRax); + Ghcb->SaveArea.Rdx =3D Regs->Rdx; + GhcbSetRegValid (Ghcb, GhcbRdx); + /* Fallthrough */ + case 0x32: // RDMSR + Ghcb->SaveArea.Rcx =3D Regs->Rcx; + GhcbSetRegValid (Ghcb, GhcbRcx); + break; + default: + VmgExit (Ghcb, SvmExitUnsupported, SvmExitMsr, 0); + ASSERT (0); + } + + Status =3D VmgExit (Ghcb, SvmExitMsr, ExitInfo1, 0); + if (Status) { + return Status; + } + + if (!ExitInfo1) { + if (!GhcbIsRegValid (Ghcb, GhcbRax) || + !GhcbIsRegValid (Ghcb, GhcbRdx)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitMsr, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; + Regs->Rdx =3D Ghcb->SaveArea.Rdx; + } + + return 0; +} + #define IOIO_TYPE_STR (1 << 2) #define IOIO_TYPE_IN 1 #define IOIO_TYPE_INS (IOIO_TYPE_IN | IOIO_TYPE_STR) @@ -538,6 +586,10 @@ DoVcCommon ( NaeExit =3D IoioExit; break; =20 + case SvmExitMsr: + NaeExit =3D MsrExit; + break; + default: NaeExit =3D UnsupportedExit; } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46114): https://edk2.groups.io/g/devel/message/46114 Mute This Topic: https://groups.io/mt/32966286/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46107+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301168272917.3941580043938; Tue, 20 Aug 2019 04:39:28 -0700 (PDT) Return-Path: X-Received: from NAM01-BN3-obe.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com [40.107.74.49]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:09 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bEezeA4F1B7mPbaqmiUhHWH9Bz4xs5u8TOSYA0kqJPqWPMyL8ycp+ZvVP5GbXAcQG5GXZImc0Ep52PG65hm4nwo3bf03/ZBqUA7+uzX/S0vMhS1zrn+bigjC9KApqLRWEQ05LL+JcmpEg3hRQ548tqX+H4JeVF9V9yWMHO47LQLDdy+jc3x9iF5VSRcz/Wcmzqd/c0Eo5zF8RKwJTRF0lMvB0s+z24tgL4ptxyDbanfX0/Z/uLSDAAttSkYAb/mka7GJ3aaDn/8WgTOzKJH/ITSIqEt2FvMAbKp7aa6E1nbDNI+TSeso9nj5HNAFyqk35NvAQ55EZQj5LIprUZFgiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SGBpsSXoiHQ9Idl21MXIQ2KE7PjstkwDUU5cQvmerc8=; b=CTaaBmKM1HjtwxEKXtNpbBA2u//pHCnulVitOowjRp1kySMak7XEZ8AlwrYOg6Bj0eHZ7aiqk33LNDlBDQpGLGvciS06WjxlnrHLWlf8nHc21fsvWITPDa4OpWLzyTWYazIKDbKvQG+42yUv4yMKcBapTN7eNfe/NoJ+YHYKuzvyVmwNQagGyeseOQvUxRE7Qe81seNM7s7k2bqOw6HTcoGk0QRNg+8j3SVmi2cRXmmw7RaBdpmLIJHmzCjqpU9fPl8HeKYWTWgImAQlYitaS5bAoTX/1CtsRwN/F4er1N50xYqCKdGxTnAPphwee9uZv/+bAVFhyBY1tLWY0NXQlA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:36:07 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:07 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 15/28] UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE events (MMIO) Thread-Topic: [RFC PATCH 15/28] UefiCpuPkg/CpuExceptionHandler: Add support for NPF NAE events (MMIO) Thread-Index: AQHVVtYceB/Y6j0Ky0GF1inHI5osEg== Date: Mon, 19 Aug 2019 21:36:07 +0000 Message-ID: <2ac16b8d2ad147034a564dc7ccc86e38e09c7443.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 497551d1-3744-4f8f-74c8-08d724ed3e6a x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46107+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: vDo+DuDb/qbBQ06bSSHq65rF6zbvnnTbmpjsE6IxAIyQFAxbhgLwclESSXyh37B5McU/cqzigfSfZtsSMMElvpak+RynWTK96TSXdrjuKzs9Crf3DQ3wA8bJ0srbw7KEXL2utZ96WgIhW65d7/qdtpXNzK1LONO2badZqK9mozfVL8nOEaHUTpDqZQSzpBKtYYa9lp0oKfAsJEaVZUl7X2yzHWvRYqc30TOp1LQhSjnW9h3HIrEWIGWFucGSdWtubSx8qy36I+/vxYuaL98xW3M/kM4V45HkPNEUQ9um4vUgCqNmmIaLzjub+zWouanZuGDCUyRoyXEnvXS54vJx6xrKgIfreJJdbtt+zVazK6Z9OtDpbIdLCW+8DiUtMilnSR0PmEbs/+SGYr3Gkhwbi2V01nAQCozHQV2qtJDKG3Y= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 497551d1-3744-4f8f-74c8-08d724ed3e6a X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:07.1616 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: P7xC76GFBRWhwN8rQGRjb1l+UD1zaWQbhayRmshChFOQ1avQH/F2wUaslgIkY7WuIoRg84rqtmX/vgs+7hJOlQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <4F8DCFBF16C6FD40AE6BDCEB008D6541@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301167; bh=ImuWdgE47et3ocE/7s5NG68jeg8XGTZ/ESrKbeOQ1HI=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=duTyJdqiE3C8ebZvDcXlr6ZzERHYZAOkF7jFLaa3ZjpEkIgVuRH7zid7mNRgUv2fSBf VYS/lzmVZM59s00UBMs9GGcErEdNwi93WYy7w7T8lFnXYv7YIjDEgReNKxehM+Nyg4t/F Wce8ZCWLL7E3UpqoObcG/CnhA/DQBUHYkPM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a NPF intercept for an NPT entry with a reserved bit set generates a #VC exception. This condition is assumed to be an MMIO access. VMGEXIT must be used to allow the hypervisor to handle this intercept. Add support to construct the required GHCB values to support a NPF NAE event for MMIO. Parse the instruction that generated the #VC exception, setting the required register values in the GHCB and creating the proper SW_EXIT_INFO1, SW_EXITINFO2 and SW_SCRATCH values in the GHCB. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 285 +++++++++++++++++- 1 file changed, 283 insertions(+), 2 deletions(-) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 2b25919ea496..5b2df92acf72 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -78,8 +78,8 @@ typedef struct { UINT8 Scale; } Sib; =20 - UINTN RegData; - UINTN RmData; + INTN RegData; + INTN RmData; } SEV_ES_INSTRUCTION_OPCODE_EXT; =20 typedef struct { @@ -124,6 +124,198 @@ UINTN SEV_ES_INSTRUCTION_DATA *InstructionData ); =20 +STATIC +INT64 * +GetRegisterPointer ( + EFI_SYSTEM_CONTEXT_X64 *Regs, + UINT8 Register + ) +{ + UINT64 *Reg; + + switch (Register) { + case 0: + Reg =3D &Regs->Rax; + break; + case 1: + Reg =3D &Regs->Rcx; + break; + case 2: + Reg =3D &Regs->Rdx; + break; + case 3: + Reg =3D &Regs->Rbx; + break; + case 4: + Reg =3D &Regs->Rsp; + break; + case 5: + Reg =3D &Regs->Rbp; + break; + case 6: + Reg =3D &Regs->Rsi; + break; + case 7: + Reg =3D &Regs->Rdi; + break; + case 8: + Reg =3D &Regs->R8; + break; + case 9: + Reg =3D &Regs->R9; + break; + case 10: + Reg =3D &Regs->R10; + break; + case 11: + Reg =3D &Regs->R11; + break; + case 12: + Reg =3D &Regs->R12; + break; + case 13: + Reg =3D &Regs->R13; + break; + case 14: + Reg =3D &Regs->R14; + break; + case 15: + Reg =3D &Regs->R15; + break; + default: + Reg =3D NULL; + } + ASSERT (Reg); + + return (INT64 *) Reg; +} + +STATIC +VOID +UpdateForDisplacement ( + SEV_ES_INSTRUCTION_DATA *InstructionData, + UINTN Size + ) +{ + InstructionData->DisplacementSize =3D Size; + InstructionData->Immediate +=3D Size; + InstructionData->End +=3D Size; +} + +STATIC +BOOLEAN +IsRipRelative ( + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext =3D &InstructionData->Ext; + + return ((InstructionData =3D=3D LongMode64Bit) && + (Ext->ModRm.Mod =3D=3D 0) && + (Ext->ModRm.Rm =3D=3D 5) && + (InstructionData->SibPresent =3D=3D FALSE)); +} + +STATIC +UINTN +GetEffectiveMemoryAddress ( + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext =3D &InstructionData->Ext; + INTN EffectiveAddress =3D 0; + + if (IsRipRelative (InstructionData)) { + /* RIP-relative displacement is a 32-bit signed value */ + INT32 RipRelative =3D *(INT32 *) InstructionData->Displacement; + + UpdateForDisplacement (InstructionData, 4); + return (UINTN) ((INTN) Regs->Rip + RipRelative); + } + + switch (Ext->ModRm.Mod) { + case 1: + UpdateForDisplacement (InstructionData, 1); + EffectiveAddress +=3D (INT8) (*(INT8 *) (InstructionData->Displacement= )); + break; + case 2: + switch (InstructionData->AddrSize) { + case Size16Bits: + UpdateForDisplacement (InstructionData, 2); + EffectiveAddress +=3D (INT16) (*(INT16 *) (InstructionData->Displace= ment)); + break; + default: + UpdateForDisplacement (InstructionData, 4); + EffectiveAddress +=3D (INT32) (*(INT32 *) (InstructionData->Displace= ment)); + break; + } + break; + } + + if (InstructionData->SibPresent) { + if (Ext->Sib.Index !=3D 4) { + EffectiveAddress +=3D (*GetRegisterPointer (Regs, Ext->Sib.Index) <<= Ext->Sib.Scale); + } + + if ((Ext->Sib.Base !=3D 5) || Ext->ModRm.Mod) { + EffectiveAddress +=3D *GetRegisterPointer (Regs, Ext->Sib.Base); + } else { + UpdateForDisplacement (InstructionData, 4); + EffectiveAddress +=3D (INT32) (*(INT32 *) (InstructionData->Displace= ment)); + } + } else { + EffectiveAddress +=3D *GetRegisterPointer (Regs, Ext->ModRm.Rm); + } + + return (UINTN) EffectiveAddress; +} + +STATIC +VOID +DecodeModRm ( + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_REX_PREFIX *RexPrefix =3D &InstructionData->RexPrefi= x; + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext =3D &InstructionData->Ext; + SEV_ES_INSTRUCTION_MODRM *ModRm =3D &InstructionData->ModRm; + SEV_ES_INSTRUCTION_SIB *Sib =3D &InstructionData->Sib; + + InstructionData->ModRmPresent =3D TRUE; + ModRm->Uint8 =3D *(InstructionData->End); + + InstructionData->Displacement++; + InstructionData->Immediate++; + InstructionData->End++; + + Ext->ModRm.Mod =3D ModRm->Bits.Mod; + Ext->ModRm.Reg =3D (RexPrefix->Bits.R << 3) | ModRm->Bits.Reg; + Ext->ModRm.Rm =3D (RexPrefix->Bits.B << 3) | ModRm->Bits.Rm; + + Ext->RegData =3D *GetRegisterPointer (Regs, Ext->ModRm.Reg); + + if (Ext->ModRm.Mod =3D=3D 3) { + Ext->RmData =3D *GetRegisterPointer (Regs, Ext->ModRm.Rm); + } else { + if (ModRm->Bits.Rm =3D=3D 4) { + InstructionData->SibPresent =3D TRUE; + Sib->Uint8 =3D *(InstructionData->End); + + InstructionData->Displacement++; + InstructionData->Immediate++; + InstructionData->End++; + + Ext->Sib.Scale =3D Sib->Bits.Scale; + Ext->Sib.Index =3D (RexPrefix->Bits.X << 3) | Sib->Bits.Index; + Ext->Sib.Base =3D (RexPrefix->Bits.B << 3) | Sib->Bits.Base; + } + + Ext->RmData =3D GetEffectiveMemoryAddress (Regs, InstructionData); + } +} + STATIC VOID DecodePrefixes ( @@ -235,6 +427,91 @@ InitInstructionData ( DecodePrefixes (Regs, InstructionData); } =20 +STATIC +UINT64 +MmioExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINT64 ExitInfo1, ExitInfo2; + UINTN Status; + UINTN Bytes; + INTN *Register; + + Bytes =3D 0; + + switch (*(InstructionData->OpCodes)) { + /* MMIO write */ + case 0x88: + Bytes =3D 1; + case 0x89: + DecodeModRm (Regs, InstructionData); + Bytes =3D (Bytes) ? Bytes + : (InstructionData->DataSize =3D=3D Size16Bits) ? 2 + : (InstructionData->DataSize =3D=3D Size32Bits) ? 4 + : (InstructionData->DataSize =3D=3D Size64Bits) ? 8 + : 0; + + if (InstructionData->Ext.ModRm.Mod =3D=3D 3) { + /* NPF on two register operands??? */ + VmgExit (Ghcb, SvmExitUnsupported, SvmExitNpf, 0); + ASSERT (0); + } + + ExitInfo1 =3D InstructionData->Ext.RmData; + ExitInfo2 =3D Bytes; + CopyMem (Ghcb->SharedBuffer, &InstructionData->Ext.RegData, Bytes); + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + Status =3D VmgExit (Ghcb, SvmExitMmioWrite, ExitInfo1, ExitInfo2); + if (Status) { + return Status; + } + break; + + /* MMIO read */ + case 0x8A: + Bytes =3D 1; + case 0x8B: + DecodeModRm (Regs, InstructionData); + Bytes =3D (Bytes) ? Bytes + : (InstructionData->DataSize =3D=3D Size16Bits) ? 2 + : (InstructionData->DataSize =3D=3D Size32Bits) ? 4 + : (InstructionData->DataSize =3D=3D Size64Bits) ? 8 + : 0; + if (InstructionData->Ext.ModRm.Mod =3D=3D 3) { + /* NPF on two register operands??? */ + VmgExit (Ghcb, SvmExitUnsupported, SvmExitNpf, 0); + ASSERT (0); + } + + ExitInfo1 =3D InstructionData->Ext.RmData; + ExitInfo2 =3D Bytes; + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + Status =3D VmgExit (Ghcb, SvmExitMmioRead, ExitInfo1, ExitInfo2); + if (Status) { + return Status; + } + + Register =3D GetRegisterPointer (Regs, InstructionData->Ext.ModRm.Reg); + if (Bytes =3D=3D 4) { + /* Zero-extend for 32-bit operation */ + *Register =3D 0; + } + CopyMem (Register, Ghcb->SharedBuffer, Bytes); + break; + + default: + Status =3D GP_EXCEPTION; + ASSERT (0); + } + + return Status; +} + STATIC UINTN UnsupportedExit ( @@ -590,6 +867,10 @@ DoVcCommon ( NaeExit =3D MsrExit; break; =20 + case SvmExitNpf: + NaeExit =3D MmioExit; + break; + default: NaeExit =3D UnsupportedExit; } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46107): https://edk2.groups.io/g/devel/message/46107 Mute This Topic: https://groups.io/mt/32966279/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46100+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301167074857.1760835696268; Tue, 20 Aug 2019 04:39:27 -0700 (PDT) Return-Path: X-Received: from NAM01-BN3-obe.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com []) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:10 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vr9kz7AVtU485wBR03YhW9vCSsMz2HaoJcu1P43H8O7fnYN7bHQ3PL/BHZgbQJbqajwbW5aWMJGLlgKRDnjxghdW5v9xcqTEjnKQWkuRxnMetPWiTLZFEMVuLxdnaaWAoeCkOujWdv5UbrJAgVWMsDmjtt0Gj5J7/JJtpdq70yEdPM6LTKMMCHNDyIeQL9M6auA37xBw26m/cJ3H6gaf5XloF5RTtscXNscczXjDbNdqka1fNIadU/zUp+2VReKyTHwb8rjZHG2LKjPQgtoi+l//1Dh/KA2Q6KXWVTl+h4WH4EZK9sKNbkJAvzqI+GrVJhTyTQOKkL4Cd9BqXgjYXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J4xVN23NnNf0XeqvdiCNOwY+ITjQpjuPrHRuICyH3YM=; b=YAB0HtMKTBffMucmmlsKmjw7/fwDvIP9rU5Y1kwNJDittFOixwhB4x+y7G+7fQSLeqpORenqLqbjXuC2nYy57qZsocejU+u2DIBS2jtfpd2gwZG5ebHsFII+/haQoa68X9vl5lI+DqGSjeiUED2BcNCVawjEPsL+uOV0O3m4pPRVW16SWZPGs4o3JF+Cd6T95iKJr03aLMI+Y/b2z6ECrmNs9vAX8De85yGL4PRL7ShauHC/WG302wUuwuv5Zv1YwFXqQTqI8JtFEZI1HVCC2nIC9svzQcm60rpJWdotD9tILGFw0Q8QfohVMtxxd9jPgAKL5n8D5vDau/ENZ4bR9A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:36:08 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:08 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 16/28] UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE events Thread-Topic: [RFC PATCH 16/28] UefiCpuPkg/CpuExceptionHandler: Add support for WBINVD NAE events Thread-Index: AQHVVtYcJunHfVyetU28kilgnKC20A== Date: Mon, 19 Aug 2019 21:36:08 +0000 Message-ID: <814eac8c6cb0fe86b3b7e867042497bcc5db8f60.