From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.58])
by mx.groups.io with SMTP id smtpd.web12.6529.1628594038021760446
for <devel@edk2.groups.io>;
Tue, 10 Aug 2021 04:13:58 -0700
Authentication-Results: mx.groups.io;
dkim=pass header.i=@amd.com header.s=selector1 header.b=lSwITFWq;
spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.236.58, mailfrom: ashish.kalra@amd.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=XPWMdiCPyfaL7zuUvxGpyVb2X/KRLxWlOjtdtovIaXMaANNtbNBku0OvxsW8UGLZQUNUBfZEjxNLMYtUbgVHXnUKPcYcDiMuf31uubGra+PbpEwGnrYZ7tUwRpVISyEoiR1vlFgKQGZzosnO91k3Uw6WklVLscixh0iGpKEzvceA5q8/8ZbCIqfymYAP/Omq3n1K8MoKYGEfNRpNEBTh6Jm4HOvjRl7j4Abv/x65kYU9EsHoKJ9NGabw06kbtqMKUx1w9XJQYOOHnGcvILFPodbabkGTX9WHQ/69alpxSdJpVLIpFx9y51xKoblhk27jaR59PuFGyUPRGLQwmv791g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=I9fvEKosinzFtxq5B5II+VyvAB94OJyyX8ailgiKAFE=;
b=ZbevM/Q8VIPCKrZ/jn2F4HyowWPvpwtVPCDvKtB6+RI1JoedCAxWnr9HYRwXna10foyVJ4g17jHhp88VZoU7frX+QK1tPcGecGyLpoRXMI6K7IGvhxNeY68PTdikAbA1TQjYl37AK67HpnwVHzf+8Uvkrwf/yc8iCp9Rp//WMua8XTGGH4Ks2QmH5qNZPqSGnF77TzeqM3Xka0N7bJ5+5iLuWQEX8ddv6tqDDY2SROHZYGrlr0b5hoYWFeiNemYl7K+KqNVjXYF1A8i9MFGZMGe1bQOfLDLTfMnGcWNV7wE70+P0AE7NgukOSP9Z9OFSMsACC2W6FKCecJHxZka6Lw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=I9fvEKosinzFtxq5B5II+VyvAB94OJyyX8ailgiKAFE=;
b=lSwITFWqhNBunqBm3b2mkpJS9YqhzgBClX9GC88EsJE4smgBDmqa4R8ZgyzJ+PSZfCIZ0WEGEQshiLEb8IAJFluSm35S0k1YEeiqq9fRrT1hWfSZ/TJQUpV+aMFqJ2FaH1Fou+AEglM3hkhXRr+WnEi3nxmq3XhcFsVMHFB7pIA=
Authentication-Results: amd.com; dkim=none (message not signed)
header.d=none;amd.com; dmarc=none action=none header.from=amd.com;
Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23)
by SN6PR12MB2639.namprd12.prod.outlook.com (2603:10b6:805:75::25) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.19; Tue, 10 Aug
2021 11:13:56 +0000
Received: from SN6PR12MB2767.namprd12.prod.outlook.com
([fe80::491e:2642:bae2:8b73]) by SN6PR12MB2767.namprd12.prod.outlook.com
([fe80::491e:2642:bae2:8b73%7]) with mapi id 15.20.4394.023; Tue, 10 Aug 2021
11:13:56 +0000
Date: Tue, 10 Aug 2021 11:13:49 +0000
From: "Ashish Kalra" <ashish.kalra@amd.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: devel@edk2.groups.io, dovmurik@linux.vnet.ibm.com,
brijesh.singh@amd.com, tobin@ibm.com, jejb@linux.ibm.com,
jordan.l.justen@intel.com, ard.biesheuvel@arm.com,
erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com
Subject: Re: [PATCH v6 6/6] OvmfPkg/AmdSevDxe: Add support for SEV live migration.
