From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.68])
 by mx.groups.io with SMTP id smtpd.web09.5409.1625057644938998771
 for <devel@edk2.groups.io>;
 Wed, 30 Jun 2021 05:54:05 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=Ogf76s/5;
 spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.68, mailfrom: brijesh.singh@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=JzWBVsxu2VC6oi+y+mOqy90xFchrbCXQTKLkrLFihRSo+Xf0PhI6bxNeten6kf8qorqH8jXr0NRI7F4DSAEPCXwfvqYoomlpPWTiLYe9QiqVs1PXg7gkZGPqbXhcUXLtxLwJFZz4EbSoIe29TSBehm3rrHXe5RhUWs7LeXFYQmQuOozN6SnqQwb/wjoquwRs+uhnSW6fJsRQIL+K0TexLNwdrar9QPpQCLhNTI8Z/VTdOEjQdNsy1Y5B3AhAMVN88VreXWaawnvSRSRScfnnyc3Nal/rZtchjEW585GLGw7udEIS5OYoXpGfrWnM4d4xXkqjn3ec6ytIeKVSd+HLOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KrVOeOABwZpFGxaDvHyjydoSSKZaTxtQp+ArI62uQEQ=;
 b=ip88q5AR1JoA1+2xinrxLKblVUds6IzJBb7YFpVUSxetoxPmt59g6bl8BwRvs73eF+jzJ5e3WuRbylhKggZd8Vy7IHS1/byX2v4NwGjqM1mAFPS/hl/raQ80irpKsTmvrIbsi+S+hNLvd3HQtYXx1SuX9CI/9gTnLSYug7f+KVVU5m410RT40hU/qoHpQKKsEuj0C9Ff/RSMChfAlG8IRe4rDrs7fEDLfLx6wWtZ9Eher3XCrUdmJfyvMgdeiJwX3qyu9hvuh1lF8KIS7svbDlL43L18t7VO3NtGSfDV8w0gMnViUv0sIHNtCHsZ9luOOl3Kh990/M4r9v0vUmnSRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KrVOeOABwZpFGxaDvHyjydoSSKZaTxtQp+ArI62uQEQ=;
 b=Ogf76s/53Gfoh7XPInR+rp90RMwAPEadNQamwoLUmaKOHzaAA85xWYCVqHeFArRhwlzHPBuSITuuMR7VFr0uy0dAVuKE1OaL/Hr07/uRzC31IveYrJQirwf5PX43xXOe+wHzUcpA/mr652XsxZsBCyabrwmuLBr/nf366W9IR1Y=
Authentication-Results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com;
Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by
 DM6PR12MB4170.namprd12.prod.outlook.com (2603:10b6:5:219::20) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4264.19; Wed, 30 Jun 2021 12:54:03 +0000
Received: from DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com
 ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021
 12:54:03 +0000
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
CC: James Bottomley <jejb@linux.ibm.com>,
	Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Laszlo Ersek <lersek@redhat.com>,
	Erdem Aktas <erdemaktas@google.com>,
	Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [RFC PATCH v5 02/28] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT
Date: Wed, 30 Jun 2021 07:52:55 -0500
Message-ID: <20210630125321.30278-3-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com>
References: <20210630125321.30278-1-brijesh.singh@amd.com>
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com
 (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com
 (2603:10b6:5:42::18)