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 339dc723-95e3-4f5d-3fc4-08d724ed3f30 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46100+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: utTOVmGYwc4UBQXS03hxmTMqVhIy1a1458VDpLYkakzinEUnslOGik26ciLrV7ctlQHQgPeOISPEJjOOZadqifqy3fMtcsOZiosn7CStXCdHjWU9a2QApJCtxCa3sMqEB0Awo/3g6s72WrSi06L8B076loXyjWvOZS4WR35NOdlxa1ML/J0clljn1396Ga8m/vr+qnW/bfbY9eAGudvYkdEyNyCteFe5YvsW0eSc01Mjbvlp6PiRtY9xaMHh4qO6qjEIZ3q0uq7Qpp4OXk5tc3uBUIdetRlxpP7yhKUof7C5GnQJlrWIIJU+WlWMHbXReXfmgHS3bUk/Wf6enqCGNvtZlZxPZW5a9xC4lkqjpmN9AODuaO3SyRV27uBd3WKpFO4Mq1bIKDK+RHVWpq3rwPhH+KLQFDZcdQXSUCzKVP4= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 339dc723-95e3-4f5d-3fc4-08d724ed3f30 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:08.4998 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: C60RdVsm3jBkCFOo1dJn/NMCG4Ddauco0mpJvTBLj2nyATvIBAdN2KZcBGs5lgbJ1vTzDe62XtFdCMdCbyGOBg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <32194FBBC3C6054285346FE690304D5B@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301166; bh=fUpuCtbdAKgShq1Eqgf2qk/VMQhCPOnFhnLUtunH9JU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=Mroh4FFiShHbnHBuPZTN4QMGfLnCZ27nR1n3pcAmIPOzZCBjzJ1t1zS7AjSWRrnvHTO rIcHi3WguatLlIt8zAPlqdcClOch9C2knXjoAr6Vzqn6LXhq3wfvAkQCIcXi9CkWIH+hh sYzJ5U04iEd3e6B4LzvU7bTIIeKTC8wm21A= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a WBINVD intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 5b2df92acf72..78d9b315c446 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -528,6 +528,24 @@ UnsupportedExit ( return Status; } =20 +STATIC +UINTN +WbinvdExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + Status =3D VmgExit (Ghcb, SvmExitWbinvd, 0, 0); + if (Status) { + return Status; + } + + return 0; +} + STATIC UINTN MsrExit ( @@ -867,6 +885,10 @@ DoVcCommon ( NaeExit =3D MsrExit; break; =20 + case SvmExitWbinvd: + NaeExit =3D WbinvdExit; + break; + case SvmExitNpf: NaeExit =3D MmioExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46100): https://edk2.groups.io/g/devel/message/46100 Mute This Topic: https://groups.io/mt/32966272/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46108+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301168294166.78950802971224; Tue, 20 Aug 2019 04:39:28 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.63]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:11 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E4EhOhk56PHunWLIj00dKWJq2J1rGyNxbEkqo+91HEBX0xLygsM9z+ocxlVR5Semp2DWgy+a+FUayM8gTlmbPdcF1B61N7HwWPyBfN4Hvcd6MkSEr+ppmHpZ7h40AqeAJvMCOkkfBIOr7UsSOzK2fbNNbUdo08WLiIUNyzKSMauMSuxbhc4LWafy8ZF+O0QQSwDRlgksLWivDFqT8Y2v7A+GkkgDAyl8izEZ30+Q5A+Tm+fO8vCGWNcZDiiD4ajzKFuOV3jfLVAANq0zmFd2FIAXLu1/sHsuCDOCxDltxtZl+35VcjNRrJr7R3Db0qa13WyYkZaI9+olAq6w4gkV9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5qzvQSwBnUK7nph8OQ1RGhWaoJJr2owY+HXhOJgR+is=; b=fpjD9LYe/5mxfkfQxH0JxrhL/q1bEBmX5S+tO0sLkvMn7FJEG+KAg/ShQVytdeLnHVuD4bTPDuOHwyeOWD62zqkSGWfE1ARf5oXP1i9H6a9GSEUPoXsb3BAMd7Vh8Ic9pL/xjKjNv3fGxlat6vGDM0EdGvBgG3Z6oiIRpe0a7bzpI1+fk2BcTZEeOhYz9NgOPR7K6VK7T7EuVtrQu1EZQy2Ui6vPq+kaE0EjG4RDJgdp7mC3/eR6b1DBKroALQ2m2Fha9BQTwA2saTuSTbFa5nlwulPMyMCSVOpzuNcKijonVO0gId2d4EQWwPQf4HeR7IdOEUNXEt9wNBebHV32Rg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:09 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:09 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 17/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC NAE events Thread-Topic: [RFC PATCH 17/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSC NAE events Thread-Index: AQHVVtYdDCJP8rih+Umnr4RO6nv7Zw== Date: Mon, 19 Aug 2019 21:36:09 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c64babb3-9877-4419-95a3-08d724ed3ff5 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46108+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 8Y+GwroZzauVbi9pCpnL0TDJa94+eti0e/MtKQFcpb0ZUJSWKwGbQ71Y3p5ygiizd9pHyOPwX9aya6/YURYdndNioHBPPsyKlVontxU7M9BFCokQv8eEkWMGatvCe/lLM22YtNG6TAVY2kIgvhSwe4AIROVfVlQvMc/vTHgqKb6WQ9WIgV65EYG3sGSL0P9N5/jnZdAuXyK+yclL1WFSQYYMbdOaFhds8puLrhydu3nlwkLBBuCQlg8VLY9nJGhIgFrVaoxcc4OJAADUmfBur53tjY4Adqq/YLV7oTcLZcdtbOPgnQDHrcLL9IgaZ9s+m22spgKswbteNeiwE88edUS8inK92e36fX0peE/UlpWh/mkkwsujGEUFJFVpc521MubeNJZ7FjFr/rv4x7opMLdo2O2mRKa0A4OuaPD21eg= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: c64babb3-9877-4419-95a3-08d724ed3ff5 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:09.7841 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Ch5F84WS7D0alBFaAFPqcAwIjQqVwa6/mrzuQUrgGm4CsrV2hAUagh7laAi7XucCgf1BaGL4MhLDP94yRwD5Mw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301167; bh=jAslzw/nozmlsTSrDqBaABq6X8VD+7QTWj/RNDjZJ1k=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=qYbfQpKYKt0MgmPjLI/VHMgahgLq55Se13QhQIyofN7O0EcTpWXyuktCQN0LEpoQoxt +224C15vEtWejxBFMu9tycP6drkXdDcsn8wooSdCnhasi9lJxX7NGwNw7FviEUGJepng6 YHHEzbCRZh6ynq8sGxA3r7qS9UmAZXSFSgc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a RDTSC intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 78d9b315c446..198b979bbb01 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -857,6 +857,32 @@ CpuidExit ( return 0; } =20 +STATIC +UINTN +RdtscExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + Status =3D VmgExit (Ghcb, SvmExitRdtsc, 0, 0); + if (Status) { + return Status; + } + + if (!GhcbIsRegValid (Ghcb, GhcbRax) || + !GhcbIsRegValid (Ghcb, GhcbRdx)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitRdtsc, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; + Regs->Rdx =3D Ghcb->SaveArea.Rdx; + + return 0; +} + UINTN DoVcCommon ( GHCB *Ghcb, @@ -873,6 +899,10 @@ DoVcCommon ( =20 ExitCode =3D Regs->ExceptionData; switch (ExitCode) { + case SvmExitRdtsc: + NaeExit =3D RdtscExit; + break; + case SvmExitCpuid: NaeExit =3D CpuidExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46108): https://edk2.groups.io/g/devel/message/46108 Mute This Topic: https://groups.io/mt/32966280/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46109+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301168491918.3076626392382; Tue, 20 Aug 2019 04:39:28 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.81]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:12 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FbFucCfG3QZaPIXtTWJy9QdttN5BgYNMtzJ8407BzkgrYhnCfKB2VE0oZfk57Yhlnz1OZsW+PQI4GIo+4jc67uuT+kpIWlmU33nkdlwzsfepgEzw0KqLtbMeMk0eq0G6saKn95RAbnfAkVMiZ0ra14Bw4ydm8fHFBJ0wjg0hsekLKk5QvyYGH3QhGQ0giZdWRvELE0cX45ZhcpHPiYGKrpCEGnliXXxjeQesT/ApRSjwSjzc0CjyZiyMaHl68iYmIpC3fNvZV6I6wgWwQTlw0tY4g0c3ZYgUb6ufW8Zh3Y0bpn3UqS4ES4Ev+rmKBTJQPqeYVg4EZJZOLOpIkUHZ+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SGQc2Ce8k0GZcnG/FmLgRNtePE3srX0RHSZpPWnX+Ao=; b=hOofEqohlbHJ82aFkJTYa5nCi3e/kHSwdFjazuNZx7luhO8t1Uv/iUWK9VZ23Dxy32Eod7cgGiuvEZjFYc9P7nGzaZrdNtcSAiEcdn1FbJ7rg75XNHGC8GJInFR4xnzyt3ubw7jzVFCWHAbB541SkPuEapQc9RRuj1+sQ/N7TTLxmO1suvcJbAZjuT2oZ4HyC6/uN5Q+uXEBqFIBgXcarC8QFm+1TPRCiWDedqzEdccg683M27g8DTYRWxSMIxyhAI4MIyTBAMSWHzyPWeStQYB8JaWbNhThyIGHSu8LmeNkRPVK9ECSB+49Yu/GBEukiA64FD1bCNwG7mHgKyudgA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:11 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:11 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 18/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC NAE events Thread-Topic: [RFC PATCH 18/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDPMC NAE events Thread-Index: AQHVVtYeHphutDFzVkKb+FWicFeIIQ== Date: Mon, 19 Aug 2019 21:36:11 +0000 Message-ID: <0a126747fef24e2777727eb9b91bee55bcb7d38f.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: bfa8b982-e711-42f8-5c2c-08d724ed40bd x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46109+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 4LWaO3sfzDKUwYmRaknfgMSxY7IkrNHvKzFsVWJv3tTjZCCmxe3Oh/WzXPsYuBwA6m3tSNbVJjdnK//XY+j1vLZPFv4xw9RmRcxhLYRRU9WsCs1hM6yPbvz49iVOfoeezZSKuMwCvk2WYbvL/e0yXG3GxbjIQCvWJ8H8o9JZiWbnfXzbtkeyfA7sPBUxfAofjnny+5tSk2aUV43oBfcktNJicPlECcAABtR3qRX/aRfSg2B40X/KDcNb10oYsaJg+Se/BIDpu4hz9gj3z1u1IrLoXwYyQ7KFmUTvuXTq2Z9nyUYJA0DBAOAMwrZsjF9UgEDKrobIdzYxQRplDAfMp33LCtZs2ckPOWn+CMJDuWxJWHpow27BI36Rq11y9f3g7co/duiq5gt7vesLT02DmW2FHpZPqkupYSOpAIXIems= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bfa8b982-e711-42f8-5c2c-08d724ed40bd X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:11.0683 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LvGZn5+zbbGnH9a/FaTrqMtWW6iC0tmq+GrxWs2c6lmPR51gyLAzDonto0img3OI1GLzujkmO+6cx+GwkleADQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <4C2943BCCA6FA24F868EAEDD217D4B42@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301168; bh=0Tzj8PUDPzi1Ze5i2YGf/IUUA367t2bCw6tAgJhlxnY=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=YZvec66bvnCVUGZGMsvDhZors2e208BBBHnTynnZRrNgkVhRcmQzvCMohjQXLL/9b1N ROhJjvbp30YS38HQHhtS8PzSVUZcP35l6uqoaAu+XOszxAL5ofFMUfnpSTzzWZNNykQyl X7XJZRVksEAl0r1m/gx93aVO1UOELJPDsWA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a RDPMC intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 198b979bbb01..6c3e7f67f6cb 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -857,6 +857,35 @@ CpuidExit ( return 0; } =20 +STATIC +UINTN +RdpmcExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + Ghcb->SaveArea.Rcx =3D Regs->Rcx; + GhcbSetRegValid (Ghcb, GhcbRcx); + + Status =3D VmgExit (Ghcb, SvmExitRdpmc, 0, 0); + if (Status) { + return Status; + } + + if (!GhcbIsRegValid (Ghcb, GhcbRax) || + !GhcbIsRegValid (Ghcb, GhcbRdx)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitRdpmc, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; + Regs->Rdx =3D Ghcb->SaveArea.Rdx; + + return 0; +} + STATIC UINTN RdtscExit ( @@ -903,6 +932,10 @@ DoVcCommon ( NaeExit =3D RdtscExit; break; =20 + case SvmExitRdpmc: + NaeExit =3D RdpmcExit; + break; + case SvmExitCpuid: NaeExit =3D CpuidExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46109): https://edk2.groups.io/g/devel/message/46109 Mute This Topic: https://groups.io/mt/32966281/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46101+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301166997320.6837257909059; Tue, 20 Aug 2019 04:39:26 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.65]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:14 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mee4MBfAT6fl11KnEgMmTKUqQnY7jsbDIczryI+hGyeJ6zT96KbA/rK56JD0pdlj05tZ3GuOYhtul2ir5a93ECQ57bLL1GABPyZTu24JAsLa/P8/vUnKY248E8Xh2QwmHlpa8mILL6BKKWOaU1Asj4rnfujSAlK7sJ/I7scOdptfWlXBnZh1iUyqLgiB90TY0PHms660p0TtSLBbzQtnNS25oQSOJXkfVFj1WCRav2mN/19LIDJ6TQL+n9MQ/8iRhwjDhVEHjToElgqAAqcrPCG+qbpE6eblGUmDeucBkdwz+awXz+WkYc7NkchgA7XJ/pPm91s4owk4N5rSyP0URg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HzeyOZv+9ZTEAaSI0TSOYwgHhugLQInBarkdo6XaHO8=; b=Ei158BSujZYtJ9fCmhC3YN6jj8iaop+O0zoowYEKNURbnnmXGAeYev28f0vWp+xVsBYgl/SaO9CAiyhCQ8hYRDEt3/S8vBCMND7aherVPEup6/JOLR9cBYWOzOfV7cV/6iI17hpycEp4Ds5fxA92mU6AG55a0zjmfOPFFn19EvzfxXGaEQQop/LUm9N+oaaadVAxAupSEUX0jeQZY+0wm5+RnQN0dUwrDXF+ho5hWbX0DzIdFRAYW/9eP6zVg4Ko7bkIRIOEcQEtzriZ0sZ0DvCezD4sY/86R+8o2tZ1sWSiAmau5aax1KVHLm1y6YWeAavBQLnt3SV3lWaPW2cxag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:12 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:12 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 19/28] UefiCpuPkg/CpuExceptionHandler: Add support for INVD NAE events Thread-Topic: [RFC PATCH 19/28] UefiCpuPkg/CpuExceptionHandler: Add support for INVD NAE events Thread-Index: AQHVVtYf7g+wz1CqikuhdQftiH7NcQ== Date: Mon, 19 Aug 2019 21:36:12 +0000 Message-ID: <6638cbe8e793f831830aafe56998e501819e3a24.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a9ce00c9-c18f-4e49-9ede-08d724ed419c x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46101+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: mc8Onnsmsn8grk0YqFE0iIFz7G9aExGmoGNMggIUfi1/bHUsiQ8znQNn/DkqsZvhUin6BZ1hlK1Z47vp+e51YKK7Sx+rg8bLw4hSlQgjLWGQW+SM8fh505kHNT8v9vJTJYFIrp5EOCzddpM07y9kem2dXJRVkAPbh64rgzchYSfNeYrGGUfssizK129zVWQUdB0E6zykw1woQ8/oYA4EjVaRjQTAWSnGGqrrRhJZQYrdwPzh91cVZNTKOrJZaYBeTWR+ncxkrmjeUKOp7b4fzu8ovifJuFsUJ6oZuv0Em5f+eR8KeI1fy6w3q7+AMZ2hIeeFuVskcs8ka4vG+4tlo6r2uhxKO2wq+RJgB75iXoisXsaVg/uIOysL2Bjhmtp1T49FYxWoZ/g57A4R7D1+eHlDOQ/WVytAKziRPQijDFU= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a9ce00c9-c18f-4e49-9ede-08d724ed419c X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:12.6035 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TnTt/BINneiUR8orx/CB3ng5mEpXPqh6n1EMiuDSw1VWOCR/pqb3XlKlnr3Ars/oymaSJGW/EqRHhT8fe2Q7Aw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301166; bh=UWKosrM0rGNd0hjAqcmKYl7EmR9MfEnNHq7gU8pASKQ=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=KNV7XX59FZGlHk88Xfad1SW5DksAn1sBgY7sbBnDCSUn9OcDkm/8SQ82bdjwIefGvJm 1iCTmey8P/fzCptUFabBIbcDNPoJAa+D3jT63z+PQ6KE4MSgZk/SsNIFIHaIXSdldgNrP pkTMb3mZRCqEkQPkVPXPGjL2QcGdYohfCs4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a INVD intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 6c3e7f67f6cb..3f10af401aa0 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -818,6 +818,24 @@ IoioExit ( return 0; } =20 +STATIC +UINTN +InvdExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + Status =3D VmgExit (Ghcb, SvmExitInvd, 0, 0); + if (Status) { + return Status; + } + + return 0; +} + STATIC UINTN CpuidExit ( @@ -940,6 +958,10 @@ DoVcCommon ( NaeExit =3D CpuidExit; break; =20 + case SvmExitInvd: + NaeExit =3D InvdExit; + break; + case SvmExitIoioProt: NaeExit =3D IoioExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46101): https://edk2.groups.io/g/devel/message/46101 Mute This Topic: https://groups.io/mt/32966273/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46090+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301158635491.25025960425546; Tue, 20 Aug 2019 04:39:18 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.85]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:15 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hc3yfjkfubPVfR/L4W9S0ptVyXXU0o+IrDdXKTwnYW/wRxmDwDOMm3bwu3hii1W8A90YNGfopVvFkjiHZkkw5vHKqn568cUkkJDgsnZ48QReXXL6VTeQKhAwq4p/k16p/tM+kYxE6hlKpHDu0r8sJHbfiLEpRss72KW9aibfRROpo7TyNgymuBESjP3I6iQpMIDbchK+CCWS86ei9cT77GY78UZ0J8RwkDOk4hkWHtZLsH1D5//xua7Crt4s5C2i8IuxHyuXhN0QZcqYmQ6q7+oMog+xlf2pJVu2Gzb6+gns1lBwWxJng/s+JAzqeJKsKCsYhuplJgAScvCCZ4HRnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZCcvkJr9VeHgaLDBd49JxKAf+Uzut+HHMEFpLIJKRyU=; b=DxUSHRQbWx6t5vHz1jTtrPCPUkfGitJOZa3aBb28ssnWmQONu0Tx+g2+0/JFyhmxhGQ6andpom3d5wl9GuIblxQVuAfo2NK34O9wd7pXDAI4hAVCV2etElATxcXCD1irzb/dVEpxp2c+8GO54z6USP9NNL7UxVUyIF94gpGvYojX0sL95WGdtbLLAv/V8g9hT4hkSckeGT5pCgxdyOPJLvCNeLwMEEXtYez1g5A4KQl6/dXIrXzmEeOhSC6sXHYEmUviMNKYzHTAMS0OBPpd9J0XHMNV+m/OdT4h56V5CMv1EasXgjllz1PliTdmhojjsJ80FhjHRzJhteaZCbzc5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:14 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:14 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 20/28] UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL NAE events Thread-Topic: [RFC PATCH 20/28] UefiCpuPkg/CpuExceptionHandler: Add support for VMMCALL NAE events Thread-Index: AQHVVtYggefRtboLAkGI3F9D6z7Wsg== Date: Mon, 19 Aug 2019 21:36:13 +0000 Message-ID: <213aff9448251c52a3a4fe4085729461bbda2fea.