From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.66]) by mx.groups.io with SMTP id smtpd.web12.5435.1625057647060304924 for ; Wed, 30 Jun 2021 05:54:07 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=qXxb5TwS; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.237.66, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JbFbtGAj+oNiBO114gsu55mmSGM/n27eyqLXsSzde7y2yfC7vvfsQIp6PfbuFgTvQJ2s8BjePXXUG5R7T/CiOKXtbb0j63ElJrukM2Zx+wL3pMaxIiF6mju7sKiwO8iJiyYLRse+dA6nOtV6OLAZPaf2+hgvr0rsERu2sK+jYEBCJIXLgkuGUguSplnd7YPy1sZuSimMkhlxRv99CuIJFtQWBSMAUhyl0AsshPRpH+cdIbIuTta0+isORRmkerM4Flf7prvNQOp2WKy/nsYDVfIYjOgprWi+l/xbSOnOIrC+Lbzkql0qzU8Wp6hDJMaD/O0ZhDtOB29wUo35T6Ba1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ml8LQyPeMDkywj8dELXO4qUiLAgOgi4ZqikMKRNNwZw=; b=ZkmpUvqe0XPDoERDq1iXNPC1HGdiybJk00RyNRPkbveOOjYbcSWCcAAfGAek3g4LE0tNjYxSDi+xdXa9EpaTHZq0xvdqpD0Tqdg0NOahPG/HvRzV1OCmpjd872qTXhxH517M+6MyTtu1DavkiF1gNdfhYGwTG2D+kAYVRZB1QVxtMKaa8kT03FtQqLzg3cSp5DYUgbIjX3KTIiIQDE467S4Uu1eLq1w7toMjPRRA68TrLYEv0zvprrmxZrGlsYkS0lBwJaE5Z1TOJtog5JFuEV8tbSJvbBcpZNjayZfbAKgSnT6WjvH24hlp2/iR3wurN4qpF72hdwVldMGY7nbq9Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ml8LQyPeMDkywj8dELXO4qUiLAgOgi4ZqikMKRNNwZw=; b=qXxb5TwSUro5G3EWh/mY3F9wf3bzUStr4gY/QtFWy2H9up/Jpy1oW4kc7iJRVTRE3FtTvXB8VN+Fzdk04aos6gZkZs0cFJvRMRUO6GF9lbIMMvMOpYGnrZf2FNLtDIRbgg6Xs5lKvEXgZ4dp67RzX3oja3JhIx6I4qwNSfiyFYc= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM5PR1201MB0076.namprd12.prod.outlook.com (2603:10b6:4:55::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20; Wed, 30 Jun 2021 12:54:05 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Wed, 30 Jun 2021 12:54:05 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth , Brijesh Singh Subject: [RFC PATCH v5 03/28] OvmfPkg/ResetVector: add the macro to request guest termination Date: Wed, 30 Jun 2021 07:52:56 -0500 Message-ID: <20210630125321.30278-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210630125321.30278-1-brijesh.singh@amd.com> References: <20210630125321.30278-1-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0018.namprd13.prod.outlook.com (2603:10b6:806:21::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.14 via Frontend Transport; Wed, 30 Jun 2021 12:54:03 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b05194fb-6ed6-4aaa-55d0-08d93bc62447 X-MS-TrafficTypeDiagnostic: DM5PR1201MB0076: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MPVHu7x/dR8tVSEb9uU4Ba2u/p9YntGNuTcuv33B4LugjGbjfLc/o5ATok0pZEJpC+of2ogj3NNENjKtYIKz4YGlisLIQ9RcqVUuu4rjGDD8L/UJDsf9m3WXUY6C7TVexlV1Hw9alhC32LsMj62MlwJ5nA5vHz4y9gvGfEIvQY/xvIfOp9ADJyqpj81ORE6FblMByMcWqfPhaO39DOxmi0qivBGLapBkjjPd9bghu9nFQiZdmT3r1tCRvVU137qWUxrUgMZs8eh8PCBKu30P+Nt6l0mifd/sHFqX2gw6DyFMTrRu+mO5kMnkgTMsu0jB01v0sj9AVT+fxFXzdmmdoEb6YyeWffdlDzFz6z41eobguwFc+VJpw0cLH7/i7JGu4z/mXC5sFaSU1XRFTrA9gLPBkOlWtl2ZenoscWVi12YLZVAvr97+udM8/enQfE2XWCDRO4mqceKIYCnIG/TojoEyXeXu66HFuE20gAr7O4emrY6dWNqJogGs34Weqz6gwST234HLLcZnc94l/3TGxde68ABLu57tQ5ISwKge38h6STJ+lgZ+B9hrnpE1s8Nv/UZliZt1J2xW8UhebECp6L+2BG6FbAgk5tgaG0YZtWKdI3b93lifAgE/ksR4SJfVTb6gwx3vbw9lgRuAhS7F+IKPX9ucDt+iUDprlaKxWranVRVjChQiXENC99ajaTduBB4aroYhowXeOy8tdinLz5rgMgrPsQUNsMYNu9MwBKmXReYprCG/6TKJbmPm0no+cCZz2HY9PKb2O2AdjGHj98Zh/4dyeERB6kh4FDBXjStUlJFgYjdy2E2bSt4Yl0UeSoBDA2fGGAqhPW9rqoNBzQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(7696005)(1076003)(8676002)(16526019)(8936002)(6666004)(2616005)(4326008)(956004)(38350700002)(38100700002)(478600001)(186003)(6486002)(19627235002)(66556008)(66476007)(26005)(7416002)(316002)(966005)(86362001)(66946007)(52116002)(36756003)(54906003)(5660300002)(2906002)(6916009)(44832011)(83380400001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?WygJUdKbjAGU4ONqn8hGfoc1Orx9Itz5UqrbB/eoPReDJkEXjm6mn5WXQ4QW?= =?us-ascii?Q?PxkzrpoF4PeG4su/EyoyzYOB3YAHWPhS9ciZ/rIuxA+pnxMwGgKpgMem9qmj?= =?us-ascii?Q?nhT1IAP2/9QV7HAslT8BEqB2HmNOiyyqOVoqjMaoE5uyjWsws2SiqVy/tn1G?= =?us-ascii?Q?GXgq0lbRacvyBOmkXrrSo1SfLMDZwpnO28c5LLst/gqJATyn5MSQGGiZVj7Y?= =?us-ascii?Q?qFg3GFoearQHNHhHCNi2Vz8DwSHu3rr6aeyY4PXEJBgEUXHxQL9RWr9dk/LZ?= =?us-ascii?Q?cUoZnyvxb9KKuKec9TvQBnqERQZIynm+MPuSJtixvUHJMbz5zCR+itm3e8fU?= =?us-ascii?Q?kkSoeLw/am6WPcB62qgFx7/RhoLlwJISgpvzYGXgvEY0mR4lzV1nTi+j9rc7?= =?us-ascii?Q?oOawMXKJrr9pmfg78a5a/eN5TkyrEWIQAsd5cgECXDAyIb+JL73wZSp6RkX8?= =?us-ascii?Q?L5N6+RmQiKg/fKnu1sDpw8KWcgD1Unyxn4z/fBLA1V+/T9BaAiY+P4s3/bXk?= =?us-ascii?Q?kAkuCvfQ0AqYGi53FeF66hr+rOYt4vjDOHnAA+bVSGsKiAMfC9b6qllwooP5?= =?us-ascii?Q?akr7wyAuSHZZVymf0mLTBlu7SvDf5IMg+V8XNW0oGgC0yy5ZbDON9YCHg4kB?= =?us-ascii?Q?qq7QVQJHefnyJ6o9OlotsUSFR4Q41edh0TLXDWZ2x9KozhvES+i3SKnjkf9O?= =?us-ascii?Q?MnqjrGnPiiMNTlot1RhlIP5kKO9dOpyZ8qFuif5FZWhMz8XDoStsP9O1ddFV?= =?us-ascii?Q?yISd6kjF442XNOc9erMItySuk49T1UStbwmrJx7h6ZxGK7Sn0zYquKpbeDGW?= =?us-ascii?Q?J7SfSojlZ4mi1Zo2ZzUv+3zk000JgmS0PkF5A3NNqlnGyRptXvSHPx8C88p9?= =?us-ascii?Q?z1jchK98N9dv3qYz87P8U5afEZ5ipXxfHvOi5y9XzhjYQM3c7c+bbMzAwAMw?= =?us-ascii?Q?3vRWRqjlx2qbFtfuG0TO2zpPdFBQKkkBvLZsaNeEUy9LPakBXicnrSSHqCay?= =?us-ascii?Q?r83+LmwOH5/w5RRbO2gQ9/p8aJKemhVDJlbW1KFpdl1vAz4E6Ym0o/uKK+qd?= =?us-ascii?Q?DS3y111J+wErPnD5PLT1ONAz39aC3cwnCs3GUK05uIUGeBC9gKOp8MhL9mKP?= =?us-ascii?Q?d9yo+uf2+X5Mz/ofiYBFe0iNSfilw+dhpUspWw55QjUx02ogo4408wVyRXQS?= =?us-ascii?Q?czYVRxC74j/buGr0sb6ge0ZAn1rJVAO+hGfTuMWa36r+RiCJmv4fKqAy6sC1?= =?us-ascii?Q?XiCCAM50ZWxqlw5mVJKOJQFHDIHm4jpkTHzZ3IbZ8y8MtJlNctGQyPcUoxI9?= =?us-ascii?Q?gtVx3ZPgYu+bxvQeEkG0JD71?