Return-Path: brijesh.singh@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:02 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f7705be8-9fdc-4f12-7f07-08d93bc62363
X-MS-TrafficTypeDiagnostic: DM6PR12MB4170:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: 
	<DM6PR12MB41702FE0FBAAD01E40594EBBE5019@DM6PR12MB4170.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	jE8fEjTM/6ssAwNDoxWhwpVNQJ7+fAHvt7/n8qGMbNBfPsc/CaPrXLEBAEi82bs68LMGTWrJ9H0w5NRt9aTAF6/ljWcZkLjkNj5v2opelutKLvChuqfi/NeImT6ao+OovTv/FvOvkD+dy2OIq1gIKcTR37Y4mMbPeC4AUP6fk8CQMzTCARIA4HTETLUrJSkgzIsA2t1R9dwmHbVk42bqpuLBc3hC+JgOOwTgy2AzkqLR7n/ucMKd1LK7Wvz97VQjCwY+YcDbVCiAXjM9YYSNAJg7ScBZ3awxXOtHhsD4WcV1gONgnjh1n87GgVbQbj6b4scsK/SljsWJ94+ocPEJPfS85eP9eWIESJdp9e9EATuzqiVhovrZlrSr6dKOYhAuf5B/iEdsLd4KHIZyzbZDxZr0xtxcU3B2QsBUO8m4uMJxaiaOx27PavLU0o9tSGTOc6+SM7voQB8VlQtXHCsw2O8rn/jhjx4BPTb2GCAPphV8ZrGR9T4ttUhdJDEXhl5vtm5A7dVNBvZo21fQd0d0u62cbgxce+/qc2ZK7WIoRImfMFp2T0v1WskKX9OOcEYWdprOog+BPB8TcH/xV/HzIa1w8r+xF1CPmAoRZ0mWlef06Q9bivpW+LgErugMc90n/K6/yW2/eu5NXqTnZHgFrsB+jzPJ1KVMzokmSNR0GpsayXOYosRAxzUUMrtDoeQdchqcIPJmFHh5oA0CowPnvjJeJqGlAcCvCUVHGk6p0auEaj1pQxvgYMNgShcieOBqgjxDBtep5VOWBIbJITPLArrchofYW6hw6618kT7qTI9eaTzF6oFVJkXh7LeE1THLI/lgrvt6ksN98ZYMQOwcJg==
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(39860400002)(366004)(396003)(5660300002)(86362001)(1076003)(186003)(16526019)(19627235002)(6486002)(7416002)(2906002)(83380400001)(6916009)(66556008)(8936002)(4326008)(44832011)(956004)(478600001)(966005)(8676002)(316002)(36756003)(26005)(54906003)(38350700002)(2616005)(52116002)(66476007)(7696005)(6666004)(66946007)(38100700002);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	=?us-ascii?Q?gCt+PYwrY9I195wVTdtBMjdsjs2hlU3I1riNlVDrX1/8x3kgME49Xl01lHO8?=
 =?us-ascii?Q?4zs/M/y4BeUvICTZj54FZQo7ULBjzHnTphXIwgiQ8LiLvhdoBvJDIh5Ow1cc?=
 =?us-ascii?Q?qNGXdUgM4bDzViRbkdBhc/d7RijhTDGpkXyBH5FOcssvPvmQWdk1sUjHzxyJ?=
 =?us-ascii?Q?ANvAJRoOUZE34GhS59iCtgLgUuLlLyBVME/5VGimtL5kTiR59gbHg3egGxwC?=
 =?us-ascii?Q?SEGlXaKLqY+8mDYcSNjZ5HYydh2Gh2unpMv/PIx/ES3BLjqFlLcV9Gxd4c/l?=
 =?us-ascii?Q?UmzX1bzlv2fVpdEafnRMa24pmOsL34Jp40OoBfvtQ5xe+SHvpdvThiZ43p96?=
 =?us-ascii?Q?LW0gHRKuPK92qfmAnNFbclRZrXJ/UZtJlvDF0Fwy/k5wxgx0ZfeRHOC9LZN/?=
 =?us-ascii?Q?hWd/lC1YHc4KSWgUFc6m6WWSljoanjxyq6YBI32I9SUzhXE9ir/fcjQcvDLx?=
 =?us-ascii?Q?O30k1yC1tYU2yfoQX6wY7XOEyagJvOPY9R7l00o283352NzLbexND5izikYi?=
 =?us-ascii?Q?M/IBccrkTPun+k6WVGVEI3I0+fpPz+kG+DQ64EsSG81B+dwTCkyQ+EvQU3Z5?=
 =?us-ascii?Q?Yl/YYDs2tWQT7Dpo/jFuZuyA/Yd2dSvO3hJMXYvTSc30LmOgbsMItMmIxagE?=
 =?us-ascii?Q?Pvt3niJ6J9+RCZONiEDH8UL5VtHv1zSUgrNw7edV/CpTIWoVqmcPs4pdVqmV?=
 =?us-ascii?Q?ymncvVFRmX/9LFIOoCoK2Kmy3Zi2SSpzNRTB+E9ShjhHCYsq2+sO8Z+2m0eF?=
