From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.76]) by mx.groups.io with SMTP id smtpd.web09.5172.1627409459342317126 for ; Tue, 27 Jul 2021 11:10:59 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=AzZlQY+x; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.76, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PWj8mGE6xrmTWTrnFVZoBQMxI4nehVvJceCPo0O9LLc21JMTPCUhil6nhoGxHBQd2v7R87vs+dPS5F5O89ue9Wi+W9XjsS/DXGW+hHwPJG2yce4frETjh+V/Wiy+IemdOkuGDmrgfoJcbZQ08qMMECEP7pv9EIAzAbBhu5VjwDXr/ANb4yzxR406UIjp360q2C77BYKycvBlwE6cF7kV63NuwS+H3Xqs0+QH5JjBtazBtbKbYaliEkIw1daOeXC9qnDz8a3mLJD5+j1NjXCF3k75X/3jakWUuKGp62+egBzGb1YH9LtqtSegD6ROeygrxfhit9Wrk1l9fZEsjiLXMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eqTIcz3q7UWf4Pd2koA2L30rghIa4OlEIi0qgeWyZ9o=; b=BPMMhPebUCgFit8qkoVZe9hgvgDuaH0tJV6i6KgSNLMvJFXS9bLZUIo9rP6RKfR7QzpeZeCtNFwIXvg+MWFfaFWCOVjGXqxl242rS9PAu939S0J3soUYPJ9zZGw/CU9qHJrBalDm+mEAQJd2MAcSQ1wC4BrNSEUDAWex7jJPg9H60qLDuzrTUnRBkuoCucg9kHfsPjLEFEpjxk6RgFHDB56SbiQyHPBfyHgjx61piXCNPCaWbuCY2bX7ezDr1wyEy9L43kDXxBSAx2Kv5yLP5CViyWhNAIeuswtkOgZ4waRlqw8xfh1qF2i/knl+WPLdMeSR4rYT8GKvd7PGu6hjHQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eqTIcz3q7UWf4Pd2koA2L30rghIa4OlEIi0qgeWyZ9o=; b=AzZlQY+xGlgDLRaOpDcskNpjPeA1E66vwr8SQdqmWm9cuvoHpwOKVF4Z0RKx1DERsz3PT6hAxN0N/1HW+Ulo+2sg6tpt7STLmFkcG++2faELrftVezTgqxZJIHqUhjT+HWkDrinvg2p1uakg7ytRaC7OBTWCzHNrophTFmKIzFk= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18; Tue, 27 Jul 2021 18:10:58 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4352.031; Tue, 27 Jul 2021 18:10:58 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [PATCH v2 2/3] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT Date: Tue, 27 Jul 2021 13:10:23 -0500 Message-ID: <20210727181024.28770-3-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210727181024.28770-1-brijesh.singh@amd.com> References: <20210727181024.28770-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA9PR13CA0162.namprd13.prod.outlook.com (2603:10b6:806:28::17) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0162.namprd13.prod.outlook.com (2603:10b6:806:28::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.7 via Frontend Transport; Tue, 27 Jul 2021 18:10:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ce8721b0-186f-4d41-501f-08d95129e219 X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KmMxp7V7xOHeKM5QOhmFbekyq0JwW3dAbqGnSCy6FqBPOB7Yaz5wYD5boQUFD67reA3jWxRfAkS3omhDAEq+N8h7fazrgSsfbABxaA06Th7RLPmiCLZzwMBEp+Wjp4H5udRUAzxJkvtvwVEJymOZFQrpUtoOotSVVJ+9JM7rLUIIeLhF3M6nB4sWKskCGSC9QNoTN2Ct+uIyZZZn9/bdLOwHfnDecEQNw8Eih+Vn4wKNzjOniRDb0vJt+zA2LeR3+9wVp1tKt0Nyv+3qLB6V4JDz9xZBGXXi6QyS1ZmI+9cQgMCBwUCrW3aHfLP9ObWCJF4f9neYUJhsk0eHU5UTPERFiLr4ZXikx5b044aA2x5pCd2untWRf/5+bFRd/g+WITKpC/gMR5Lc91fEReugjZLD6zscCNlR9eGctILv+WxsffaQB2goXuAQV3tf95joTWgJrCi3E2jgYnh8qICqkcq0fvy+8oM/qb6/WEGXYjDIhLhHr1OmMM2phIF23VtFU/i3FlqjBjEo/9LJZGQdQ2rp+EQSZ8HHWtMOTLt7tgCKRGhfV3FNJ02u90Carp2DOtBWJkW+ZvqM19dqygpoYSLWQ6YUHtiADLZmgRiUdD4wpeKdNdzBdz2a8iZYQIWv5gZSb4VzyCogznCEMghEmUXUMxe1TXqDQM7weBveiufpI6GSw81WWuKCL45IQTiB7tLZdTd2Qwv2MGlvQBfNwkynYphHUmnxIrcxhrnAKNkZRCrFw8gvVrpHADZWFsKshwPgI7gHJ4FuUvHD3Fe2JOm+YCQNxIT4tFohBzhSX2Q= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(376002)(346002)(39860400002)(396003)(2616005)(1076003)(4326008)(86362001)(966005)(36756003)(8676002)(19627235002)(6916009)(38350700002)(38100700002)(6666004)(44832011)(316002)(2906002)(956004)(66476007)(66556008)(66946007)(5660300002)(6486002)(54906003)(7696005)(52116002)(478600001)(8936002)(83380400001)(26005)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?Ot3a63iS0SRcbAApQKUjYD4cmaupD8i76C6oIVQSJV/Hbk43VkyqgWrJNzv0?= =?us-ascii?Q?qmzqvNXfrHy0TvwGIi9m0vgZvrflotEG8wlKQqx649yGg/nKQd/jGWl1LHUz?= =?us-ascii?Q?jDOknJ+fcgcOGyLsO3sEmOKHZfLBan5yqYmoL/TYNK17quz9qzqO+Y65MqUY?= =?us-ascii?Q?sVMSb/eepdk/jD7Spzp8i7lSaETv4IWEQChWfm+7UCVUCZx8K5NCUsUBdNIA?= =?us-ascii?Q?he0A/OtUcmOrwBn+3QR9tYxT8XP4esEMyBd32+pAFx9p5qscvvET7JFUrhnq?= =?us-ascii?Q?CFxW9mC8CUd1XNyWxZ6en0Sfc+GKDkitmv4h5zHjq5T8MJu+em3sTeJWXZPN?= =?us-ascii?Q?7mg11//ssTwsKssfhHuU0CeGPuDNPKLf6NnHG1oOSc2tNqjjm4WUZdRJO27U?= =?us-ascii?Q?HzFjhIbfD5FNNxZMcCgAd/+yKzMxMTRXa3D6ed89m8Y12rVYTQwxxE64J/6m?= =?us-ascii?Q?mGy4JALaTuP/TpjCQlRT0hP0SxeEiHuuAS06imuSE+FkKkei1YK4USeDoEWo?= =?us-ascii?Q?iSY6oxKBgoga1vCkOErs0lgOQKrFXN154hgZ39vY4QGJR5y9ugQcHcp3w6Xw?= =?us-ascii?Q?YPnB2y7rD55V/w0leG/O5lk5/usbxpx6Cj1URXUHDxFUTXWjt9qYsPGrzGdK?= =?us-ascii?Q?zTq2TpSjzfLI998eICtIa79gi7y0EdO+tcOKxk9kkm2BZTSiiAMWZy0uwvwU?= =?us-ascii?Q?mAgDCnHXKmxeoCr2F0x/auCshn2lk7YADyUcwv+Kc5xkGol59U4ldXobfli7?= =?us-ascii?Q?iG3X6fTONK437pGHThLa9BNXZfcVVUDJ9Ud/dQweBNSXl9lsRNAbp0ozF8Xj?= =?us-ascii?Q?ITB0LElzMQ7h004wlDKMq/Imwci8WctfnnIrGsOGiAArHXDsyhFmFGnJ34R9?= =?us-ascii?Q?cTfH8rzNJIN1QiChRkaL+ip8hGWvv8VvKUOXFLYUWEaruYVU/KcUB1PDCQqL?= =?us-ascii?Q?TZfSITAkq6i9kS1XmA8gwaXoZ02YKdnVxJFOBbwWcykNWjej4ZXO4s3H7pfV?= =?us-ascii?Q?5cbXDCHD3OFxGSBBMjb62gD0+QPJJorC/z+4n3fOmzlqmAaoa9gSXlZCCLYt?= =?us-ascii?Q?dwLT+OXIoi57XBndyfBL9YRljx5BsX+t0QcH0UWO/ZhBrep+Pb/AhKKa+/3L?= =?us-ascii?Q?9E3oxTOcW8ffFOEkkF6JGayOt+AV+Y7D4fOAjaMQbo4sHo853KHLa3NMqBHi?= =?us-ascii?Q?xX4byGN1s7/5ze3VW6HbcntLv2HhJ+XrRWvAry60/PWLwlFnzVrAJKMs1k6R?= =?us-ascii?Q?JiBvWaJ4pOF0GdK/OPxEajdMArBio9nMJobnCsjhmA0GqnTXzyCGvRuoPGpT?= =?us-ascii?Q?NvYXQr2tEbOkA+HsmA4/UkIJ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce8721b0-186f-4d41-501f-08d95129e219 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2021 18:10:58.0013 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gszjGA0er6LG2X/jMeNjzVF5sZptyubusiON5ezYPacveoukk2Vv+yk0uUxayM/ygxqbZ6E/bj1jnvz/qxt/xQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional MSR protocol based VMGEXIT's. Add a macro that wraps the common setup and response validation logic in one place to keep the code readable. While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS MSR instead of open coding it. