From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.61]) by mx.groups.io with SMTP id smtpd.web08.14865.1624902207325323447 for ; Mon, 28 Jun 2021 10:43:27 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=sR1FhfF4; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.61, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jdFnHbzuPj7+CvbesHdS5DUK7mkzhlCJ4oFfIRjIgaWLcmRiBmGb3a9FqaAMNOiSks+1Nb+ce/AVjQhSufTTserRXZHMxqnj7ITcqAvOCb+XWXXFpvF9jJHoaBiJtkE/E+MMBN3Gmce9x7Fb/vrni96bW7cPUII4AufA1AJToTxDeftMOaooAkcEv/n2StiA+NnppgB+LCNG/jEB9BNhIyCh6bUE40tlIyHsubnay6mYZWunMecqQTJuIJdYx+jjbXUPPWqbDv6l76LngakzMxb8knq7/ADfTEh6yOAMUTgCfIrLQmVszexV+HimlURkRFKjRofCXduJ+5Om9aF/sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ieoGfIdjnHdG3XottkUrhN9keTS18s+KBSorU/QpvCk=; b=DOXpsp8kJrEvliRGicNOwCYS5Cw5KyP5VCyl/N7ggTtU80VZ6iMB2oH8zRbmbhU8NjJ6o4ylwGd0pnybS4z/X1viDCkPYakduxGgM/pyKMU79KFJjFBMTSXDLYhgQvJmFzFm0kCI32+4wo15VIlTPt+Ji1PQSITdlb5gu+R/fVjSuGrVqQO0fKfL0Wd/SWXQ+rSnGNJp9i7qvk42CTAFTNcUBdCvznQEiGNMJR3e6QbECjyMGuRwXqL6ySv7zzYh1PbQa7PqCEelNS6+q1zxNvr8UzNrZeKMGeh65XLmH41BSS0Ajbd07nToJ29If5IoRmSnzW4KBvli9PY9Ju1Aug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ieoGfIdjnHdG3XottkUrhN9keTS18s+KBSorU/QpvCk=; b=sR1FhfF4z8yam9lFBwaj7PXBVG8h5ztaYPBt16jwnHz9Ssi6fyh+f85VphqvLndDaGHhaxXaqxBHUMVP81ulxJzHaq3u+lUHMA0XsIxDbme4MP3Df/V23k+4aHCkdI5D40CIk2UezHMiTpIUO6BE/OvmIJ2DxjQ5Qg/Y4ghL1Go= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4172.namprd12.prod.outlook.com (2603:10b6:5:212::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Mon, 28 Jun 2021 17:43:24 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Mon, 28 Jun 2021 17:43:24 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v4 03/27] OvmfPkg/ResetVector: add the macro to request guest termination Date: Mon, 28 Jun 2021 12:41:59 -0500 Message-ID: <20210628174223.1302-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210628174223.1302-1-brijesh.singh@amd.com> References: <20210628174223.1302-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SN4PR0601CA0020.namprd06.prod.outlook.com (2603:10b6:803:2f::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19 via Frontend Transport; Mon, 28 Jun 2021 17:43:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a8d9ce7c-98f8-418d-7b85-08d93a5c3a6a X-MS-TrafficTypeDiagnostic: DM6PR12MB4172: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MRX2nyEgdtERjfjdr9egFSnozcC3FfdA2jFqrZDNKQ3YnlJKNuV7CWrmbX3kg+JjRuE8gCrKqR9Gl4ye/mM/MH5NP7I2lZMzaWSL9r5YU7E+M4soyLwo+sE5pn3RX/YnKTm0u0R+tUW/PX+Xd4oDyd0DVm0b5rOsuNcTcy3/c7ZCFZP9cpEVmdxV6lWqViftxS27W6xUktAG/KBztO00vh2boWSXoBXSFOxGyilV+Y4mQfZEoG8ed44AClUqalWJdpPziz5VE8BiEp5H7TpkMHDBn0xoyXd9oyI5995hVHC69hinUICXPSBTZG91L5FMwbJfdxmxQ/vtSMYXIG74JwvkzA0QeuOFG1rJgC5yhp0KXY/N/iLfWTMzyuhR6SVS/jb4kfycDjL7MblZSAqB0kOt+x3pmDck2e16EWPSA/P/PumIo7myT7zTV6ymioBdeOL/5zeMCJIBa2CZId29a3xjA3l1r7QM0dvOGOhe2mTK+PqB3mqIFVeumaT7MxWy/WWWNVJZPomBtIuZFJGrKvFTEGu2BROt9RhKHUDBYhAxKxH56A7bJM+QPiOh3D/PP0ri+NpO1HQb5w5O+VaxSd16wwbIQgW+sl0vxpdOvz2z023bqep00GcsM7VmmCHT4WGY2CIk6Q1J6kC44/Kisbg8c8mC2iAujtKMEaeaxE+/d/24lmn5wkMTzYGOFoISwor9yaYQOBkM8S2P0pNHyh7Cm7mv+U799Sw5Pr338c6kJWWY6VUhfwvbgFlbtTrObBX/6YCnqDHb8sG8cZmVB9k/S5j2VexrS/+zJkwOo6IvQfXq23kP2XWxM1DTx7xdxCr//JtPv+qLLk9DIk59wg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(19627235002)(8676002)(66476007)(66556008)(66946007)(966005)(5660300002)(1076003)(6666004)(8936002)(38350700002)(38100700002)(4326008)(478600001)(52116002)(2616005)(316002)(956004)(6916009)(7416002)(86362001)(54906003)(2906002)(7696005)(83380400001)(16526019)(36756003)(186003)(26005)(6486002)(44832011);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?fucTO7Rajw9rc/NUXQKxCQqk4ahFzYWGZV6sGlxjNQKzxdS22RLNdCAjoAPA?= =?us-ascii?Q?p3+m/faQDRuW9KyunzBknNB8CBlBrY2nshAbkBjNN3TSo2/zqsMVMJL1CNw/?= =?us-ascii?Q?SIMfOWB02ZROSDT/EbhuiAx4ETmHARtfZdfeau5LLk5D/mUfc+XUoLAawXwz?= =?us-ascii?Q?ypEvxMiFtuprTTSK6Z90gOai5dK+vAgG+5cDFaACrn11hDcIwJLl75d5NuAt?= =?us-ascii?Q?7UWJupsaguFE1/rdGxvvKhdAcYoUZU6jY+h4NNCusuC5isyTmzVXBCRLLBDk?= =?us-ascii?Q?Q5GIvGF9naPmlEVhQEr1XR2wS+PAPhCd6iIF98942hqe3xziFbmhV+Jjhjf3?= =?us-ascii?Q?fNgcg9KWMEII4CkZJILo8wQTHv7CluclKKDCLdBMDSP5gMlJYHaFZRfs9/ct?= =?us-ascii?Q?aVqs+sluuL8wkOd0GU1+gtm+eTQG4Htj++YKM0E2A5cGLJFahfEXuWIgoWNn?= =?us-ascii?Q?xzcpWRTbh7ZzHa5l+QFNSD3t35dWzXdRRDB1zEiTMX/FFAV8llDL8Sp8JGSY?= =?us-ascii?Q?XGs1T4xrPxM79XszLPJaHaxBbq3m4/6s82vGHeLushnK1RsEWL47FxqwrfYE?= =?us-ascii?Q?K+UWCRYmhHOVEpUqc+nbMbNheq8SBRMGF3GZSEmAY4T6zw+wwCq9GcZLTVnm?= =?us-ascii?Q?+RuQQqaspciRBD7XwcF8IScOBUJINg0hY/alsK3KPcyKAJocJmLtwbpLLgkx?= =?us-ascii?Q?/qRQqsy+CnR5F47mAGWo6OI97qzkGVOUph/bGGfTN6iWye6UfuEF8CQYZSMe?= =?us-ascii?Q?Rm3pBGEswcim6h94L6AA+5YY8AMO6y1vc3Qgde5U6g9erjtv/pkkzMk6P9nE?= =?us-ascii?Q?TwG0lt8gOjtIMOH7mpxcnlqS+baIJ7wFT4Xn1UC4gnAIMJyzY4kicsIoQL8W?= =?us-ascii?Q?RbXKjqjId8k1SimLi01erW0/wmCxGQhRjlg8r9il8Zfztvtfd8LW8xOQXMxz?= =?us-ascii?Q?7lmWVix5VBwYN11Z7Y6HATLE6SQZHeCEwBETehcYwMP2WS1g/QVU1iigbynN?= =?us-ascii?Q?9JySVahBNiejTAwOzJUdOKFZiXJ1rRtkafyPpV3uWWQib2eMfAZD0e/T+tCJ?= =?us-ascii?Q?CkRYY5UhoxVhjuNNHT4IILtr5kcj31CTsgHl/irXkl6qO+m5BhiRK2rXMbW6?= =?us-ascii?Q?wft7cwO/cTuiJfIkwCa1WnobMQHCm888Fs+1CjzVqsJh3FZL7NsISBqkB7gv?= =?us-ascii?Q?77NPDmJ6B34PXudIyXWKLUOymaeIlbdSRst53SAHzrXDG8ozm9cZs6tdhCwz?= =?us-ascii?Q?BhyKnFTY7d04xiizLHEY/MxugMBoAIkG/uTCgpVuGFamo6IzZnxO167ttlVg?= =?us-ascii?Q?tcvfzUO2MyvLmQ2QpdfaSn3Z?