Message-ID: <20210810111349.GA9132@ashkalra_ubuntu_server>
References: <cover.1627906232.git.ashish.kalra@amd.com>
<cae560e479773a56a65c998a19b0023f50935170.1627906232.git.ashish.kalra@amd.com>
<4f2224f2-de60-03a6-333e-163f31fe1c1a@amd.com>
In-Reply-To: <4f2224f2-de60-03a6-333e-163f31fe1c1a@amd.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-ClientProxiedBy: SA9PR11CA0030.namprd11.prod.outlook.com
(2603:10b6:806:6e::35) To SN6PR12MB2767.namprd12.prod.outlook.com
(2603:10b6:805:75::23)
Return-Path: ashish.kalra@amd.com
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from ashkalra_ubuntu_server (165.204.77.1) by SA9PR11CA0030.namprd11.prod.outlook.com (2603:10b6:806:6e::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.17 via Frontend Transport; Tue, 10 Aug 2021 11:13:55 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 26dbafb4-df07-4059-3251-08d95beff180
X-MS-TrafficTypeDiagnostic: SN6PR12MB2639:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS:
<SN6PR12MB2639F6D4AFD620B8A8A2A2A78EF79@SN6PR12MB2639.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
cK4EfQ3r438Xr+eVNkNoOc671vA9CBFx3uImXBg8tfAzHqDvp8sZVvaLRhCWzwFwbmFa6OxIemvOJBGIV2xjVVBPrtQYkDu9GvVy6e6wgvNMU1ZzhT3w3/nuicpyoxZ2XCyHA++P8YGN9NtP3lGyDAYESdyB+ZTC61friIAM/zoWlPf/V4vG9NGMBaZ4sSUS6w1qQw14pu3nXhpI54DOdMrtD9Cnndp0WQyRo6AV7XrXHPeUBHbFNEUDVaooIYey2azOp3vZ1tEbqtGiPgC7a/E23HQgum8Ntffpm4qcrHH4vuSUfBULZe/q++zWnXkPBdF12twGXfS0LcgjhP9U08JlBL3xsJPY2QJR446b4pT4CMvsaJlcTvkip8DJg+cjTmrkvehVw+AZx3HAmx2cleMiWJOhY3bb81NT8aZx8JkNPdppHi0lL+bq6HMiyDADrZqtJK7cw6raOB96GwILH+wCPs5gJGzxj/C104R7KoxTQMYK4D2sPx14pLIQlLEIZ0Toc3zWtr0UUwTr09zzS+Q2zUCy4kJakNWFS5ZuOQ0vZIczcGc5LV9QYWjVKUwIYbO58vVPPsJ3xba+6/wOVGhJEv9CX98d+X7+NRSnchfszWjnt1i8lGJJJQ/HTzRkN4a710PvQo6akol9I8MIqVo8aXN0atCQipc6mTIASwDsYTjLvM2dsPoKUNsWoKTghXv3VbuqQbpQgE601qQrHg==
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(8936002)(66946007)(4326008)(33716001)(1076003)(186003)(55016002)(508600001)(2906002)(83380400001)(6636002)(26005)(9686003)(6862004)(53546011)(956004)(86362001)(6496006)(52116002)(6666004)(5660300002)(38350700002)(38100700002)(8676002)(316002)(44832011)(33656002)(66556008)(66476007);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
=?us-ascii?Q?fXOD0ZVGBJH9zNxaJzfX1nUChZ9c3TPD6WMb68qdQDY77Qfhb55V3VviuaqQ?=
=?us-ascii?Q?99r0tX15s/iLz7uf4t4Ke2vhkI75GR7Vw6rFGb0zDbRS/LSqLLqEogx1qgxm?=
=?us-ascii?Q?jYuNk39/4rflytDF1O5liOCEjmkO58c2sAh8hXvmSzVimfaMnW+QNEgj1O5L?=
=?us-ascii?Q?H1fORWsH6IWJMNT1cqzz5bi3GZduMP3uzs0QkJ+cnRXDTjg80omICIao7S2R?=
=?us-ascii?Q?F6gJjCSXcmsTryZWw/YmqF1c75B5+x8yf+V6xvqWHOW4OTHrdjxpue78OMAD?=
=?us-ascii?Q?M3bkcXfbB+6HQdmyS8jjx89HQmvXRAXPBB0Zu7bQyzhOxYurpS4ZPRZh/yc/?=
=?us-ascii?Q?B2ip7E4Xdw8rKTbrdKVMslSP9DoydCaSs7UjDQ3jYife9f/iXC9i5yWNS5Bw?=
=?us-ascii?Q?XuHvmcUgNLUe/SrDARPdI4Jzwc5gAxWZ0tnrjh3cooZzUFyXcq0KEDKf3sTv?=
=?us-ascii?Q?cMOZRTEUbhUGInMcsvYXP3COGVZwxsB5OMJ4MxfaQZ3T2ZOKUrwGxFe1cZNB?=
=?us-ascii?Q?n1B+skzVJbrjJOY2xzja5gExyAAauSsydT0P9R2Qc6Kg9axX852HFebJ82Hx?=
=?us-ascii?Q?hD9bncm3qfG4klJLdKfqk5QCjZJPZyU5Z/DknSa42LCcw6cSEjohMNAN9sAH?=
