From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61]) by mx.groups.io with SMTP id smtpd.web10.10455.1590143479148979166 for ; Fri, 22 May 2020 03:31:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DKPnSzIe; spf=pass (domain: redhat.com, ip: 205.139.110.61, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590143478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E+OKoj1tsVjmTZ89aYmHUjFFU+JqKdFX9yg9nSvAK8A=; b=DKPnSzIeDOREk35DrKjQD5llDn19/0oNHQIGhstPzCD/HLQmCMxqAdcUptoUXaJTEaUKAQ BxxvNBkrFIJlT43wGgiE2Y+T1BGUsdTpFAsW86PKjutTK7rY6m9TI0YXe7ahCbEWLD9202 88Dqim5S220msOxrl+qfT/PM3ho7B3E= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-214--g-avXB_NtS1WjZoltzqfQ-1; Fri, 22 May 2020 06:31:16 -0400 X-MC-Unique: -g-avXB_NtS1WjZoltzqfQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 085881800D42; Fri, 22 May 2020 10:31:15 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-40.ams2.redhat.com [10.36.112.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id 758295C1D3; Fri, 22 May 2020 10:31:12 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v8 16/46] OvmfPkg/VmgExitLib: Add support for MSR_PROT NAE events To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Ard Biesheuvel References: <0c535885cd63be2633ae1f421014f5d2598fe0cc.1589925074.git.thomas.lendacky@amd.com> From: "Laszlo Ersek" Message-ID: <0e6d2b87-4ad9-2600-b986-a0b58ca0b8ac@redhat.com> Date: Fri, 22 May 2020 12:31:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <0c535885cd63be2633ae1f421014f5d2598fe0cc.1589925074.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 05/19/20 23:50, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Under SEV-ES, a MSR_PROT intercept generates a #VC exception. VMGEXIT must > be used to allow the hypervisor to handle this intercept. > > Add support to construct the required GHCB values to support an MSR_PROT > NAE event. Parse the instruction that generated the #VC exception to > determine whether it is RDMSR or WRMSR, setting the required register > register values in the GHCB and creating the proper SW_EXIT_INFO1 value in > the GHCB. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 63 +++++++++++++++++++ > 1 file changed, 63 insertions(+) > > diff --git a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c > index 2f62795edf61..1c6b472a47c4 100644 > --- a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c > +++ b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c > @@ -411,6 +411,65 @@ UnsupportedExit ( > return Status; > } > > +/** > + Handle an MSR event. > + > + Use the VMGEXIT instruction to handle either a RDMSR or WRMSR event. > + > + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communication > + Block > + @param[in, out] Regs x64 processor context > + @param[in] InstructionData Instruction parsing context > + > + @retval 0 Event handled successfully > + @retval Others New exception value to propagate > + > +**/ > +STATIC > +UINT64 > +MsrExit ( > + IN OUT GHCB *Ghcb, > + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, > + IN SEV_ES_INSTRUCTION_DATA *InstructionData > + ) > +{ > + UINT64 ExitInfo1, Status; > + > + ExitInfo1 = 0; > + > + switch (*(InstructionData->OpCodes + 1)) { > + case 0x30: // WRMSR This comment looks great! > + ExitInfo1 = 1; > + Ghcb->SaveArea.Rax = Regs->Rax; > + GhcbSetRegValid (Ghcb, GhcbRax); > + Ghcb->SaveArea.Rdx = Regs->Rdx; > + GhcbSetRegValid (Ghcb, GhcbRdx); > + /* Fallthrough */ (1) This comment is very appreciated (I vaguely remember that the coding style actually requires it), but we're supposed to put it like this: // // fall through // (See: "git grep -B1 -A1 -i 'fall through'".) > + case 0x32: // RDMSR > + Ghcb->SaveArea.Rcx = Regs->Rcx; > + GhcbSetRegValid (Ghcb, GhcbRcx); > + break; > + default: > + return UnsupportedExit (Ghcb, Regs, InstructionData); > + } > + > + Status = VmgExit (Ghcb, SVM_EXIT_MSR, ExitInfo1, 0); > + if (Status) { (2) As usual, please check (Status > 0) or (Status != 0) explicitly. Acked-by: Laszlo Ersek Thanks Laszlo > + return Status; > + } > + > + if (!ExitInfo1) { > + if (!GhcbIsRegValid (Ghcb, GhcbRax) || > + !GhcbIsRegValid (Ghcb, GhcbRdx)) { > + return UnsupportedExit (Ghcb, Regs, InstructionData); > + } > + Regs->Rax = Ghcb->SaveArea.Rax; > + Regs->Rdx = Ghcb->SaveArea.Rdx; > + } > + > + return 0; > +} > + > #define IOIO_TYPE_STR (1 << 2) > #define IOIO_TYPE_IN 1 > #define IOIO_TYPE_INS (IOIO_TYPE_IN | IOIO_TYPE_STR) > @@ -743,6 +802,10 @@ VmgExitHandleVc ( > NaeExit = IoioExit; > break; > > + case SVM_EXIT_MSR: > + NaeExit = MsrExit; > + break; > + > default: > NaeExit = UnsupportedExit; > } >