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Reviewed-by: Jiewen Yao Acked-by: Ard Biesheuvel Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 71 +++++++++++++++++++---------- 1 file changed, 47 insertions(+), 24 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 2c9d990af55f..93ba917f36d2 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -35,6 +35,44 @@ BITS 32 %define CPUID_INSN_LEN 2 =20 =20 +%define SEV_GHCB_MSR 0xc0010130 +%define SEV_STATUS_MSR 0xc0010131 + +; Macro is used to issue the MSR protocol based VMGEXIT. The caller is +; responsible to populate values in the EDX:EAX registers. After the vmmca= ll +; returns, it verifies that the response code matches with the expected +; code. If it does not match then terminate the guest. The result of reque= st +; is returned in the EDX:EAX. +; +; args 1:Request code, 2: Response code +%macro VmgExit 2 + ; + ; Add request code: + ; GHCB_MSR[11:0] =3D Request code + or eax, %1 + + mov ecx, SEV_GHCB_MSR + wrmsr + + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + mov ecx, SEV_GHCB_MSR + rdmsr + + ; + ; Verify the reponse code, if it does not match then request to termin= ate + ; GHCB_MSR[11:0] =3D Response code + mov ecx, eax + and ecx, 0xfff + cmp ecx, %2 + jne SevEsUnexpectedRespTerminate +%endmacro + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -84,7 +122,7 @@ CheckSevFeatures: =20 ; Check if SEV memory encryption is enabled ; MSR_0xC0010131 - Bit 0 (SEV enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 0 jnc NoSev @@ -99,7 +137,7 @@ CheckSevFeatures: =20 ; Check if SEV-ES is enabled ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) - mov ecx, 0xc0010131 + mov ecx, SEV_STATUS_MSR rdmsr bt eax, 1 jnc GetSevEncBit @@ -196,10 +234,10 @@ SevEsIdtNotCpuid: mov eax, 1 jmp SevEsIdtTerminate =20 -SevEsIdtNoCpuidResponse: +SevEsUnexpectedRespTerminate: ; ; Use VMGEXIT to request termination. - ; 2 - GHCB_CPUID_RESPONSE not received + ; 2 - Unexpected Response is received ; mov eax, 2 =20 @@ -215,7 +253,7 @@ SevEsIdtTerminate: shl eax, 16 or eax, 0x1100 xor edx, edx - mov ecx, 0xc0010130 + mov ecx, SEV_GHCB_MSR wrmsr ; ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it @@ -275,7 +313,7 @@ SevEsIdtVmmComm: mov [esp + VC_CPUID_REQUEST_REGISTER], eax =20 ; Save current GHCB MSR value - mov ecx, 0xc0010130 + mov ecx, SEV_GHCB_MSR rdmsr mov [esp + VC_GHCB_MSR_EAX], eax mov [esp + VC_GHCB_MSR_EDX], edx @@ -292,31 +330,16 @@ NextReg: jge VmmDone =20 shl eax, GHCB_CPUID_REGISTER_SHIFT - or eax, GHCB_CPUID_REQUEST mov edx, [esp + VC_CPUID_FUNCTION] - mov ecx, 0xc0010130 - wrmsr =20 - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 + VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE =20 ; - ; Read GHCB MSR + ; Response GHCB MSR ; GHCB_MSR[63:32] =3D CPUID register value ; GHCB_MSR[31:30] =3D CPUID register ; GHCB_MSR[11:0] =3D CPUID response protocol ; - mov ecx, 0xc0010130 - rdmsr - mov ecx, eax - and ecx, 0xfff - cmp ecx, GHCB_CPUID_RESPONSE - jne SevEsIdtNoCpuidResponse =20 ; Save returned value shr eax, GHCB_CPUID_REGISTER_SHIFT @@ -334,7 +357,7 @@ VmmDone: ; mov eax, [esp + VC_GHCB_MSR_EAX] mov edx, [esp + VC_GHCB_MSR_EDX] - mov ecx, 0xc0010130 + mov ecx, SEV_GHCB_MSR wrmsr =20 mov eax, [esp + VC_CPUID_RESULT_EAX] --=20 2.17.1