From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.68]) by mx.groups.io with SMTP id smtpd.web09.5409.1625057644938998771 for ; Wed, 30 Jun 2021 05:54:05 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=Ogf76s/5; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.68, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JzWBVsxu2VC6oi+y+mOqy90xFchrbCXQTKLkrLFihRSo+Xf0PhI6bxNeten6kf8qorqH8jXr0NRI7F4DSAEPCXwfvqYoomlpPWTiLYe9QiqVs1PXg7gkZGPqbXhcUXLtxLwJFZz4EbSoIe29TSBehm3rrHXe5RhUWs7LeXFYQmQuOozN6SnqQwb/wjoquwRs+uhnSW6fJsRQIL+K0TexLNwdrar9QPpQCLhNTI8Z/VTdOEjQdNsy1Y5B3AhAMVN88VreXWaawnvSRSRScfnnyc3Nal/rZtchjEW585GLGw7udEIS5OYoXpGfrWnM4d4xXkqjn3ec6ytIeKVSd+HLOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KrVOeOABwZpFGxaDvHyjydoSSKZaTxtQp+ArI62uQEQ=; b=ip88q5AR1JoA1+2xinrxLKblVUds6IzJBb7YFpVUSxetoxPmt59g6bl8BwRvs73eF+jzJ5e3WuRbylhKggZd8Vy7IHS1/byX2v4NwGjqM1mAFPS/hl/raQ80irpKsTmvrIbsi+S+hNLvd3HQtYXx1SuX9CI/9gTnLSYug7f+KVVU5m410RT40hU/qoHpQKKsEuj0C9Ff/RSMChfAlG8IRe4rDrs7fEDLfLx6wWtZ9Eher3XCrUdmJfyvMgdeiJwX3qyu9hvuh1lF8KIS7svbDlL43L18t7VO3NtGSfDV8w0gMnViUv0sIHNtCHsZ9luOOl3Kh990/M4r9v0vUmnSRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KrVOeOABwZpFGxaDvHyjydoSSKZaTxtQp+ArI62uQEQ=; b=Ogf76s/53Gfoh7XPInR+rp90RMwAPEadNQamwoLUmaKOHzaAA85xWYCVqHeFArRhwlzHPBuSITuuMR7VFr0uy0dAVuKE1OaL/Hr07/uRzC31IveYrJQirwf5PX43xXOe+wHzUcpA/mr652XsxZsBCyabrwmuLBr/nf366W9IR1Y= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB4170.namprd12.prod.outlook.com (2603:10b6:5:219::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.19; Wed, 30 Jun 2021 12:54:03 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021 12:54:03 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v5 02/28] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT Date: Wed, 30 Jun 2021 07:52:55 -0500 Message-ID: <20210630125321.30278-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com> References: <20210630125321.30278-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:02 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f7705be8-9fdc-4f12-7f07-08d93bc62363 X-MS-TrafficTypeDiagnostic: DM6PR12MB4170: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: jE8fEjTM/6ssAwNDoxWhwpVNQJ7+fAHvt7/n8qGMbNBfPsc/CaPrXLEBAEi82bs68LMGTWrJ9H0w5NRt9aTAF6/ljWcZkLjkNj5v2opelutKLvChuqfi/NeImT6ao+OovTv/FvOvkD+dy2OIq1gIKcTR37Y4mMbPeC4AUP6fk8CQMzTCARIA4HTETLUrJSkgzIsA2t1R9dwmHbVk42bqpuLBc3hC+JgOOwTgy2AzkqLR7n/ucMKd1LK7Wvz97VQjCwY+YcDbVCiAXjM9YYSNAJg7ScBZ3awxXOtHhsD4WcV1gONgnjh1n87GgVbQbj6b4scsK/SljsWJ94+ocPEJPfS85eP9eWIESJdp9e9EATuzqiVhovrZlrSr6dKOYhAuf5B/iEdsLd4KHIZyzbZDxZr0xtxcU3B2QsBUO8m4uMJxaiaOx27PavLU0o9tSGTOc6+SM7voQB8VlQtXHCsw2O8rn/jhjx4BPTb2GCAPphV8ZrGR9T4ttUhdJDEXhl5vtm5A7dVNBvZo21fQd0d0u62cbgxce+/qc2ZK7WIoRImfMFp2T0v1WskKX9OOcEYWdprOog+BPB8TcH/xV/HzIa1w8r+xF1CPmAoRZ0mWlef06Q9bivpW+LgErugMc90n/K6/yW2/eu5NXqTnZHgFrsB+jzPJ1KVMzokmSNR0GpsayXOYosRAxzUUMrtDoeQdchqcIPJmFHh5oA0CowPnvjJeJqGlAcCvCUVHGk6p0auEaj1pQxvgYMNgShcieOBqgjxDBtep5VOWBIbJITPLArrchofYW6hw6618kT