From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.57]) by mx.groups.io with SMTP id smtpd.web10.5163.1627409460555145906 for ; Tue, 27 Jul 2021 11:11:00 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=HwZabzpV; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.57, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jj67wxtkGUCBbWMANoGfRyD5iyw+XgRljr8W2WeViO/QdolklH93tuQPbhqE1Gwh1zgjulyZOWQi+D3T/318UTt+ls7ML9IqVpg6eNCH+kSUvSfpw5FDFYYTpfKvmA2vl0fq5OY1mcNiu2UiNO+4JBllfRYBRdbVwL6IDkgqBX0H0yP1vk8ckUUVApwq5eDeL0MCH3oM03MvCoyyP9O5kvn8a3RQ9Arqo2MJrCdQabsEmZnYXFZ6GSoQlD83PtTUFhiK792pfyuiEX5vR2vkqNQ8Sa1xVjtL3AAJI62YVsBHy8rAfaP0Y/DRUQs23KiOAdI98F4Ax3jexmM+MEfukw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oN/iUWvki7bolhpvf2WQsRii1SorLJh6R6K6oXoigW0=; b=VVDOeHmqnhFXhiBEJJswtBHlm83mtpG1fd+ddVwwVh9uiI2IDPx5maMEfTUZjjXX8aKTElRx2K5Z3Wt36bKvdVe2HUkpRqkd9QIc3poTG3XXrGyAmcBfcVWGkhcjUIjwoL0CVy4y2rJitw6ZuPdSKEWgs7gPC8TwoaZG9b/rVpW+zSxiQK7IDYRFOrvembhW4gOZyRPrSCEHwbKDOghPZ+N258W470Nnyzm8Nvo8uxNlZ17qCEiXIO08cTrLv+ZQwSb9KjVcTLAkMYJ/Cv1SmM7JMeSohQCCer3QB5GDb0awD6MIQpfuIjqmicvlJiCGlsVIfVpy3hqOV1nuM8JNVA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oN/iUWvki7bolhpvf2WQsRii1SorLJh6R6K6oXoigW0=; b=HwZabzpVh8mq01O9ciPZw3nRcyJSC0NnSwx0eiSIoQOPKU9V8oNpHm5oOMs7IXctr+34jEx462ynXjC6G9r2JeaH9GDL6vhJSzW1mNu4Kpgt2HvhTQe1qKrFxOaGEOy7KpX7LBC0IU6NA8rQ/aeJs3C/Nl4gRjtFTDCq3btY5uo= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SA0PR12MB4349.namprd12.prod.outlook.com (2603:10b6:806:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18; Tue, 27 Jul 2021 18:10:59 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::a8a9:2aac:4fd1:88fa%3]) with mapi id 15.20.4352.031; Tue, 27 Jul 2021 18:10:59 +0000 From: "Brijesh Singh" To: devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas Subject: [PATCH v2 3/3] OvmfPkg/ResetVector: add the macro to request guest termination Date: Tue, 27 Jul 2021 13:10:24 -0500 Message-ID: <20210727181024.28770-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210727181024.28770-1-brijesh.singh@amd.com> References: <20210727181024.28770-1-brijesh.singh@amd.com> X-ClientProxiedBy: SA9PR13CA0162.namprd13.prod.outlook.com (2603:10b6:806:28::17) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sbrijesh-desktop.amd.com (165.204.77.1) by SA9PR13CA0162.namprd13.prod.outlook.com (2603:10b6:806:28::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.7 via Frontend Transport; Tue, 27 Jul 2021 18:10:58 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: df6ccb24-901f-482c-07e0-08d95129e2bc X-MS-TrafficTypeDiagnostic: SA0PR12MB4349: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LwIoCr1+9Y5AY2a8g0KudFh5Uz0wg+FCStpzPmzGjMdn6w1mgrJmr0DyqhA9yyJbI/l2+lPSBRdMs4yWDK5KN+/W4jIf6GXTnKqRmP1j9VNBuB+HK4ePp2wqxAJNZzTLfeeekesnNgx8PeYSh9vOzbiiTYdgY6SK1NBs1zJaVd4w/dlvSUfo30006ggsOl/O+p4CAzIBQT5VFxmHZaVB1sZRgV/OO7waW4tZA1kTfoeQVt/wrzIiBAnrZ/9eAHKX1ImbMW3yLYjxKd//I2tJpGNcd7IgktPwHdWYgJLo9UsK6BIUsN71LgIlVL5Xxj0jrbD6bcU6QyhbGewmNLmojDhaUUwj/s/39msT78qCMbnNrBjzvScOvZ1sio/v2t4Fm8LlhOABbr+QnYEF2xr/Wls/p2fMEOCZEPhQDw4pPtqjwY4Qk44530rW/+OKbG+eINx+m1