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: fcbe5fa8-e7a0-4b15-da84-08d724ed4264 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46090+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: gigKjbFMaQ0S+vm/+LnPkIZX154jxCgtsTnJBRbcooB09wdO7c6MR75+FtfR2+hVvYlfNGqRnMfe2Dx57Ltx+h/vvmwA2iDIJbfGQc81pPgrx0OB2WyunZsAA+AisAmngGa8gkSHoIxIez+HeDyVGwygZqxUZUiCk/cSIw2eEjElGKKYATr7FDiGOsxb6lWxhRJ+LbXFNsGvtzbgJpmyuqnarrZmQO31EXARa6eSrgFDcz0W3iQE9kodptp9ANWAMfgqelPRuSWm4Eo/dI2YmlBTEn1Ca46e6jCjRJepq7PZwnZoZ8QnCi/dG7JFMfwUoobz/KzLX3LrQ9OvxxywuBrcEh+VspIao0H279545+SCx+U3aieNIhdLZh3NynyQOskdtNYjFIY2Avh6FT+YuRjbZVUaiBavrLt7guuJk8U= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: fcbe5fa8-e7a0-4b15-da84-08d724ed4264 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:13.8537 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RrCg5BKn3rv7jv1nA49ScCmW8gHo7DmDjCOZImrXLF7B9XOq8gZYL+qt1+OBfl+SxVeeFtpu/AEP1LBbineqXQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301158; bh=VW6ALxejqv/hh9FjmQMQpljXWdsdRAciEc3R0jsdh2c=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=UsrE4fm29dTuqK8M2all8VrVs84y66ZB10ny0wNtd12grR2cTLNLgo1G1j8BYSyIwxI g0CSMNLsTPX80b9QBk1neUK8y/m4NvV0FaCcJydGRRUIsnOSIWKgmIDOsszL/RufAYDrj XVCoHLq1jyrCvWw0fhXCgG4GbVcwsrHoOE8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a VMMCALL intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 3f10af401aa0..1a0a8f5cd718 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -546,6 +546,37 @@ WbinvdExit ( return 0; } =20 +STATIC +UINTN +VmmCallExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + DecodeModRm (Regs, InstructionData); + + Ghcb->SaveArea.Rax =3D Regs->Rax; + GhcbSetRegValid (Ghcb, GhcbRax); + Ghcb->SaveArea.Cpl =3D (UINT8) (Regs->Cs & 0x3); + GhcbSetRegValid (Ghcb, GhcbCpl); + + Status =3D VmgExit (Ghcb, SvmExitVmmCall, 0, 0); + if (Status) { + return Status; + } + + if (!GhcbIsRegValid (Ghcb, GhcbRax)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitVmmCall, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; + + return 0; +} + STATIC UINTN MsrExit ( @@ -970,6 +1001,10 @@ DoVcCommon ( NaeExit =3D MsrExit; break; =20 + case SvmExitVmmCall: + NaeExit =3D VmmCallExit; + break; + case SvmExitWbinvd: NaeExit =3D WbinvdExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46090): https://edk2.groups.io/g/devel/message/46090 Mute This Topic: https://groups.io/mt/32966263/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46085+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301157388820.7096467292716; Tue, 20 Aug 2019 04:39:17 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.66]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iRPmzdeEmV0x9Pc2m7TvFtRJwjPl9dDsoArlgrnnY9B18JsxHgQ5CW1Yeay5NB6gjO82XHx33UQCi7AoPpq9w+gUhPca9K1CkKlRookUyzueOzRH/qFnnVLvwnb1FiDqhpG/uvddmhev0X5elzG05o8F49M+OEgaiYOiJmFaI6OjTHy1YSNBup9R/o5teS4ZZquPZn0hAL7HVoEcalRY7gIAYhBL/FPFy+UfZepOopVTduKLb4gxi1KOuL2QmpIriZ7s5bJboG8fN8uJ1i7/B/J2ljH72TCneyll8Wb7Q2zSqk7nDzvFFiMvyy8zfWvWmsf0/N5li1Tz77RODkAdWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9jxFHqlgyHGSSXyyOrphsizNbYbye48ode3BEickJcU=; b=lnqN1Mz+GIOOCCy7toWt78i6FJQmg8+gCLsWG0BbizdOBF+Pj52IHf6R0EjZH0ZsHZ0Np8E5EY/l1TdrPAUv4afp1hi0/cGjbhyVGfWPr/2zf9Jbmn4k6hs0k2yL1aJ4BasWdff6v1y//YrdUMuARmIAfIZkJuzTEWu8FUY1m3Tm9ntUMQzBjOVsgzmTxUMAsYxRRuwyr2HJ164amLEIcRx2pw69aqcVTn8Px2H/Gg8FuwiePsjyxl1OezBbfXC1iFZwKTQcmU4gBUW6ZlDUTzm/yr1AfBTD81177ZDtYcGjEyY6JjqqoFi9e8PT5bssvC3j0HVcwkQCK7wEhNxsQg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:15 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:15 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 21/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP NAE events Thread-Topic: [RFC PATCH 21/28] UefiCpuPkg/CpuExceptionHandler: Add support for RDTSCP NAE events Thread-Index: AQHVVtYgXcTE+06HGEmvpTj7tV0dVw== Date: Mon, 19 Aug 2019 21:36:15 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e6e95d3f-a42f-4bcc-057e-08d724ed4323 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46085+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 47MYLZ8N/DMA/AuSo8s8gESZ5Iek9G3MIh1gV/xH67pVNJPSmkrt2B4kkQHMaNOw3/inY72ae7D0Dj9lnHjHjt8w55RWraE6ivIB3u8LkoET1rUVNbHHW5NhoxyUPR8NA48nIprjpb7WVjacAtiesoo6gRgdA2jksSoz4LC4/toZow6Oif8FvsGlHERoOP0Z/UjqeJqKfDrYJ67BVLUt+N+uGhlmGj6Bnr2cEd/KBNApWgg9zAWuM3Bj4bhifS7vFg5jiM4KARh6f2KEp07qkwlwFdcpiLpE0ntpSR98Lbpn7V8K950fTXr5EmkdpFdFVWIOwOJTf40YXg93Ncl2QG+0xUxJI06Q6CMtDxGLFnHhq/IIId7ZlAetn4Uma7MdH+ou/cC7xAICc9NJLxSovbwriIgP7LRdz5GuAOg37hk= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: e6e95d3f-a42f-4bcc-057e-08d724ed4323 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:15.0830 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QhEzxiLf+o1v+iTiI4YOOuWN1KJUQ89kB2tJp1RqUg2A/L7IQ9C5e1r+1PdtGN/JjzLuyJJTouPEcaz3pcO5GQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <381A20BD8EE28F45917888B578AD3C26@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301157; bh=cyVrU7WqU4+3UiXg/269mcS/EatiPU7c0cGIFV2arU8=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=dCTCCpq022QbXmn2jLWkLd4v0l4XANtchjPVvadwblyHlKZfEjZGXBzFP0NWpDnj8p4 12wu8VSQDsFFNnL2UEu1BZwjMFGmBJq8uqkQKW+/vQcVbG7gFH6PO6ZOq2moYk/bJWwx0 sImDUdOsB3EAUSPQOdCuCZetVEaZhK3ZfYs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a RDTSCP intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 1a0a8f5cd718..8f9b742f942c 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -546,6 +546,36 @@ WbinvdExit ( return 0; } =20 +STATIC +UINTN +RdtscpExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + DecodeModRm (Regs, InstructionData); + + Status =3D VmgExit (Ghcb, SvmExitRdtscp, 0, 0); + if (Status) { + return Status; + } + + if (!GhcbIsRegValid (Ghcb, GhcbRax) || + !GhcbIsRegValid (Ghcb, GhcbRcx) || + !GhcbIsRegValid (Ghcb, GhcbRdx)) { + VmgExit (Ghcb, SvmExitUnsupported, SvmExitRdtscp, 0); + ASSERT (0); + } + Regs->Rax =3D Ghcb->SaveArea.Rax; + Regs->Rcx =3D Ghcb->SaveArea.Rcx; + Regs->Rdx =3D Ghcb->SaveArea.Rdx; + + return 0; +} + STATIC UINTN VmmCallExit ( @@ -1005,6 +1035,10 @@ DoVcCommon ( NaeExit =3D VmmCallExit; break; =20 + case SvmExitRdtscp: + NaeExit =3D RdtscpExit; + break; + case SvmExitWbinvd: NaeExit =3D WbinvdExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46085): https://edk2.groups.io/g/devel/message/46085 Mute This Topic: https://groups.io/mt/32966258/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46086+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 15663011576221006.6806920062204; Tue, 20 Aug 2019 04:39:17 -0700 (PDT) Return-Path: X-Received: from NAM01-BN3-obe.outbound.protection.outlook.com (NAM01-BN3-obe.outbound.protection.outlook.com [40.107.74.50]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dc+o5sYYF40BYCV2hQ2oyDhUhC4aiK+iUPTUAfFalb74riC8gKX+Yi6h61vTMIk5xcidNv4yd7XkqVqz0ARm4/uafaas+jt7UuMm+QYgqrnqe/1B/tyYe7vFX5jnMiJvR29D4y0TlewBgNNyS+fGlBfilWjAW8JukDgd3CR++YKSQINl/YxPzZLqjJe22RdJnRLPQELEW4w+dsLknLEee0QsgDeavPaY/o0OgmCx8QfZu/BZkpuFvb3+y/0DGv7tAT/PPH24P/PxJAoLAksCsRzyH+kTGAosgV2AqKuFNJCWO6kV0fyE2SgW4l5aUQazY60hYyy9gIHSOFiUMnzkdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FZ8QCb4z3QBgYmBcsXS4JVgw6AvllmkHlkFhTZXi1gM=; b=nofU2ldAs4TB2fYQLqC7qZoSFyYkt15dmPdfgDxoflv1uSdCwYdBhnWDviySoLVEkp70+tmW0axx2z9GGWwh/FkREgygWv1QT92i3bJ4m4VUsjo/bgxw+7sgAqGGCelc9fiiGGfC1Pdbx2dhB8H2zZ1qts5OfDccQC7DqAniNB/y7o/68m8rd4PxQiOVj1CWp+KyQRHt1DLegX+5qgcmfnFe61auFAyUsKbuzZp4/RTShwjEStKFGeKF/3k5/+/5Bq4GqIVMM4nWZxJ4vQFl/JeDEjJhSy/SvClqnyM0roOneZFHor+4kWMz2itzWBXxbtJpbXx93x9sM94C4zJFjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB2965.namprd12.prod.outlook.com (20.178.52.214) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 21:36:16 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:16 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 22/28] UefiCpuPkg/CpuExceptionHandler: Add support for MONITOR/MONITORX NAE events Thread-Topic: [RFC PATCH 22/28] UefiCpuPkg/CpuExceptionHandler: Add support for MONITOR/MONITORX NAE events Thread-Index: AQHVVtYhGWe9AQ4pgkCUlKlfSvg5pA== Date: Mon, 19 Aug 2019 21:36:16 +0000 Message-ID: <901593f1a8987759de1861a260f7dff2eaf755f6.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 26cb4926-592a-4715-0123-08d724ed43dc x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB2965: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46086+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: xkF5kIL55B17+r2kmZFBZGm3d917HK0GlcwWQUtFvV+PekFL1YoJHpyrg3qxVMUDNwD1lPVDovaXNQ6VJcYCxus8DoM0QipOf42nx8ESIyv+Rj96zK8CvIZBpvVCX5TLXIF5j8gD92nweKRlncEQ7uye3b68VdrfF8OPGGopRzBTy/hxWVccyUn1kgosrPuFo8wY1gkfBoVhkgN7dU1nyIAVBdP7PYX88OJf5GbhTyRciYOPBEVytnei/pQpUmRNH01Z3Md5EO5UeIOy3hYTIBmd8XNhNhIidRjgpyUbM4Nmdbx5B7nkf2Dx9d+khy9AJuUuueyzfXyX4mtMMDhMdhSIMDomFgX8kUm6JoVngtU82npd4vrZP2dF9i6tYfoZfopCr9P1TU2Z9OLT+mBRMQgbk9MN5qXzKrlk7GmbifA= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 26cb4926-592a-4715-0123-08d724ed43dc X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:16.3203 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: tqPwOP0GApF1CI7EmbUMUX6GArz8VoJrCcHDOAvCD9olPC5palucR/0FC3Eb4YrqINP/UmjFFXI22f53oQLM3g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB2965 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301157; bh=QGTMs7XTn/pfOOFeDXnfjdlfReml2kBdwYBV3qlxIVU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=v1yrf99gXFEPwm3Tn3XNi5DdhWr1oEJ31uJaH/CsQIM7Docsy1+ArtSnkLCGy3n6qDj 8Sjrgy9z7rASj4DStaoFfsTQ0rQ+sipveMV/GIo5h3iufS29weGxdfghg6vX1kMAjuNUK KVZPSJZrA/QskRMREC2jLWt5I+m3pc+UNw8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a MONITOR/MONITORX intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 8f9b742f942c..154ca091936d 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -528,6 +528,33 @@ UnsupportedExit ( return Status; } =20 +STATIC +UINTN +MonitorExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + DecodeModRm (Regs, InstructionData); + + Ghcb->SaveArea.Rax =3D Regs->Rax; // Identity mapped, so VA =3D PA + GhcbSetRegValid (Ghcb, GhcbRax); + Ghcb->SaveArea.Rcx =3D Regs->Rcx; + GhcbSetRegValid (Ghcb, GhcbRcx); + Ghcb->SaveArea.Rdx =3D Regs->Rdx; + GhcbSetRegValid (Ghcb, GhcbRdx); + + Status =3D VmgExit (Ghcb, SvmExitMonitor, 0, 0); + if (Status) { + return Status; + } + + return 0; +} + STATIC UINTN WbinvdExit ( @@ -1043,6 +1070,10 @@ DoVcCommon ( NaeExit =3D WbinvdExit; break; =20 + case SvmExitMonitor: + NaeExit =3D MonitorExit; + break; + case SvmExitNpf: NaeExit =3D MmioExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46086): https://edk2.groups.io/g/devel/message/46086 Mute This Topic: https://groups.io/mt/32966259/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46087+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301157697573.0072385291683; Tue, 20 Aug 2019 04:39:17 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.58]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jcWbwle6aLthDwqvc5hd9ei3J1/2V61Hnw/DGfbVYgLc+4CQAauOfiHvUuJozQXj5NOzdLA1QJHp8SCEei+xD3LCtShYzFG0VeMCPc87SqfOBD5hk0iNN7nTbHQiTS9yGFvdIMqgcjwOPkeCcEcZzfFCu2cWKtOVWDJEgfSAsZph9LxqEt1FX+gMb6rN9/wQY9QOZsWUMTmD2Z4ZZSZyPU3HGiA9Ku+vm6YnxvIdpbk94rOQqwL7/IeJS4ApB+t8dNBycvH1RsQic5gbJjqRFRx+3o/Lowa+lQWpAAcKnirnKANkUYUJlBKopiuieo+3QpjGSWbKcUhmpovgu0X+Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0gPthfGgRD+kPl65kSibTsQXpwNMCyiHGiZn64xRacs=; b=V+fAgDMipjT3eAZfuZUJk+JOOhtOBURjlMX3pthsZSY56SBGohvqxdXLgDnsBI6LicV30U+oBk9ed7kTfNTkHx209IJR+nxh25A4oroyx018dmrWqvD6PFYIOfrVc6LiLfTQAkikD9vyoFE6WO2XCYBLG2rxe08DQmMuHBRSRE0naofLDgcFI63Hh3/W1vZU+ji04DOILliUUDdRs9dGX4FAB05sNWd083Pfokm3kxnIXDtFU95+0dPGvpeJnlBr8HX8Q1ywNvTTzHh6hEoyieoYrsSAUZpcy6j4EeQIE+1WZhcSVSF2ymoQKR9wt+zPH8ScxzycTYgFEKBCbuxzKA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:17 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:17 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 23/28] UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWAITX NAE events Thread-Topic: [RFC PATCH 23/28] UefiCpuPkg/CpuExceptionHandler: Add support for MWAIT/MWAITX NAE events Thread-Index: AQHVVtYiiqWARbmny0CW2InOhvCZCQ== Date: Mon, 19 Aug 2019 21:36:17 +0000 Message-ID: <5b34d3a3c9c83d44818893f6ace5716b4c202f4d.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1a884520-3911-4def-c848-08d724ed449a x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2000; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46087+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 3X7ub+AgKmf7cWkAdpXEEMgtT6x4+BSLNlXGtJg6Z2bY13Dna0/2+XskTZkuqPzPay2vYtVi1FROb5UPDDoQCMnPzjWtnughvwC6ZsioA66ghi6y0pJSo+ZnxdQEsXgVfDBxX8UZQOmjPpChV9eU7jmt+KtQWwINxh3zen3PmZHsv+eWtUccZYNYBDJfdi7wVjr/DW+XhcBTpinbTmuqgwgTE9fa6kS/7w4z4ixwXL5vXzDaRgcxuemo3tKhawYjLpoLkbmOJ/3rwZqrJkQTuUvDQyK9qAn4Tvhqogp+KKYVYHMFjOZww2gLwbtlGyT3Xh/GYXk5G//S0tjs37QhAUaA/YIpEmF4QGi84+OZlNXPYNGVHqcRbL+AcwBWd89ClbAKwNdMPdFwkSvkQGiAFw3qTpxK9VMZr3T+tE9gYPg= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a884520-3911-4def-c848-08d724ed449a X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:17.5436 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: B08N2li0R11UVpL3/vcNX6DG0ffZ0Mw5XPUvWlIs/8PU+PeXl7kty4to8niJR0XfSgiusOEUzFa26yntjQywEw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301157; bh=a8678KoAFUaUQINRZUQRVfPa1kvHOBVgS4i3cmpCSac=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=jEpPMbVFCCZQb0qPH8hcKriJy5l5kayNz+9aBnQ13ZzhsDHzp/qdqYPS56Fea6jFADQ ovi//xtOOymW2wfkiAmq6vv4CeShNW4ZEFCrnqX24sedhUGME4jkwQfDHHwt4sYD7LEUR 1xQbd0Sr3J7d01pxfYP7BFEzExEL0BIH4Vo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a MWAIT/MWAITX intercept generates a #VC exception. VMGEXIT must be used to allow the hypervisor to handle this intercept. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 154ca091936d..43a3a116af5d 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -528,6 +528,31 @@ UnsupportedExit ( return Status; } =20 +STATIC +UINTN +MwaitExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + UINTN Status; + + DecodeModRm (Regs, InstructionData); + + Ghcb->SaveArea.Rax =3D Regs->Rax; + GhcbSetRegValid (Ghcb, GhcbRax); + Ghcb->SaveArea.Rcx =3D Regs->Rcx; + GhcbSetRegValid (Ghcb, GhcbRcx); + + Status =3D VmgExit (Ghcb, SvmExitMwait, 0, 0); + if (Status) { + return Status; + } + + return 0; +} + STATIC UINTN MonitorExit ( @@ -1074,6 +1099,10 @@ DoVcCommon ( NaeExit =3D MonitorExit; break; =20 + case SvmExitMwait: + NaeExit =3D MwaitExit; + break; + case SvmExitNpf: NaeExit =3D MmioExit; break; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46087): https://edk2.groups.io/g/devel/message/46087 Mute This Topic: https://groups.io/mt/32966260/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46091+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301158781366.45189605588916; Tue, 20 Aug 2019 04:39:18 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.46]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L17BtGsC35hDCj3s2s59myg4r6qj+EkhQ6ofcGVUGu3hPlCVU6PFba4+bUSULijCwwDQyv+Oj56Iywzt8lYVCuYt/KJA4YlWdJFMxNjEBswoF2U8xm4J9DIdDSUxjI/EZIQcnJuo7GEIQghpfqt4lMuNMKEZT0b+3+eLoL384qVLHqeg+KCieahcGACSXxFQWarx4Ru09F1lbU8gjSEPXMZWvSpGxNkIVe0HBC9nSHM5FzkQNcdK3/IaR/tjCzG/gW5P9cmvPuTIp4khrKoNmaKLT5iFNNjQHJOiO7sjpc3+9JuwdMAvlVjTW5yR227QJWviUpHH+M5UuQ3eqpQxqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iE7ClRSC2m3HAXmhBD7PXl5CORoBRnxilP7MYP1wVNQ=; b=U4E1iBJu2AUtB5k7pMyHMxJQ8hw5X5HkQ8omdY/RcdJfJAtoCbHTP+KriROnuHE/HP9PiQrRlCU8XgS+hJLdYrtqwuv4gFFuPduvM/rb7KYSVHb7aanHL0ObE2Em5E2tpTHXrfsp1zTUXHMoXLXx6wpMaiCX9CdEUPecLWC7ebGREiOdWGTjHs/mhRxUq4qjplIsQmdnorGG9M1W0T+3ucrjs6V/wMxjBmY5E5w01rSFEdi+URZSVdunSlIY3JBmrBn0hxZMhSwliSnSyfK9r/V57k2IX2KWLsZ4URgzUFDcPqADs0zjdtwCvtm9oLuE837IrndznSV1pRqyEtEvXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:19 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:19 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 24/28] UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write NAE events Thread-Topic: [RFC PATCH 24/28] UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write NAE events Thread-Index: AQHVVtYjIhxFggHt+kuFTmGXx7hQdA== Date: Mon, 19 Aug 2019 21:36:18 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0f2925ad-dea7-4712-5b9c-08d724ed4556 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46091+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: VB9/d45YFeoHH/luWbNckbttPad0vKWhh8MRGnPjxBKI6uS48dgV1j8Aag7ugGT2fzALk7afyVD8uJO4kdirrndGITYOrV85y3QRN/NrFON/4l/5EBSjA3eNXc+xx+IbOYXXMzLgozrJYJL8pjIkFjeh/pYJWIZWGTzsaKWVqWaH5/DxTq0cMe3VwtQHrPJKwI557ACpMpB2VxtmUIkhWUp+2NQtZbhA1pzqec7YCqrn5SxfE00EJBR2+s7K6kcbNoWfT0g6izQbunc5y2abVaspcueM4097zjvbA5Zxcuz0+cqpNhoVcgPQ0MnidX3/17gyoG4FK7XgREm6yELG4JUHQ6bMtjHGF3etArERrm4hO1O4/SpMtinb+43R5/rB6CCMHo5c9K2OWQcDXSOwGg2PpCqKILdU88wlzcZ0zKY= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0f2925ad-dea7-4712-5b9c-08d724ed4556 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:18.8059 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: /v9r135+Xkqjkw3WquT9qKcMxCu+/Mj23C2f7ovdYW57s0oovltYyEpPvZ5RVYLEDwE3Th16YLgBlyx3/agzCA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301158; bh=mPFQHO5Sud6shcDbtxDmQLGiKLwBZTjSMmHgYJ0r+3Q=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=jOOT5dHOQlSawqbGnooGq5zdJocxE+flRxhdvrfnr8LdihcjiRrmsp1neyLQuLiLeZX i4cwJ0Sb+oa2lfYEXVxWcPszsN/vOd0/z/UEq5Gp90hYCKyEqWPN+xTv1nuDBL+xe60tm 0Rq1kCFeEgUnOqZvoMsP1scF76pe2Xd8RW0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Under SEV-ES, a DR7 read or write intercept generates a #VC exception. The #VC handler must provide special support to the guest for this. On a DR7 write, the #VC handler must cache the value and issue a VMGEXIT to notify the hypervisor of the write. However, the #VC handler must not actually set the value of the DR7 register. On a DR7 read, the #VC handler must return the cached value of the DR7 register to the guest. VMGEXIT is not invoked for a DR7 register read. To avoid exception recursion, a #VC exception will not try to read and push the actual debug registers into the EFI_SYSTEM_CONTEXT_X64 struct and instead push zeroes. The #VC exception handler does not make use of the debug registers from saved context. Signed-off-by: Tom Lendacky --- .../X64/AMDSevVcCommon.c | 68 +++++++++++++++++++ .../X64/ExceptionHandlerAsm.nasm | 15 ++++ 2 files changed, 83 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c index 43a3a116af5d..8d7633b15e25 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -5,6 +5,12 @@ =20 #define CR4_OSXSAVE (1 << 18) =20 +#define DR7_RESET_VALUE 0x400 +typedef struct { + BOOLEAN Dr7Cached; + UINT64 Dr7; +} SEV_ES_PER_CPU_DATA; + typedef enum { LongMode64Bit =3D 0, LongModeCompat32Bit, @@ -1043,6 +1049,60 @@ RdtscExit ( return 0; } =20 +STATIC +UINTN +Dr7WriteExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext =3D &InstructionData->Ext; + SEV_ES_PER_CPU_DATA *SevEsData =3D (SEV_ES_PER_CPU_DATA *) (G= hcb + 1); + INTN *Register; + UINTN Status; + + DecodeModRm (Regs, InstructionData); + + /* MOV DRn always treats MOD =3D=3D 3 no matter how encoded */ + Register =3D GetRegisterPointer (Regs, Ext->ModRm.Rm); + + /* Using a value of 0 for ExitInfo1 means RAX holds the value */ + Ghcb->SaveArea.Rax =3D *Register; + GhcbSetRegValid (Ghcb, GhcbRax); + + Status =3D VmgExit (Ghcb, SvmExitDr7Write, 0, 0); + if (Status) { + return Status; + } + + SevEsData->Dr7 =3D *Register; + SevEsData->Dr7Cached =3D TRUE; + + return 0; +} + +STATIC +UINTN +Dr7ReadExit ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT_X64 *Regs, + SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext =3D &InstructionData->Ext; + SEV_ES_PER_CPU_DATA *SevEsData =3D (SEV_ES_PER_CPU_DATA *) (G= hcb + 1); + INTN *Register; + + DecodeModRm (Regs, InstructionData); + + /* MOV DRn always treats MOD =3D=3D 3 no matter how encoded */ + Register =3D GetRegisterPointer (Regs, Ext->ModRm.Rm); + *Register =3D (SevEsData->Dr7Cached) ? SevEsData->Dr7 : DR7_RESET_VALUE; + + return 0; +} + UINTN DoVcCommon ( GHCB *Ghcb, @@ -1059,6 +1119,14 @@ DoVcCommon ( =20 ExitCode =3D Regs->ExceptionData; switch (ExitCode) { + case SvmExitDr7Read: + NaeExit =3D Dr7ReadExit; + break; + + case SvmExitDr7Write: + NaeExit =3D Dr7WriteExit; + break; + case SvmExitRdtsc: NaeExit =3D RdtscExit; break; diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandler= Asm.nasm b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAs= m.nasm index 4db1a09f2881..d23af671df66 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm @@ -223,6 +223,9 @@ HasErrorCode: push rax =20 ;; UINT64 Dr0, Dr1, Dr2, Dr3, Dr6, Dr7; + cmp qword [rbp + 8], 29 + je VcDebugRegs ; For SEV-ES (#VC) Debug registers ignored + mov rax, dr7 push rax mov rax, dr6 @@ -235,7 +238,19 @@ HasErrorCode: push rax mov rax, dr0 push rax + jmp DrFinish =20 +VcDebugRegs: +;; UINT64 Dr0, Dr1, Dr2, Dr3, Dr6, Dr7 are skipped for #VC to avoid excep= tion recursion + xor rax, rax + push rax + push rax + push rax + push rax + push rax + push rax + +DrFinish: ;; FX_SAVE_STATE_X64 FxSaveState; sub rsp, 512 mov rdi, rsp --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46091): https://edk2.groups.io/g/devel/message/46091 Mute This Topic: https://groups.io/mt/32966264/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46088+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301158036806.802026982107; Tue, 20 Aug 2019 04:39:18 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.71]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:21 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=agSevMj6uXss8Zgdwn+IVntxHJ2kBovTHOi2RHJ18w0ThPKs2FlVgwwIn2Z2VlVkWwdBw1FjnNE26AnDugiPsCxwn7oFcFthO4+UqivtYU6Hulph+1pP/es9Yjta0onkAOtzlIBPlACifVZvJqtBs9woHNlCicrrkzVrlvqBMk2luCkuRmIulCr00xTRXCJOJ/dJshVAUX1AhFfWyUU9Wmah4XpvrM5SABfBhiJpgiw8g+Dxemwb+ijOnRnqvDVMjrtg4EmddPIiAd5YFdNQ4tTZSKB+i8vMM7jee6L6EqE2XFBaGGmetbV71gO0rpJAR0Z/DS/MgZNk6F4fn04qBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5uo2NIeT3t+OIZdNsRoclB7WcOuLB0bkF84hOKVwsOk=; b=dDBfu284Mz2SCT6RCSeGxICChmIbV2w+3uBNHUVMyF+cpLKvTmA1GdeFBUAWrdo3b11P+4jEoio39QCYWNReOJZsKA5TGnZj5y9QSWWzodvcTzdOFWv39K5/mAvsEzTohyFMBrI0cEDokD9FVN0xwWWs16js4Qz7lHey/DDryAfjXgr/QuXiZSZCu+9ferR6TGDrVaRFkhVMWGS/on5gbTOU0ct3tB4ofcxfu9Yw9DN28jTvGYdyFU0pdgJO9H+3UU85+f4YQN0TYBAtJaq1dtfU0HGsP7+AMOushTQKLATwwR2aoq80+it3+ReiJXpqEHRxptvJwoJdpqf3tU7SDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:20 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:20 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 25/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Pei/Dxe phases Thread-Topic: [RFC PATCH 25/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Pei/Dxe phases Thread-Index: AQHVVtYj7zAeBlOOmkuuflpAWR8bsA== Date: Mon, 19 Aug 2019 21:36:20 +0000 Message-ID: <7f0123ecbec9862f141c3e07e3032552f8777bea.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1a80f8e8-6e91-4fce-8697-08d724ed4614 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:935; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46088+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: gRmcijXeKuIHEWm1Atfi61+5d1NBOvgiwqTUUW44wA6NdF3tSLKswO+PAH/QZlTEVTxUFCNcI4xV00KLaWMP7jsiI6X0CQu+Wgj7I+Ej/015i9u7vJsxbwyB3NyOLCN5TLxwv/8YXJJwVdTk2FC1tYUwYitlhfcyYz8bHgBqVKDoAiHVlACZD2ntqm7Be/DXgaF4+GTvY8ZoWU7CP6VQwwRzUgxiOHfa8fxv2tPWDolwE4D3QAOq35UdLSf64WSp85MjAh2Pgu/hpqG1WXE09/PwN8S+xbJNytjVQv/t3ESmM9nHEOg6nXALS0JYWZK5ed1Ui53P4vWVmfoXToCt44hBG9i+E0oDsxNwjhzS4t99nadosfDPLP5ipb9uXtP+2zQK0ceFIW2FyGhrCGjJgyzP3mjl22JA35jIHCiszSI= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1a80f8e8-6e91-4fce-8697-08d724ed4614 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:20.1052 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SVqv/7a4UySN7K2rsbbf0Cm+eXoQAcWJMumCJ73SVNzxaYo8mcYA+1MWnzLfRAn/Z49HhRVQAvTZE9ZU3rCJ0w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <865EC779E36BC94E9B5921DF5A381B83@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301157; bh=iRqBpuNZczLlzlcV5acLwHj0BdUXSV+AOSdJX9Jg+8Y=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=bk7JxUc4hNMVnofO19YLElKWRkvzpYBv2FfnU6EurV2+CBbZ+HsEoe2cZDvSOwPsQj3 ykURMNXvy6PgOFI6AAZkHsvsIjnvWbvr7QvJz4EOOGL5xWD819+fYMroBYAARxyIaVjMR GwJROil5euXnWN4L3z3AaB1RRV2MThSROQQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky An SEV-ES guest will generate a #VC exception when it encounters a non-automatic exit (NAE) event. It is expected that the #VC exception handler will communicate with the hypervisor using the GHCB to handle the NAE event. Update the Pei and Dxe exception handling support to recognize the #VC exception and call a common #VC handler. Signed-off-by: Tom Lendacky --- .../DxeCpuExceptionHandlerLib.inf | 2 ++ .../PeiCpuExceptionHandlerLib.inf | 2 ++ .../PeiDxeAMDSevVcHandler.c | 15 +++++++++++++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandl= erLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandle= rLib.inf index 331ae7334c45..75fafd346add 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.i= nf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuExceptionHandlerLib.i= nf @@ -26,11 +26,13 @@ [Sources.Ia32] Ia32/ExceptionTssEntryAsm.nasm Ia32/ArchExceptionHandler.c Ia32/ArchInterruptDefs.h + Ia32/AMDSevVcCommon.c =20 [Sources.X64] X64/ExceptionHandlerAsm.nasm X64/ArchExceptionHandler.c X64/ArchInterruptDefs.h + X64/AMDSevVcCommon.c =20 [Sources.common] CpuExceptionCommon.h diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandl= erLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandle= rLib.inf index 89b5d496e56f..50124b598509 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.i= nf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiCpuExceptionHandlerLib.i= nf @@ -26,11 +26,13 @@ [Sources.Ia32] Ia32/ExceptionTssEntryAsm.nasm Ia32/ArchExceptionHandler.c Ia32/ArchInterruptDefs.h + Ia32/AMDSevVcCommon.c =20 [Sources.X64] X64/ExceptionHandlerAsm.nasm X64/ArchExceptionHandler.c X64/ArchInterruptDefs.h + X64/AMDSevVcCommon.c =20 [Sources.common] CpuExceptionCommon.h diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevVcHandle= r.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevVcHandler.c index 1e027b3f2964..d32de9efb09e 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevVcHandler.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/PeiDxeAMDSevVcHandler.c @@ -1,11 +1,22 @@ =20 +#include +#include +#include #include "CpuExceptionCommon.h" #include "AMDSevVcCommon.h" =20 UINTN -DoVcException( +DoVcException ( EFI_SYSTEM_CONTEXT Context ) { - return 0; + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + ASSERT(!Msr.Bits.GhcbNegotiateBit); + + Ghcb =3D Msr.Ghcb; + + return DoVcCommon (Ghcb, Context); } --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46088): https://edk2.groups.io/g/devel/message/46088 Mute This Topic: https://groups.io/mt/32966261/1787277 Mute #vc: https://groups.io/mk?hashtag=3Dvc&subid=3D3901457 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46089+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301158310158.78253082525396; Tue, 20 Aug 2019 04:39:18 -0700 (PDT) Return-Path: X-Received: from NAM01-BY2-obe.outbound.protection.outlook.com (NAM01-BY2-obe.outbound.protection.outlook.com [40.107.81.85]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:22 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X2YrVuUf85x1lORuU4ikv/WgVqhz3N0zqMFJgFEsQUaVsPsy4iIa+FiR0I3nVDPjMcgpQKtmV56CqRv/jWKsShBQvX8LS0FRV1wYwr1AHnktGHGytx389xq9GHT9LuhcVBAli5YP+kNPFwiCc2YSclyPB4IzkPJkbKbCXKqE167f4N1RUAdX/wxkUjmLzHxeZEFVgmYOW+v0EGqEKR4uqes1zgwukrueQSaho8wtxVsJRvd3qQ/LhH8jF7IGlvQpXwIwjj46tbFVRD5iAQTudyttfEeQYVPHIxvVnTrOOQ12VYP8NwkhZLj+Ajwi/qhmb879Q1jf1+TKnD1lY5JiEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CsA0iOy8EbOKZQWMclWZMQJXhhjCzFR+vgbc2Jz7Jr8=; b=jc6QDxbXUTv8cubejJvk8nH7I3WL6mZC9QuhuW3jhrSQEeV7P3G9R/25z6Ucjwn2OxLKjDZk4B+xTnUJDTK1qlhJZ6LBQnNnh0/7ujPGy97fgOE4rJ161WOJBduYp3cToWnbEFPtcGzKQdW/KfFTi9X4Tb0vpQhOJStF8wXfK7tzhwQWxEeLNMgkjPVTFDkX/4dJxS80xgUmlaqcK5umL0VYh4vBHObcefGGwOJSHR75Fr9z9SWjWbg4ryR0cecQ4dv1POAKZvWXz1HpqYnkOD3iJTlae6d7gmg/3B1KWZ+CtnFmrGcGDlzSE4/ba473xKoomBwb1JXyntdUmVA9vA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:21 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:21 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 26/28] UefiCpuPkg/MpInitLib: Update CPU MP data with a flag to indicate if SEV-ES is active Thread-Topic: [RFC PATCH 26/28] UefiCpuPkg/MpInitLib: Update CPU MP data with a flag to indicate if SEV-ES is active Thread-Index: AQHVVtYk11osFhu0skeV1OETMrjKvA== Date: Mon, 19 Aug 2019 21:36:21 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b65f897f-1b6c-4f49-5e68-08d724ed46dd x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46089+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: atVR3h0shtaDbPtywNZe16wKFrF2RhlyUvsRMGJC5lcOuc7keAVC4pV4jO8xOJunxDR3Ki/hWgF1qZRKCs/GG2wSPJUZY4sXE8saGAiCbCnpahc4iWYAg6M6PTTP0UwOABcr75si7qGORYokDHiT52Mo/oz6bxpwvT5oF91DuMXxI1ct8wZoTPGY9Q1d/tDBkfuXNlNaCWnyXYIXuEJDfY0pbPa4YGK9WjBSek+vLtucsHPDSH4AsbI7MzMdHeqQLRapWSyacvmCz2sX2g9igbRT1i9whB2BhnFpAmVMOGsZGb4ZighHv6675YRwIYrsciujyAVzUuMydRfhJgNvRnMendB8Ia30WSJgPLnglaK0hiSjZuM1G1Smx1gVjMwt/Z6NB3EnALbvLT/2fHpABvtBnkFPKCoxwN4xm3j9dwA= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b65f897f-1b6c-4f49-5e68-08d724ed46dd X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:21.3524 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: LBaYgzV71KyJKDZmiWdT0QC7epDELL9ahSfA673AWQbK8mroRXDELeeYuGwQ9S85B1IAcKIDs43hXVOk6Us7hA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301157; bh=HpJHb7I4fhs/gDZL1r0RdaxzuN/dIgZkVoueAowaWII=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=uzeavd6OoQE52V8VyTYWR2/KJpmpDT0z9Wjcct7Gl8TN5MAPN9TSo188gZqxZm68I92 yh1ZOyQKNhJthEy9vqa7R/2+yh6mpOGivayojUbnZk9Lacaszx8mNdGuDXkyhWsK0qr6D pCimrzraXFlTD6KiK8ta6jqMZRhEQor1L9U= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky When starting APs in an SMP configuration, the AP needs to know if it is running as an SEV-ES guest