From nobody Mon May 6 02:44:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77594+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77594+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1625753296803631.8836263555114; Thu, 8 Jul 2021 07:08:16 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IXPpYY1788612xaFhsJiE0YD; Thu, 08 Jul 2021 07:08:16 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.62]) by mx.groups.io with SMTP id smtpd.web10.12501.1625753290551824810 for ; Thu, 08 Jul 2021 07:08:10 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OjLeEK1W0/XYi0xplELvwTu+FuepMl+jND+peAcm3Lk+ZbxZdX+ZEbbZe7AJoZvT7EhQyc6ztEcF+mqWONzO74690Dx6hloJNpf+yAYgwz0zRPHKa8E1jBn4ojSd6FJEIxxzJxfF5dWqBMOOByfep3gkeox1/WXMS11djNnp5eGBXGsMqOJVD4A8Bwx2c1I2Pvq43xc7KVnP8qYpEBFXLkohgKkqUfkyyXjmSp1yLpuegYHXckKKKM0z3i401hjTA4AbHZbtjMgWBp9BzKZNv/5XUbPopJOorWsVpt7C4jN/uHakkC4c90+V7ckNUG/B7VDZhP0J2/XX7ttaPlwucg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/MRCvCfnCL1x5RkXsP8i5+BKgiOMddTQS+CfgxGwM8Q=; b=SfK0ftZphbJt008S2GiOgQfT27tw+bJuAK0RB0TB9EzbKCJ+jLVtHjSipswyQKqLiIg6NeRSDP0eT0OmmcBSQtsu+s32jaAUIR/oWLAEc6lcYXeaAJmSmHa6fkTXxWlg6ST5vBvmotIckZ6h9V5M7k/yHjXXDrSd6n3rUyr7fbW5vGDCFM+886X+2Me257NsXCkKwXQeAJXJeFxXvy2GUgk1HFY3Mfn00vx8DWOZVMznD3KXUkI24YQ8sROIxkwKEbgvQTmhs826bSJ8ox5elhRvYiblcXDSCqGC1eihPS3Wb4F8eS2DFiWGYt0AOaHRTVrZ+ECUIQBJqa0YZc91gA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4592.namprd12.prod.outlook.com (2603:10b6:806:9b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Thu, 8 Jul 2021 14:08:08 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4287.035; Thu, 8 Jul 2021 14:08:08 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [edk2-devel] [PATCH v5 1/4] OvmfPkg/BaseMemEncryptLib: Support to issue unencrypted hypercall Date: Thu, 8 Jul 2021 14:07:56 +0000 Message-Id: <332172b262929880ef753a3bef36228115b7051a.1625687246.git.ashish.kalra@amd.com> In-Reply-To: References: X-ClientProxiedBy: SA9PR13CA0083.namprd13.prod.outlook.com (2603:10b6:806:23::28) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0083.namprd13.prod.outlook.com (2603:10b6:806:23::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.11 via Frontend Transport; Thu, 8 Jul 2021 14:08:07 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b6a036c4-04e0-43c5-2d6b-08d94219d004 X-MS-TrafficTypeDiagnostic: SA0PR12MB4592: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: kSZ9/7akH1Yu76Bn/NGjzJ6YL6cunTqpHNbSe5NhFjKXvO4anKNghC7heD/TU+fhTB/nY2OQRryGzEU4MyX+VJPIgx8CHcXOKesZ9CwUV0DNccbrrxfn3gAH2+Fz6oJp+2Ieg3gW2QgPV8XWZyNjBhYm9S7NZJAhBInD4fVREsjA67jXMsX/dQn9Ug7Sg/yw4t7juNm81IK9L1zYS2eTslUWCYd3J72d3AuQrvwmeTRjTRsDeTgb2Y5T5PLAu/VrRcn+AUMKEJtEoyXcnLrMnWz3f+UsZpbDqlqzDg2QpbH3/LkBT5XvJfFXgcI1mUSwVWSSq9T38to95aGW7lPX+nptkoQCzxPvRbGw7gUytTFZn/Jv1o29qINP5enYWCooEmNkM1pT3W/sGdqxBvs4OKgZpaGX+//6I2CCSKbieTBNApc09X39PsEMYK5nNFd6iQmOZlLp1gi/zJy7lNgZOzRnvc8uzYmRTLv9q8GNEN550o3Y8b6koOwmnUuWLjwRTsE8P+fsYoFv4Ugw9Ztwr5E+aF8OCRKuE2F648IKwzSsR5vFG1E9/T0Tk0ZBDO0mLeECAiymZE2pGKH4pPmGnH6bI4vjVY2Fh7JIRQUX1O8YldjKb2Bvd/pc7FAAVvcOQOUWaDPwaunFOS4iDTw2cJ7pdeRIWD5EvWfUWjFJruYqLVDyJu9ihwG8L4oVsdxiK2m7YBxBQnITE8BCW80T7Q== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?8rc2/8hMkejyun/1n+zqKqvrRZG4hAUlK1T0Aa0EWp8Soo+aCCh9CnTvXroA?= =?us-ascii?Q?xbjO+WmV+QbuUaNdq+TGoifXXAGPQntaF33ZF/jfFFpvOYv60aLhU25emVoF?= =?us-ascii?Q?rZ8pCDu+Qu1MVygZVU6xiXWi6pyfUtttN3XLl5pQkItLJ1310yM+5stWCQ0b?= =?us-ascii?Q?azmm5fwm+yyieSYx5QVy4CWYjQI5ByDJhv3mhSy6lUAi+TUFOh0/afPKTbRv?= =?us-ascii?Q?iGXzZ8ubBruQ1NMqJ1YO995PMVQ9RRLbGmiIEDkZ4cpLO2d+ceYkqLzah6OX?= =?us-ascii?Q?3tXS1vbssrT3z857/Kv3ZAU+pBkyCtztGxd6gynKMiC0xn/RbvIliytlIfr/?= =?us-ascii?Q?PboX71c43aHr0n26AApqkJi/p9tRAcQxRdGyKYCLicVG81BPhGUBCIcEOgpY?= =?us-ascii?Q?CauVVjVHtJ5YQDPpqTzCpht7WvhMFRm6+VTCMd37PrTyD2ruBAO2+EGaEeuT?= =?us-ascii?Q?mM84r8PSr9Wy56Vjvlb3VacPnlDgN2l8B4t39lmuonOO9PeAI7tOS7LCcJIv?= =?us-ascii?Q?9IOEKHP6F9Mg5r06rFMtZsn99GSg+7nc5kMRRqso9z7wR7W36DsVDwspZGQF?= =?us-ascii?Q?9hu3m7yMKdizKQ0TBIoVgpCBffCID87CNQ9lbMHC+8Y2FmSrPhTSuKHmGyYr?= =?us-ascii?Q?Xtzl9fVapFJu3dzBrshf5IHWECz7nba4UvNqdDb6PHgFbgDW4Ovm/o6XoN57?= =?us-ascii?Q?WvaxG4gXd0uJeU9wPOmRqvH3W4+CEX1+Agc1azQnesaRewZKLZmuy1NKUYsC?= =?us-ascii?Q?LBrAjBT6lecZ0UId+fcFNYUDz/6iVckRFs2PQcRsewqA29VB0cR2Y/yhVkWG?= =?us-ascii?Q?ORbJKVO6qwx7f6nrBESxyIVmsxD5+LGZI90bw4ba53vlR/Xaby/weQmrSScD?= =?us-ascii?Q?Vr+GMFVO/r4gTXkwG58eNonsNOasJYjijZ3i/wfGUZ5HswG8ZRo0cIJUUJXx?= =?us-ascii?Q?QvoKHsrswznDLxT/eIMhretzDZjQrqhVfpKj0VCFJLuTxE6Cni+MXaATIydR?= =?us-ascii?Q?nsGzC8o4D6MAvSizgB4/kCmOGoVGcAx798ULviAKrGlLHKTZr129wpQ21mZk?= =?us-ascii?Q?JeX16kguGbjs/oufG/TqfrZny+Zcgolr70GxYnBHqx5GmWoHY7Zo0wk6SWdn?= =?us-ascii?Q?1Kusq0QR1dw3k9mD0upY24cOxZjBL0PMDx0wtbHgGxzbcdaamL2O1ktzRDis?= =?us-ascii?Q?NRncQCCW09TO82ijAV8aDbSAGNbzTcFNAdrLQ1NZhsdj+Mt/YSqsZQE0O4tG?= =?us-ascii?Q?7NWgBpNBwkHJJAeHWbW4avAfYSUkbRf8eLG08KGFrRKbN/Rg5O9ETViv0KKe?= =?us-ascii?Q?YvLZrjlSytjWGjZD5gBuSRlw?