From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.58]) by mx.groups.io with SMTP id smtpd.web12.6529.1628594038021760446 for ; Tue, 10 Aug 2021 04:13:58 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=lSwITFWq; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.58, mailfrom: ashish.kalra@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XPWMdiCPyfaL7zuUvxGpyVb2X/KRLxWlOjtdtovIaXMaANNtbNBku0OvxsW8UGLZQUNUBfZEjxNLMYtUbgVHXnUKPcYcDiMuf31uubGra+PbpEwGnrYZ7tUwRpVISyEoiR1vlFgKQGZzosnO91k3Uw6WklVLscixh0iGpKEzvceA5q8/8ZbCIqfymYAP/Omq3n1K8MoKYGEfNRpNEBTh6Jm4HOvjRl7j4Abv/x65kYU9EsHoKJ9NGabw06kbtqMKUx1w9XJQYOOHnGcvILFPodbabkGTX9WHQ/69alpxSdJpVLIpFx9y51xKoblhk27jaR59PuFGyUPRGLQwmv791g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I9fvEKosinzFtxq5B5II+VyvAB94OJyyX8ailgiKAFE=; b=ZbevM/Q8VIPCKrZ/jn2F4HyowWPvpwtVPCDvKtB6+RI1JoedCAxWnr9HYRwXna10foyVJ4g17jHhp88VZoU7frX+QK1tPcGecGyLpoRXMI6K7IGvhxNeY68PTdikAbA1TQjYl37AK67HpnwVHzf+8Uvkrwf/yc8iCp9Rp//WMua8XTGGH4Ks2QmH5qNZPqSGnF77TzeqM3Xka0N7bJ5+5iLuWQEX8ddv6tqDDY2SROHZYGrlr0b5hoYWFeiNemYl7K+KqNVjXYF1A8i9MFGZMGe1bQOfLDLTfMnGcWNV7wE70+P0AE7NgukOSP9Z9OFSMsACC2W6FKCecJHxZka6Lw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I9fvEKosinzFtxq5B5II+VyvAB94OJyyX8ailgiKAFE=; b=lSwITFWqhNBunqBm3b2mkpJS9YqhzgBClX9GC88EsJE4smgBDmqa4R8ZgyzJ+PSZfCIZ0WEGEQshiLEb8IAJFluSm35S0k1YEeiqq9fRrT1hWfSZ/TJQUpV+aMFqJ2FaH1Fou+AEglM3hkhXRr+WnEi3nxmq3XhcFsVMHFB7pIA= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by SN6PR12MB2639.namprd12.prod.outlook.com (2603:10b6:805:75::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.19; Tue, 10 Aug 2021 11:13:56 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4394.023; Tue, 10 Aug 2021 11:13:56 +0000 Date: Tue, 10 Aug 2021 11:13:49 +0000 From: "Ashish Kalra" To: Tom Lendacky Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, jejb@linux.ibm.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com Subject: Re: [PATCH v6 6/6] OvmfPkg/AmdSevDxe: Add support for SEV live migration. Message-ID: <20210810111349.GA9132@ashkalra_ubuntu_server> References: <4f2224f2-de60-03a6-333e-163f31fe1c1a@amd.com> In-Reply-To: <4f2224f2-de60-03a6-333e-163f31fe1c1a@amd.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-ClientProxiedBy: SA9PR11CA0030.namprd11.prod.outlook.com (2603:10b6:806:6e::35) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) Return-Path: ashish.kalra@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from ashkalra_ubuntu_server (165.204.77.1) by SA9PR11CA0030.namprd11.prod.outlook.com (2603:10b6:806:6e::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.17 via Frontend Transport; Tue, 10 Aug 2021 11:13:55 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 26dbafb4-df07-4059-3251-08d95beff180 X-MS-TrafficTypeDiagnostic: SN6PR12MB2639: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cK4EfQ3r438Xr+eVNkNoOc671vA9CBFx3uImXBg8tfAzHqDvp8sZVvaLRhCWzwFwbmFa6OxIemvOJBGIV2xjVVBPrtQYkDu9GvVy6e6wgvNMU1ZzhT3w3/nuicpyoxZ2XCyHA++P8YGN9NtP3lGyDAYESdyB+ZTC61friIAM/zoWlPf/V4vG9NGMBaZ4sSUS6w1qQw14pu3nXhpI54DOdMrtD9Cnndp0WQyRo6AV7XrXHPeUBHbFNEUDVaooIYey2azOp3vZ1tEbqtGiPgC7a/E23HQgum8Ntffpm4qcrHH4vuSUfBULZe/q++zWnXkPBdF12twGXfS0LcgjhP9U08JlBL3xsJPY2QJR446b4pT4CMvsaJlcTvkip8DJg+cjTmrkvehVw+AZx3HAmx2cleMiWJOhY3bb81NT8aZx8JkNPdppHi0lL+bq6HMiyDADrZqtJK7cw6raOB96GwILH+wCPs5gJGzxj/C104R7KoxTQMYK4D2sPx14pLIQlLEIZ0Toc3zWtr0UUwTr09zzS+Q2zUCy4kJakNWFS