yodg1FBgvkB7riPPgZUlC81TUQOo7VZ2K5mchOtRcttP5mM33O1JLvVXTUCSQItSD7zxmPEV7YiX3LiB3XkYu92n1D5v04l+4E//hkqTECO0Z88jXcm/UIAT2CUyXDpgwUB97xDeJUidP4e4w1bCyRruIAqI08ucepEH/Rq0M9bn2jCPSwtWFIRu9C+eVZv5eDlOW0TXCdDKpCF6gaJB20x711qH9mMBDMJOQfyjRjj+a06zimXS/ALD/NG/swztH2kUe/TrYPscT3oJPbvOB5qVfZN4uIn8m45z3m2I0rI7f9Q1FweeW9YqgGtTGA37KNpLDAA509DBd4gasGF2AaWQp22lq2mrsL2tk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(366004)(376002)(346002)(39860400002)(396003)(2616005)(1076003)(4326008)(86362001)(966005)(36756003)(8676002)(19627235002)(6916009)(38350700002)(38100700002)(6666004)(44832011)(316002)(2906002)(956004)(66476007)(66556008)(66946007)(5660300002)(6486002)(54906003)(7696005)(52116002)(478600001)(8936002)(83380400001)(26005)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?VHFaGhjZux/uacz8mz9BQCUPBbmxaDbojgR5QaWQ//R8qiz08O1mavmu9jpu?= =?us-ascii?Q?dezrYLMkM9agThoShtdsb9D0utVR7rWqEZvJC1Ro8Mx5SthoDa4Drgr7pCjh?= =?us-ascii?Q?fCmNtHIwTyngxgVB6QlqBdlV0DjC3ELU86jnFhBtJnf6+eGbtHr2fx7Kh6PA?= =?us-ascii?Q?Bi89E8FDpBEG9gEZo1IYfXpROwt9SjF8NkiKzXMc60zdSdkAeDGok6udQbW5?= =?us-ascii?Q?ghA/kEgXKX5NPlP7skZ4FglgP45h1jAkUZG8kIHKlAjQkh7+8CWVTAUFIkmX?= =?us-ascii?Q?PCIpTB1qX0bA+r6SKX++a1NJkstoyYDWEFWGCMs7fhV9U5DlrXJ++fdU3q20?= =?us-ascii?Q?79JNj3VLH94DvvoSJj78H/Bud6cjj43DxIi17sCmUnvsvFG93Qc8juJ3wBbB?= =?us-ascii?Q?omhOhFxq0p/pUQBWl6dS/nVboJscEnRF6gYxscTz5EidAOQtBXjYxhzbINer?= =?us-ascii?Q?zwfTYJv5FF7LynR5vk3Me5Qd54i8kU04HKdtt0eq/eXeofdj3+A8ckfZtYPO?= =?us-ascii?Q?r5CU7thgo53bpRJevsHbPJY0S4HbiM/THrxBCYCm+Lx3/WpsGl50dl4cjHYv?= =?us-ascii?Q?fE7c8ajsbvArsmbEAugYuV7agUVaRXIcsIUN44eWMa1fsTnoViWGgC2r4Cvs?= =?us-ascii?Q?ylVH7bcyv1diQc1YWwaG4ptN0T/Qv9f8y+kup2UR3FN+zktVfBbRoWpEge2G?= =?us-ascii?Q?JweURMj0FxVsDBDv3sF8ZX+d6cba22WTj4vIDhGm8WwGMiy5hDLAONPuvtLD?= =?us-ascii?Q?kma75hjfNScz6XjD+WsgLJ6Gl+c2d/xyMYWFn8Dc8xk/u92OuLjOcktqA7jq?= =?us-ascii?Q?w6HgDPPXVF24ZRWCkKqywfua2K3JfusMMv44f99rc9QAnG7zih9EXHmwOPFn?= =?us-ascii?Q?n8Xc3iJxV+Bw9l3HR53YZLWgo/YDqiXq46usfexR2/j9nkBdDCJt65TYH0aw?= =?us-ascii?Q?CF+GUDO3Dy46xH/oWRUS8B816HMj6XW3pJmsQgFHKFJsl4+fxZjnrb/Th76w?= =?us-ascii?Q?xsiLXuQCt6cO1k5DKnM766rkZjG4ScHVaOAyIqc2z+YmZX/QbBbwhWyQWw4q?= =?us-ascii?Q?wQPgSks3sruTnGfDD8TILe4rwhjDw9SfQkzOGyD2ogIQ3Ali3YqqV5WPfAp2?= =?us-ascii?Q?pzoSqx6j9basXqQzXUPvOCp2X0q+lBtk4MVGeBgw7wl8Be9n/RiPHBEFMmzZ?= =?us-ascii?Q?Hn3SvD9rOKjXMhuFVnTZclYRTdRwyI4KccapAvJ1mX7Nx5hmjAPd4RIt9bVJ?= =?us-ascii?Q?n80IatCpItsrdROmhwPGp4c+gWO0gWFgbtN+7fW4cglkxKAnYgLMumKf1BXd?= =?us-ascii?Q?hm1dMSlvE7Z+AdR1hNo/zUH6?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: df6ccb24-901f-482c-07e0-08d95129e2bc X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jul 2021 18:10:59.0807 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: m+5L7VkBoW9Xc5QNGDl+rdhwg03dx/rVRj0HGlAB3XvxkM2hZnW+xejnBWNxYmIl9t9FtO7DsuOUERlqyFOfKQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4349 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3275 The upcoming SEV-SNP support will need to make a few additional guest termination requests depending on the failure type. Let's move the logic to request the guest termination into a macro to keep