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b6a036c4-04e0-43c5-2d6b-08d94219d004 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2021 14:08:08.3374 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WwmhdDYr2eAiM2zwfv5ADBakdEppxXxcUh6L1r8IcoLcCPQkBtU2KdIvklyn0sb241L/SjIHQP5xfnHzzdYLeg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4592 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: jvN6hnfUQgx04DQaYtpvgpHPx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625753296; bh=jaGtqfd1WailsNXC1HRBT2j0b8e2k1sZxeD4Q9A1GQk=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=kBjxitIGvL3VfjHSTsawCZGpfuezu8AODOSJT1FW0U13BLZvRn08+1CRZU+HPPe8F48 rN2MsBJkWb72KoLSRVdcC+EJ1W1xCjmc291j4sklJErnEOH0JTkltEwtkq+Yf2CnLvOI0 LhHA03fgQ1SooWefD/w+RI865aWOutePx8o= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1625753297087100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra By default all the SEV guest memory regions are considered encrypted, if a guest changes the encryption attribute of the page (e.g mark a page as decrypted) then notify hypervisor. Hypervisor will need to track the unencrypted pages. The information will be used during guest live migration, guest page migration and guest debugging. This hypercall is used to notify hypervisor when the page's encryption state changes. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Brijesh Singh Signed-off-by: Ashish Kalra --- OvmfPkg/Include/Library/MemEncryptSevLib.h | 69= ++++++++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 1= + OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 39= +++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c | 27= ++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c | 51= +++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf | 1= + OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c | 39= +++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c | 38= +++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm | 33= ++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c | 54= +++++++++++++++ OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c | 22= ++++++- 11 files changed, 373 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/L= ibrary/MemEncryptSevLib.h index 76d06c206c..c2b2a99a08 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -90,6 +90,18 @@ MemEncryptSevIsEnabled ( VOID ); =20 +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ); + /** This function clears memory encryption bit for the memory region specifi= ed by BaseAddress and NumPages from the current page table context. @@ -222,4 +234,61 @@ MemEncryptSevClearMmioPageEncMask ( IN UINTN NumPages ); =20 +/** + This hypercall is used to notify hypervisor when the page's encryption + state changes. + + @param[in] PhysicalAddress The physical address that is the start= address + of a memory region. The PhysicalAddres= s is + expected to be PAGE_SIZE aligned. + @param[in] Pages Number of pages in memory region. + @param[in] Status Encrypted(1) or Decrypted(0). + +@retval RETURN_SUCCESS Hypercall returned success. +**/ +RETURN_STATUS +EFIAPI +SetMemoryEncDecHypercall3 ( + IN UINTN PhysicalAddress, + IN UINTN Pages, + IN UINTN Status + ); + +#define KVM_HC_MAP_GPA_RANGE 12 +#define KVM_MAP_GPA_RANGE_PAGE_SZ_4K 0 +#define KVM_MAP_GPA_RANGE_PAGE_SZ_2M BIT0 +#define KVM_MAP_GPA_RANGE_PAGE_SZ_1G BIT1 +#define KVM_MAP_GPA_RANGE_ENC_STAT(n) ((n) << 4) +#define KVM_MAP_GPA_RANGE_ENCRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(1) +#define KVM_MAP_GPA_RANGE_DECRYPTED KVM_MAP_GPA_RANGE_ENC_STAT(0) + +#define KVM_FEATURE_MIGRATION_CONTROL BIT17 + +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. + + @retval TRUE SEV live migration is supported. + @retval FALSE SEV live migration is not supported. +**/ +BOOLEAN +EFIAPI +KvmDetectSevLiveMigrationFeature( + VOID + ); + +/** + Interface exposed by the ASM implementation of the core hypercall + + @retval Hypercall returned status. +**/ +UINTN +EFIAPI +SetMemoryEncDecHypercall3AsmStub ( + IN UINTN HypercallNum, + IN UINTN PhysicalAddress, + IN UINTN Pages, + IN UINTN Attributes + ); + #endif // _MEM_ENCRYPT_SEV_LIB_H_ diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf index f2e162d680..0c28afadee 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf @@ -38,6 +38,7 @@ X64/PeiDxeVirtualMemory.c X64/VirtualMemory.c X64/VirtualMemory.h + X64/AsmHelperStub.nasm =20 [Sources.IA32] Ia32/MemEncryptSevLib.c diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c index 2816f859a0..ead754cd7b 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c @@ -20,6 +20,8 @@ STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; +STATIC BOOLEAN mSevLiveMigrationStatus =3D FALSE; +STATIC BOOLEAN mSevLiveMigrationStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; STATIC BOOLEAN mSevEncryptionMaskSaved =3D FALSE; @@ -87,6 +89,24 @@ InternalMemEncryptSevStatus ( mSevStatusChecked =3D TRUE; } =20 +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. +**/ +STATIC +VOID +EFIAPI +InternalDetectSevLiveMigrationFeature( + VOID + ) +{ + if (KvmDetectSevLiveMigrationFeature()) { + mSevLiveMigrationStatus =3D TRUE; + } + + mSevLiveMigrationStatusChecked =3D TRUE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 @@ -125,6 +145,25 @@ MemEncryptSevIsEnabled ( return mSevStatus; } =20 +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ) +{ + if (!mSevLiveMigrationStatusChecked) { + InternalDetectSevLiveMigrationFeature (); + } + + return mSevLiveMigrationStatus; +} + /** Returns the SEV encryption mask. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c b= /OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c index be260e0d10..62392309fe 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/Ia32/MemEncryptSevLib.c @@ -136,3 +136,30 @@ MemEncryptSevClearMmioPageEncMask ( // return RETURN_UNSUPPORTED; } + +/** + This hyercall is used to notify hypervisor when the page's encryption + state changes. + + @param[in] PhysicalAddress The physical address that is the start= address + of a memory region. The physical addre= ss is + expected to be PAGE_SIZE aligned. + @param[in] Pages Number of Pages in the memory region. + @param[in] Status Encrypted(1) or Decrypted(0). + +@retval RETURN_SUCCESS Hypercall returned success. +**/ +RETURN_STATUS +EFIAPI +SetMemoryEncDecHypercall3 ( + IN UINTN PhysicalAddress, + IN UINTN Pages, + IN UINTN Status + ) +{ + // + // Memory encryption bit is not accessible in 32-bit mode + // + return RETURN_UNSUPPORTED; +} + diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInt= ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibIntern= al.c index b4a9f464e2..0c9f7e17ba 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiDxeMemEncryptSevLibInternal.c @@ -61,3 +61,54 @@ MemEncryptSevLocateInitialSmramSaveStateMapPages ( =20 return RETURN_SUCCESS; } + +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. + + @retval TRUE SEV live migration is supported. + @retval FALSE SEV live migration is not supported. +**/ +BOOLEAN +EFIAPI +KvmDetectSevLiveMigrationFeature( + VOID + ) +{ + CHAR8 Signature[13]; + UINT32 mKvmLeaf; + UINT32 RegEax, RegEbx, RegEcx, RegEdx; + + Signature[12] =3D '\0'; + for (mKvmLeaf =3D 0x40000000; mKvmLeaf < 0x40010000; mKvmLeaf +=3D 0x100= ) { + AsmCpuid (mKvmLeaf, + NULL, + (UINT32 *) &Signature[0], + (UINT32 *) &Signature[4], + (UINT32 *) &Signature[8]); + + if (AsciiStrCmp ((CHAR8 *) Signature, "KVMKVMKVM\0\0\0") =3D=3D 0) { + DEBUG (( + DEBUG_INFO, + "%a: KVM Detected, signature =3D %s\n", + __FUNCTION__, + Signature + )); + + RegEax =3D mKvmLeaf + 1; + RegEcx =3D 0; + AsmCpuid (mKvmLeaf + 1, &RegEax, &RegEbx, &RegEcx, &RegEdx); + if ((RegEax & KVM_FEATURE_MIGRATION_CONTROL) !=3D 0) { + DEBUG (( + DEBUG_INFO, + "%a: Live Migration feature supported\n", + __FUNCTION__ + )); + + return TRUE; + } + } + } + + return FALSE; +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b= /OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf index 03a78c32df..3233ca7979 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf @@ -38,6 +38,7 @@ X64/PeiDxeVirtualMemory.c X64/VirtualMemory.c X64/VirtualMemory.h + X64/AsmHelperStub.nasm =20 [Sources.IA32] Ia32/MemEncryptSevLib.c diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c index e2fd109d12..9db6c2ef71 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c @@ -20,6 +20,8 @@ STATIC BOOLEAN mSevStatus =3D FALSE; STATIC BOOLEAN mSevEsStatus =3D FALSE; STATIC BOOLEAN mSevStatusChecked =3D FALSE; +STATIC BOOLEAN mSevLiveMigrationStatus =3D FALSE; +STATIC BOOLEAN mSevLiveMigrationStatusChecked =3D FALSE; =20 STATIC UINT64 mSevEncryptionMask =3D 0; STATIC BOOLEAN mSevEncryptionMaskSaved =3D FALSE; @@ -87,6 +89,24 @@ InternalMemEncryptSevStatus ( mSevStatusChecked =3D TRUE; } =20 +/** + Figures out if we are running inside KVM HVM and + KVM HVM supports SEV Live Migration feature. +**/ +STATIC +VOID +EFIAPI +InternalDetectSevLiveMigrationFeature( + VOID + ) +{ + if (KvmDetectSevLiveMigrationFeature()) { + mSevLiveMigrationStatus =3D TRUE; + } + + mSevLiveMigrationStatusChecked =3D TRUE; +} + /** Returns a boolean to indicate whether SEV-ES is enabled. =20 @@ -125,6 +145,25 @@ MemEncryptSevIsEnabled ( return mSevStatus; } =20 +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ) +{ + if (!mSevLiveMigrationStatusChecked) { + InternalDetectSevLiveMigrationFeature (); + } + + return mSevLiveMigrationStatus; +} + /** Returns the SEV encryption mask. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibIntern= al.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c index 56d8f3f318..b926c7b786 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c @@ -100,6 +100,44 @@ MemEncryptSevIsEnabled ( return Msr.Bits.SevBit ? TRUE : FALSE; } =20 +/** + Interface exposed by the ASM implementation of the core hypercall + + @retval Hypercall returned status. +**/ +UINTN +EFIAPI +SetMemoryEncDecHypercall3AsmStub ( + IN UINTN HypercallNum, + IN UINTN PhysicalAddress, + IN UINTN Pages, + IN UINTN Attributes + ) +{ + // + // Not used in SEC phase. + // + return RETURN_UNSUPPORTED; +} + +/** + Returns a boolean to indicate whether SEV live migration is enabled. + + @retval TRUE SEV live migration is enabled + @retval FALSE SEV live migration is not enabled +**/ +BOOLEAN +EFIAPI +MemEncryptSevLiveMigrationIsEnabled ( + VOID + ) +{ + // + // Not used in SEC phase. + // + return FALSE; +} + /** Returns the SEV encryption mask. =20 diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm b/= OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm new file mode 100644 index 0000000000..c7c11f77f1 --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/AsmHelperStub.nasm @@ -0,0 +1,33 @@ +/** @file + + ASM helper stub to invoke hypercall + + Copyright (c) 2021, AMD Incorporated. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +DEFAULT REL +SECTION .text + +; UINTN +; EFIAPI +; SetMemoryEncDecHypercall3AsmStub ( +; IN UINTN HypercallNum, +; IN UINTN Arg1, +; IN UINTN Arg2, +; IN UINTN Arg3 +; ); +global ASM_PFX(SetMemoryEncDecHypercall3AsmStub) +ASM_PFX(SetMemoryEncDecHypercall3AsmStub): + ; UEFI calling conventions require RBX to + ; be nonvolatile/callee-saved. + push rbx + mov rax, rcx ; Copy HypercallNumber to rax + mov rbx, rdx ; Copy Arg1 to the register expected by KVM + mov rcx, r8 ; Copy Arg2 to register expected by KVM + mov rdx, r9 ; Copy Arg2 to register expected by KVM + vmmcall ; Call VMMCALL + pop rbx + ret diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c b/= OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c index a57e8fd37f..57447e69dc 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/MemEncryptSevLib.c @@ -143,3 +143,57 @@ MemEncryptSevClearMmioPageEncMask ( ); =20 } + +/** + This hyercall is used to notify hypervisor when the page's encryption + state changes. + + @param[in] PhysicalAddress The physical address that is the start= address + of a memory region. The physical addre= ss is + expected to be PAGE_SIZE aligned. + @param[in] Pages Number of Pages in the memory region. + @param[in] Status Encrypted(1) or Decrypted(0). + +@retval RETURN_SUCCESS Hypercall returned success. +**/ +RETURN_STATUS +EFIAPI +SetMemoryEncDecHypercall3 ( + IN UINTN PhysicalAddress, + IN UINTN Pages, + IN UINTN Status + ) +{ + RETURN_STATUS Ret; + INTN Error; + + Ret =3D RETURN_UNSUPPORTED; + + if (MemEncryptSevLiveMigrationIsEnabled ()) { + Ret =3D EFI_SUCCESS; + // + // The encryption bit is set/clear on the smallest page size, hence + // use the 4k page size in MAP_GPA_RANGE hypercall below. + // Also, the hypercall expects the guest physical address to be + // page-aligned. + // + Error =3D SetMemoryEncDecHypercall3AsmStub ( + KVM_HC_MAP_GPA_RANGE, + (PhysicalAddress & (~(EFI_PAGE_SIZE-1))), + Pages, + KVM_MAP_GPA_RANGE_PAGE_SZ_4K | KVM_MAP_GPA_RANGE_ENC_STAT(St= atus) + ); + + if (Error !=3D 0) { + DEBUG ((DEBUG_ERROR, + "SetMemoryEncDecHypercall3 failed, Phys =3D %Lx, Pages =3D %= Ld, Err =3D %Ld\n", + PhysicalAddress, + Pages, + (INT64)Error)); + + Ret =3D RETURN_NO_MAPPING; + } + } + + return Ret; +} diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c= b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c index c696745f9d..0b1588a4c1 100644 --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/PeiDxeVirtualMemory.c @@ -536,7 +536,6 @@ EnableReadOnlyPageWriteProtect ( AsmWriteCr0 (AsmReadCr0() | BIT16); } =20 - /** This function either sets or clears memory encryption bit for the memory region specified by PhysicalAddress and Length from the current page tab= le @@ -585,6 +584,9 @@ SetMemoryEncDec ( UINT64 AddressEncMask; BOOLEAN IsWpEnabled; RETURN_STATUS Status; + UINTN Size; + BOOLEAN CBitChanged; + PHYSICAL_ADDRESS OrigPhysicalAddress; =20 // // Set PageMapLevel4Entry to suppress incorrect compiler/analyzer warnin= gs. @@ -636,6 +638,10 @@ SetMemoryEncDec ( =20 Status =3D EFI_SUCCESS; =20 + Size =3D Length; + CBitChanged =3D FALSE; + OrigPhysicalAddress =3D PhysicalAddress; + while (Length !=3D 0) { // @@ -695,6 +701,7 @@ SetMemoryEncDec ( )); PhysicalAddress +=3D BIT30; Length -=3D BIT30; + CBitChanged =3D TRUE; } else { // // We must split the page @@ -749,6 +756,7 @@ SetMemoryEncDec ( SetOrClearCBit (&PageDirectory2MEntry->Uint64, Mode); PhysicalAddress +=3D BIT21; Length -=3D BIT21; + CBitChanged =3D TRUE; } else { // // We must split up this page into 4K pages @@ -791,6 +799,7 @@ SetMemoryEncDec ( SetOrClearCBit (&PageTableEntry->Uint64, Mode); PhysicalAddress +=3D EFI_PAGE_SIZE; Length -=3D EFI_PAGE_SIZE; + CBitChanged =3D TRUE; } } } @@ -808,6 +817,17 @@ SetMemoryEncDec ( // CpuFlushTlb(); =20 + // + // Notify Hypervisor on C-bit status + // + if (CBitChanged) { + Status =3D SetMemoryEncDecHypercall3 ( + OrigPhysicalAddress, + EFI_SIZE_TO_PAGES(Size), + !Mode + ); + } + Done: // // Restore page table write protection, if any. --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77594): https://edk2.groups.io/g/devel/message/77594 Mute This Topic: https://groups.io/mt/84068331/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 02:44:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77595+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77595+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 162575332175753.00237869508635; Thu, 8 Jul 2021 07:08:41 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id e6PvYY1788612xcIGiWIamnF; Thu, 08 Jul 2021 07:08:39 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.63]) by mx.groups.io with SMTP id smtpd.web11.12351.1625753314215322528 for ; Thu, 08 Jul 2021 07:08:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aZroPnLWwGUwBRxf8wvR5D2eyoBq4ELRC1CGBET0Wkivi7PHjauxCrBzbuseYrGEn8mwUjU+mZ0Xyrgu6q9TGTOr47fHpmjVGf0rqXqtaCXU27uSENVwAvZ+nBxLXUP/OA+k6bdKS1MMrZ9lKSDCtNz44rd8XyqkQDr7YDKxgRmPJQokzfIqSdr7t7P4hdfAJAw5uqxEDIDeo4b8GRe3TjhFipdRTdlhjmRip9Cd0lIeGX7QdHqkmHM2SelL7SVpsOjbt3fIlG6tSa4Qu2JyOloWrnxt4PXyiesP/2rJ5XVcRoD1cnStz5tmaAUqNcpoTVoYO4TG/YYbnzYaDb0B8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vlwiqQkRMEAA6llGg4bEhWcx4SiZwhDeyRHUvZsYVUg=; b=METbOqbkTAArvFijQcVxsIrVXepuFSty62uuGA7RHj2mTHshK1tUd7cKoj4ALdoJlDuB7SMk81MvAtZyC//68T5LwUc/IneqaO1EltRR3gVH9A9ONPORWtaObJ3ehDOWp0k1J8qxH/LaZ11BLKdlPz4XL3Nuw9UB73zIVQeZeySJm7JOYd6PiNE1WKEktNpIWwz+9/pinqM7xkZTuTve1HcLclBmRjBjW3pHMhwnQPemh6XSvXgOm7+QBUiSL8CW4/1ymyhxvn4yQ/Px+RU6kfcPfWoAMZk5AsaU+Us1Ex8gOTFxFTaC6G/H1uUCWdX4YQGUNR+5IWY3f8foMjzYwg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4592.namprd12.prod.outlook.com (2603:10b6:806:9b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Thu, 8 Jul 2021 14:08:31 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4287.035; Thu, 8 Jul 2021 14:08:31 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [edk2-devel] [PATCH v5 2/4] OvmfPkg/VmgExitLib: Add support for hypercalls with SEV-ES. Date: Thu, 8 Jul 2021 14:08:17 +0000 Message-Id: <5cf6633e2510dd399aba0d8dbb7b979577e77c13.1625687246.git.ashish.kalra@amd.com> In-Reply-To: References: X-ClientProxiedBy: SA9PR13CA0123.namprd13.prod.outlook.com (2603:10b6:806:27::8) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA9PR13CA0123.namprd13.prod.outlook.com (2603:10b6:806:27::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.12 via Frontend Transport; Thu, 8 Jul 2021 14:08:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 044c3ae0-649d-4e15-f4c3-08d94219ddaf X-MS-TrafficTypeDiagnostic: SA0PR12MB4592: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: reKAOc1oiRgLXf7cXy2PI6SkwanN6WAzUX6IzDydLAL50hfa46jpzj9jH/N1UWgLWR8fDpEBK+kAibHsbM3R0YOGK6bELULas/Qo+e784a3qNvUlbf94kY2vumRF/cRB5hCRsJl2PjKOiS55/C9ePCA8m5HhP/C+eAEnUv2IyNhm8K7fl5Bg4wRViqYDNgaUk36vGLlcpIqkCzDaaIw0SB0Hit/ERYw7UsbLu6BcUwCI78wwJXZPS2vaMrIjh5HL566i292/PMCQGctBaWVdhj5fDYC4y4PY2syiBAvjTW0BvEVfOzQFJrWjSioQk1bTw1jblQi3DiwV4gyPXQVp3tNzf4LGt6vi6zC9lOpyp+uyogKoW7hkRJKBq8Ti6oT8bpFt8cVG7X0iTAPxwQTVReyEi06QvWNEmXP/XVibaZ+pORR5iuQJeaT8SvKUcpV5g6MsYP3LlpnQSGEU7hwO/seDVhFLh3OV2NcY6rslFyOXyioFQikDwtd5yaXg5gaqu9Wa4JQgp+u1v2vKWTrGlgUwVO4lzL6yECCBuO1CKhr3Az4BPOlVGsv/dNm2Y/sWdXaF3wxWEtlk5cGK1yt+jUbDSWEmZAw3DqIEIBiBM1RbwmJCBqurDSRQhCEM1aAaltnIuapub/1HyjgTNO0Y6HgnzddZB/6vsGxu8oM2MaHBZ42+9IR0pHgPmA2lhIY1FO3P/akjoyZd4CDGP/VmQw== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?sofD34F0zjsCldyiDFCJb+g+YwUvWjRgyMrGOa1t2obTqRrFSAcXF1agy1kE?= =?us-ascii?Q?J8HPk2wngScxAldDX6M2HXwy/ZUbcNsMXYvN+LA7StjW3aQiwEeI073TRepI?= =?us-ascii?Q?Fn6xcy2vLFnUPHgue6/iYj53cPIXOhWruZP5bq8NRO9+s+ANp4bE3Ei1AXcw?= =?us-ascii?Q?S5B2xByZ4BYVKcRRGxDL0Lb4lGgB336hSSZJF3PD7bBw40e5R1YrY2IcDctD?= =?us-ascii?Q?kbCb+4l8qdIwfZ0UfqXtJZ9p0oTO6bHhEGgZKP7kgMpGB3Nlm1kdZm0+PnH7?= =?us-ascii?Q?ZogUr73+tKJywf2E9eftzsztBgK8KlcSi40+IIeR904k38X5J2lAXgSLEont?= =?us-ascii?Q?pWYhtay4VUy75PqB+wsGwFvC2A1e07xOJdyetnfNkaVSBbkBAj6SZi4cLTKh?= =?us-ascii?Q?vPgNLM9UhfXhQqziaxavXGX1Yd06iPERCETi2Yn+2lgucqtAVm6dx70qn2na?= =?us-ascii?Q?qUZah7KAA621h9XMof/c+sLZ4iXe+kJX4gb38YN0ypmJZABR6bTKCflNgsVY?= =?us-ascii?Q?hetl8ZlQ7uZCSjbY7EWS16rPoeGU0d8v+lgyKVd5/vpf0nFl5+zSeDfjrIBM?= =?us-ascii?Q?Kp6VmMKNshc8dXj2tuZcKd7Jj4oK30qnM3c0dzoapmgJB4HJJgoy+wO1+/BT?= =?us-ascii?Q?sq6JyKk9WjRpoSgV2E+9h7M4RVJ31z+NX9K+8sZt+89jf4TdNhZsGi4eNPoM?= =?us-ascii?Q?JUtnkLP7mnSS2Uy7cMQwb/7cSn8+szVPFWh66iMz/4zqo8P2uwplZ5ALvaGH?= =?us-ascii?Q?gjTowKUfp3sK+Zf2ndT1vTD0vXfjAPBVBaUviRpuRNo8oka1NKFR84u1hD2P?= =?us-ascii?Q?wTevxpQmkSA7vdxBnTcGCFvlCbS7wn+hRXOmWJyw/rFDLBcIdDgEgAz+WQUD?= =?us-ascii?Q?dheuunjA8BlhofkWokeuqixdoouFJaVDZUzzFilWqZaaEqOg21aI4HN4PDUy?= =?us-ascii?Q?s7pydpieDff2u/dNkNCHt7uIqF4xWKpHRe/+g2aDoJo1la8drjxG2hJjFYTq?= =?us-ascii?Q?p4cLUvURbeKqOrpYyqccWSPL2lzkzLhaC1DZ9Mz3E9kceHWZtXoBYyvqOANC?= =?us-ascii?Q?QEJAkevAE6Lx2uT28FHGd8mXQel1Jz3QAjsfTi8xtCrFCmpUWSp0g/CLXmNR?= =?us-ascii?Q?XbFrMAP/XdWvCDJgNP4xWWsuV802ggkQ9SKFF15ifST46x3jwL4ENNccUBSi?= =?us-ascii?Q?7qr0fq6HlwBn/RLkl+d16hSxJaiJYH4719UrGp04k2na++K4f9Di5kKtRhDj?= =?us-ascii?Q?2JzmUGl9jC2g6L+6hMDPloDxQtV1UtQlTn/DJ1pJvb2iztv0bGidO+DpxPAg?= =?us-ascii?Q?Tnb+eIajQrt+UsGFB+NB+3AA?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 044c3ae0-649d-4e15-f4c3-08d94219ddaf X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2021 14:08:31.1946 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: UG0V5P1ZxLGtJBl5c7+RCCH3U5/VrFf2n5jYi50UqHW2o3I8rimCzD0ebzC1NNN3Mazcr0lZcaPII9+C9uJabw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4592 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: lNpvyB1iGrxfEBRtOff0LNhhx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625753319; bh=MlwB6xLNpV9MkoRv/FOWAkKyTNtHIKfqvkmA4/5c+gY=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=OU5D66myD7GWswMh0wXaYXZ9DxoLdJ+l9Csmuxtq2Rgv4szS5/PsaRAZ0lGo6+0dgly JtfN+yukuPrla5EDin9nWlxBiEr/Evokk121+tsCCUKNN4fOdhRzi8H2/C4MdCUtWwK8b Oyv6T2K+0+RIAM1xOXRQOpym44oEfel5hnw= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1625753322830100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Make the VC handler hypercall aware by adding support to compare the hypercall number and add the additional register values used by hypercall in the GHCB. Also mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor guest page status tracking. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index 41b0c8cc53..7f69bfab5f 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -1171,6 +1171,15 @@ VmmCallExit ( Ghcb->SaveArea.Cpl =3D (UINT8) (Regs->Cs & 0x3); VmgSetOffsetValid (Ghcb, GhcbCpl); =20 + if (Regs->Rax =3D=3D KVM_HC_MAP_GPA_RANGE) { + Ghcb->SaveArea.Rbx =3D Regs->Rbx; + VmgSetOffsetValid (Ghcb, GhcbRbx); + Ghcb->SaveArea.Rcx =3D Regs->Rcx; + VmgSetOffsetValid (Ghcb, GhcbRcx); + Ghcb->SaveArea.Rdx =3D Regs->Rdx; + VmgSetOffsetValid (Ghcb, GhcbRdx); + } + Status =3D VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0); if (Status !