From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=zqfAG4OR; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.72.63, mailfrom: thomas.lendacky@amd.com) Received: from NAM05-CO1-obe.outbound.protection.outlook.com (NAM05-CO1-obe.outbound.protection.outlook.com [40.107.72.63]) by groups.io with SMTP; Mon, 19 Aug 2019 14:36:01 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iLnrSHkifv8c2kvginqsw1Z06OOMKO3Kmryl5AW03olL4AFJm7+989rCFC+P/RVZk6x0Y1l4EtU5d+AtqwtajTJ5PKAYowR6+xhj7nzML30+1KDj/AIBYDXh027q305++XUKCqWnsZ8ueaK2X81gyczlwHXD1je+A6eUqIs8szS/ILBy6TUGT6ofAr1HNHibI2VJA/gPhW41I4tXmB6SWyaMhVtiESyZbg+uT/Lz0ooR4u3dCzYskbyTIh+gChcqg0Q/EbDoPnz6KinIXvTs9ENxhNt37/4Q2JJosyR6ONB5OnvaUKW1jQbGS6irWd6J0dAc+7Su2pzD/28LrfsfJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bLoMFf82FiUF8KWca7Jj5hJ7fQO3A+oTay0RbiiRpg0=; b=iaDefCQ9JaNNE9dMMX3PG/5sPKirWtmiZk7/2m8stu+pk1+Sz/b5seQe/A4z0dYIg4YXS3kMqyf3r6pjcUidZrb0moS7G90xOXtFuGlQ5xQQK52M6mwDlgh+Dz6M4uKcE9UCv0oOohbI1kYQFeCNe4Vb4Fsz7/2CDvzgMUXVdOvorxIgQy6zDMEBWKB5AWHCzfyJj3DFsPDlT6GvUq+jdcTe3uk0yllpqRmaxmufMTYD1Ih5uKzSu8AoJe7+Bso0ooY0ABwzuZaBg0xs67OulLoZJc57N2PSEo5wChRDWX+kT8B/Smu/pT2nUGphFIpPMdRsiSlcKYtxO69Kul31sA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bLoMFf82FiUF8KWca7Jj5hJ7fQO3A+oTay0RbiiRpg0=; b=zqfAG4ORpmp5dUsO1/5iMEyfhxEhL6ITaNVsb6RLCWOH6JK42rfzMiQ2Cx/ziMujn4hSngmsh7eQoYQh/HegjDmqCG5Q06uk7cevXsVrBWqXTV4tJDsLjnmIS1hJx4+Ekcla4SfdLq9p8hDZsvw03h6b3d3VmBYp8DW9PbpVAOs= Received: from BYAPR12MB3158.namprd12.prod.outlook.com (20.179.92.19) by BYAPR12MB3112.namprd12.prod.outlook.com (20.178.54.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Mon, 19 Aug 2019 21:35:59 +0000 Received: from BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27]) by BYAPR12MB3158.namprd12.prod.outlook.com ([fe80::39b9:76bd:a491:1f27%6]) with mapi id 15.20.2157.022; Mon, 19 Aug 2019 21:35:59 +0000 From: "Lendacky, Thomas" To: "devel@edk2.groups.io" CC: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" Subject: [RFC PATCH 10/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Sec phase Thread-Topic: [RFC PATCH 10/28] UefiCpuPkg/CpuExceptionHandler: Add base #VC exception handling support for Sec phase Thread-Index: AQHVVtYXXVuQbRGlrUCvu8MUEo5B2A== Date: Mon, 19 Aug 2019 21:35:59 +0000 Message-ID: <0eb5cfa2ec3ba07a06da84a2bb8ed6f5feca54bf.1566250534.git.thomas.lendacky@amd.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.17.1 x-clientproxiedby: SN2PR01CA0031.prod.exchangelabs.com (2603:10b6:804:2::41) To BYAPR12MB3158.namprd12.prod.outlook.com (2603:10b6:a03:132::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [165.204.77.1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4520f619-90ac-4dcb-7db2-08d724ed39d6 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020);SRVR:BYAPR12MB3112; x-ms-traffictypediagnostic: BYAPR12MB3112: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; x-forefront-prvs: 0134AD334F x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(346002)(376002)(366004)(396003)(136003)(189003)(199004)(66556008)(66476007)(5660300002)(52116002)(76176011)(186003)(86362001)(305945005)(7736002)(6116002)(66446008)(6916009)(5640700003)(36756003)(6436002)(6486002)(102836004)(6506007)(386003)(26005)(2351001)(476003)(2501003)(2616005)(486006)(11346002)(66066001)(118296001)(25786009)(446003)(54906003)(2906002)(19627235002)(4326008)(6512007)(99286004)(71200400001)(8936002)(50226002)(71190400001)(316002)(14444005)(8676002)(478600001)(256004)(53936002)(3846002)(81166006)(1730700003)(81156014)(66946007)(64756008)(14454004);DIR:OUT;SFP:1101;SCL:1;SRVR:BYAPR12MB3112;H:BYAPR12MB3158.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: amd.