From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.61]) by mx.groups.io with SMTP id smtpd.web10.10831.1595937892376120647 for ; Tue, 28 Jul 2020 05:04:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=eTWMdbbz; spf=pass (domain: redhat.com, ip: 205.139.110.61, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1595937891; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dXH3ajQnuoTEc1qcEGWe4I0uG+kBENR15V+aIq1wztU=; b=eTWMdbbzZprEw1H3qjKHfSqNSxenCumD3cPLTEP+u2RbzaLxfQWMQ4Fp2ulQ0lPZBaQt1E SBq4GHIkewihP7yYsTzVXyzvuaGHW9u2I2KVs5p4vV7jBf/hK1Zoyz81sNHD9xHLBT4F46 IRoWHB5L4kClSBPjpxiNp/WyKfVamyE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-404-_ajDuke-NCiyP-fBs2FlLA-1; Tue, 28 Jul 2020 08:04:28 -0400 X-MC-Unique: _ajDuke-NCiyP-fBs2FlLA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7C3B280183C; Tue, 28 Jul 2020 12:04:26 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-229.ams2.redhat.com [10.36.113.229]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3692B1001281; Tue, 28 Jul 2020 12:04:23 +0000 (UTC) Subject: Re: [PATCH v12 07/46] MdePkg/BaseLib: Add support for the VMGEXIT instruction To: "Gao, Liming" , Tom Lendacky , "devel@edk2.groups.io" Cc: Brijesh Singh , Ard Biesheuvel , "Dong, Eric" , "Justen, Jordan L" , "Kinney, Michael D" , "Ni, Ray" References: <57cfa8bb-f683-08c4-7262-5762a9e0a4c1@amd.com> From: "Laszlo Ersek" Message-ID: <1d539df5-142e-7ab1-faa6-0d0f6eea1608@redhat.com> Date: Tue, 28 Jul 2020 14:04:23 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On 07/28/20 09:39, Gao, Liming wrote: > This error is reported from nasm compiler. My nasm compiler version is > 2.11.08. It may be a little old. 2.12 should be fine. > > This change also requires to update > edk2\BaseTools\Conf\tools_def.template and mention nasm compiler > version. "tools_def.template" says: NASM 2.10 or later for use with the GCC toolchain family Bumping the NASM requirement from 2.10 to 2.12 will rule out: - Debian "jessie" (oldoldstable), - Ubuntu "xenial" (16.04 LTS), - and RHEL7, as build hosts. Debian "jessie" is no longer supported (LTS ended in June 2020), but Ubuntu "xenial" and RHEL7 are still supported by their vendors. I seem to recall that it was me to recommend "BITS 64" in front of "rep vmmcall" in the IA32 NASM source file: https://edk2.groups.io/g/devel/message/48292 http://mid.mail-archive.com/e8a8e21e-4045-1b2b-f959-13fbe00132d9@redhat.com I don't understand why my testing worked back then, and now it doesn't. (IOW, I can also reproduce the error that Liming reported!) It's likely because I didn't specify the elf32 output format back then. Indeed: the following command fails: > "nasm" \ > -I"$WORKSPACE"/MdePkg/Library/BaseLib/Ia32/ \ > -I"$WORKSPACE"/MdePkg/Library/BaseLib/Ia32/ \ > -I"$WORKSPACE"/MdePkg/Library/BaseLib/ \ > -I"$WORKSPACE"/Build/OvmfIa32/NOOPT_GCC48/IA32/MdePkg/Library/BaseLib/BaseLib/DEBUG/ \ > -I"$WORKSPACE"/MdePkg/ \ > -I"$WORKSPACE"/MdePkg/Include/ \ > -I"$WORKSPACE"/MdePkg/Test/UnitTest/Include/ \ > -I"$WORKSPACE"/MdePkg/Include/Ia32/ \ > -f elf32 \ > -o "$WORKSPACE"/Build/OvmfIa32/NOOPT_GCC48/IA32/MdePkg/Library/BaseLib/BaseLib/OUTPUT/Ia32/VmgExit.obj \ > "$WORKSPACE"/Build/OvmfIa32/NOOPT_GCC48/IA32/MdePkg/Library/BaseLib/BaseLib/OUTPUT/Ia32/VmgExit.iii but if I remove "-f elf32", it completes fine. :( The AMD manual says about VMGEXIT: > The VMGEXIT opcode is only valid within a guest when run with SEV-ES > mode active. If the guest is not run with SEV-ES mode active, the > VMGEXIT opcode will be treated as a VMMCALL