=3D 0) { return Status; --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77595): https://edk2.groups.io/g/devel/message/77595 Mute This Topic: https://groups.io/mt/84068349/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 02:44:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77596+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77596+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1625753339314899.9347047934953; Thu, 8 Jul 2021 07:08:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XudTYY1788612xOpI1rcbsVN; Thu, 08 Jul 2021 07:08:58 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.65]) by mx.groups.io with SMTP id smtpd.web10.12517.1625753338173491179 for ; Thu, 08 Jul 2021 07:08:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LMaY+8e0Wg4J2Ss+NC+BvmGXp2u88Ep9O8f5o1E5lU0SRDZvOz2EIzVUZ8IIjUqY0qWSgi5l4d7Zaucw7bvUqNwm3A1faSENdl+iGxgORUiTlIhmegbYZZImtfP2neReLPoSqxg4nxEhWXaB7HkrG8GKRScvU1DsyWs1bRbgH3kty8JlMNifmsudSvNbaH/ZqZaNmEzShtNleluTz7GtzVb9IyHu4qZeHJ4eP8JYuivlA7TiZiMoYR3wA1n3DAVxOamhGGZyIVYUj7eFuJIcg2EzXMJH3DQg33FtGNAxpksjLDGmQEQrpT1J/8dFSmOrKwwBKAbbSgRzT3gIiVQ7lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XOr+t2+8q0VuuFQUcrfvaLLlapHmQDOoRDn5vnsYBfw=; b=CPOK1lNKiZTXSfMJOuLEJ6TL9DrNu1ynnpY0lziTXag+8tgPCmfmAes0pgaRDNL/BrsMzojPz6YK8DnGJbhBvSFvnAyULvZEyUM4kQDjFzQ/5HqMZ2HdO3g8ZB0cpLR9pbDhr0DDd4cPn/o5ZU2XH4kLiIpWPWwAPQnKg95gANEGFfOxbbGw6ZwqaznZerdZlxpzREwmU9aLsdujLKQbMcH++YNdjVvzGjte4kkoVtwLHZnZ1/HEms0wdq1kJqYacrr//Jryfpt3q6rQjuGfMkXl84POdgK/Y+ZIpukKumZyqpMdZk8tSoBN2oTzgZGab1MPz8EQLT3Q5h6G+2dFkA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SA0PR12MB4592.namprd12.prod.outlook.com (2603:10b6:806:9b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.22; Thu, 8 Jul 2021 14:08:56 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4287.035; Thu, 8 Jul 2021 14:08:56 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [edk2-devel] [PATCH v5 3/4] OvmfPkg/PlatformPei: Mark SEC GHCB page as unencrypted via hypercall Date: Thu, 8 Jul 2021 14:08:45 +0000 Message-Id: <959ad1f27b83dd52524ef187ff9fc96c90a8ab86.1625687246.git.ashish.kalra@amd.com> In-Reply-To: References: X-ClientProxiedBy: SN1PR12CA0108.namprd12.prod.outlook.com (2603:10b6:802:21::43) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SN1PR12CA0108.namprd12.prod.outlook.com (2603:10b6:802:21::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.19 via Frontend Transport; Thu, 8 Jul 2021 14:08:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8b803d81-7430-41f1-6ce0-08d94219ecb0 X-MS-TrafficTypeDiagnostic: SA0PR12MB4592: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6430; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: rmq5COFwhd3861PCu6S770GgyJ6Z2P0zxNBYgN55E8epjeq7Gwz0dixkBwJNw8951iCskwqLNBNdq9Rl4Gx0Iigwib0RiT3UpIGQmr0eRqp1Uo51598e8WPzMaUbybn4gSoozij5NNqabMqtu+/iJvVyIr6A9mAwzInOO0UWob3ANCv90I2jmQNy2CYpWT0Qp1fbQf/NvXsfifnhdhoP7F8eQjEVNYABqrKqpcm7DaBbda5uLP8hWl2Eo+NoTe2oQhkja/cWTlkJYHG/2H3lh68nuYZUfJ8ag6e9ocRVSgbPv8aMwhZsBgd1b+aERVh2aLpa2l4jX2HW4ssrzKcs0obsr4IolVH5dfHhJk1bQ1EDraleN7P+otMgZfPExjZveQ7AO7ips6pZSg0IyryLAHdNw3+pzDbInTTvWIW/2UJCBrpJO81OTYhf/4xXTUC2LRAAGv9BGJl6UQCUVYZgPPuBRzmenDjZrXkKSHD2REMWQt4kJVoiw5ZCwrXtqcp3J5zY942t4aU/Gw5yxAVUu2bMk8ooKvIa+1jn4P2CIb/nvgClwzwvMtcBbcfs8x2oP/YVBDIoGiiro5cQAveN28Q3Y1RqN/YfWgmQW9wlGZLr4AR/jUTJuuuNBgBhSEPSGBR0VyPhPb0SjrzBaxIdcNF/eCf5PsYbAHcEiup6g1ummLk88epDzXZvmvgUuV1IPNylI3+f+ftPWJ9wSI9BVg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?QcO+4LdvUWmmQtJL5Wibh7+d6qe10hw9PPE+9Z1cbjJLJPBWW2kc3rAjCBKz?= =?us-ascii?Q?zGc8++1dhLTCANjzoDc38DMp+gh8uutWiBIaMGH6zDtUsoQJ2E5RIhTrGQPJ?= =?us-ascii?Q?1nMSSjOspQu/f5EWaxaEEKPcOPHkXR97akXBqkTpImOAdO3Tvk5jdHkMRVll?= =?us-ascii?Q?55dhZ620FtP5/nT16snX8uiNGSSlcL9DzNdDfpWgd5qQBC7D/5aB36zB+XMj?= =?us-ascii?Q?zgERprOlB0nDWTRb7T7pA5VXJbMP7XRsJDehwAmxej62hfQF3ZXnlwnZS1xZ?= =?us-ascii?Q?0pICKrUKztHQ2B0BtBtVoj2XqAwX3vc8VbImC05gwow7C+hn76Xpes95UlV3?= =?us-ascii?Q?LaEg3Z7O9b8D/y6Uxewdm0toesSmf2P2YKRSayFtHSr3EkY5aPU5W0kEC6n+?= =?us-ascii?Q?/N89ZQcMUWpbKDPCsw+GiMnf8h+f63eIJ3OH4SCk1ogVCCTRDEx8o/73XYwM?= =?us-ascii?Q?IqImiu6DIGwqn7pl/DvzpHKS7fH3IbWZIcMUccEg4y4bO/D4RwyMqMOjxpHi?= =?us-ascii?Q?88QM6efqL8TVxU7IkLL74aLEJBaB6OUzrTXvkeLZmHkiAaowpQX7EwThPyRJ?= =?us-ascii?Q?R7sf0gnYVjFz28NvmdOLcBbJNLr6HV7noF2zuwpDjyrlX0cIqYpK015dEGzv?= =?us-ascii?Q?d61qDD+ySdavBfroVqJPiCc69ARgTDzQBAn+/4eroBisSv+76jqBfAkgeNiu?= =?us-ascii?Q?TUksXBH9+e0HWijkXImPCwjIah6n+iJUM8wsSQiCjazvOSDoG/MnvrV5/rgp?= =?us-ascii?Q?swVQ6XMqU5TWbjXjnLNRvtDMxVIGQMyhPhht6H22GaEQwNsuEXBM4qu7Q0z/?= =?us-ascii?Q?0I1s37BUeDYnOMZpzEZCxSg28lNiH/9w9e9H9fesuwlWShU+UHixWD67Q9G5?= =?us-ascii?Q?8mtTs/VGMaa1X24IXwj4kVarGhC56aXGUj61pESpSdilHhwX1J03LwXbjs3J?= =?us-ascii?Q?pbDPRC9ZSqMr4DOKMv8c5wTsB3/uFVtkvRpm81mEzepF7Xmyv1H9QrffO1wO?= =?us-ascii?Q?nVx5gWgsxaaDCbCc92bH5/m/TBlj1Xy1LlnY/hQCl250FRGfBHOtUFSpRHcH?= =?us-ascii?Q?sWLSTIIcTFV9ZvUFriGXEOxFy4ERXnBt0McXgs2U2/n5BRjhaln8HwmMwIuw?= =?us-ascii?Q?JPWkHAkpXrpNv3Pnw6/zEjAZQZZR1dOM+v/HPwiqpAIZFuBxJn/x3b1n9Dmw?= =?us-ascii?Q?e92Xt7d5rROLSF3POzAQCXgm53c5kzIc+ir0YSsXJhzJPxez7ug678X6QP7+?= =?us-ascii?Q?zHV/LKK76xa8QUtcO4maBxFbFsemduhIRjhCWvlgWCv9CT97Fn6OY/ou3ysv?= =?us-ascii?Q?SdiBmc1wkh8QHeZvGdqUm1sJ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8b803d81-7430-41f1-6ce0-08d94219ecb0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2021 14:08:56.3785 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AM6G6cPHMCm/q4hrpd+mWr/qoEI69zycnOzzkJWvvfdqruNYgbdpz9jc48QMWxeKQZm+eonjWV2XEq34RVMF0w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4592 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: EAqeKBCwaT2ADANANIR8aCxhx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625753338; bh=IMYwCdySVOmwXO4w75I2Mq3JjzwDbPBt1f0rZYfSctQ=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=d8sfsDpI8bwNg90TQ69FW/2JSz8x0q6ZUxnZsr/DjK3Sd/XNpOFpURpcl38leeKAYFK P67yJ4l7ZO5TndiNE3OrGWTDC7O3dVoAzaUIxdaJI5mcLLDjBM+mHJJdt2cM3eTlIZC8l AtzNVkNNt6Vxc7snnxTX+BfE7HAvAa+zb+A= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1625753340256100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Mark the SEC GHCB page (that is mapped as unencrypted in ResetVector code) in the hypervisor page status tracking. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Ashish Kalra --- OvmfPkg/PlatformPei/AmdSev.