in order to assign a GHCB page. Add a field to the CPU_MP_DATA structure that will indicate if SEV-ES is active. This new field is set during MP library initialization with the PCD value PcdCpuSevEsActive. This flag can then be used to determine if SEV-ES is active. Signed-off-by: Tom Lendacky --- UefiCpuPkg/UefiCpuPkg.dec | 3 +++ UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/Library/MpInitLib/MpLib.h | 2 ++ UefiCpuPkg/Library/MpInitLib/MpLib.c | 1 + 5 files changed, 8 insertions(+) diff --git a/UefiCpuPkg/UefiCpuPkg.dec b/UefiCpuPkg/UefiCpuPkg.dec index 4d5a2593cf13..163146afb752 100644 --- a/UefiCpuPkg/UefiCpuPkg.dec +++ b/UefiCpuPkg/UefiCpuPkg.dec @@ -327,5 +327,8 @@ [PcdsDynamic, PcdsDynamicEx] gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase|0x0|UINT64|0x60000016 gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize|0x0|UINT64|0x60000017 =20 + ## Contains the SEV-ES active setting + gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive|0x0|UINT32|0x60000019 + [UserExtensions.TianoCore."ExtraFiles"] UefiCpuPkgExtra.uni diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 37b3f64e578a..1b7ac00ab361 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -67,5 +67,6 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive ## CONS= UMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONS= UMES =20 diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index 82b77b63ea87..bcdd2ca82612 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -59,6 +59,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuMicrocodePatchRegionSize ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES + gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive ## CONS= UMES =20 [Guids] gEdkiiS3SmmInitDoneGuid diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index f89037c59e13..2f75b82e8401 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -256,6 +256,8 @@ struct _CPU_MP_DATA { // driver. // BOOLEAN WakeUpByInitSipiSipi; + + UINT32 SevEsActive; }; =20 extern EFI_GUID mCpuInitMpLibHobGuid; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index 6f51bc4ebfb9..74cfc513ec93 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1639,6 +1639,7 @@ MpInitLibInitialize ( CpuMpData->MicrocodePatchAddress =3D (UINTN)MicrocodePatchInRam; } =20 + CpuMpData->SevEsActive =3D PcdGet32 (PcdCpuSevEsActive); InitializeSpinLock(&CpuMpData->MpLock); =20 // --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46089): https://edk2.groups.io/g/devel/message/46089 Mute This Topic: https://groups.io/mt/32966262/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46092+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301158916414.5621934115004; Tue, 20 Aug 2019 04:39:18 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.49]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i5UfMo30/12Kn1n5F/nlZBQ40JNUtAf8cLfywU0C3Jx8/oR10oKiI0AmjPoKI20mhkjFJZIQuQo90xV+uAEI6mmwgs3q6RIT2JgsJ5HhSX8nUudMJr4uHfSPalmAPwVcV005tJY5R7hpb3dlBgboIFelb1m8f81xJCEc3f4cRifVa/ePOFgRrWTpx0usuGUU2WBp/a3ltdncqZHMgqueAe5+kjpY6UOvqOCXIsiA3gxqjo1F6dWqjm0BPjPePvLyb3Uj5F0V766JNPfhgy4ZGXidqR9d9l0wyidD5zDxNdDcr7zXgEzY8aBZS6sY83Fl9kZsgD12tbfGRIGXdLPZVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H9TdWzjLQOclXYvCRrrG4OjjYyLE5AjVWaN5dAufonE=; b=AcSR+ci+xMEr08dPClu58msGvAYLTu7AHRLxkzdbboKBFrYczjSzzcHO28EfOm4s867jqISoe17wkC6NfPf9lnDu4lHJNhhvMSJlUe2R+VUS0WJYM2GpBKUCvw2PD/8NzMxFpwsE76dl5HpTA8H9UBh7r+WdhDtFwgOoPFNHhx90+R3pF+q4fFfXlo/l52H8JA4dIMH20lWIFynnm5+67agQl2u/82poUIRNXVumDOAoPS+b3E+KNU/PO4WHotoFfJZj1pqK2oBQPwffjOQvRxmBK383N4FiLdZ0LRf1CWmx4a1JKfeMRpI0ALoixcydI5aPqJZgrHKQ3fkX7B2PrA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:22 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:22 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 27/28] UefiCpuPkg/MpInitLib: Allow AP booting under SEV-ES Thread-Topic: [RFC PATCH 27/28] UefiCpuPkg/MpInitLib: Allow AP booting under SEV-ES Thread-Index: AQHVVtYlTWlP9N90tkOfvVkXbaCFnQ== Date: Mon, 19 Aug 2019 21:36:22 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 31d01f52-f091-4a74-66d7-08d724ed4799 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46092+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: kxxR+NnFc9YqLnL8lSJykGgbPAKYFC3FWdGOJA13sqPz/GRqQY59zwTHyQl/S5HQZvxeZh0M8/tOQTlruByLaMzQdaGZx2FyJcpd7HjFASIJPGlQ7l0V7wPBbLvjyLEhxA6KkCM5CdSFcIob3C8Ngz0RKWIDgAsoL4hVF32xdczLMjPuJ3KMykTmcL46478H7GBt0N6epfWbc1RC5y9h4c35/PLsVXU1Vs6kkKcK7PJWssB+caLVNezfg8wewXIwRDBL9jCj6fr2qZdoklA6mgSRLRzkyQp1RVNxngrhS0eRaicMXA/HLYb8Zag58ZUnoKNTQZ8DshlN8dBzSEX46Fs+82A6i5nQN3fzmpCKpTTLY7OrNkENcaQiAaVKMFM7boQ/KLipHM4wS07meD3zVvB0QKqnHdLnvbGJBsUcIJw= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 31d01f52-f091-4a74-66d7-08d724ed4799 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:22.6337 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Ubsy8yTNcrGmNgmf6sb/DneC7I05WdK+QMlNp3S1mUV8KjNgcPZz2IwYUBWubNjek5v2kHjAd1cOPp98RHsy3A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301158; bh=/JJSyOVhmjJmfo3UpewnSmRiJVB6htUwK1SuOJykoAo=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=O28LyiGmAyo37F/w9eGOMQ8HWB8a7bzZ7cZR7blTHnl/1TenmX5BNLqBYsd/VWJ91GS bSNLsuywxqv+tTM1Yye7nFva8IMyXWmaDgMRQ2VzpqKPRDfbT9g5Y36njFW9E6zkyAojX 9uBvAqiH8VCT8krbIgfzytIzdBxCaboDTe4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Typically, an AP is booted using the INIT-SIPI-SIPI sequence. This sequence is intercepted by the hypervisor, which sets the AP's registers to the values requested by the sequence. At that point, the hypervisor can start the AP, which will then begin execution at the appropriate location. Under SEV-ES, AP booting presents some challenges since the hypervisor is not allowed to alter the AP's register state. In this situation, we have to distinguish between the AP's first boot and AP's subsequent boots. First boot: Once the AP's register state has been defined (which is before the guest is first booted) it cannot be altered. Should the hypervisor attempt to alter the register state, the change would be detected by the hardware and the VMRUN instruction would fail. Given this, the first boot for the AP is required to begin execution with this initial register state, which is typically the reset vector. This prevents the BSP from directing the AP startup location through the INIT-SIPI-SIPI sequence. To work around this, provide a four-byte field at offset 0xffffffd0 that can contain an IP / CS register combination, that if non-zero, causes the AP to perform a far jump to that location instead of a near jump to EarlyBspInitReal16. Before booting the AP for the first time, the BSP should set the IP / CS value for the AP based on the value that would be derived from the INIT-SIPI-SIPI sequence. Subsequent boots: Again, the hypervisor cannot alter the AP register state, so a method is required to take the AP out of halt state and redirect it to the desired IP location. If it is determined that the AP is running in an SEV-ES guest, then instead of calling CpuSleep(), a VMGEXIT is issued with the AP Reset Hold exit code (0x80000004). The hypervisor will put the AP in a halt state, waiting for an INIT-SIPI-SIPI sequence. Once the sequence is recognized, the hypervisor will resume the AP. At this point the AP must transition from the current 64-bit long mode down to 16-bit real mode and begin executing at the derived location from the INIT-SIPI-SIPI sequence. Another change is around the area of obtaining the (x2)APIC ID during AP startup. During AP startup, the AP can't take a #VC exception before the AP has established a stack. However, the AP stack is set by using the (x2)APIC ID, which is obtained through CPUID instructions. A CPUID instruction will cause a #VC, so a different method must be used. The GHCB protocol supports a method to obtain CPUID information from the hypervisor through the GHCB MSR. This method does not require a stack, so it is used to obtain the necessary CPUID information to determine the (x2)APIC ID. The OVMF SEV support is updated to set the SEV-ES active PCD entry (PcdCpuSevEsActive) when the guest is an SEV-ES guest. Also, the OVMF support is updated to create its own reset vector routine in order to supply the far jump field required for an AP first boot. A new 16-bit protected mode GDT entry is created in order to transition from 64-bit long mode down to 16-bit real mode. A new assembler routine is created that takes the AP from 64-bit long mode to 16-bit real mode. This is located under 1MB in memory and transitions from 64-bit long mode to 32-bit compatibility mode to 16-bit protected mode and finally 16-bit real mode. Signed-off-by: Tom Lendacky --- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 2 + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf | 3 +- UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf | 1 + UefiCpuPkg/CpuDxe/CpuGdt.h | 2 +- UefiCpuPkg/Library/MpInitLib/MpLib.h | 55 ++++ .../Core/DxeIplPeim/Ia32/DxeLoadFunc.c | 2 +- OvmfPkg/PlatformPei/AmdSev.c | 3 + UefiCpuPkg/CpuDxe/CpuGdt.c | 10 +- UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 67 ++++- UefiCpuPkg/Library/MpInitLib/MpLib.c | 229 ++++++++++++++++- UefiCpuPkg/Library/MpInitLib/PeiMpLib.c | 16 ++ UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c | 2 +- OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm | 85 +++++++ UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc | 4 +- .../Library/MpInitLib/Ia32/MpFuncs.nasm | 15 ++ UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc | 4 +- UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 239 ++++++++++++++++++ .../ResetVector/Vtf0/Ia16/Real16ToFlat32.asm | 9 + 21 files changed, 728 insertions(+), 23 deletions(-) create mode 100644 OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 5bbf87540ab9..566a631efbff 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -554,6 +554,7 @@ [PcdsDynamicDefault] # UefiCpuPkg PCDs related to initial AP bringup and general AP managemen= t. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive|0 =20 # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 5015e92b6eea..776a0186498d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -566,6 +566,7 @@ [PcdsDynamicDefault] # UefiCpuPkg PCDs related to initial AP bringup and general AP managemen= t. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive|0 =20 # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index d6fc7cdf7da8..5e8e6e76d63d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -300,6 +300,7 @@ [LibraryClasses.common.DXE_CORE] DebugAgentLib|SourceLevelDebugPkg/Library/DebugAgent/DxeDebugAgentLib.inf !endif CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/DxeCpuE= xceptionHandlerLib.inf + MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf =20 [LibraryClasses.common.DXE_RUNTIME_DRIVER] @@ -565,6 +566,7 @@ [PcdsDynamicDefault] # UefiCpuPkg PCDs related to initial AP bringup and general AP managemen= t. gUefiCpuPkgTokenSpaceGuid.PcdCpuMaxLogicalProcessorNumber|64 gUefiCpuPkgTokenSpaceGuid.PcdCpuApInitTimeOutInMicroSeconds|50000 + gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive|0 =20 # Set memory encryption mask gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/Plat= formPei.inf index f53195e6dda5..76599d9e5649 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf @@ -104,6 +104,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase gUefiCpuPkgTokenSpaceGuid.PcdGhcbSize + gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive =20 [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/DxeMpInitLib.inf index 1b7ac00ab361..e6c0b1c5f3b9 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf @@ -13,7 +13,7 @@ [Defines] FILE_GUID =3D B88F7146-9834-4c55-BFAC-481CC0C33736 MODULE_TYPE =3D DXE_DRIVER VERSION_STRING =3D 1.1 - LIBRARY_CLASS =3D MpInitLib|DXE_DRIVER + LIBRARY_CLASS =3D MpInitLib|DXE_CORE DXE_DRIVER =20 # # The following information is for reference only and not required by the = build tools. @@ -68,5 +68,6 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard ## CONS= UMES =20 diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf b/UefiCpuPkg/Lib= rary/MpInitLib/PeiMpInitLib.inf index bcdd2ca82612..d57110c93fdf 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpInitLib.inf @@ -60,6 +60,7 @@ [Pcd] gUefiCpuPkgTokenSpaceGuid.PcdCpuApLoopMode ## CONS= UMES gUefiCpuPkgTokenSpaceGuid.PcdCpuApTargetCstate ## SOME= TIMES_CONSUMES gUefiCpuPkgTokenSpaceGuid.PcdCpuSevEsActive ## CONS= UMES + gUefiCpuPkgTokenSpaceGuid.PcdGhcbBase ## CONS= UMES =20 [Guids] gEdkiiS3SmmInitDoneGuid diff --git a/UefiCpuPkg/CpuDxe/CpuGdt.h b/UefiCpuPkg/CpuDxe/CpuGdt.h index e5c36f37b96a..b8798cdb1fd4 100644 --- a/UefiCpuPkg/CpuDxe/CpuGdt.h +++ b/UefiCpuPkg/CpuDxe/CpuGdt.h @@ -36,7 +36,7 @@ struct _GDT_ENTRIES { GDT_ENTRY LinearCode; GDT_ENTRY SysData; GDT_ENTRY SysCode; - GDT_ENTRY Spare4; + GDT_ENTRY SysCode16; GDT_ENTRY LinearData64; GDT_ENTRY LinearCode64; GDT_ENTRY Spare5; diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index 2f75b82e8401..f2ba1a508715 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -151,6 +151,11 @@ typedef struct { UINT8 *RelocateApLoopFuncAddress; UINTN RelocateApLoopFuncSize; UINTN ModeTransitionOffset; + UINTN SwitchToRealSize; + UINTN SwitchToRealOffset; + UINTN SwitchToRealNoNxOffset; + UINTN SwitchToRealPM16ModeOffset; + UINTN SwitchToRealPM16ModeSize; } MP_ASSEMBLY_ADDRESS_MAP; =20 typedef struct _CPU_MP_DATA CPU_MP_DATA; @@ -185,6 +190,8 @@ typedef struct { UINT16 ModeTransitionSegment; UINT32 ModeHighMemory; UINT16 ModeHighSegment; + UINT32 SevEsActive; + UINTN GhcbBase; } MP_CPU_EXCHANGE_INFO; =20 #pragma pack() @@ -232,6 +239,7 @@ struct _CPU_MP_DATA { UINT8 ApLoopMode; UINT8 ApTargetCState; UINT16 PmCodeSegment; + UINT16 Pm16CodeSegment; CPU_AP_DATA *CpuData; volatile MP_CPU_EXCHANGE_INFO *MpCpuExchangeInfo; =20 @@ -258,8 +266,45 @@ struct _CPU_MP_DATA { BOOLEAN WakeUpByInitSipiSipi; =20 UINT32 SevEsActive; + UINTN SevEsAPBuffer; + UINTN SevEsAPResetStackStart; + CPU_MP_DATA *NewCpuMpData; + + UINT64 GhcbBase; }; =20 +#define AP_RESET_STACK_SIZE 64 + +typedef union { + struct { + UINT16 Rip; + UINT16 Segment; + } ApStart; + UINT32 Uint32; +} SEV_ES_AP_JMP_FAR; + +/** + Assembly code to move an AP from long mode to real mode. + + Move an AP from long mode to real mode in preparation to invoking + the reset vector. This is used for SEV-ES guests where a hypervisor + is not allowed to set the CS and RIP to point to the reset vector. + + @param[in] BufferStart The reset vector target. + @param[in] Code16 16-bit protected mode code segment value. + @param[in] Code32 32-bit protected mode code