 =?us-ascii?Q?MH9CwqkBJirRi/hMHcVb2ZSfwZM3qE0jBgXbHZm5oLF046kN9lGhyeiDu+Lg?=
 =?us-ascii?Q?QBJcyzxVHVRmpif2lT0WZ4HmWTlnAgnjMhpZWqtulrlhNB+ovbxhnLLAJi4L?=
 =?us-ascii?Q?9eQLroPD9BUUT+vzvAxOVsKlTiw3qVkuR7GjuuGVUHWo67eqlpG5oVgYM7dP?=
 =?us-ascii?Q?y/dt5BtJTMkXKfebULmwwaoJAhXON60iqVzxo3/q5iF+RGOJ3giDPN2EWGL9?=
 =?us-ascii?Q?PV/Ox1DrFLSjEW+RL/dzK79URW9rd0mZuEvek4moesxzpn9ZCpU/qpxuJUqE?=
 =?us-ascii?Q?7/GiUOMODjNiki62mCXzz6bQW8WT1ZjE+WouGh9kMZ+0W6R6bYFoNPet4XJv?=
 =?us-ascii?Q?jm1VKuNLoPG5WUJ6tNvyEBHB3DeEhOzyRSFqsL9+ut9LsfjOBTYepsNacOZ/?=
 =?us-ascii?Q?cgEfoEZjPM7mP4TaQR91uLiZOGI5pVcTPXyCwh4BVOZVK8NdnMNvKMjrMRX0?=
 =?us-ascii?Q?gDfLrqI3wgPijvPC200PlxPcsDXPiOJ8S07imev5pLE7QpJvt4pJrN6HxAYz?=
 =?us-ascii?Q?IYSZ4nRZc4pkYBZijTVzUc/n?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7705be8-9fdc-4f12-7f07-08d93bc62363
X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:03.4551
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: AoZVaxNqhpmax1iJmLHm1tPO1zaZ98hagj6FkmCKyrY+kLuTYyZFk8VlTbHw3YbWfkuMXZCufaeApVdC8khYeg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4170
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275

The upcoming SEV-SNP support will need to make a few additional MSR
protocol based VMGEXIT's. Add a macro that wraps the common setup and
response validation logic in one place to keep the code readable.

While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS
MSR instead of open coding it.

Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm | 71 +++++++++++++++++++----------
 1 file changed, 47 insertions(+), 24 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32=
/AmdSev.asm
index b32dd3b5d656..2c478cda314b 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -36,6 +36,44 @@ BITS    32
 %define CPUID_INSN_LEN              2
=20
=20
+%define SEV_GHCB_MSR                0xc0010130
+%define SEV_STATUS_MSR              0xc0010131
+
+; Macro is used to issue the MSR protocol based VMGEXIT. The caller is
+; responsible to populate values in the EDX:EAX registers. After the vmmca=
ll
+; returns, it verifies that the response code matches with the expected
+; code. If it does not match then terminate the guest. The result of reque=
st
+; is returned in the EDX:EAX.
+;
+; args 1:Request code, 2: Response code
+%macro VmgExit 2
+    ;
+    ; Add request code:
+    ;   GHCB_MSR[11:0]  =3D Request code
+    or      eax, %1
+
+    mov     ecx, SEV_GHCB_MSR
+    wrmsr
+
+    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
+    ; mode, so work around this by temporarily switching to 64-bit mode.