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index a8bf610022..1ec0de48fe 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -52,6 +52,15 @@ AmdSevEsInitialize ( PcdStatus =3D PcdSetBoolS (PcdSevEsIsEnabled, TRUE); ASSERT_RETURN_ERROR (PcdStatus); =20 + // + // GHCB_BASE setup during reset-vector needs to be marked as + // decrypted in the hypervisor page encryption bitmap. + // + SetMemoryEncDecHypercall3 (FixedPcdGet32 (PcdOvmfSecGhcbBase), + EFI_SIZE_TO_PAGES(FixedPcdGet32 (PcdOvmfSecGhcbSize)), + KVM_MAP_GPA_RANGE_DECRYPTED + ); + // // Allocate GHCB and per-CPU variable pages. // Since the pages must survive across the UEFI to OS transition --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77596): https://edk2.groups.io/g/devel/message/77596 Mute This Topic: https://groups.io/mt/84068365/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 02:44:56 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+77597+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+77597+1787277+3901457@groups.io; arc=fail (BodyHash is different from the expected one) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1625753368243805.0235561325849; Thu, 8 Jul 2021 07:09:28 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id XcywYY1788612xt5h8RTBlZi; Thu, 08 Jul 2021 07:09:27 -0700 X-Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.66]) by mx.groups.io with SMTP id smtpd.web12.12608.1625753362234372883 for ; Thu, 08 Jul 2021 07:09:22 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CusKNW5+ZXBrua+mdlwmAjbBTixaKUUjc8UYsvwXf65A+Xz727srPVUgxjc2JdpLaO7fxBa01fgqh3uVTIyxwvTWSuOQ7Vs/k28OSuojY65PstE3RifLviDNwsxPGx+k0W2IoMBg6FbUAkPfkaukHl+yRxs1bxOJ6oQv0eKTR+GtgjQrPZjmXj/nyEARvkaTdwUEFUIGzMp0dnTKEllZnQpW79Cjk093k+/b59fKwxQeltbF+j4/ndkDM8uyj+kUFgfivWO2hk1ZNOkBDYYsFM3CRsurTdgiwFsPw2OIRfrVZBfPav74wkyYmNpvtU6D+0MS7nL8JWdH1o3GhxM9KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S5tjDTzYsGMh2RJ2YgKz+XRmynbBaYjzRuIE/Zy8G7M=; b=Ga9shdH76lfW2QNjp5EXQFkmiBfzgdJEPKDukri1NW84S37JsoMk2nl1Y7U811cZjYpJPd3hHc5c6xAXMDfRQqEIk9/PemVbar3HMErzI2RFfuuupJpl/rGoFv2hNT5TEkObvFbB8CcrW4dKagi2/LBU3nKv3rS9VaiXltn0uQUGaK6Fl3TY+LObnXlyCsIvGsK7ywN2HsRZv5aKM0dRwCPT+YsY7/RSt3lFQwab52Av3JlagqUaRC2wVX12pgJez7nd4fbsF4//+0Z1j7CB/Al7iT/tlaWT8PYiLbJ3x2di810f/jLRHlqwvY5U2ymbGawYhaaLIGfFyHlxuWUy6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2719.namprd12.prod.outlook.com (2603:10b6:805:6c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.19; Thu, 8 Jul 2021 14:09:19 +0000 X-Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::e8b2:38db:240f:b3ec%7]) with mapi id 15.20.4287.035; Thu, 8 Jul 2021 14:09:19 +0000 From: "Ashish Kalra via groups.io" To: devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, Thomas.Lendacky@amd.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: [edk2-devel] [PATCH v5 4/4] OvmfPkg/AmdSevDxe: Add support for SEV live migration. Date: Thu, 8 Jul 2021 14:09:05 +0000 Message-Id: In-Reply-To: References: X-ClientProxiedBy: SA0PR11CA0094.namprd11.prod.outlook.com (2603:10b6:806:d1::9) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-Received: from ashkalra_ubuntu_server.amd.com (165.204.77.1) by SA0PR11CA0094.namprd11.prod.outlook.com (2603:10b6:806:d1::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.20 via Frontend Transport; Thu, 8 Jul 2021 14:09:18 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 51b3b98a-da9a-477d-c08f-08d94219fa86 X-MS-TrafficTypeDiagnostic: SN6PR12MB2719: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: Z9TkaKeFXkHvGKUuOnPFbhai+nVmqmVyJHIj+w9fbDy1YgK12VAuE5Ai+IRnc4NmWQLc16eOaogux698UNOhfGADTzCcVoAZZKjE/xIox5//8e9kauFJuKoSnNBUNzKLkUTsfP7OMRBC2ktvSv9Hzv6xnUakAPi28/p5cAROuSfGEidzUZkVMya4AD+nt3SO4LnCvTBatPvflIClQGXM7nQNkQJPExrFGMOkU49qBLMM2yHdJojRr5gBGnUfHORh+0yhw8dms3bWciqd91/xzACW3iCEv9QdxlIJo2RQjm4K7eA8O//fDjyrZTidsCM7jXGGtE2PAMYa+xos713Ha46060BqpMeGTUSDu5STOwDrKJkwFRIHGd4yOzKAcNd4aKM5wiwH6ERfxhgiioCNkLb67IUM1Fv7jjVW9v3eLetYPiOf2NG6tmnpB8xGRL85BhI9Yr0/XLH+U1fIUd1qcRyNFf191Xz/JnGOwnx5NBgIWpWkVzwpusWtENrd8hMHFJ6PXLcYN1nibeTEUmUQlB9Sy6v7CMte8WoWh22JPUhbSupn34thTfoktSjfrsAixOPd6tzQQ9DloCJDJWVpk9CmuO3tNmpYNIHr4v+QKjlYL7D2uBhighoFAHMcOqblCW9XaPgQ75EZjH/AkmmzxtADWJMC4T6Kp+w7DCle00kh1LF8V56PHjXZDlwTLjanL8hBTld/DMek42XuTpAFbg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?GGhmZ8nG5qm5x2Sp93RIUF69wlh1E2cB+k4pOdKXkKtqub+V9Xv6XoqJ8WwR?= =?us-ascii?Q?mfAFk2vr++Xr9fEHHVl88Ikdnte9KOSW4ltPfZMAIe6hG0JshLuzIuo+jjmw?= =?us-ascii?Q?Psf10me0nMBSORoee/viSTBHtambnfL4NxhKpQ6ueHhLUiv8Y6onVMFQ8k7U?= =?us-ascii?Q?76Dc+5HS/ZYSXQj7ISNnSmRDe0RyU7HEzieQXBAA/6Dpleky8Ocyax4Z4qhE?= =?us-ascii?Q?2yOz3UQNHOUVfiSC29OCGAWgQiQ35bvMEwGfTWmJRq0u3zVJ8xeqn5xSxAYC?= =?us-ascii?Q?fR4DhIUiJDK1O5INC/SVwNkqAOby6k3x7OVX0nK8f8rocJIzMCZAeGhnWH9I?= =?us-ascii?Q?jZEOfRD1zpIO256E9Nqdna5AAtCd8ZaJJhfKCDutIhllVbvBWCdluZFljJEe?= =?us-ascii?Q?VQyJoYdeLrWMfj4Iz5ZVybfjBepWXFuPHIEdMEZ8vCnN+5lobI81ciOkbRI/?= =?us-ascii?Q?EnKGbv5KXHdvq7kYKvqj8rZbKPu+a7Zf4Q5kdi+4n+YkLN5jvpMxJxf24wcv?= =?us-ascii?Q?7XQcERsEbwOQfPxek6WF0yEv9xzApCoshewGDUMJq/v7ZWlQHIYb9y9XfoVs?= =?us-ascii?Q?OrbqjnMPAKrQ1kWrz+WXXOsR3MHmT4Ya++G4X/I1JL/uwNGOKJQiL/hq3NUm?= =?us-ascii?Q?iWXccwT6+ed66h3rgvjEGtDNXX4g1Z1xx2qyHyYQtJmSWyi7K7+8DKGXA1i+?= =?us-ascii?Q?W8ztm58I8Ng9MayBJ0MNw9Uy33a/eunatVQX74DhevACBj/qUsb3lep9vTS2?= =?us-ascii?Q?0wevIQLWDCcMrfobpliVSWjDSZeIGZO3i1kRbKfqcOp1qm4n73GysypJAS++?= =?us-ascii?Q?TLuUNX5ZF8u0jUy5XyqfudInbU5gOGFnRgHNXBoxSO+bU583oKHzJPS/Lygf?= =?us-ascii?Q?mkpSw/mEOtEEHIYa0SMMGu0oh4IYI1mJA9sB0wB0Fj25n2OLTJjI7IH81hQs?