opcode and will behave > exactly like a VMMCALL. VMGEXIT is a SEV-ES-only form of guest-host communication. SEV-ES mode depends on SEV. A SEV guest can only interact with the host (= decrypt its pages for the host to access) if the guest is executing in long mode. So does it even make sense to *attempt* implementing AsmVmgExit() "correctly" for IA32? I don't want to complicate the build dependencies in this series further, so I won't suggest that we simply *not* implement AsmVmgExit() for IA32 at all. (Purely from a BaseLib perspective, this would be a valid approach, but then call sites would have to be *build-time* restricted to X64 too. The call sites *are* already restricted to X64, AIUI, but that happens at runtime (= dynamic checks), not at build time.) So here's what I suggest: implement AsmVmgExit() for IA32 in the C language, namely as a call to CpuBreakpoint(). I wouldn't like to tighten the NASM version requirement for *all* of edk2, for the sake of building a BaseLib primitive for IA32 that we never *call* on IA32. Thanks, Laszlo > > Thanks > Liming > -----Original Message----- > From: Tom Lendacky > Sent: 2020t728å 12:08 > To: Gao, Liming ; devel@edk2.groups.io > Cc: Brijesh Singh ; Ard Biesheuvel ; Dong, Eric ; Justen, Jordan L ; Laszlo Ersek ; Kinney, Michael D ; Ni, Ray > Subject: Re: [PATCH v12 07/46] MdePkg/BaseLib: Add support for the VMGEXIT instruction > > On 7/27/20 8:34 PM, Gao, Liming wrote: >> Tom: > > Hi Liming, > >> I meet with GCC failure on this patch. Can you help check it? If nasm doesn't support the vmmcall instruction in 32-bit mode, you have to use inline assembly to support it. > > What version of GCC are you using. I was able to successfully build the > Ia32 version with my GCC level. The Ia32 version uses a trick to do switch to 64-bit just to encode the instruction. Looks like that doesn't work with your version of GCC. > > I can probably switch to defining the instruction as bytes. Let me look into that and possibly send you a patch to test. > > Thanks, > Tom > >> >> Edk2/Build/IntelFsp2Pkg/DEBUG_GCC5/IA32/MdePkg/Library/BaseLib/BaseLib >> /OUTPUT/Ia32/VmgExit.iii:33: error: elf32 output format does not >> support 64-bit code >> GNUmakefile:741: recipe for target >> >> Thanks >> Liming >> -----Original Message----- >> From: Tom Lendacky >> Sent: 2020t727å 23:26 >> To: devel@edk2.groups.io >> Cc: Brijesh Singh ; Ard Biesheuvel >> ; Dong, Eric ; Justen, >> Jordan L ; Laszlo Ersek >> ; Gao, Liming ; Kinney, >> Michael D ; Ni, Ray >> Subject: [PATCH v12 07/46] MdePkg/BaseLib: Add support for the VMGEXIT >> instruction >> >> From: Tom Lendacky >> >> BZ: >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugz >> illa.tianocore.org%2Fshow_bug.cgi%3Fid%3D2198&data=02%7C01%7Cthoma >> s.lendacky%40amd.com%7C77c8250cd9e14f2929a008d832965726%7C3dd8961fe488 >> 4e608e11a82d994e183d%7C0%7C0%7C637314968570901400&sdata=6zqseI3tVm >> aw351w9mfEymMnDcjDzjvcBrhARU6r3Ho%3D&reserved=0 >> >> VMGEXIT is a new instruction used for Hypervisor/Guest communication when running as an SEV-ES guest. A VMGEXIT will cause an automatic exit (AE) to occur, resulting in a #VMEXIT with an exit code value of 0x403. >> >> Provide the necessary support to execute the VMGEXIT instruction, which is "rep; vmmcall". >> >> Cc: Michael D Kinney >> Cc: Liming Gao >> Signed-off-by: Tom Lendacky >> --- >> MdePkg/Library/BaseLib/BaseLib.inf | 2 ++ >> MdePkg/Include/Library/BaseLib.h | 14 +++++++++ >> MdePkg/Library/BaseLib/Ia32/VmgExit.nasm | 37 ++++++++++++++++++++++++ MdePkg/Library/BaseLib/X64/VmgExit.nasm | 32 ++++++++++++++++++++ >> 4 files changed, 85 insertions(+) >> create mode 100644 MdePkg/Library/BaseLib/Ia32/VmgExit.nasm >> create mode 100644 MdePkg/Library/BaseLib/X64/VmgExit.nasm >> >> diff --git a/MdePkg/Library/BaseLib/BaseLib.inf >> b/MdePkg/Library/BaseLib/BaseLib.inf >> index 3b93b5db8d24..3b85c56c3c03 100644 >> --- a/MdePkg/Library/BaseLib/BaseLib.inf >> +++ b/MdePkg/Library/BaseLib/BaseLib.inf >> @@ -184,6 +184,7 @@ [Sources.Ia32] >> Ia32/DisableCache.nasm| GCC >> Ia32/RdRand.nasm >> Ia32/XGetBv.nasm >> + Ia32/VmgExit.nasm >> >> Ia32/DivS64x64Remainder.c >> Ia32/InternalSwitchStack.c | MSFT >> @@ -317,6 +318,7 @@ [Sources.X64] >> X64/DisablePaging64.nasm >> X64/RdRand.nasm >> X64/XGetBv.nasm >> + X64/VmgExit.nasm >> ChkStkGcc.c | GCC >> >> [Sources.EBC] >> diff --git a/MdePkg/Include/Library/BaseLib.h >> b/MdePkg/Include/Library/BaseLib.h >> index 7edf0051a0a0..04fb329eaabb 100644 >> --- a/MdePkg/Include/Library/BaseLib.h >> +++ b/MdePkg/Include/Library/BaseLib.h >> @@ -7848,6 +7848,20 @@ AsmXGetBv ( >> ); >> >> >> +/** >> + Executes a VMGEXIT instruction (VMMCALL with a REP prefix) >> + >> + Executes a VMGEXIT instruction. This function is only available on >> + IA-32 and x64. >> + >> +**/ >> +VOID >> +EFIAPI >> +AsmVmgExit ( >> + VOID >> + ); >> + >> + >> /** >> Patch the immediate operand of an IA32 or X64 instruction such that the byte, >> word, dword or qword operand is encoded at the end of the >> instruction's diff --git a/MdePkg/Library/BaseLib/Ia32/VmgExit.nasm >> b/MdePkg/Library/BaseLib/Ia32/VmgExit.nasm >> new file mode 100644 >> index 000000000000..a4b37385cc7a >> --- /dev/null >> +++ b/MdePkg/Library/BaseLib/Ia32/VmgExit.nasm >> @@ -0,0 +1,37 @@ >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> +; >> +; Copyright (C) 2020, Advanced Micro Devices, Inc. All rights >> +reserved.
; SPDX-License-Identifier: BSD-2-Clause-Patent ; ; >> +Module >> +Name: >> +; >> +; VmgExit.Asm >> +; >> +; Abstract: >> +; >> +; AsmVmgExit function >> +; >> +; Notes: >> +; >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> + >> + SECTION .text >> + >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> +; VOID >> +; EFIAPI >> +; AsmVmgExit ( >> +; VOID >> +; ); >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> +global ASM_PFX(AsmVmgExit) >> +ASM_PFX(AsmVmgExit): >> +; >> +; NASM doesn't support the vmmcall instruction in 32-bit mode, so >> +work around ; this by temporarily switching to 64-bit mode. >> +; >> +BITS 64 >> + rep vmmcall >> +BITS 32 >> + ret >> + >> diff --git a/MdePkg/Library/BaseLib/X64/VmgExit.nasm >> b/MdePkg/Library/BaseLib/X64/VmgExit.nasm >> new file mode 100644 >> index 000000000000..26f034593c67 >> --- /dev/null >> +++ b/MdePkg/Library/BaseLib/X64/VmgExit.nasm >> @@ -0,0 +1,32 @@ >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> +; >> +; Copyright (C) 2020, Advanced Micro Devices, Inc. All rights >> +reserved.
; SPDX-License-Identifier: BSD-2-Clause-Patent ; ; >> +Module >> +Name: >> +; >> +; VmgExit.Asm >> +; >> +; Abstract: >> +; >> +; AsmVmgExit function >> +; >> +; Notes: >> +; >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> + >> + DEFAULT REL >> + SECTION .text >> + >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> +; VOID >> +; EFIAPI >> +; AsmVmgExit ( >> +; VOID >> +; ); >> +;-------------------------------------------------------------------- >> +-- >> +-------- >> +global ASM_PFX(AsmVmgExit) >> +ASM_PFX(AsmVmgExit): >> + rep vmmcall >> + ret >> + >> -- >> 2.27.0 >> >