+    ;
+BITS    64
+    rep     vmmcall
+BITS    32
+
+    mov     ecx, SEV_GHCB_MSR
+    rdmsr
+
+    ;
+    ; Verify the reponse code, if it does not match then request to termin=
ate
+    ;   GHCB_MSR[11:0]  =3D Response code
+    mov     ecx, eax
+    and     ecx, 0xfff
+    cmp     ecx, %2
+    jne     SevEsUnexpectedRespTerminate
+%endmacro
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -85,7 +123,7 @@ CheckSevFeatures:
=20
     ; Check if SEV memory encryption is enabled
     ;  MSR_0xC0010131 - Bit 0 (SEV enabled)
-    mov       ecx, 0xc0010131
+    mov       ecx, SEV_STATUS_MSR
     rdmsr
     bt        eax, 0
     jnc       NoSev
@@ -100,7 +138,7 @@ CheckSevFeatures:
=20
     ; Check if SEV-ES is enabled
     ;  MSR_0xC0010131 - Bit 1 (SEV-ES enabled)
-    mov       ecx, 0xc0010131
+    mov       ecx, SEV_STATUS_MSR
     rdmsr
     bt        eax, 1
     jnc       GetSevEncBit
@@ -197,10 +235,10 @@ SevEsIdtNotCpuid:
     mov     eax, 1
     jmp     SevEsIdtTerminate
=20
-SevEsIdtNoCpuidResponse:
+SevEsUnexpectedRespTerminate:
     ;
     ; Use VMGEXIT to request termination.
-    ;   2 - GHCB_CPUID_RESPONSE not received
+    ;   2 - Unexpected Response is received
     ;
     mov     eax, 2
=20
@@ -216,7 +254,7 @@ SevEsIdtTerminate:
     shl     eax, 16
     or      eax, 0x1100
     xor     edx, edx
-    mov     ecx, 0xc0010130
+    mov     ecx, SEV_GHCB_MSR
     wrmsr
     ;
     ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
@@ -276,7 +314,7 @@ SevEsIdtVmmComm:
     mov     [esp + VC_CPUID_REQUEST_REGISTER], eax
=20
     ; Save current GHCB MSR value
-    mov     ecx, 0xc0010130
+    mov     ecx, SEV_GHCB_MSR
     rdmsr
     mov     [esp + VC_GHCB_MSR_EAX], eax
     mov     [esp + VC_GHCB_MSR_EDX], edx
@@ -293,31 +331,16 @@ NextReg:
     jge     VmmDone
=20
     shl     eax, GHCB_CPUID_REGISTER_SHIFT
-    or      eax, GHCB_CPUID_REQUEST
     mov     edx, [esp + VC_CPUID_FUNCTION]
-    mov     ecx, 0xc0010130
-    wrmsr
=20
-    ;
-    ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b=
it
-    ; mode, so work around this by temporarily switching to 64-bit mode.
-    ;
-BITS    64
-    rep     vmmcall
-BITS    32
+    VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE
=20
     ;
-    ; Read GHCB MSR
+    ; Response GHCB MSR
     ;   GHCB_MSR[63:32] =3D CPUID register value
     ;   GHCB_MSR[31:30] =3D CPUID register
     ;   GHCB_MSR[11:0]  =3D CPUID response protocol
     ;
-    mov     ecx, 0xc0010130
-    rdmsr
-    mov     ecx, eax
-    and     ecx, 0xfff
-    cmp     ecx, GHCB_CPUID_RESPONSE
-    jne     SevEsIdtNoCpuidResponse
=20
     ; Save returned value
     shr     eax, GHCB_CPUID_REGISTER_SHIFT
@@ -335,7 +358,7 @@ VmmDone:
     ;
     mov     eax, [esp + VC_GHCB_MSR_EAX]
     mov     edx, [esp + VC_GHCB_MSR_EDX]
-    mov     ecx, 0xc0010130
+    mov     ecx, SEV_GHCB_MSR
     wrmsr
=20
     mov     eax, [esp + VC_CPUID_RESULT_EAX]
--=20
2.17.1