segment value. + @param[in] StackStart The start of a stack to be used for transitioni= ng + from long mode to real mode. +**/ +typedef +VOID +(EFIAPI AP_RESET) ( + IN UINTN BufferStart, + IN UINT16 Code16, + IN UINT16 Code32, + IN UINTN StackStart + ); + extern EFI_GUID mCpuInitMpLibHobGuid; =20 /** @@ -365,6 +410,16 @@ GetModeTransitionBuffer ( IN UINTN BufferSize ); =20 +/** + Get ... + + @retval other Return SEV-ES AP wakeup buffer +**/ +UINTN +GetSevEsAPMemory ( + VOID + ); + /** This function will be called by BSP to wakeup AP. =20 diff --git a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c b/MdeModulePkg= /Core/DxeIplPeim/Ia32/DxeLoadFunc.c index 630a3503f6ba..b9af22bede61 100644 --- a/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c +++ b/MdeModulePkg/Core/DxeIplPeim/Ia32/DxeLoadFunc.c @@ -33,7 +33,7 @@ GLOBAL_REMOVE_IF_UNREFERENCED IA32_GDT gGdtEntries[] =3D { /* 0x10 */ {{0xffff, 0, 0, 0xf, 1, 0, 1, 0xf, 0, 0, 1, 1, 0}}, = //linear code segment descriptor /* 0x18 */ {{0xffff, 0, 0, 0x3, 1, 0, 1, 0xf, 0, 0, 1, 1, 0}}, = //system data segment descriptor /* 0x20 */ {{0xffff, 0, 0, 0xa, 1, 0, 1, 0xf, 0, 0, 1, 1, 0}}, = //system code segment descriptor -/* 0x28 */ {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}, = //spare segment descriptor +/* 0x28 */ {{0xffff, 0, 0, 0xa, 1, 0, 1, 0xf, 0, 0, 0, 1, 0}}, = //system code16 segment descriptor /* 0x30 */ {{0xffff, 0, 0, 0x2, 1, 0, 1, 0xf, 0, 0, 1, 1, 0}}, = //system data segment descriptor /* 0x38 */ {{0xffff, 0, 0, 0xa, 1, 0, 1, 0xf, 0, 1, 0, 1, 0}}, = //system code segment descriptor /* 0x40 */ {{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}}, = //spare segment descriptor diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 5f4983fd36d8..fc396a6f229d 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -74,6 +74,8 @@ AmdSevEsInitialize ( ASSERT_RETURN_ERROR (PcdStatus); PcdStatus =3D PcdSet64S (PcdGhcbSize, (UINT64)EFI_PAGES_TO_SIZE (GhcbPag= eCount)); ASSERT_RETURN_ERROR (PcdStatus); + PcdStatus =3D PcdSet32S (PcdCpuSevEsActive, 1); + ASSERT_RETURN_ERROR (PcdStatus); =20 DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting= at 0x%lx\n", GhcbPageCount, GhcbBase)); =20 @@ -92,6 +94,7 @@ AmdSevEsInitialize ( CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1); Gdtr.Base =3D (UINTN) Gdt; AsmWriteGdtr (&Gdtr); + } =20 /** diff --git a/UefiCpuPkg/CpuDxe/CpuGdt.c b/UefiCpuPkg/CpuDxe/CpuGdt.c index 87fd6955f24b..b2fdb87a285e 100644 --- a/UefiCpuPkg/CpuDxe/CpuGdt.c +++ b/UefiCpuPkg/CpuDxe/CpuGdt.c @@ -70,15 +70,15 @@ STATIC GDT_ENTRIES GdtTemplate =3D { 0x0, }, // - // SPARE4_SEL + // SYS_CODE16_SEL // { - 0x0, // limit 15:0 + 0x0FFFF, // limit 15:0 0x0, // base 15:0 0x0, // base 23:16 - 0x0, // type - 0x0, // limit 19:16, flags - 0x0, // base 31:24 + 0x09A, // present, ring 0, code, execute/read + 0x08F, // page-granular, 16-bit + 0x0, }, // // LINEAR_DATA64_SEL diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M= pInitLib/DxeMpLib.c index 6be1bae464fb..127f64eb87e1 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -12,6 +12,8 @@ #include #include #include +#include +#include =20 #include =20 @@ -145,6 +147,36 @@ GetModeTransitionBuffer ( return (UINTN)StartAddress; } =20 +/** + Get ... + + @retval other Return SEV-ES AP wakeup buffer +**/ +UINTN +GetSevEsAPMemory ( + VOID + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_ADDRESS StartAddress; + + // + // Allocate 1 page for AP jump table page + // + StartAddress =3D BASE_4GB - 1; + Status =3D gBS->AllocatePages ( + AllocateMaxAddress, + EfiReservedMemoryType, + 1, + &StartAddress + ); + ASSERT_EFI_ERROR (Status); + + DEBUG ((DEBUG_INFO, "Dxe: SevEsAPMemory =3D %lx\n", (UINTN) StartAddress= )); + + return (UINTN) StartAddress; +} + /** Checks APs status and updates APs status if needed. =20 @@ -219,6 +251,38 @@ CheckApsStatus ( } } =20 +/** + Get Protected mode code segment with 16-bit default addressing + from current GDT table. + + @return Protected mode 16-bit code segment value. +**/ +UINT16 +GetProtectedMode16CS ( + VOID + ) +{ + IA32_DESCRIPTOR GdtrDesc; + IA32_SEGMENT_DESCRIPTOR *GdtEntry; + UINTN GdtEntryCount; + UINT16 Index; + + Index =3D (UINT16) -1; + AsmReadGdtr (&GdtrDesc); + GdtEntryCount =3D (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR= ); + GdtEntry =3D (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base; + for (Index =3D 0; Index < GdtEntryCount; Index++) { + if (GdtEntry->Bits.L =3D=3D 0) { + if (GdtEntry->Bits.Type > 8 && GdtEntry->Bits.DB =3D=3D 0) { + break; + } + } + GdtEntry++; + } + ASSERT (Index !=3D GdtEntryCount); + return Index * 8; +} + /** Get Protected mode code segment from current GDT table. =20 @@ -239,7 +303,7 @@ GetProtectedModeCS ( GdtEntry =3D (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base; for (Index =3D 0; Index < GdtEntryCount; Index++) { if (GdtEntry->Bits.L =3D=3D 0) { - if (GdtEntry->Bits.Type > 8 && GdtEntry->Bits.L =3D=3D 0) { + if (GdtEntry->Bits.Type > 8 && GdtEntry->Bits.DB =3D=3D 1) { break; } } @@ -301,6 +365,7 @@ MpInitChangeApLoopCallback ( =20 CpuMpData =3D GetCpuMpData (); CpuMpData->PmCodeSegment =3D GetProtectedModeCS (); + CpuMpData->Pm16CodeSegment =3D GetProtectedMode16CS (); CpuMpData->ApLoopMode =3D PcdGet8 (PcdCpuApLoopMode); mNumberToFinish =3D CpuMpData->CpuCount - 1; WakeUpAP (CpuMpData, TRUE, 0, RelocateApLoop, NULL, TRUE); diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index 74cfc513ec93..0939019d7b8c 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -7,6 +7,8 @@ **/ =20 #include "MpLib.h" +#include +#include =20 EFI_GUID mCpuInitMpLibHobGuid =3D CPU_INIT_MP_LIB_HOB_GUID; =20 @@ -555,6 +557,108 @@ InitializeApData ( SetApState (&CpuMpData->CpuData[ProcessorNumber], CpuStateIdle); } =20 +/** + Get Protected mode code segment with 16-bit default addressing + from current GDT table. + + @return Protected mode 16-bit code segment value. +**/ +STATIC +UINT16 +GetProtectedMode16CS ( + VOID + ) +{ + IA32_DESCRIPTOR GdtrDesc; + IA32_SEGMENT_DESCRIPTOR *GdtEntry; + UINTN GdtEntryCount; + UINT16 Index; + + Index =3D (UINT16) -1; + AsmReadGdtr (&GdtrDesc); + GdtEntryCount =3D (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR= ); + GdtEntry =3D (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base; + for (Index =3D 0; Index < GdtEntryCount; Index++) { + if (GdtEntry->Bits.L =3D=3D 0 && + GdtEntry->Bits.DB =3D=3D 0 && + GdtEntry->Bits.Type > 8) { + break; + } + GdtEntry++; + } + ASSERT (Index !=3D GdtEntryCount); + return Index * 8; +} + +/** + Get Protected mode code segment with 32-bit default addressing + from current GDT table. + + @return Protected mode 32-bit code segment value. +**/ +STATIC +UINT16 +GetProtectedMode32CS ( + VOID + ) +{ + IA32_DESCRIPTOR GdtrDesc; + IA32_SEGMENT_DESCRIPTOR *GdtEntry; + UINTN GdtEntryCount; + UINT16 Index; + + Index =3D (UINT16) -1; + AsmReadGdtr (&GdtrDesc); + GdtEntryCount =3D (GdtrDesc.Limit + 1) / sizeof (IA32_SEGMENT_DESCRIPTOR= ); + GdtEntry =3D (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base; + for (Index =3D 0; Index < GdtEntryCount; Index++) { + if (GdtEntry->Bits.L =3D=3D 0 && + GdtEntry->Bits.DB =3D=3D 1 && + GdtEntry->Bits.Type > 8) { + break; + } + GdtEntry++; + } + ASSERT (Index !=3D GdtEntryCount); + return Index * 8; +} + +/** + Reset an AP when in SEV-ES mode. + + @retval EFI_DEVICE_ERROR Reset of AP failed. +**/ +STATIC +VOID +MpInitLibSevEsAPReset ( + GHCB *Ghcb, + CPU_MP_DATA *CpuMpData + ) +{ + UINT16 Code16, Code32; + AP_RESET *APResetFn; + UINTN BufferStart; + UINTN StackStart; + + Code16 =3D GetProtectedMode16CS (); + Code32 =3D GetProtectedMode32CS (); + + if (CpuMpData->WakeupBufferHigh !=3D 0) { + APResetFn =3D (AP_RESET *) (CpuMpData->WakeupBufferHigh + CpuMpData->A= ddressMap.SwitchToRealNoNxOffset); + } else { + APResetFn =3D (AP_RESET *) (CpuMpData->MpCpuExchangeInfo->BufferStart = + CpuMpData->AddressMap.SwitchToRealOffset); + } + + BufferStart =3D CpuMpData->MpCpuExchangeInfo->BufferStart; + StackStart =3D CpuMpData->SevEsAPResetStackStart - + (AP_RESET_STACK_SIZE * GetApicId ()); + + // + // This call never returns. + // + APResetFn (BufferStart, Code16, Code32, StackStart); +} + /** This function will be called from AP reset code if BSP uses WakeUpAP. =20 @@ -714,7 +818,28 @@ ApWakeupFunction ( // while (TRUE) { DisableInterrupts (); - CpuSleep (); + if (CpuMpData->SevEsActive) { + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + VmgInit (Ghcb); + VmgExit (Ghcb, SvmExitApResetHold, 0, 0); + /*TODO: Check return value to verify SIPI issued */ + + // + // Awakened in a new phase? Use the new CpuMpData + // + if (CpuMpData->NewCpuMpData) { + CpuMpData =3D CpuMpData->NewCpuMpData; + } + + MpInitLibSevEsAPReset (Ghcb, CpuMpData); + } else { + CpuSleep (); + } CpuPause (); } } @@ -814,6 +939,9 @@ FillExchangeInfoData ( =20 ExchangeInfo->InitializeFloatingPointUnitsAddress =3D (UINTN)InitializeF= loatingPointUnits; =20 + ExchangeInfo->SevEsActive =3D CpuMpData->SevEsActive; + ExchangeInfo->GhcbBase =3D CpuMpData->GhcbBase; + // // Get the BSP's data of GDT and IDT // @@ -840,8 +968,9 @@ FillExchangeInfoData ( // EfiBootServicesCode to avoid page fault if NX memory protection is en= abled. // if (CpuMpData->WakeupBufferHigh !=3D 0) { - Size =3D CpuMpData->AddressMap.RendezvousFunnelSize - - CpuMpData->AddressMap.ModeTransitionOffset; + Size =3D CpuMpData->AddressMap.RendezvousFunnelSize + + CpuMpData->AddressMap.SwitchToRealSize - + CpuMpData->AddressMap.ModeTransitionOffset; CopyMem ( (VOID *)CpuMpData->WakeupBufferHigh, CpuMpData->AddressMap.RendezvousFunnelAddress + @@ -894,7 +1023,8 @@ BackupAndPrepareWakeupBuffer( CopyMem ( (VOID *) CpuMpData->WakeupBuffer, (VOID *) CpuMpData->AddressMap.RendezvousFunnelAddress, - CpuMpData->AddressMap.RendezvousFunnelSize + CpuMpData->AddressMap.RendezvousFunnelSize + + CpuMpData->AddressMap.SwitchToRealSize ); } =20 @@ -915,6 +1045,40 @@ RestoreWakeupBuffer( ); } =20 +/** + Calculate the size of the reset stack. +**/ +STATIC +UINTN +GetApResetStackSize( + VOID + ) +{ + return AP_RESET_STACK_SIZE * PcdGet32(PcdCpuMaxLogicalProcessorNumber); +} + +/** + Calculate the size of the reset vector. + + @param[in] AddressMap The pointer to Address Map structure. +**/ +STATIC +UINTN +GetApResetVectorSize( + IN MP_ASSEMBLY_ADDRESS_MAP *AddressMap + ) +{ + UINTN Size; + + Size =3D ALIGN_VALUE (AddressMap->RendezvousFunnelSize + + AddressMap->SwitchToRealSize + + sizeof (MP_CPU_EXCHANGE_INFO), + CPU_STACK_ALIGNMENT); + Size +=3D GetApResetStackSize (); + + return Size; +} + /** Allocate reset vector buffer. =20 @@ -928,16 +1092,22 @@ AllocateResetVector ( UINTN ApResetVectorSize; =20 if (CpuMpData->WakeupBuffer =3D=3D (UINTN) -1) { - ApResetVectorSize =3D CpuMpData->AddressMap.RendezvousFunnelSize + - sizeof (MP_CPU_EXCHANGE_INFO); + ApResetVectorSize =3D GetApResetVectorSize (&CpuMpData->AddressMap); =20 CpuMpData->WakeupBuffer =3D GetWakeupBuffer (ApResetVectorSize); CpuMpData->MpCpuExchangeInfo =3D (MP_CPU_EXCHANGE_INFO *) (UINTN) - (CpuMpData->WakeupBuffer + CpuMpData->AddressMap.Rende= zvousFunnelSize); + (CpuMpData->WakeupBuffer + + CpuMpData->AddressMap.RendezvousFunnelSize + + CpuMpData->AddressMap.SwitchToRealSize); CpuMpData->WakeupBufferHigh =3D GetModeTransitionBuffer ( - CpuMpData->AddressMap.RendezvousFunnel= Size - + CpuMpData->AddressMap.RendezvousFunnel= Size + + CpuMpData->AddressMap.SwitchToRealSize= - CpuMpData->AddressMap.ModeTransitionOf= fset ); + // + // The reset stack starts at the end of the buffer. + // + CpuMpData->SevEsAPResetStackStart =3D CpuMpData->WakeupBuffer + ApRese= tVectorSize; } BackupAndPrepareWakeupBuffer (CpuMpData); } @@ -952,7 +1122,30 @@ FreeResetVector ( IN CPU_MP_DATA *CpuMpData ) { - RestoreWakeupBuffer (CpuMpData); + // + // If SEV-ES is active, the reset area is needed for AP parking and + // and AP startup in the OS, so the reset area is reserved. Do not + // perform the restore as this will overwrite memory which has data + // needed by SEV-ES. + // + if (!CpuMpData->SevEsActive) { + RestoreWakeupBuffer (CpuMpData); + } +} + +/** + Allocate ... + + @param[in, out] CpuMpData The pointer to CPU MP Data structure. +**/ +VOID +AllocateSevEsAPMemory ( + IN OUT CPU_MP_DATA *CpuMpData + ) +{ + if (CpuMpData->SevEsAPBuffer =3D=3D (UINTN) -1) { + CpuMpData->SevEsAPBuffer =3D CpuMpData->SevEsActive ? GetSevEsAPMemory= () : 0; + } } =20 /** @@ -985,10 +1178,12 @@ WakeUpAP ( CpuMpData->FinishedCount =3D 0; ResetVectorRequired =3D FALSE; =20 + AllocateResetVector (CpuMpData); + AllocateSevEsAPMemory (CpuMpData); + if (CpuMpData->WakeUpByInitSipiSipi || CpuMpData->InitFlag !=3D ApInitDone) { ResetVectorRequired =3D TRUE; - AllocateResetVector (CpuMpData); FillExchangeInfoData (CpuMpData); SaveLocalApicTimerSetting (CpuMpData); } @@ -1025,6 +1220,15 @@ WakeUpAP ( } } if (ResetVectorRequired) { + // + // For SEV-ES, set the jump address for initial AP boot + // + if (CpuMpData->SevEsActive) { + SEV_ES_AP_JMP_FAR *JmpFar =3D (SEV_ES_AP_JMP_FAR *)0xFFFFFFD0; + + JmpFar->ApStart.Rip =3D 0; + JmpFar->ApStart.Segment =3D (UINT16) (ExchangeInfo->BufferStart >>= 4); + } // // Wakeup all APs // @@ -1550,7 +1754,7 @@ MpInitLibInitialize ( ASSERT (MaxLogicalProcessorNumber !=3D 0); =20 AsmGetAddressMap (&AddressMap); - ApResetVectorSize =3D AddressMap.RendezvousFunnelSize + sizeof (MP_CPU_E= XCHANGE_INFO); + ApResetVectorSize =3D GetApResetVectorSize (&AddressMap); ApStackSize =3D PcdGet32(PcdCpuApStackSize); ApLoopMode =3D GetApLoopMode (&MonitorFilterSize); =20 @@ -1640,6 +1844,8 @@ MpInitLibInitialize ( } =20 CpuMpData->SevEsActive =3D PcdGet32 (PcdCpuSevEsActive); + CpuMpData->SevEsAPBuffer =3D (UINTN) -1; + CpuMpData->GhcbBase =3D PcdGet64 (PcdGhcbBase); InitializeSpinLock(&CpuMpData->MpLock); =20 // @@ -1707,6 +1913,7 @@ MpInitLibInitialize ( // APs have been wakeup before, just get the CPU Information // from HOB // + OldCpuMpData->NewCpuMpData =3D CpuMpData; CpuMpData->CpuCount =3D OldCpuMpData->CpuCount; CpuMpData->BspNumber =3D OldCpuMpData->BspNumber; CpuMpData->InitFlag =3D ApInitReconfig; diff --git a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c b/UefiCpuPkg/Library/M= pInitLib/PeiMpLib.c index 35dff91fd2a5..75b8e38ae8e3 100644 --- a/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/PeiMpLib.c @@ -279,6 +279,22 @@ GetModeTransitionBuffer ( return 0; } =20 +/** + Get ... + + @retval other Return SEV-ES AP wakeup buffer +**/ +UINTN +GetSevEsAPMemory ( + VOID + ) +{ + // + // PEI phase doesn't need to do this pre-allocation. So simply return 0. + // + return 0; +} + /** Checks APs status and updates APs status if needed. =20 diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c b/UefiCpuPkg/PiSm= mCpuDxeSmm/X64/SmmFuncsArch.c index 6298571e29b2..28f8e8e133e5 100644 --- a/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmmFuncsArch.c @@ -121,7 +121,7 @@ GetProtectedModeCS ( GdtEntry =3D (IA32_SEGMENT_DESCRIPTOR *) GdtrDesc.Base; for (Index =3D 0; Index < GdtEntryCount; Index++) { if (GdtEntry->Bits.L =3D=3D 0) { - if (GdtEntry->Bits.Type > 8 && GdtEntry->Bits.L =3D=3D 0) { + if (GdtEntry->Bits.Type > 8 && GdtEntry->Bits.DB =3D=3D 1) { break; } } diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm b/OvmfPkg/ResetVe= ctor/Ia16/ResetVectorVtf0.asm new file mode 100644 index 000000000000..bed832d7efe6 --- /dev/null +++ b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm @@ -0,0 +1,85 @@ +;-------------------------------------------------------------------------= ----- +; @file +; First code executed by processor after resetting. +; +; Copyright (c) 2008 - 2014, Intel Corporation. All rights reserved.