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: kXTV+vGQEJM8Jc6L9sxZy/zT6wM2UNt89nsvE7h89+JQ8/IGIxqKaI5AGI/Yr2MOpbvmdd24PlGNXGTWTWKWDH6PIA7ooWYmVcl7nfYa6jJwgE7j0psERzZCQBwkJ8dinOuCTWoUkU4X2AwpgKwWj7syE17oYldQ3Naj/X2tcy4v3bspg/8RnFxAhCAEuk4o//qlv7/Q/bKty3mTqswk8KXie6D1xO0/s41jfiHwNoVDt0z9ek4OsSRsTrihJTXmLcHBj4Z2wX97lNwvv3Ji4WmxKJLwC3Qx+7efunoPjPN2QTJPZ0M6HDMarARyjjNultQz7amd6kqU1mzfmbU7Q83FXZbh5YCE10Qk+s9B0PCihNODudUGksgTNrjRUW6gxrfuenYNn7rt7B1FZsHbq+pMvMm7oOQPYhpkhGogyYA= MIME-Version: 1.0 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4520f619-90ac-4dcb-7db2-08d724ed39d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Aug 2019 21:35:59.5050 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: w1oErIJzOVdr3pB2Ha+PjYKWtaCjQlrRV3BWH34WQPLdwW/Y2OchK69MYYxAc3/QD8U01igiPi7mvcbTEY75fA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR12MB3112 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-ID: <7678AB5A0505084C8393C7D5E4FC264D@namprd12.prod.outlook.com> Content-Transfer-Encoding: quoted-printable From: Tom Lendacky An SEV-ES guest will generate a #VC exception when it encounters a non-automatic exit (NAE) event. It is expected that the #VC exception handler will communicate with the hypervisor using the GHCB to handle the NAE event. NAE events can occur during the Sec phase, so initialize exception handling early in the OVMF Sec support. Add to the basic #VC exception handler to set the GHCB MSR to a pre-allocated GHCB and call a common #VC handler. Signed-off-by: Tom Lendacky --- OvmfPkg/Sec/SecMain.inf | 1 + .../SecPeiCpuExceptionHandlerLib.inf | 2 ++ .../CpuExceptionHandlerLib/AMDSevVcCommon.h | 7 ++++ MdePkg/Library/BaseLib/Ia32/GccInline.c | 17 +++++++++ OvmfPkg/Sec/SecMain.c | 29 ++++++++------- .../Ia32/AMDSevVcCommon.c | 13 +++++++ .../SecAMDSevVcHandler.c | 36 ++++++++++++++++++- .../X64/AMDSevVcCommon.c | 27 ++++++++++++++ 8 files changed, 118 insertions(+), 14 deletions(-) create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVc= Common.c create mode 100644 UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcC= ommon.c diff --git a/OvmfPkg/Sec/SecMain.inf b/OvmfPkg/Sec/SecMain.inf index 63ba4cb555fb..7f53845f5436 100644 --- a/OvmfPkg/Sec/SecMain.inf +++ b/OvmfPkg/Sec/SecMain.inf @@ -50,6 +50,7 @@ [LibraryClasses] PeCoffExtraActionLib ExtractGuidedSectionLib LocalApicLib + CpuExceptionHandlerLib =20 [Ppis] gEfiTemporaryRamSupportPpiGuid # PPI ALWAYS_PRODUCED diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHa= ndlerLib.inf b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuException= HandlerLib.inf index 5e5ab6244b11..1b3605af5ca4 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLi= b.inf +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLi= b.inf @@ -26,11 +26,13 @@ [Sources.Ia32] Ia32/ExceptionTssEntryAsm.nasm Ia32/ArchExceptionHandler.c Ia32/ArchInterruptDefs.h + Ia32/AMDSevVcCommon.c =20 [Sources.X64] X64/ExceptionHandlerAsm.nasm X64/ArchExceptionHandler.c X64/ArchInterruptDefs.h + X64/AMDSevVcCommon.c =20 [Sources.common] CpuExceptionCommon.h diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h b/U= efiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h index ee52f3b5220d..94f9e6e5122d 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/AMDSevVcCommon.h @@ -3,10 +3,17 @@ #define _AMD_SEV_VC_COMMON_H_ =20 #include +#include =20 UINTN DoVcException( EFI_SYSTEM_CONTEXT Context ); =20 +UINTN +DoVcCommon( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT Context + ); + #endif diff --git a/MdePkg/Library/BaseLib/Ia32/GccInline.c b/MdePkg/Library/BaseL= ib/Ia32/GccInline.c index 5287200f8754..55d2e12bcdc9 100644 --- a/MdePkg/Library/BaseLib/Ia32/GccInline.c +++ b/MdePkg/Library/BaseLib/Ia32/GccInline.c @@ -1763,3 +1763,20 @@ AsmFlushCacheLine ( } =20 =20 +/** + Executes a VMGEXIT instruction. + + Executes a VMGEXIT instruction. This function is only available on IA-32= and + X64. + +**/ +VOID +EFIAPI +AsmVmgExit ( + VOID + ) +{ + __asm__ __volatile__ ("rep; vmmcall":::"memory"); +} + + diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c index 2448be0cd408..021c1bd30711 100644 --- a/OvmfPkg/Sec/SecMain.c +++ b/OvmfPkg/Sec/SecMain.c @@ -24,6 +24,7 @@ #include #include #include +#include =20 #include =20 @@ -737,6 +738,21 @@ SecCoreStartupWithStack ( Table[Index] =3D 0; } =20 + // + // Initialize IDT + // + IdtTableInStack.PeiService =3D NULL; + for (Index =3D 0; Index < SEC_IDT_ENTRY_COUNT; Index ++) { + CopyMem (&IdtTableInStack.IdtTable[Index], &mIdtEntryTemplate, sizeof = (mIdtEntryTemplate)); + } + + IdtDescriptor.Base =3D (UINTN)&IdtTableInStack.IdtTable; + IdtDescriptor.Limit =3D (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); + + AsmWriteIdtr (&IdtDescriptor); + + InitializeCpuExceptionHandlers (NULL); + ProcessLibraryConstructorList (NULL, NULL); =20 // @@ -756,19 +772,6 @@ SecCoreStartupWithStack ( // InitializeFloatingPointUnits (); =20 - // - // Initialize IDT - // =20 - IdtTableInStack.PeiService =3D NULL; - for (Index =3D 0; Index < SEC_IDT_ENTRY_COUNT; Index ++) { - CopyMem (&IdtTableInStack.IdtTable[Index], &mIdtEntryTemplate, sizeof = (mIdtEntryTemplate)); - } - - IdtDescriptor.Base =3D (UINTN)&IdtTableInStack.IdtTable; - IdtDescriptor.Limit =3D (UINT16)(sizeof (IdtTableInStack.IdtTable) - 1); - - AsmWriteIdtr (&IdtDescriptor); - #if defined (MDE_CPU_X64) // // ASSERT that the Page Tables were set by the reset vector code to diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVcCommon.= c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVcCommon.c new file mode 100644 index 000000000000..1b0c44bd6a61 --- /dev/null +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/Ia32/AMDSevVcCommon.c @@ -0,0 +1,13 @@ + +#include +#include +#include "AMDSevVcCommon.h" + +UINTN +DoVcCommon ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT Context + ) +{ + return GP_EXCEPTION; +} diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c index 1e027b3f2964..a32025d3481b 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/SecAMDSevVcHandler.c @@ -1,11 +1,45 @@ =20 +#include +#include #include "CpuExceptionCommon.h" #include "AMDSevVcCommon.h" =20 + +#define GHCB_INIT 0x807000 + UINTN DoVcException( EFI_SYSTEM_CONTEXT Context ) { - return 0; + MSR_SEV_ES_GHCB_REGISTER Msr; + GHCB *Ghcb; + + Msr.GhcbPhysicalAddress =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + Ghcb =3D Msr.Ghcb; + + if (Msr.Bits.GhcbNegotiateBit) { + if (Msr.GhcbProtocol.SevEsProtocolMin > Msr.GhcbProtocol.SevEsProtocol= Max) { + ASSERT (0); + return GP_EXCEPTION; + } + + if ((Msr.GhcbProtocol.SevEsProtocolMin > GHCB_VERSION_MAX) || + (Msr.GhcbProtocol.SevEsProtocolMax < GHCB_VERSION_MIN)) { + ASSERT (0); + return GP_EXCEPTION; + } + + Msr.GhcbPhysicalAddress =3D GHCB_INIT; + AsmWriteMsr64(MSR_SEV_ES_GHCB, Msr.GhcbPhysicalAddress); + + Ghcb =3D Msr.Ghcb; + SetMem (Ghcb, sizeof (*Ghcb), 0); + + /* Set the version to the maximum that can be supported */ + Ghcb->ProtocolVersion =3D MIN (Msr.GhcbProtocol.SevEsProtocolMax, GHCB= _VERSION_MAX); + Ghcb->GhcbUsage =3D GHCB_STANDARD_USAGE; + } + + return DoVcCommon(Ghcb, Context); } diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c= b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c new file mode 100644 index 000000000000..18e462ce80a2 --- /dev/null +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/AMDSevVcCommon.c @@ -0,0 +1,27 @@ + +#include +#include +#include "AMDSevVcCommon.h" + +UINTN +DoVcCommon ( + GHCB *Ghcb, + EFI_SYSTEM_CONTEXT Context + ) +{ + EFI_SYSTEM_CONTEXT_X64 *Regs =3D Context.SystemContextX64; + UINTN ExitCode; + UINTN Status; + + VmgInit (Ghcb); + + ExitCode =3D Regs->ExceptionData; + switch (ExitCode) { + default: + Status =3D VmgExit (Ghcb, SvmExitUnsupported, ExitCode, 0); + } + + VmgDone (Ghcb); + + return Status; +} --=20 2.17.1