From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120]) by mx.groups.io with SMTP id smtpd.web12.10444.1590143239548049835 for ; Fri, 22 May 2020 03:27:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Kpf6pO/r; spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1590143238; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J7JZVZHrYsSq+5m6mDbws35S0sJBjIZzvNG94PMlt2c=; b=Kpf6pO/re2+7up9SV38LGkKO/3LBUAlhZi2CZKa5EwSf4WY0Iv9elTvw7npR7CINa98R8t jzlZh433qedNMOKMfAOumx5AofABwgTwkKUZcc3d2TgpOGNjI2kEqZxHSCOPIE7ePeBPkE Uf/6R8MeyZI5D4loh+6vyOSnRRYJFg4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-122--gZ9k3iDOjee2A9kwF8SDQ-1; Fri, 22 May 2020 06:27:15 -0400 X-MC-Unique: -gZ9k3iDOjee2A9kwF8SDQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3079680183C; Fri, 22 May 2020 10:27:13 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-40.ams2.redhat.com [10.36.112.40]) by smtp.corp.redhat.com (Postfix) with ESMTP id DF4C45C1D0; Fri, 22 May 2020 10:27:10 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v8 15/46] OvmfPkg/VmgExitLib: Add support for CPUID NAE events To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Ard Biesheuvel References: From: "Laszlo Ersek" Message-ID: <14058ebd-7cd0-01b9-84c7-2ebaa060038a@redhat.com> Date: Fri, 22 May 2020 12:27:09 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 05/19/20 23:50, Lendacky, Thomas wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > Under SEV-ES, a CPUID intercept generates a #VC exception. VMGEXIT must be > used to allow the hypervisor to handle this intercept. > > Add support to construct the required GHCB values to support a CPUID NAE > event. Additionally, CPUID 0x0000_000d requires XCR0 to be supplied in > the GHCB, so add support to issue the XGETBV instruction. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 58 +++++++++++++++++++ > 1 file changed, 58 insertions(+) > > diff --git a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c > index 906b32e93d53..2f62795edf61 100644 > --- a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c > +++ b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c > @@ -12,6 +12,8 @@ > #include > #include > > +#define CR4_OSXSAVE (1 << 18) > + (1) Please drop this macro, and: > // > // Instruction execution mode definition > // > @@ -637,6 +639,58 @@ IoioExit ( > return 0; > } > > +/** > + Handle a CPUID event. > + > + Use the VMGEXIT instruction to handle a CPUID event. > + > + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communication > + Block > + @param[in, out] Regs x64 processor context > + @param[in] InstructionData Instruction parsing context > + > + @retval 0 Event handled successfully > + @retval Others New exception value to propagate > + > +**/ > +STATIC > +UINT64 > +CpuidExit ( > + IN OUT GHCB *Ghcb, > + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, > + IN SEV_ES_INSTRUCTION_DATA *InstructionData > + ) > +{ > + UINT64 Status; > + > + Ghcb->SaveArea.Rax = Regs->Rax; > + GhcbSetRegValid (Ghcb, GhcbRax); > + Ghcb->SaveArea.Rcx = Regs->Rcx; > + GhcbSetRegValid (Ghcb, GhcbRcx); > + if (Regs->Rax == 0x0000000d) { (2a) Can we use CPUID_EXTENDED_STATE here, from ? (2b) If so, I'd suggest updating the commit message too: replace "CPUID 0x0000_000d" with "CPUID 0x0000_000d (CPUID_EXTENDED_STATE)". > + Ghcb->SaveArea.XCr0 = (AsmReadCr4 () & CR4_OSXSAVE) ? AsmXGetBv (0) : 1; (3) Here, please use the IA32_CR4 type from : IA32_CR4 Cr4; Cr4.UintN = AsmReadCr4 (); Ghcb->SaveArea.XCr0 = (Cr4.Bits.OSXSAVE == 1) ? AsmXGetBv (0) : 1; Some of the style requests I made under earlier patches in this series apply here, so I won't spell them out again. With the style updated: Acked-by: Laszlo Ersek Thanks Laszlo > + GhcbSetRegValid (Ghcb, GhcbXCr0); > + } > + > + Status = VmgExit (Ghcb, SVM_EXIT_CPUID, 0, 0); > + if (Status) { > + return Status; > + } > + > + if (!GhcbIsRegValid (Ghcb, GhcbRax) || > + !GhcbIsRegValid (Ghcb, GhcbRbx) || > + !GhcbIsRegValid (Ghcb, GhcbRcx) || > + !GhcbIsRegValid (Ghcb, GhcbRdx)) { > + return UnsupportedExit (Ghcb, Regs, InstructionData); > + } > + Regs->Rax = Ghcb->SaveArea.Rax; > + Regs->Rbx = Ghcb->SaveArea.Rbx; > + Regs->Rcx = Ghcb->SaveArea.Rcx; > + Regs->Rdx = Ghcb->SaveArea.Rdx; > + > + return 0; > +} > + > /** > Handle a #VC exception. > > @@ -681,6 +735,10 @@ VmgExitHandleVc ( > > ExitCode = Regs->ExceptionData; > switch (ExitCode) { > + case SVM_EXIT_CPUID: > + NaeExit = CpuidExit; > + break; > + > case SVM_EXIT_IOIO_PROT: > NaeExit = IoioExit; > break; >