7qTI9eaTzF6oFVJkXh7LeE1THLI/lgrvt6ksN98ZYMQOwcJg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(346002)(136003)(39860400002)(366004)(396003)(5660300002)(86362001)(1076003)(186003)(16526019)(19627235002)(6486002)(7416002)(2906002)(83380400001)(6916009)(66556008)(8936002)(4326008)(44832011)(956004)(478600001)(966005)(8676002)(316002)(36756003)(26005)(54906003)(38350700002)(2616005)(52116002)(66476007)(7696005)(6666004)(66946007)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?gCt+PYwrY9I195wVTdtBMjdsjs2hlU3I1riNlVDrX1/8x3kgME49Xl01lHO8?= =?us-ascii?Q?4zs/M/y4BeUvICTZj54FZQo7ULBjzHnTphXIwgiQ8LiLvhdoBvJDIh5Ow1cc?= =?us-ascii?Q?qNGXdUgM4bDzViRbkdBhc/d7RijhTDGpkXyBH5FOcssvPvmQWdk1sUjHzxyJ?= =?us-ascii?Q?ANvAJRoOUZE34GhS59iCtgLgUuLlLyBVME/5VGimtL5kTiR59gbHg3egGxwC?= =?us-ascii?Q?SEGlXaKLqY+8mDYcSNjZ5HYydh2Gh2unpMv/PIx/ES3BLjqFlLcV9Gxd4c/l?= =?us-ascii?Q?UmzX1bzlv2fVpdEafnRMa24pmOsL34Jp40OoBfvtQ5xe+SHvpdvThiZ43p96?= =?us-ascii?Q?LW0gHRKuPK92qfmAnNFbclRZrXJ/UZtJlvDF0Fwy/k5wxgx0ZfeRHOC9LZN/?= =?us-ascii?Q?hWd/lC1YHc4KSWgUFc6m6WWSljoanjxyq6YBI32I9SUzhXE9ir/fcjQcvDLx?= =?us-ascii?Q?O30k1yC1tYU2yfoQX6wY7XOEyagJvOPY9R7l00o283352NzLbexND5izikYi?= =?us-ascii?Q?M/IBccrkTPun+k6WVGVEI3I0+fpPz+kG+DQ64EsSG81B+dwTCkyQ+EvQU3Z5?= =?us-ascii?Q?Yl/YYDs2tWQT7Dpo/jFuZuyA/Yd2dSvO3hJMXYvTSc30LmOgbsMItMmIxagE?= =?us-ascii?Q?Pvt3niJ6J9+RCZONiEDH8UL5VtHv1zSUgrNw7edV/CpTIWoVqmcPs4pdVqmV?= =?us-ascii?Q?ymncvVFRmX/9LFIOoCoK2Kmy3Zi2SSpzNRTB+E9ShjhHCYsq2+sO8Z+2m0eF?= =?us-ascii?Q?MH9CwqkBJirRi/hMHcVb2ZSfwZM3qE0jBgXbHZm5oLF046kN9lGhyeiDu+Lg?= =?us-ascii?Q?QBJcyzxVHVRmpif2lT0WZ4HmWTlnAgnjMhpZWqtulrlhNB+ovbxhnLLAJi4L?= =?us-ascii?Q?9eQLroPD9BUUT+vzvAxOVsKlTiw3qVkuR7GjuuGVUHWo67eqlpG5oVgYM7dP?= =?us-ascii?Q?y/dt5BtJTMkXKfebULmwwaoJAhXON60iqVzxo3/q5iF+RGOJ3giDPN2EWGL9?= =?us-ascii?Q?PV/Ox1DrFLSjEW+RL/dzK79URW9rd0mZuEvek4moesxzpn9ZCpU/qpxuJUqE?= =?us-ascii?Q?7/GiUOMODjNiki62mCXzz6bQW8WT1ZjE+WouGh9kMZ+0W6R6bYFoNPet4XJv?= =?us-ascii?Q?jm1VKuNLoPG5WUJ6tNvyEBHB3DeEhOzyRSFqsL9+ut9LsfjOBTYepsNacOZ/?= =?us-ascii?Q?cgEfoEZjPM7mP4TaQR91uLiZOGI5pVcTPXyCwh4BVOZVK8NdnMNvKMjrMRX0?= =?us-ascii?Q?gDfLrqI3wgPijvPC200PlxPcsDXPiOJ8S07imev5pLE7QpJvt4pJrN6HxAYz?= =?us-ascii?Q?IYSZ4nRZc4pkYBZijTVzUc/n?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: f7705be8-9fdc-4f12-7f07-08d93bc62363 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:03.4551 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AoZVaxNqhpmax1iJmLHm1tPO1zaZ98hagj6FkmCKyrY+kLuTYyZFk8VlTbHw3YbWfkuMXZCufaeApVdC8khYeg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4170 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional MSR protocol based VMGEXIT's. Add a macro that wraps the common setup and response validation logic in one place to keep the code readable. While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS MSR instead of open coding it. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 71 +++++++++++++++++++---------- 1 file changed, 47 insertions(+), 24 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index b32dd3b5d656..2c478cda314b 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -36,6 +36,44 @@ BITS 32 %define CPUID_INSN_LEN 2 =20 =20 +%define SEV_GHCB_MSR 0xc0010130 +%define SEV_STATUS_MSR 0xc0010131 + +; Macro is used to issue the MSR protocol based VMGEXIT. The caller is +; responsible to populate values in the EDX:EAX registers. After the vmmca= ll +; returns, it verifies that the response code matches with the expected +; code. If it does not match then terminate the guest. The result of reque= st +; is returned in the EDX:EAX. +; +; args 1:Request code, 2: Response code +%macro VmgExit 2 + ; + ; Add request code: + ; GHCB_MSR[11:0] =3D Request code + or eax, %1 + + mov ecx, SEV_GHCB_MSR + wrmsr + + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + mov ecx, SEV_GHCB_MSR + rdmsr + + ; + ; Verify the reponse code, if it does not match then request to termin= ate + ; GHCB_MSR[11:0] =3D Response code + mov ecx, eax + and ecx, 0xfff + cmp ecx, %2 + jne SevEsUnexpectedRespTerminate +%endmacro + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -85,7 +123,7 @@ CheckSevFeatures: =20 ; Check if SEV memory encryption is enabled ; MSR_0xC0010131 - Bit 0 (SEV enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 0 jnc NoSev @@ -100,7 +138,7 @@ CheckSevFeatures: =20 ; Check if SEV-ES is enabled ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 1 jnc GetSevEncBit @@ -197,10 +235,10 @@ SevEsIdtNotCpuid: mov eax, 1 jmp SevEsIdtTerminate =20 -SevEsIdtNoCpuidResponse: +SevEsUnexpectedRespTerminate: ; ; Use VMGEXIT to request termination. - ; 2 - GHCB_CPUID_RESPONSE not received + ; 2 - Unexpected Response is received ; mov eax, 2 =20 @@ -216,7 +254,7 @@ SevEsIdtTerminate: shl eax, 16 or eax, 0x1100 xor edx, edx - mov ecx, 0xc0010130 + mov ecx, SEV_GHCB_MSR wrmsr ; ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it @@ -276,7 +314,7 @@ SevEsIdtVmmComm: mov [esp + VC_CPUID_REQUEST_REGISTER], eax =20 ; Save current GHCB MSR value - mov ecx, 0xc0010130 + mov ecx, SEV_GHCB_MSR rdmsr mov [esp + VC_GHCB_MSR_EAX], eax mov [esp + VC_GHCB_MSR_EDX], edx @@ -293,31 +331,16 @@ NextReg: jge VmmDone =20 shl eax, GHCB_CPUID_REGISTER_SHIFT - or eax, GHCB_CPUID_REQUEST mov edx, [esp + VC_CPUID_FUNCTION] - mov ecx, 0xc0010130 - wrmsr =20 - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 + VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE =20 ; - ; Read GHCB MSR + ; Response GHCB MSR ; GHCB_MSR[63:32] =3D CPUID register value ; GHCB_MSR[31:30] =3D CPUID register ; GHCB_MSR[11:0] =3D CPUID response protocol ; - mov ecx, 0xc0010130 - rdmsr - mov ecx, eax - and ecx, 0xfff - cmp ecx, GHCB_CPUID_RESPONSE - jne SevEsIdtNoCpuidResponse =20 ; Save returned value shr eax, GHCB_CPUID_REGISTER_SHIFT @@ -335,7 +358,7 @@ VmmDone: ; mov eax, [esp + VC_GHCB_MSR_EAX] mov edx, [esp + VC_GHCB_MSR_EDX] - mov ecx, 0xc0010130 + mov ecx, SEV_GHCB_MSR wrmsr =20 mov eax, [esp + VC_CPUID_RESULT_EAX] --=20 2.17.1