5ZuOQ0vZIczcGc5LV9QYWjVKUwIYbO58vVPPsJ3xba+6/wOVGhJEv9CX98d+X7+NRSnchfszWjnt1i8lGJJJQ/HTzRkN4a710PvQo6akol9I8MIqVo8aXN0atCQipc6mTIASwDsYTjLvM2dsPoKUNsWoKTghXv3VbuqQbpQgE601qQrHg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(8936002)(66946007)(4326008)(33716001)(1076003)(186003)(55016002)(508600001)(2906002)(83380400001)(6636002)(26005)(9686003)(6862004)(53546011)(956004)(86362001)(6496006)(52116002)(6666004)(5660300002)(38350700002)(38100700002)(8676002)(316002)(44832011)(33656002)(66556008)(66476007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?fXOD0ZVGBJH9zNxaJzfX1nUChZ9c3TPD6WMb68qdQDY77Qfhb55V3VviuaqQ?= =?us-ascii?Q?99r0tX15s/iLz7uf4t4Ke2vhkI75GR7Vw6rFGb0zDbRS/LSqLLqEogx1qgxm?= =?us-ascii?Q?jYuNk39/4rflytDF1O5liOCEjmkO58c2sAh8hXvmSzVimfaMnW+QNEgj1O5L?= =?us-ascii?Q?H1fORWsH6IWJMNT1cqzz5bi3GZduMP3uzs0QkJ+cnRXDTjg80omICIao7S2R?= =?us-ascii?Q?F6gJjCSXcmsTryZWw/YmqF1c75B5+x8yf+V6xvqWHOW4OTHrdjxpue78OMAD?= =?us-ascii?Q?M3bkcXfbB+6HQdmyS8jjx89HQmvXRAXPBB0Zu7bQyzhOxYurpS4ZPRZh/yc/?= =?us-ascii?Q?B2ip7E4Xdw8rKTbrdKVMslSP9DoydCaSs7UjDQ3jYife9f/iXC9i5yWNS5Bw?= =?us-ascii?Q?XuHvmcUgNLUe/SrDARPdI4Jzwc5gAxWZ0tnrjh3cooZzUFyXcq0KEDKf3sTv?= =?us-ascii?Q?cMOZRTEUbhUGInMcsvYXP3COGVZwxsB5OMJ4MxfaQZ3T2ZOKUrwGxFe1cZNB?= =?us-ascii?Q?n1B+skzVJbrjJOY2xzja5gExyAAauSsydT0P9R2Qc6Kg9axX852HFebJ82Hx?= =?us-ascii?Q?hD9bncm3qfG4klJLdKfqk5QCjZJPZyU5Z/DknSa42LCcw6cSEjohMNAN9sAH?= =?us-ascii?Q?EtrWYkj4WOL+ZGD0rb0MzRIV0nZC1+mPiRqwSGDi2U84P8S6e/l3SnoiP4eW?= =?us-ascii?Q?ThWyp14X4vF9VWKWCa4r7RD6tfbUE6SweM87FdtoxXDQ6NVdBJPzRf+giwMj?= =?us-ascii?Q?dQoch32HYUUjLz5pbyhLp7HabXdVeZLXF9EscD1VgLGDG8ghUmgNPxzChEYp?= =?us-ascii?Q?nCU/mLc9Zr/mwmwzDgnz8X+5qcHL0DAPtPX0a7um+BxnCvJS9vEa0EW3+NHU?= =?us-ascii?Q?nZb9Dl7v6OjoeZ1aYgYjrwIInKWyIg2bt2jj4dYp4/dTrorZzNWCv7VUNdlI?= =?us-ascii?Q?b3gFTb4JiLdXS5jtO8VLxy7+QbAKAY/s3F1Bv95NcDeO3Mtz8lgOk1bCBwdk?= =?us-ascii?Q?RH1ggCdPzk3ZrWYbZ6k41RDaSEB360afMUuKpDRNhvHaILEaz6E33P/7t9vG?= =?us-ascii?Q?9xp/RwZGLRe3VvlOKe7Lq6ae0UQf46l/l0c11M8aiVN0ZX8T1FbcE8iG/+0R?= =?us-ascii?Q?BqOkGLCIylRKxI2k3txHRaoUWCrp8bl2njmD53AeAzpUH1RPueZAQ/z9re3L?= =?us-ascii?Q?XQ94oammnYC7qdVPGO3KDIs3z24tZW/5A7E3CXcB68Nx5+gB4cdXF+1LX59d?= =?us-ascii?Q?QT82W8jFd1SRM6TIstnI2eHhOPgnb3W9LzvR6AznMLumb3s+yrEyALPLQawn?= =?us-ascii?Q?4mivk3fznVsE5tUsijktDbWB?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 26dbafb4-df07-4059-3251-08d95beff180 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Aug 2021 11:13:55.9168 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: R+D4wg7uDws98AQzFZkz7lwTopsuO0XpyW3Ahg95OlWmBQfwWTejimGY5DrphKD/74xSumBpNvLuozmtTlB/GA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2639 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello Tom, On Mon, Aug 09, 2021 at 09:29:29AM -0500, Tom Lendacky wrote: > On 8/2/21 7:33 AM, Ashish Kalra wrote: > > From: Ashish Kalra > > > > Check for SEV live migration feature support, if detected > > setup a new UEFI enviroment variable to indicate OVMF > > support for SEV live migration. > > > > The new runtime UEFI environment variable is set via the > > notification function registered for the > > EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver. > > > > AmdSevDxe module is an apriori driver so it gets loaded between PEI > > and DXE phases and the SetVariable call will fail at the driver's > > entry point as the Variable DXE module is still not loaded yet. > > So we need to