= =?us-ascii?Q?tTSwMtLn2zVVDF1vcOui6uKw2ilvgafplf1qTP2fZj9bIG0JXd8kYJhUnkOq?= =?us-ascii?Q?cRi2IpSPEa7jIneTmYnhdwurimN4eq0hR1fKJTu7vJ0Hqu41rHIPZlzU1RKG?= =?us-ascii?Q?Cbl+ASLh/Wd0DdXsig+3clFRcWnLUxaRBOeL5coJrJZNXrSQ5GUhDQJ4J7Vm?= =?us-ascii?Q?1MfwMdvszEhSA2flPD4XfpsE1PmmTGvzA2a42Ua0HRX973NnA9IlheKeoMqf?= =?us-ascii?Q?WWBy3Uj8YELeM/eD/TDJdqOy4GQhw67p1rU5MordySS89idXzJ+RUdPPfE7/?= =?us-ascii?Q?1YXwwS9wLjha3wwEt+2/xmZaf2//+9CexOHTT7GUixIBFjhbvEIfGQi3idF/?= =?us-ascii?Q?H/+IAsCn+zjEnxb93yToRTfS?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 51b3b98a-da9a-477d-c08f-08d94219fa86 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2021 14:09:19.5755 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WeGwPjSTuKs011MX5n4iiKNH1v1wDaNQmBUEJKXAbQ4yIaqE495BlV9Gzb2vKbJRYkYMequw66g0XmGmzSBAsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2719 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,ashish.kalra@amd.com X-Gm-Message-State: F7Z9KaSpArRW8eJUzmiQe6Aqx1787277AA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1625753367; bh=s3cAVnczloH8wsZUYoL3yiI9hBkMeG1Yo/6S+jCIsTM=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=NF8kWZyQ8zYjYBhkPsaWQUlex5LhjCdzJXGQfhDrMzU1Ajoz2JyKXOXPts3tq0dBB3J GaV4rG1rAa9MKH1Tim4oiyxl2eKKb9zIMsPcvUAa48KdmfPxzdtyUuuu7ZVnapstmxOpe qeLkhYtCyIdXaExp9zIBrvcGPNXqajA/i44= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1625753368885100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ashish Kalra Check for SEV live migration feature support, if detected setup a new UEFI enviroment variable to indicate OVMF support for SEV live migration. The new runtime UEFI environment variable is set via the notification function registered for the EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. Signed-off-by: Ashish Kalra --- OvmfPkg/AmdSevDxe/AmdSevDxe.c | 59 ++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ OvmfPkg/Include/Guid/MemEncryptLib.h | 20 +++++++ OvmfPkg/OvmfPkg.dec | 1 + 4 files changed, 84 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c index c66c4e9b92..45adf3249c 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -15,10 +15,49 @@ #include #include #include +#include +#include #include #include +#include +#include #include =20 +STATIC +VOID +EFIAPI +AmdSevDxeOnEndOfDxe ( + IN EFI_EVENT Event, + IN VOID *EventToSignal + ) +{ + EFI_STATUS Status; + BOOLEAN SevLiveMigrationEnabled; + + SevLiveMigrationEnabled =3D MemEncryptSevLiveMigrationIsEnabled(); + + if (SevLiveMigrationEnabled) { + Status =3D gRT->SetVariable ( + L"SevLiveMigrationEnabled", + &gMemEncryptGuid, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (BOOLEAN), + &SevLiveMigrationEnabled + ); + + DEBUG (( + DEBUG_INFO, + "%a: Setting SevLiveMigrationEnabled variable, status =3D %lx\n", + __FUNCTION__, + Status + )); + } + + DEBUG ((DEBUG_VERBOSE, "%a\n", __FUNCTION__)); +} + EFI_STATUS EFIAPI AmdSevDxeEntryPoint ( @@ -30,6 +69,7 @@ AmdSevDxeEntryPoint ( EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; UINTN NumEntries; UINTN Index; + EFI_EVENT Event; =20 // // Do nothing when SEV is not enabled @@ -130,5 +170,24 @@ AmdSevDxeEntryPoint ( } } =20 + // + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. + // The notification function sets the runtime variable indicating OVMF + // support for SEV live migration. + // + Status =3D gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + AmdSevDxeOnEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &Event + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n", + __FUNCTION__, Status)); + } + return EFI_SUCCESS; } diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.= inf index 0676fcc5b6..f4e40ff412 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf @@ -45,3 +45,7 @@ =20 [Pcd] gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + +[Guids] + gMemEncryptGuid + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event diff --git a/OvmfPkg/Include/Guid/MemEncryptLib.h b/OvmfPkg/Include/Guid/Me= mEncryptLib.h new file mode 100644 index 0000000000..4c046ba439 --- /dev/null +++ b/OvmfPkg/Include/Guid/MemEncryptLib.h @@ -0,0 +1,20 @@ +/** @file + + AMD Memory Encryption GUID, define a new GUID for defining + new UEFI enviroment variables assocaiated with SEV Memory Encryption. + + Copyright (c) 2020, AMD Inc. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __MEMENCRYPT_LIB_H__ +#define __MEMENCRYPT_LIB_H__ + +#define MEMENCRYPT_GUID \ +{0x0cf29b71, 0x9e51, 0x433a, {0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x= 75}} + +extern EFI_GUID gMemEncryptGuid; + +#endif diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec index 6ae733f6e3..e452dc8494 100644 --- a/OvmfPkg/OvmfPkg.dec +++ b/OvmfPkg/OvmfPkg.dec @@ -122,6 +122,7 @@ gQemuKernelLoaderFsMediaGuid =3D {0x1428f772, 0xb64a, 0x441e, {= 0xb8, 0xc3, 0x9e, 0xbd, 0xd7, 0xf8, 0x93, 0xc7}} gGrubFileGuid =3D {0xb5ae312c, 0xbc8a, 0x43b1, {= 0x9c, 0x62, 0xeb, 0xb8, 0x26, 0xdd, 0x5d, 0x07}} gConfidentialComputingSecretGuid =3D {0xadf956ad, 0xe98c, 0x484c, {= 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47}} + gMemEncryptGuid =3D {0x0cf29b71, 0x9e51, 0x433a, {= 0xa3, 0xb7, 0x81, 0xf3, 0xab, 0x16, 0xb8, 0x75}} =20 [Ppis] # PPI whose presence in the PPI database signals that the TPM base addre= ss --=20 2.17.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#77597): https://edk2.groups.io/g/devel/message/77597 Mute This Topic: https://groups.io/mt/84068379/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-