+; This program and the accompanying materials +; are licensed and made available under the terms and conditions of the BS= D License +; which accompanies this distribution. The full text of the license may b= e found at +; http://opensource.org/licenses/bsd-license.php +; +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. +; +;-------------------------------------------------------------------------= ----- + +BITS 16 + +ALIGN 16 + +; +; Pad the image size to 4k when page tables are in VTF0 +; +; If the VTF0 image has page tables built in, then we need to make +; sure the end of VTF0 is 4k above where the page tables end. +; +; This is required so the page tables will be 4k aligned when VTF0 is +; located just below 0x100000000 (4GB) in the firmware device. +; +%ifdef ALIGN_TOP_TO_4K_FOR_PAGING + TIMES (0x1000 - ($ - EndOfPageTables) - 0x20) DB 0 +%endif + +; +; SEV-ES Processor Reset support +; +; standardProcessorReset: (0xffffffd0) +; When using the Application Processors entry point, always perform a +; far jump to the RIP/CS value contained at this location. This will +; default to EarlyBspInitReal16 unless specifically overridden. + +standardProcessorSevEsReset: + DW 0x0000 + DW 0x0000 + +ALIGN 16 + +applicationProcessorEntryPoint: +; +; Application Processors entry point +; +; GenFv generates code aligned on a 4k boundary which will jump to this +; location. (0xffffffe0) This allows the Local APIC Startup IPI to be +; used to wake up the application processors. +; + jmp EarlyApInitReal16 + +ALIGN 8 + + DD 0 + +; +; The VTF signature +; +; VTF-0 means that the VTF (Volume Top File) code does not require +; any fixups. +; +vtfSignature: + DB 'V', 'T', 'F', 0 + +ALIGN 16 + +resetVector: +; +; Reset Vector +; +; This is where the processor will begin execution +; + cmp dword [CS:0xFFD0], 0 + je EarlyBspInitReal16 + jmp far [CS:0xFFD0] + +ALIGN 16 + +fourGigabytes: + diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc b/UefiCpuPkg/Libra= ry/MpInitLib/Ia32/MpEqu.inc index efb1bc2bf7cb..180fa87b8dca 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/MpEqu.inc @@ -19,7 +19,7 @@ CPU_SWITCH_STATE_IDLE equ 0 CPU_SWITCH_STATE_STORED equ 1 CPU_SWITCH_STATE_LOADED equ 2 =20 -LockLocation equ (RendezvousFunnelProcEnd - Rendez= vousFunnelProcStart) +LockLocation equ (SwitchToRealProcEnd - Rendezvous= FunnelProcStart) StackStartAddressLocation equ LockLocation + 04h StackSizeLocation equ LockLocation + 08h ApProcedureLocation equ LockLocation + 0Ch @@ -40,4 +40,6 @@ ModeTransitionMemoryLocation equ LockLocation + 4= Ch ModeTransitionSegmentLocation equ LockLocation + 50h ModeHighMemoryLocation equ LockLocation + 52h ModeHighSegmentLocation equ LockLocation + 56h +SevEsActiveLocation equ LockLocation + 58h +GhcbBaseLocation equ LockLocation + 5Ch =20 diff --git a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm b/UefiCpuPkg/Li= brary/MpInitLib/Ia32/MpFuncs.nasm index b74046b76af3..309d53bf3b37 100644 --- a/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/Ia32/MpFuncs.nasm @@ -215,6 +215,16 @@ CProcedureInvoke: jmp $ ; Never reach here RendezvousFunnelProcEnd: =20 +;-------------------------------------------------------------------------= ------------ +;SwitchToRealProc procedure follows. +;NOT USED IN 32 BIT MODE. +;-------------------------------------------------------------------------= ------------ +global ASM_PFX(SwitchToRealProc) +ASM_PFX(SwitchToRealProc): +SwitchToRealProcStart: + jmp $ ; Never reach here +SwitchToRealProcEnd: + ;-------------------------------------------------------------------------= ------------ ; AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment, TopOfAp= Stack, CountTofinish); ;-------------------------------------------------------------------------= ------------ @@ -263,6 +273,11 @@ ASM_PFX(AsmGetAddressMap): mov dword [ebx + 0Ch], AsmRelocateApLoopStart mov dword [ebx + 10h], AsmRelocateApLoopEnd - AsmRelocateApLoop= Start mov dword [ebx + 14h], Flat32Start - RendezvousFunnelProcStart + mov dword [ebx + 18h], SwitchToRealProcEnd - SwitchToRealProcSt= art ; SwitchToRealSize + mov dword [ebx + 1Ch], SwitchToRealProcStart - RendezvousFunnel= ProcStart ; SwitchToRealOffset + mov dword [ebx + 20h], SwitchToRealProcStart - Flat32Start = ; SwitchToRealNoNxOffset + mov dword [ebx + 24h], 0 = ; SwitchToRealPM16ModeOffset + mov dword [ebx + 28h], 0 = ; SwitchToRealPM16ModeSize =20 popad ret diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc b/UefiCpuPkg/Librar= y/MpInitLib/X64/MpEqu.inc index 467f54a8602e..e05ef9a664ba 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpEqu.inc @@ -19,7 +19,7 @@ CPU_SWITCH_STATE_IDLE equ 0 CPU_SWITCH_STATE_STORED equ 1 CPU_SWITCH_STATE_LOADED equ 2 =20 -LockLocation equ (RendezvousFunnelProcEnd - Rendez= vousFunnelProcStart) +LockLocation equ (SwitchToRealProcEnd - Rendezvous= FunnelProcStart) StackStartAddressLocation equ LockLocation + 08h StackSizeLocation equ LockLocation + 10h ApProcedureLocation equ LockLocation + 18h @@ -40,3 +40,5 @@ ModeTransitionMemoryLocation equ LockLocation + 9= 4h ModeTransitionSegmentLocation equ LockLocation + 98h ModeHighMemoryLocation equ LockLocation + 9Ah ModeHighSegmentLocation equ LockLocation + 9Eh +SevEsActiveLocation equ LockLocation + 0A0h +GhcbBaseLocation equ LockLocation + 0A4h diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index cea90f3d4deb..286fa297791c 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -172,9 +172,97 @@ Releaselock: add edi, StackStartAddressLocation add rax, qword [edi] mov rsp, rax + + lea edi, [esi + SevEsActiveLocation] + cmp dword [edi], 1 ; SevEsActive + jne CProcedureInvoke + + ; + ; program GHCB + ; Each page after the GHCB is a per-CPU page, so the calculation pro= grams + ; a GHCB to be every 8KB. + ; + mov eax, SIZE_4KB + shl eax, 1 ; EAX =3D SIZE_4K * 2 + mov ecx, ebx + mul ecx ; EAX =3D SIZE_4K * 2 * C= puNumber + mov edi, esi + add edi, GhcbBaseLocation + add rax, qword [edi] + mov rdx, rax + shr rdx, 32 + mov rcx, 0xc0010130 + wrmsr jmp CProcedureInvoke =20 GetApicId: + lea edi, [esi + SevEsActiveLocation] + cmp dword [edi], 1 ; SevEsActive + jne DoCpuid + + ; + ; Since we don't have a stack yet, we can't take a #VC + ; exception. Use the GHCB protocol to perform the CPUID + ; calls. + ; + mov rcx, 0xc0010130 + rdmsr + shl rdx, 32 + or rax, rdx + mov rdi, rax ; RDI now holds the original GHCB GPA + + mov rdx, 0 ; CPUID function 0 + mov rax, 0 ; RAX register requested + or rax, 4 + wrmsr + rep vmmcall + rdmsr + cmp edx, 0bh + jb NoX2ApicSevEs ; CPUID level below CPUID_EXTENDED_TOP= OLOGY + + mov rdx, 0bh ; CPUID function 0x0b + mov rax, 040000000h ; RBX register requested + or rax, 4 + wrmsr + rep vmmcall + rdmsr + test edx, 0ffffh + jz NoX2ApicSevEs ; CPUID.0BH:EBX[15:0] is zero + + mov rdx, 0bh ; CPUID function 0x0b + mov rax, 0c0000000h ; RDX register requested + or rax, 4 + wrmsr + rep vmmcall + rdmsr + + ; Processor is x2APIC capable; 32-bit x2APIC ID is now in EDX + jmp RestoreGhcb + +NoX2ApicSevEs: + ; Processor is not x2APIC capable, so get 8-bit APIC ID + mov rdx, 1 ; CPUID function 1 + mov rax, 040000000h ; RBX register requested + or rax, 4 + wrmsr + rep vmmcall + rdmsr + shr edx, 24 + +RestoreGhcb: + mov rbx, rdx ; Save x2APIC/APIC ID + + mov rdx, rdi ; RDI holds the saved GHCB GPA + shr rdx, 32 + mov eax, edi + wrmsr + + mov rdx, rbx + + ; x2APIC ID or APIC ID is in EDX + jmp GetProcessorNumber + +DoCpuid: mov eax, 0 cpuid cmp eax, 0bh @@ -241,12 +329,158 @@ CProcedureInvoke: =20 RendezvousFunnelProcEnd: =20 +;-------------------------------------------------------------------------= ------------ +;SwitchToRealProc procedure follows. +;ALSO THIS PROCEDURE IS EXECUTED BY APs TRANSITIONING TO 16 BIT MODE. HENC= E THIS PROC +;IS IN MACHINE CODE. +; SwitchToRealProc (UINTN BufferStart, UINT16 Code16, UINT16 Code32, UINT= N StackStart) +; rcx - Buffer Start +; rdx - Code16 Selector Offset +; r8 - Code32 Selector Offset +; r9 - Stack Start +;-------------------------------------------------------------------------= ------------ +global ASM_PFX(SwitchToRealProc) +ASM_PFX(SwitchToRealProc): +SwitchToRealProcStart: +BITS 64 + cli + + ; + ; Get RDX reset value before changing stacks since the + ; new stack won't be able to accomodate a #VC exception. + ; + push rax + push rbx + push rcx + push rdx + + mov rax, 1 + cpuid + mov rsi, rax ; Save off the reset value for = RDX + + pop rdx + pop rcx + pop rbx + pop rax + + ; + ; Establish stack below 1MB + ; + mov rsp, r9 + + ; + ; Push ultimate Reset Vector onto the stack + ; + mov rax, rcx + shr rax, 4 + push word 0x0002 ; RFLAGS + push ax ; CS + push word 0x0000 ; RIP + push word 0x0000 ; For alignment, will be discar= ded + + ; + ; Get address of "16-bit operand size" label + ; + lea rbx, [PM16Mode] + + ; + ; Push addresses used to change to compatibility mode + ; + lea rax, [CompatMode] + push r8 + push rax + + ; + ; Clear R8 - R15, for reset, before going into 32-bit mode + ; + xor r8, r8 + xor r9, r9 + xor r10, r10 + xor r11, r11 + xor r12, r12 + xor r13, r13 + xor r14, r14 + xor r15, r15 + + ; + ; Far return into 32-bit mode + ; +o64 retf + +BITS 32 +CompatMode: + ; + ; Set up stack to prepare for exiting protected mode + ; + push edx ; Code16 CS + push ebx ; PM16Mode label address + + ; + ; Disable paging + ; + mov eax, cr0 ; Read CR0 + btr eax, 31 ; Set PG=3D0 + mov cr0, eax ; Write CR0 + + ; + ; Disable long mode + ; + mov ecx, 0c0000080h ; EFER MSR number + rdmsr ; Read EFER + btr eax, 8 ; Set LME=3D0 + wrmsr ; Write EFER + + ; + ; Disable PAE + ; + mov eax, cr4 ; Read CR4 + btr eax, 5 ; Set PAE=3D0 + mov cr4, eax ; Write CR4 + + mov edx, esi ; Restore RDX reset value + + ; + ; Switch to 16-bit operand size + ; + retf + +BITS 16 + ; + ; At entry to this label + ; - RDX will have its reset value + ; - On the top of the stack + ; - Alignment data (two bytes) to be discarded + ; - IP for Real Mode (two bytes) + ; - CS for Real Mode (two bytes) + ; +PM16Mode: + mov eax, cr0 ; Read CR0 + btr eax, 0 ; Set PE=3D0 + mov cr0, eax ; Write CR0 + + pop ax ; Discard alignment data + + ; + ; Clear registers (except RDX and RSP) before going into 16-bit mode + ; + xor eax, eax + xor ebx, ebx + xor ecx, ecx + xor esi, esi + xor edi, edi + xor ebp, ebp + + iret + +SwitchToRealProcEnd: + ;-------------------------------------------------------------------------= ------------ ; AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment, TopOfAp= Stack, CountTofinish); ;-------------------------------------------------------------------------= ------------ global ASM_PFX(AsmRelocateApLoop) ASM_PFX(AsmRelocateApLoop): AsmRelocateApLoopStart: +BITS 64 cli ; Disable interrupt before switching to 3= 2-bit mode mov rax, [rsp + 40] ; CountTofinish lock dec dword [rax] ; (*CountTofinish)-- @@ -312,6 +546,11 @@ ASM_PFX(AsmGetAddressMap): mov qword [rcx + 18h], rax mov qword [rcx + 20h], AsmRelocateApLoopEnd - AsmRelocateApLoop= Start mov qword [rcx + 28h], Flat32Start - RendezvousFunnelProcStart + mov qword [rcx + 30h], SwitchToRealProcEnd - SwitchToRealProcSt= art ; SwitchToRealSize + mov qword [rcx + 38h], SwitchToRealProcStart - RendezvousFunnel= ProcStart ; SwitchToRealOffset + mov qword [rcx + 40h], SwitchToRealProcStart - Flat32Start = ; SwitchToRealNoNxOffset + mov qword [rcx + 48h], PM16Mode - RendezvousFunnelProcStart = ; SwitchToRealPM16ModeOffset + mov qword [rcx + 50h], SwitchToRealProcEnd - PM16Mode = ; SwitchToRealPM16ModeSize ret =20 ;-------------------------------------------------------------------------= ------------ diff --git a/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm b/UefiCpuP= kg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm index ce4ebfffb688..0e79a3984b16 100644 --- a/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm +++ b/UefiCpuPkg/ResetVector/Vtf0/Ia16/Real16ToFlat32.asm @@ -129,5 +129,14 @@ LINEAR_CODE64_SEL equ $-GDT_BASE DB 0 ; base 31:24 %endif =20 +; linear code segment descriptor +LINEAR_CODE16_SEL equ $-GDT_BASE + DW 0xffff ; limit 15:0 + DW 0 ; base 15:0 + DB 0 ; base 23:16 + DB PRESENT_FLAG(1)|DPL(0)|SYSTEM_FLAG(1)|DESC_TYPE(CODE32_TYPE) + DB GRANULARITY_FLAG(1)|DEFAULT_SIZE32(0)|CODE64_FLAG(0)|UPPER_LIM= IT(0xf) + DB 0 ; base 31:24 + GDT_END: =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46092): https://edk2.groups.io/g/devel/message/46092 Mute This Topic: https://groups.io/mt/32966265/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 20:24:04 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+46093+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1566301159027486.15272139822616; Tue, 20 Aug 2019 04:39:19 -0700 (PDT) Return-Path: X-Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.81]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:25 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gXwtdNUUmCOyor/9CIMXBJnIrrNWAe4qOBXRB1YoCcwepyJD3mdjR43vkWC6li4rupScAlbhAT/Fm1WloSTaxxOOjMFxZYpOoT77gn/Vuxvb4+VaPR8KXGih7WI490/EInY4wnCt99jVq+YhojkjW9IbW2+gbbFymTk+9vir5yIkhlmG7OfAK8CnEHwto+px/M8uiyH45nemVnktDwQkFI07iTtTFl+hbC/ljUVGpUPBHV3XYmJsT6xE0Zn7s0cAj1IIzGEIFSAvdSWU2tIFExoYCIvLqDLtH547fYcZ42ZJMQLYQKUJl/UbkG36APCn6RzZ8dWus+5NoC0H5yXalA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H9RgIrvs1LXqQUuUfHUSPDifcwIRRHnH8jMzJlFKxok=; b=ZuzI6HwHUUtknCIuN5u29QklW9J1TRAzSoytKy2de8P2y+iiQBD3/dANWnxhfYnPPk1vdlSIJDQmFqqpf1Gj2stkkvJPeN5ISzTmQe/0cSmlZDibleDYLFLptXKErWpSGLOoNBpggcGmUePaemm6JQZfIMJqO2smZuLo9r8wkyPG7ROPH+8X1CDx8m98g1Ofq2yU2FDGf5jnSlIuZq1Y97AU7mI1CoRP4CAeogV41UV881RXTQ50Q6ATFsbiW+TyquP93xjLKNI3uP02o2p8VgxG5ZKZy3lKarGhyhF+jPxz8LGqFLboIU/YSVJQuNUxwllKrZP/iocBqOMpdyXARA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:36:24 +0000 X-Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:36:24 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [edk2-devel] [RFC PATCH 28/28] UefiCpuPkg/MpInitLib: Introduce an MP finalization routine to support SEV-ES Thread-Topic: [RFC PATCH 28/28] UefiCpuPkg/MpInitLib: Introduce an MP finalization routine to support SEV-ES Thread-Index: AQHVVtYm0yi6mrqLkUyI6eU7AImGuQ== Date: Mon, 19 Aug 2019 21:36:23 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 162a4134-dbe6-4792-35ad-08d724ed4866 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2803; Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+46093+1787277+3901457@groups.io; helo=web01.groups.io; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: t5gRsbVqWjHl2l6f4TVBdwdgEYVG+4SH/aeitkicMFi/NE1mtSmD3U+EdGNtIefRdRB49180Mwi7FTVsCS8C0DHjpqi4NXIVJd10EdjolOBJqpMO+isOSnKeS6FGZcYLy2SsQ0hnxjlFDOG5cEaCDasndotWG1stmEK38nbNMLBDLEDxRKH4xPJrWxR96P4Q74KVFevz6/FAFIBE7hXmWlguC0TovXal8c0ME6KkW+nBRmXZ5NT01PniDsBrDTsnUnrhPZ3VI1gJG2bk0fiLZ0icLn7TmFsj8ARV6g3aghoxwXW6eHm2mpJGkrB25oWI8harYkWe7IQcVcG+9B5QjH932nKvE8jUQC4XXdRfaAmOzRC+OHCrXLPNoQMdHASLXs0WHRZf0bBYJUypWrtWUp/OmvzPJEZBCYa+p8yKHbs= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 162a4134-dbe6-4792-35ad-08d724ed4866 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:36:23.9180 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CCX0dtbP2fu4FPm9mMOXTfFQUXPY8RNRUSaQSfFPjdNpoJOB5cEs7j7jd/jvl8WriMscwqzGdaMwObXrnQojcQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com Content-Language: en-US Content-ID: <2816290B81C19F439489A5B7931512E3@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1566301158; bh=Pnx1EavqGk9gR2/K2CJ5wEf43VJevAgXViEE5/XhSkU=; h=CC:Content-Type:Date:From:Reply-To:Subject:To; b=kcAWxMBKAJWgcIIuOHKit7FmW2kIss/cEAkLLhVObieX0YpP4zEkyrYN36xp8SyrXBh JcGqMMTevaFggmXpDDa/icVkL5M2wLK/14l2RchtPkgJl9Fb5PEBew+0j6PPdbcuaDWpo +R46zNEvZ9oGU/CK4KfL26qLXuSICnWnxh0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky Introduce a finalization routine to the MP library. This routine is used at the end of UEFI before transferring control to the OS and allows for SEV-ES related AP state and information to be communicated to the OS. The APs will be parked using VMGEXIT AP Reset Hold and the GHCB will be modified to communicate a reserved page of memory that will be used by the OS to direct the "initial" AP boot in the OS. Signed-off-by: Tom Lendacky --- MdePkg/Include/Protocol/Cpu.h | 6 + UefiCpuPkg/CpuDxe/CpuDxe.h | 14 ++ UefiCpuPkg/Include/Library/MpInitLib.h | 17 +++ UefiCpuPkg/Library/MpInitLib/MpLib.h | 18 ++- MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c | 5 + OvmfPkg/PlatformPei/AmdSev.c | 2 +- UefiCpuPkg/CpuDxe/CpuDxe.c | 10 ++ UefiCpuPkg/Library/MpInitLib/DxeMpLib.c | 57 +++++++- UefiCpuPkg/Library/MpInitLib/MpLib.c | 25 ++++ UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm | 130 ++++++++++++++++-- 10 files changed, 265 insertions(+), 19 deletions(-) diff --git a/MdePkg/Include/Protocol/Cpu.h b/MdePkg/Include/Protocol/Cpu.h index e392f4cd9a13..79a701bc0d93 100644 --- a/MdePkg/Include/Protocol/Cpu.h +++ b/MdePkg/Include/Protocol/Cpu.h @@ -257,6 +257,11 @@ EFI_STATUS IN UINT64 Attributes ); =20 +typedef +EFI_STATUS +(EFIAPI *EFI_CPU_FINALIZE)( + IN EFI_CPU_ARCH_PROTOCOL *This + ); =20 /// /// The EFI_CPU_ARCH_PROTOCOL is used to abstract processor-specific funct= ions from the DXE @@ -273,6 +278,7 @@ struct _EFI_CPU_ARCH_PROTOCOL { EFI_CPU_REGISTER_INTERRUPT_HANDLER RegisterInterruptHandler; EFI_CPU_GET_TIMER_VALUE GetTimerValue; EFI_CPU_SET_MEMORY_ATTRIBUTES SetMemoryAttributes; + EFI_CPU_FINALIZE Finalize; /// /// The number of timers that are available in a processor. The value in= this /// field is a constant that must not be modified after the CPU Architec= tural diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.h b/UefiCpuPkg/CpuDxe/CpuDxe.h index b029be430b4c..c5b9ada72ac9 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.h +++ b/UefiCpuPkg/CpuDxe/CpuDxe.h @@ -232,6 +232,20 @@ CpuSetMemoryAttributes ( IN UINT64 Attributes ); =20 +/** + Set ... + + @param This Protocol instance structure + + @retval EFI_SUCCESS If ... + +**/ +EFI_STATUS +EFIAPI +CpuFinalize ( + IN EFI_CPU_ARCH_PROTOCOL *This + ); + /** Initialize Global Descriptor Table. =20 diff --git a/UefiCpuPkg/Include/Library/MpInitLib.h b/UefiCpuPkg/Include/Li= brary/MpInitLib.h index fa8252937313..2095fb758664 100644 --- a/UefiCpuPkg/Include/Library/MpInitLib.h +++ b/UefiCpuPkg/Include/Library/MpInitLib.h @@ -344,4 +344,21 @@ MpInitLibWhoAmI ( OUT UINTN *ProcessorNumber ); =20 +/** + MP Exit ... + + This service ... + + This service must be invoked before ... + + @retval EFI_SUCCESS MP initialization succeeds. + @retval Others MP initialization fails. + +**/ +EFI_STATUS +EFIAPI +MpLibFinalize ( + VOID + ); + #endif diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.h b/UefiCpuPkg/Library/MpIn= itLib/MpLib.h index f2ba1a508715..a2ba6de0278f 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.h +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.h @@ -273,7 +273,8 @@ struct _CPU_MP_DATA { UINT64 GhcbBase; }; =20 -#define AP_RESET_STACK_SIZE 64 +#define AP_SAFE_STACK_SIZE 128 +#define AP_RESET_STACK_SIZE AP_SAFE_STACK_SIZE =20 typedef union { struct { @@ -327,8 +328,11 @@ VOID IN BOOLEAN MwaitSupport, IN UINTN ApTargetCState, IN UINTN PmCodeSegment, + IN UINTN Pm16CodeSegment, IN UINTN TopOfApStack, - IN UINTN NumberToFinish + IN UINTN NumberToFinish, + IN UINTN SevEsAPJumpTable, + IN UINTN WakeupBuffer ); =20 /** @@ -645,5 +649,15 @@ EnableDebugAgent ( VOID ); =20 +/** + MP finalize ... + + @param[in] CpuMpData The pointer to CPU MP Data structure will be saved. +**/ +EFI_STATUS +MpFinalize ( + IN CPU_MP_DATA *CpuMpData + ); + #endif =20 diff --git a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c b/MdeModulePkg/Core/Dx= e/DxeMain/DxeMain.c index 514d1aa75ada..13c962247243 100644 --- a/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c +++ b/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c @@ -785,6 +785,11 @@ CoreExitBootServices ( // gCpu->DisableInterrupt (gCpu); =20 + // + // Finalize CPU + // + gCpu->Finalize (gCpu); + // // Clear the non-runtime values of the EFI System Table // diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index fc396a6f229d..f0a18f026460 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -65,7 +65,7 @@ AmdSevEsInitialize ( BuildMemoryAllocationHob ( GhcbBasePa, EFI_PAGES_TO_SIZE (GhcbPageCount), - EfiBootServicesData + EfiReservedMemoryType ); =20 SetMem (GhcbBase, GhcbPageCount * SIZE_4KB, 0); diff --git a/UefiCpuPkg/CpuDxe/CpuDxe.c b/UefiCpuPkg/CpuDxe/CpuDxe.c index 7d7270e10b4a..7003f74e7d87 100644 --- a/UefiCpuPkg/CpuDxe/CpuDxe.c +++ b/UefiCpuPkg/CpuDxe/CpuDxe.c @@ -92,6 +92,7 @@ EFI_CPU_ARCH_PROTOCOL gCpu =3D { CpuRegisterInterruptHandler, CpuGetTimerValue, CpuSetMemoryAttributes, + CpuFinalize, 1, // NumberOfTimers 4 // DmaBufferAlignment }; @@ -499,6 +500,15 @@ CpuSetMemoryAttributes ( return AssignMemoryPageAttributes (NULL, BaseAddress, Length, MemoryAttr= ibutes, NULL); } =20 +EFI_STATUS +EFIAPI +CpuFinalize ( + IN EFI_CPU_ARCH_PROTOCOL *This + ) +{ + return MpLibFinalize (); +} + /** Initializes the valid bits mask and valid address mask for MTRRs. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c b/UefiCpuPkg/Library/M= pInitLib/DxeMpLib.c index 127f64eb87e1..6e1bdbeed259 100644 --- a/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/DxeMpLib.c @@ -18,7 +18,6 @@ #include =20 #define AP_CHECK_INTERVAL (EFI_TIMER_PERIOD_MILLISECONDS (100)) -#define AP_SAFE_STACK_SIZE 128 =20 CPU_MP_DATA *mCpuMpData =3D NULL; EFI_EVENT mCheckAllApsEvent =3D NULL; @@ -98,7 +97,7 @@ GetWakeupBuffer ( StartAddress =3D 0x88000; Status =3D gBS->AllocatePages ( AllocateMaxAddress, - EfiBootServicesData, + EfiReservedMemoryType, EFI_SIZE_TO_PAGES (WakeupBufferSize), &StartAddress ); @@ -328,17 +327,26 @@ RelocateApLoop ( BOOLEAN MwaitSupport; ASM_RELOCATE_AP_LOOP AsmRelocateApLoopFunc; UINTN ProcessorNumber; + UINTN StackStart; =20 MpInitLibWhoAmI (&ProcessorNumber); CpuMpData =3D GetCpuMpData (); MwaitSupport =3D IsMwaitSupport (); + if (CpuMpData->SevEsActive) { + StackStart =3D CpuMpData->SevEsAPResetStackStart; + } else { + StackStart =3D mReservedTopOfApStack; + } AsmRelocateApLoopFunc =3D (ASM_RELOCATE_AP_LOOP) (UINTN) mReservedApLoop= Func; AsmRelocateApLoopFunc ( MwaitSupport, CpuMpData->ApTargetCState, CpuMpData->PmCodeSegment, - mReservedTopOfApStack - ProcessorNumber * AP_SAFE_STACK_SIZE, - (UINTN) &mNumberToFinish + CpuMpData->Pm16CodeSegment, + StackStart - ProcessorNumber * AP_SAFE_STACK_SIZE, + (UINTN) &mNumberToFinish, + CpuMpData->SevEsAPBuffer, + CpuMpData->WakeupBuffer ); // // It should never reach here @@ -880,3 +888,44 @@ MpInitLibEnableDisableAP ( =20 return Status; } + +/** + MP finalize ... + + @param[in] CpuMpData The pointer to CPU MP Data structure will be saved. +**/ +EFI_STATUS +MpFinalize ( + IN CPU_MP_DATA *CpuMpData + ) +{ + if (CpuMpData->SevEsActive) { + // + // Perform SEV-ES specific finalization + // + if (CpuMpData->WakeupBuffer =3D=3D (UINTN) -1) { + // + // No APs parked in UEFI, clear the GHCB + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, 0); + } else { + // + // Re-use reserved memory area below 1MB from WakeupBuffer + // + CopyMem ( + (VOID *) CpuMpData->WakeupBuffer, + (VOID *) CpuMpData->AddressMap.RendezvousFunnelAddress + + CpuMpData->AddressMap.SwitchToRealPM16ModeOffset, + CpuMpData->AddressMap.SwitchToRealPM16ModeSize + ); + + // + // Point the GHCB at the AP jump table to communicate the address to + // the booting system. + // + AsmWriteMsr64 (MSR_SEV_ES_GHCB, (CpuMpData->SevEsAPBuffer) | 0x03); + } + } + + return EFI_SUCCESS; +} diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpIn= itLib/MpLib.c index 0939019d7b8c..bc800a69527e 100644 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c @@ -1707,6 +1707,31 @@ CheckAllAPs ( return EFI_NOT_READY; } =20 +/** + MP Exit ... + + This service ... + + This service must be invoked before ... + + @retval EFI_SUCCESS MP initialization succeeds. + @retval Others MP initialization fails. + +**/ +EFI_STATUS +EFIAPI +MpLibFinalize ( + VOID + ) +{ + CPU_MP_DATA *CpuMpData; + + CpuMpData =3D GetCpuMpData (); + MpFinalize (CpuMpData); + + return EFI_SUCCESS; +} + /** MP Initialize Library initialization. =20 diff --git a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm b/UefiCpuPkg/Lib= rary/MpInitLib/X64/MpFuncs.nasm index 286fa297791c..8936963913c4 100644 --- a/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm +++ b/UefiCpuPkg/Library/MpInitLib/X64/MpFuncs.nasm @@ -446,7 +446,7 @@ CompatMode: =20 BITS 16 ; - ; At entry to this label + ; At entry to this label (used also by AsmRelocateApLoop): ; - RDX will have its reset value ; - On the top of the stack ; - Alignment data (two bytes) to be discarded @@ -475,32 +475,93 @@ PM16Mode: SwitchToRealProcEnd: =20 ;-------------------------------------------------------------------------= ------------ -; AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment, TopOfAp= Stack, CountTofinish); +; AsmRelocateApLoop (MwaitSupport, ApTargetCState, PmCodeSegment, Pm16Cod= eSegment, TopOfApStack, CountTofinish, SevEsAPJumpTable, WakeupBuffer); ;-------------------------------------------------------------------------= ------------ global ASM_PFX(AsmRelocateApLoop) ASM_PFX(AsmRelocateApLoop): AsmRelocateApLoopStart: BITS 64 + cmp qword [rsp + 56], 0 + je NoSevEs + + ; + ; Perform some SEV-ES related setup before leaving 64-bit mode + ; + push rcx + push rdx + + ; + ; Get the RDX reset value using CPUID + ; + mov rax, 1 + cpuid + mov rsi, rax ; Save off the reset value for RDX + + ; + ; Prepare the GHCB for the AP_HLT_LOOP VMGEXIT call + ; - No NAE events can be generated once this is set otherwise + ; the AP_HLT_LOOP SW_EXITCODE will be overwritten. + ; + mov rcx, 0xc0010130 + rdmsr ; Retrieve current GHCB address + shl rdx, 32 + or rdx, rax + + mov rdi, rdx + xor rax, rax + mov rcx, 0x800 + shr rcx, 3 + rep stosq ; Clear the GHCB + + mov rax, 0x80000004 ; VMGEXIT AP_HLT_LOOP + mov [rdx + 0x390], rax + + pop rdx + pop rcx + +NoSevEs: cli ; Disable interrupt before switching to 3= 2-bit mode - mov rax, [rsp + 40] ; CountTofinish + mov rax, [rsp + 48] ; CountTofinish lock dec dword [rax] ; (*CountTofinish)-- - mov rsp, r9 - push rcx - push rdx =20 - lea rsi, [PmEntry] ; rsi <- The start address of transition = code + mov rax, [rsp + 56] ; SevEsAPJumpTable + mov rbx, [rsp + 64] ; WakeupBuffer + mov rsp, [rsp + 40] ; TopOfApStack + + push rax ; Save SevEsAPJumpTable + push rbx ; Save WakeupBuffer + push r9 ; Save Pm16CodeSegment + push rcx ; Save MwaitSupport + push rdx ; Save ApTargetCState + + lea rax, [PmEntry] ; rax <- The start address of transition = code =20 push r8 - push rsi - DB 0x48 - retf + push rax + + ; + ; Clear R8 - R15, for reset, before going into 32-bit mode + ; + xor r8, r8 + xor r9, r9 + xor r10, r10 + xor r11, r11 + xor r12, r12 + xor r13, r13 + xor r14, r14 + xor r15, r15 + + ; + ; Far return into 32-bit mode + ; +o64 retf + BITS 32 PmEntry: mov eax, cr0 btr eax, 31 ; Clear CR0.PG mov cr0, eax ; Disable paging and caches =20 - mov ebx, edx ; Save EntryPoint to rbx, for rdmsr will = overwrite rdx mov ecx, 0xc0000080 rdmsr and ah, ~ 1 ; Clear LME @@ -513,6 +574,8 @@ PmEntry: add esp, 4 pop ecx, add esp, 4 + +MwaitCheck: cmp cl, 1 ; Check mwait-monitor support jnz HltLoop mov ebx, edx ; Save C-State to ebx @@ -526,10 +589,53 @@ MwaitLoop: shl eax, 4 mwait jmp MwaitLoop + HltLoop: + pop edx ; PM16CodeSegment + add esp, 4 + pop ebx ; WakeupBuffer + add esp, 4 + pop eax ; SevEsAPJumpTable + add esp, 4 + cmp eax, 0 ; Check for SEV-ES + je DoHlt + + cli + ; + ; SEV-ES is active, use VMGEXIT (GHCB information already + ; set by caller) + ; + ; VMGEXIT is rep vmmcall + ; + db 0xf3 + db 0x0f + db 0x01 + db 0xd9 + + ; + ; Back from VMGEXIT AP_HLT_LOOP + ; Push the FLAGS/CS/IP values to use + ; + push word 0x0002 ; EFLAGS + xor ecx, ecx + mov cx, [eax + 2] ; CS + push cx + mov cx, [eax] ; IP + push cx + push word 0x0000 ; For alignment, will be discarded + + push edx + push ebx + + mov edx, esi ; Restore RDX reset value + + retf + +DoHlt: cli hlt - jmp HltLoop + jmp DoHlt + BITS 64 AsmRelocateApLoopEnd: =20 --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46093): https://edk2.groups.io/g/devel/message/46093 Mute This Topic: https://groups.io/mt/32966266/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-