wait for an event notification which is signaled > > after the Variable DXE module is loaded, hence, using the > > EndOfDxe event notification to make this call. > > > > Signed-off-by: Ashish Kalra > > --- > > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 64 ++++++++++++++++++++ > > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++ > > OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h | 20 ++++++ > > OvmfPkg/OvmfPkg.dec | 1 + > > 4 files changed, 89 insertions(+) > > > > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > > index c66c4e9b92..bfad71b9c6 100644 > > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c > > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c > > @@ -15,10 +15,47 @@ > > #include > > #include > > #include > > +#include > > +#include > > #include > > #include > > +#include > > +#include > > #include > > > > +STATIC > > +VOID > > +EFIAPI > > +AmdSevDxeOnEndOfDxe ( > > + IN EFI_EVENT Event, > > + IN VOID *EventToSignal > > + ) > > +{ > > + EFI_STATUS Status; > > + BOOLEAN SevLiveMigrationEnabled; > > + > > + SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled(); > > + > > + if (SevLiveMigrationEnabled) { > > + Status = gRT->SetVariable ( > > + L"SevLiveMigrationEnabled", > > + &gAmdSevMemEncryptGuid, > > + EFI_VARIABLE_NON_VOLATILE | > > + EFI_VARIABLE_BOOTSERVICE_ACCESS | > > + EFI_VARIABLE_RUNTIME_ACCESS, > > + sizeof SevLiveMigrationEnabled, > > + &SevLiveMigrationEnabled > > + ); > > + > > + DEBUG (( > > + DEBUG_INFO, > > + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n", > > + __FUNCTION__, > > + Status > > + )); > > + } > > +} > > + > > EFI_STATUS > > EFIAPI > > AmdSevDxeEntryPoint ( > > @@ -30,6 +67,7 @@ AmdSevDxeEntryPoint ( > > EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap; > > UINTN NumEntries; > > UINTN Index; > > + EFI_EVENT Event; > > > > // > > // Do nothing when SEV is not enabled > > @@ -130,5 +168,31 @@ AmdSevDxeEntryPoint ( > > } > > } > > > > + // > > + // AmdSevDxe module is an apriori driver so it gets loaded between PEI > > + // and DXE phases and the SetVariable call will fail at the driver's > > + // entry point as the Variable DXE module is still not loaded yet. > > + // So we need to wait for an event notification which is signaled > > + // after the Variable DXE module is loaded, hence, using the > > + // EndOfDxe event notification to make this call. > > + // > > + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. > > + // The notification function sets the runtime variable indicating OVMF > > + // support for SEV live migration. > > + // > > + Status = gBS->CreateEventEx ( > > + EVT_NOTIFY_SIGNAL, > > + TPL_CALLBACK, > > + AmdSevDxeOnEndOfDxe, > > + NULL, > > + &gEfiEndOfDxeEventGroupGuid, > > + &Event > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n", > > DEBUG_ERROR? > > > + __FUNCTION__, Status)); > > Should there be an "ASSERT_EFI_ERROR (Status)" after the DEBUG call? > I don't think we should do an assert here and abort booting, failure here will simply disable live migration support but i don't think that it is such a fatal error that we should abort booting because of that. OTOH, if there is a failure when doing page encryption status hypercalls then aborting boot makes sense as guest page encryption status tracking may be critical for multiple guest operations and not only live migration. Thanks, Ashish