the code readable. Cc: James Bottomley Cc: Min Xu Cc: Jiewen Yao Cc: Tom Lendacky Cc: Jordan Justen Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Erdem Aktas Reviewed-by: Jiewen Yao Acked-by: Ard Biesheuvel Suggested-by: Laszlo Ersek Signed-off-by: Brijesh Singh --- OvmfPkg/ResetVector/Ia32/AmdSev.asm | 87 +++++++++++++++-------------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32= /AmdSev.asm index 93ba917f36d2..aa95d06eaddb 100644 --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm @@ -38,6 +38,13 @@ BITS 32 %define SEV_GHCB_MSR 0xc0010130 %define SEV_STATUS_MSR 0xc0010131 =20 +; The #VC was not for CPUID +%define TERM_VC_NOT_CPUID 1 + +; The unexpected response code +%define TERM_UNEXPECTED_RESP_CODE 2 + + ; Macro is used to issue the MSR protocol based VMGEXIT. The caller is ; responsible to populate values in the EDX:EAX registers. After the vmmca= ll ; returns, it verifies that the response code matches with the expected @@ -73,6 +80,43 @@ BITS 32 jne SevEsUnexpectedRespTerminate %endmacro =20 +; Macro to terminate the guest using the VMGEXIT. +; arg 1: reason code +%macro TerminateVmgExit 1 + mov eax, %1 + ; + ; Use VMGEXIT to request termination. At this point the reason code is + ; located in EAX, so shift it left 16 bits to the proper location. + ; + ; EAX[11:0] =3D> 0x100 - request termination + ; EAX[15:12] =3D> 0x1 - OVMF + ; EAX[23:16] =3D> 0xXX - REASON CODE + ; + shl eax, 16 + or eax, 0x1100 + xor edx, edx + mov ecx, SEV_GHCB_MSR + wrmsr + ; + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it + ; mode, so work around this by temporarily switching to 64-bit mode. + ; +BITS 64 + rep vmmcall +BITS 32 + + ; + ; We shouldn't come back from the VMGEXIT, but if we do, just loop. + ; +%%TerminateHlt: + hlt + jmp %%TerminateHlt +%endmacro + +; Terminate the guest due to unexpected response code. +SevEsUnexpectedRespTerminate: + TerminateVmgExit TERM_UNEXPECTED_RESP_CODE + ; Check if Secure Encrypted Virtualization (SEV) features are enabled. ; ; Register usage is tight in this routine, so multiple calls for the @@ -227,48 +271,7 @@ SevEsDisabled: ; =20 SevEsIdtNotCpuid: - ; - ; Use VMGEXIT to request termination. - ; 1 - #VC was not for CPUID - ; - mov eax, 1 - jmp SevEsIdtTerminate - -SevEsUnexpectedRespTerminate: - ; - ; Use VMGEXIT to request termination. - ; 2 - Unexpected Response is received - ; - mov eax, 2 - -SevEsIdtTerminate: - ; - ; Use VMGEXIT to request termination. At this point the reason code is - ; located in EAX, so shift it left 16 bits to the proper location. - ; - ; EAX[11:0] =3D> 0x100 - request termination - ; EAX[15:12] =3D> 0x1 - OVMF - ; EAX[23:16] =3D> 0xXX - REASON CODE - ; - shl eax, 16 - or eax, 0x1100 - xor edx, edx - mov ecx, SEV_GHCB_MSR - wrmsr - ; - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-b= it - ; mode, so work around this by temporarily switching to 64-bit mode. - ; -BITS 64 - rep vmmcall -BITS 32 - - ; - ; We shouldn't come back from the VMGEXIT, but if we do, just loop. - ; -SevEsIdtHlt: - hlt - jmp SevEsIdtHlt + TerminateVmgExit TERM_VC_NOT_CPUID iret =20 ; --=20 2.17.1