From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:28 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=ds0sqsQg; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: , mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ebKyxN2WswCZ6Z9s/GYt6K0RVlM3fuDXj5/koQokwSaxztwNS2UFPo0SMY8rDpOkZClo+XSXw+CG0pf3RHlXkmlaMxOWofSjbF95ZJC88Q9D0BRxraW8s6eZ3aFjELsZy1ak/7ooFNjxtuAFpY4OdC/5AKniv8Jt8kquvF0+9gNXQqloAZfnUNQnMHc+evH+oM140FtFfcZt9aexFH+02ALEjleNEZGQUjzlDnietqO8VJ6mQJz6Qx4RkxyXHy4mJD6paQR8qp5xgQvuTMGD0xe82BSxd6moDdRFEr9RaoYTxo7H5PvFuHtZMrR/mQdMNRXfGtMgqDY6UV3LdoN+zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XuGDdo4nRtiKIJMh6twLe345MbLMT6z5nHDI0aQkPNo=; b=VHW3DiwjlKqlrHL9GHhINBr9vEhXa4V9wBROJAwc3HCatEYkN22GnIDv1CSRbfOXT4EqeQqKHyukPqpZK4Sr7HpqEtq81PhWjNNAm0q5YMIw+coLyi8DmRcPBW0vf/n/F/k1Bl6d8aMr2Ukj9f1dBG8JCYwRZD+zNx6R57klBMWKKhuvfoMEqCpptNZFDY3RnFpjlUYfsI1lgEgrdtVnulEp/5bPfMY2ShZ6o5EbEb0O3zMEdITl10EmL11y4KiSEakWfVoQjOREyVa2O9loHnMm1kyPdp8K7Yq7F0OXCE+/yVCa0RaJVqk0T9kEpN4Gsyao+V4tI5JwpjuQnBU66g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XuGDdo4nRtiKIJMh6twLe345MbLMT6z5nHDI0aQkPNo=; b=ds0sqsQg/YOaO6vXAQ+HbT0y6NAImAEdnr7jtW2VvtJ7utQohV85U/Jr3SQ//O7Y0wfVK66BUP9j1s2PnlZInDAlR0HIBiotBm075oCoMjlE5AXVucXh8QHXlgcGRr4nlyRTGbu1dMYZVv1qxOQ9Fmm/nezvWu93L3zgs0ZYfAg= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:23 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:23 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v4 02/27] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT Date: Mon, 28 Jun 2021 12:41:58 -0500 Message-ID: <20210628174223.1302-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0b0cea32-1bec-4174-76af-08d93a5c39ac X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QCylDxgFaUO0v3tP1AHwvfv6NfBRXfOZirkvubbqnqcy4HhIBSbMjmarlw9nDUDd2HpLgGmOy4gZ8XMbO463apfgjnu63fEl1inJg3FV87pXPZwA6Pn2FVaUdzosdylpo76441qTcSsSszkEqK+tbVVzEsh8Ngp2Jw56BbN6FHmkjm6MkC8/pxpcCLrTy408TW/c7kA7tHiex7KLnxAr/FFWYmt3yD27Cr5hqV6TgMApR5qmj6+nLyvH9Cqhg6Xy+gpsc61q46FnTeautdQvT30GHg4CEUdKwPsaZYwA3pXyLPUlYMFhVFW2SoccQ/ZYxw0OmUoA32XRoS1QpykkbvORByyiWZHQ4lCWJZcswECfT3DeWs1aviwiksjQTadk2dC+3+UB6uhsvJEB/Unb4Brb3Kd54aiUD2ZY3btSqt5vtIXfXMHH1MsQinmBe45zmoj1X0GbTWEuf3wy51HpbfqlZAHOIgOsDtnrDcS3Z85OYg3PN+FYiJMsbX6DNolog3U3JS1F26nXHTn1FFpB/UBpTJ9vLzSz1SW0pKv/W/TCX4zUe4vnazI/wI0dWHV+DujhI/pOsdI3XQ+7aWsAF4vIcBbRlRkZO+nmijKe8yOIvrdbDWOm1AqHViy4BQ8tnrwWg/LWl09SDw0BM4Ldybtq24n+b0nbwtdktmrrQvmZgNdtvsMsAFkVECQzuio/YEwjsbGGAWSljWpoTLmB4c/Skr2jP0LB7GgaxqPTLvrsYSfxMCzC+CQDiohyP9F3rnbGdZG4czagFOKJ0pN5QJit5n3jXYuEWqu98yP17laFJesXTHbv5hmZu3h3g2HZuoflH27tBOF1Ba0q+Dan5w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(19627235002)(8676002)(66476007)(66556008)(66946007)(966005)(5660300002)(1076003)(6666004)(8936002)(38350700002)(38100700002)(4326008)(478600001)(52116002)(2616005)(316002)(956004)(6916009)(7416002)(86362001)(54906003)(2906002)(7696005)(83380400001)(16526019)(36756003)(186003)(26005)(6486002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?uMGuvm22qFRKtDIF76neu6gR82e71a299HoDyYjUu2c+02/FzC5PVP9PUFiX?