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a8d9ce7c-98f8-418d-7b85-08d93a5c3a6a X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Jun 2021 17:43:24.2614 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 7dhfhZbDeCey6bj5ComOYbFcchG86tFEPNZxQihg2bHOv3w+2QSmr7bSt62UdsQlMFqau8Ta2LeYWJeA6Oa8Sg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4172 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional guest termination requests depending on the failure type. Let's move the logic to request the guest termination into a macro to keep the code readable. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 87 +++++++++++++++-------------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index c3b4e16bf681..7465f7086449 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -37,6 +37,13 @@ BITS 32 =20 %define SEV_STATUS_MSR 0xc0010130 =20 +; The #VC was not for CPUID +%define TERM_VC_NOT_CPUID 1 + +; The unexpected response code +%define TERM_UNEXPECTED_RESP_CODE 2 + + ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll ; returns, it verifies that the response code matches with the expected @@ -72,6 +79,43 @@ BITS 32 jne SevEsUnexpectedRespTerminate %endmacro =20 +; Macro to terminate the guest using the VMGEXIT. +; arg 1: reason code +%macro TerminateVmgExit 1 + mov eax, %1 + ; + ; Use VMGEXIT to request termination. At this point the reason code is + ; located in EAX, so shift it left 16 bits to the proper location. + ; + ; EAX[11:0] =3D> 0x100 - request termination + ; EAX[15:12] =3D> 0x1 - OVMF + ; EAX[23:16] =3D> 0xXX - REASON CODE + ; + shl eax, 16 + or eax, 0x1100 + xor edx, edx + mov ecx, SEV_STATUS_MSR + wrmsr + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; We shouldn't come back from the VMGEXIT, but if we do, just loop. + ; +%%TerminateHlt: + hlt + jmp %%TerminateHlt +%endmacro + +; Terminate the guest due to unexpected response code. +SevEsUnexpectedRespTerminate: + TerminateVmgExit TERM_UNEXPECTED_RESP_CODE + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -226,48 +270,7 @@ SevEsDisabled: ; =20 SevEsIdtNotCpuid: - ; - ; Use VMGEXIT to request termination. - ; 1 - #VC was not for CPUID - ; - mov eax, 1 - jmp SevEsIdtTerminate - -SevEsUnexpectedRespTerminate: - ; - ; Use VMGEXIT to request termination. - ; 2 - Unexpected Response is received - ; - mov eax, 2 - -SevEsIdtTerminate: - ; - ; Use VMGEXIT to request termination. At this point the reason code is - ; located in EAX, so shift it left 16 bits to the proper location. - ; - ; EAX[11:0] =3D> 0x100 - request termination - ; EAX[15:12] =3D> 0x1 - OVMF - ; EAX[23:16] =3D> 0xXX - REASON CODE - ; - shl eax, 16 - or eax, 0x1100 - xor edx, edx - mov ecx, SEV_STATUS_MSR - wrmsr - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 - - ; - ; We shouldn't come back from the VMGEXIT, but if we do, just loop. - ; -SevEsIdtHlt: - hlt - jmp SevEsIdtHlt + TerminateVmgExit TERM_VC_NOT_CPUID iret =20 ; --=20 2.17.1