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b05194fb-6ed6-4aaa-55d0-08d93bc62447 X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 12:54:04.9133 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: M1ZRKrTvIIyjLf4gfH6jBswCDhWzdsOXi88LFWTcUiBsvTxGLrcPOzmUYkNpYOti7QyQRRq3dYqDnnRowug+VQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0076 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional guest termination requests depending on the failure type. Let's move the logic to request the guest termination into a macro to keep the code readable. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 87 +++++++++++++++-------------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 2c478cda314b..c4c00056f9f3 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -39,6 +39,13 @@ BITS 32 %define SEV_GHCB_MSR 0xc0010130 %define SEV_STATUS_MSR 0xc0010131 =20 +; The #VC was not for CPUID +%define TERM_VC_NOT_CPUID 1 + +; The unexpected response code +%define TERM_UNEXPECTED_RESP_CODE 2 + + ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll ; returns, it verifies that the response code matches with the expected @@ -74,6 +81,43 @@ BITS 32 jne SevEsUnexpectedRespTerminate %endmacro =20 +; Macro to terminate the guest using the VMGEXIT. +; arg 1: reason code +%macro TerminateVmgExit 1 + mov eax, %1 + ; + ; Use VMGEXIT to request termination. At this point the reason code is + ; located in EAX, so shift it left 16 bits to the proper location. + ; + ; EAX[11:0] =3D> 0x100 - request termination + ; EAX[15:12] =3D> 0x1 - OVMF + ; EAX[23:16] =3D> 0xXX - REASON CODE + ; + shl eax, 16 + or eax, 0x1100 + xor edx, edx + mov ecx, SEV_GHCB_MSR + wrmsr + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; We shouldn't come back from the VMGEXIT, but if we do, just loop. + ; +%%TerminateHlt: + hlt + jmp %%TerminateHlt +%endmacro + +; Terminate the guest due to unexpected response code. +SevEsUnexpectedRespTerminate: + TerminateVmgExit TERM_UNEXPECTED_RESP_CODE + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -228,48 +272,7 @@ SevEsDisabled: ; =20 SevEsIdtNotCpuid: - ; - ; Use VMGEXIT to request termination. - ; 1 - #VC was not for CPUID - ; - mov eax, 1 - jmp SevEsIdtTerminate - -SevEsUnexpectedRespTerminate: - ; - ; Use VMGEXIT to request termination. - ; 2 - Unexpected Response is received - ; - mov eax, 2 - -SevEsIdtTerminate: - ; - ; Use VMGEXIT to request termination. At this point the reason code is - ; located in EAX, so shift it left 16 bits to the proper location. - ; - ; EAX[11:0] =3D> 0x100 - request termination - ; EAX[15:12] =3D> 0x1 - OVMF - ; EAX[23:16] =3D> 0xXX - REASON CODE - ; - shl eax, 16 - or eax, 0x1100 - xor edx, edx - mov ecx, SEV_GHCB_MSR - wrmsr - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 - - ; - ; We shouldn't come back from the VMGEXIT, but if we do, just loop. - ; -SevEsIdtHlt: - hlt - jmp SevEsIdtHlt + TerminateVmgExit TERM_VC_NOT_CPUID iret =20 ; --=20 2.17.1