= =?us-ascii?Q?ur03BzcLf3L6ItdiwGTV/kszVTwkJe+e8LZyj9XOQHZl2OhDRkdf/euX9VzD?= =?us-ascii?Q?N3RBZH+jva60fCy/27O75q3YNygUK9EbivJQGhzsvaN24VQlN4x78JnRH6gO?= =?us-ascii?Q?07nu7Q04yzq8ydV2Zplo3qh4juMwQ7Doc5iZJfHdTMvns7rgGcVIiEi1gmRm?= =?us-ascii?Q?6SLWjiuG0AETqdP2iDiJkNOubr44d/XYI7s7XPXBgIeJUX2wjSoa3vxaeI/3?= =?us-ascii?Q?LHYnkQcjTPIB6cFMPD7bfl1Mc/aF9oqM2IAt517n/pCqkvS/obal6MyyFTa3?= =?us-ascii?Q?oULe6SwZUsydD4mdiHIk+GMNvHiRn/7ZhJMsh1qYeEjFWbuFvJL5nNMAcZD9?= =?us-ascii?Q?Vwip3G6Zutbxbqg+Ny4gL5/ujtuMCDsx5Zu1XGw7bE6kj+FveeywiFHaFaas?= =?us-ascii?Q?Xbx62d5Be2bGpEcs61YthQ77hR7ygyx0EOwL8pryiJnnDi0ndBrWa6opaul/?= =?us-ascii?Q?NWItd78bF8GNyo/7I3kOs7VUJGqbbhVK4vPkuKubv17BMi4zaZQoZYlhbQ5o?= =?us-ascii?Q?Jg8y9WlW7J+2r74QOqy5DrBssLV8m38D6+zb/UtKcW3lASk8nL8dljmWxNn5?= =?us-ascii?Q?jbyI+W7EbFsv8riugKsoNlftPNVGrDVg25LZj7wEoBNfVUAxtvM/Ojdrg3mt?= =?us-ascii?Q?1HeEZ53rAf66f4K8bOOZFSKzGgHYv8N6djsw9i00F8qBJpBT8aBw0B3B05n/?= =?us-ascii?Q?wPTRNlAF6sQ/Kx0E4ykT0LdrCYkIlVtZ7xSGp3jxAC6vFb0esvF8s3c70zau?= =?us-ascii?Q?GdDP07Z+b2LnHRkskgD9INtRPj+EBQZKIXQrfWA/+ZeEFuDrnFUH9yUj6NvA?= =?us-ascii?Q?bBpq0RZPJrLU0aFF/wTGUmXNjouOjIwSKqlYmnNMNiNtdlvRMiFFfjRIgMjD?= =?us-ascii?Q?aoe/nX2BzhZAauPat2bzsOf9B5XsOO5QNyumhWcTXV8AYa6535VE/phmyrIR?= =?us-ascii?Q?1FvLlkPav3OYUWnwf1VZNp+FTwc0TfObyHIAy20aHRRwYuRfwdkXAxKEib65?= =?us-ascii?Q?A1Qxk2kC+E5sQN7hSnEXXKSyA7XqHfSUR29R5HLo9Bsm3qhMiWJ9ZF2Djdqa?= =?us-ascii?Q?olEP3/u8FuMR4urE0QCi9sVzgCFA6QFk4kAbQc9uE6MkamocrirWVE0TvVvg?= =?us-ascii?Q?hPfxkeyeRwE7E3eTnvS1OkNXF93m1Ej4l6NlsQBwg7GioP4pi0349H7CiRjE?= =?us-ascii?Q?GRn/oYItcB2c//K5jy2QMovOpfrqgKANWrTTuv6H+nnfbw0o3vaBHvY8DC5b?= =?us-ascii?Q?rBNZ3dDn4SvGhmxNoO+RwSDz?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0b0cea32-1bec-4174-76af-08d93a5c39ac X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:23.0111 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: d0UROF0Tp9d1EioEEcLs5ucMjvgWgmbuFyH9VytHw89SkigrE1l9H/vg9QFsDHBTicCW6XUpWsCv4VafbAplNw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional MSR protocol based VMGEXIT's. Add a macro that wraps the common setup and response validation logic in one place to keep the code readable. While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS MSR instead of open coding it. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 69 +++++++++++++++++++---------- 1 file changed, 45 insertions(+), 24 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index b32dd3b5d656..c3b4e16bf681 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -35,6 +35,42 @@ BITS 32 %define GHCB_CPUID_REGISTER_SHIFT 30 %define CPUID_INSN_LEN 2 =20 +%define SEV_STATUS_MSR 0xc0010130 + +; Macro is used to issue the MSR protocol based VMGEXIT. The caller is +; responsible to populate values in the EDX:EAX registers. After the vmmca= ll +; returns, it verifies that the response code matches with the expected +; code. If it does not match then terminate the guest. The result of reque= st +; is returned in the EDX:EAX. +; +; args 1:Request code, 2: Response code +%macro VmgExit 2 + ; + ; Add request code: + ; GHCB_MSR[11:0] =3D Request code + or eax, %1 + + mov ecx, SEV_STATUS_MSR + wrmsr + + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + mov ecx, SEV_STATUS_MSR + rdmsr + + ; + ; Verify the reponse code, if it does not match then request to termin= ate + ; GHCB_MSR[11:0] =3D Response code + mov ecx, eax + and ecx, 0xfff + cmp ecx, %2 + jne SevEsUnexpectedRespTerminate +%endmacro =20 ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; @@ -85,7 +121,7 @@ CheckSevFeatures: =20 ; Check if SEV memory encryption is enabled ; MSR_0xC0010131 - Bit 0 (SEV enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 0 jnc NoSev @@ -100,7 +136,7 @@ CheckSevFeatures: =20 ; Check if SEV-ES is enabled ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 1 jnc GetSevEncBit @@ -197,10 +233,10 @@ SevEsIdtNotCpuid: mov eax, 1 jmp SevEsIdtTerminate =20 -SevEsIdtNoCpuidResponse: +SevEsUnexpectedRespTerminate: ; ; Use VMGEXIT to request termination. - ; 2 - GHCB_CPUID_RESPONSE not received + ; 2 - Unexpected Response is received ; mov eax, 2 =20 @@ -216,7 +252,7 @@ SevEsIdtTerminate: shl eax, 16 or eax, 0x1100 xor edx, edx - mov ecx, 0xc0010130 + mov ecx, SEV_STATUS_MSR wrmsr ; ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it @@ -276,7 +312,7 @@ SevEsIdtVmmComm: mov [esp + VC_CPUID_REQUEST_REGISTER], eax =20 ; Save current GHCB MSR value - mov ecx, 0xc0010130 + mov ecx, SEV_STATUS_MSR rdmsr mov [esp + VC_GHCB_MSR_EAX], eax mov [esp + VC_GHCB_MSR_EDX], edx @@ -293,31 +329,16 @@ NextReg: jge VmmDone =20 shl eax, GHCB_CPUID_REGISTER_SHIFT - or eax, GHCB_CPUID_REQUEST mov edx, [esp + VC_CPUID_FUNCTION] - mov ecx, 0xc0010130 - wrmsr =20 - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 + VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE =20 ; - ; Read GHCB MSR + ; Response GHCB MSR ; GHCB_MSR[63:32] =3D CPUID register value ; GHCB_MSR[31:30] =3D CPUID register ; GHCB_MSR[11:0] =3D CPUID response protocol ; - mov ecx, 0xc0010130 - rdmsr - mov ecx, eax - and ecx, 0xfff - cmp ecx, GHCB_CPUID_RESPONSE - jne SevEsIdtNoCpuidResponse =20 ; Save returned value shr eax, GHCB_CPUID_REGISTER_SHIFT @@ -335,7 +356,7 @@ VmmDone: ; mov eax, [esp + VC_GHCB_MSR_EAX] mov edx, [esp + VC_GHCB_MSR_EDX] - mov ecx, 0xc0010130 + mov ecx, SEV_STATUS_MSR wrmsr =20 mov eax, [esp + VC_CPUID_RESULT_EAX] --=20 2.17.1