=?us-ascii?Q?EtrWYkj4WOL+ZGD0rb0MzRIV0nZC1+mPiRqwSGDi2U84P8S6e/l3SnoiP4eW?=
=?us-ascii?Q?ThWyp14X4vF9VWKWCa4r7RD6tfbUE6SweM87FdtoxXDQ6NVdBJPzRf+giwMj?=
=?us-ascii?Q?dQoch32HYUUjLz5pbyhLp7HabXdVeZLXF9EscD1VgLGDG8ghUmgNPxzChEYp?=
=?us-ascii?Q?nCU/mLc9Zr/mwmwzDgnz8X+5qcHL0DAPtPX0a7um+BxnCvJS9vEa0EW3+NHU?=
=?us-ascii?Q?nZb9Dl7v6OjoeZ1aYgYjrwIInKWyIg2bt2jj4dYp4/dTrorZzNWCv7VUNdlI?=
=?us-ascii?Q?b3gFTb4JiLdXS5jtO8VLxy7+QbAKAY/s3F1Bv95NcDeO3Mtz8lgOk1bCBwdk?=
=?us-ascii?Q?RH1ggCdPzk3ZrWYbZ6k41RDaSEB360afMUuKpDRNhvHaILEaz6E33P/7t9vG?=
=?us-ascii?Q?9xp/RwZGLRe3VvlOKe7Lq6ae0UQf46l/l0c11M8aiVN0ZX8T1FbcE8iG/+0R?=
=?us-ascii?Q?BqOkGLCIylRKxI2k3txHRaoUWCrp8bl2njmD53AeAzpUH1RPueZAQ/z9re3L?=
=?us-ascii?Q?XQ94oammnYC7qdVPGO3KDIs3z24tZW/5A7E3CXcB68Nx5+gB4cdXF+1LX59d?=
=?us-ascii?Q?QT82W8jFd1SRM6TIstnI2eHhOPgnb3W9LzvR6AznMLumb3s+yrEyALPLQawn?=
=?us-ascii?Q?4mivk3fznVsE5tUsijktDbWB?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 26dbafb4-df07-4059-3251-08d95beff180
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Aug 2021 11:13:55.9168
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: R+D4wg7uDws98AQzFZkz7lwTopsuO0XpyW3Ahg95OlWmBQfwWTejimGY5DrphKD/74xSumBpNvLuozmtTlB/GA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB2639
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hello Tom,
On Mon, Aug 09, 2021 at 09:29:29AM -0500, Tom Lendacky wrote:
> On 8/2/21 7:33 AM, Ashish Kalra wrote:
> > From: Ashish Kalra <ashish.kalra@amd.com>
> >
> > Check for SEV live migration feature support, if detected
> > setup a new UEFI enviroment variable to indicate OVMF
> > support for SEV live migration.
> >
> > The new runtime UEFI environment variable is set via the
> > notification function registered for the
> > EFI_END_OF_DXE_EVENT_GROUP_GUID event in AmdSevDxe driver.
> >
> > AmdSevDxe module is an apriori driver so it gets loaded between PEI
> > and DXE phases and the SetVariable call will fail at the driver's
> > entry point as the Variable DXE module is still not loaded yet.
> > So we need to wait for an event notification which is signaled
> > after the Variable DXE module is loaded, hence, using the
> > EndOfDxe event notification to make this call.
> >
> > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> > ---
> > OvmfPkg/AmdSevDxe/AmdSevDxe.c | 64 ++++++++++++++++++++
> > OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 4 ++
> > OvmfPkg/Include/Guid/AmdSevMemEncryptLib.h | 20 ++++++
> > OvmfPkg/OvmfPkg.dec | 1 +
> > 4 files changed, 89 insertions(+)
> >
> > diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> > index c66c4e9b92..bfad71b9c6 100644
> > --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> > +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
> > @@ -15,10 +15,47 @@
> > #include <Library/BaseMemoryLib.h>
> > #include <Library/DebugLib.h>
> > #include <Library/DxeServicesTableLib.h>
> > +#include <Library/UefiRuntimeServicesTableLib.h>
> > +#include <Library/UefiBootServicesTableLib.h>
> > #include <Library/MemEncryptSevLib.h>
> > #include <Library/MemoryAllocationLib.h>
> > +#include <Guid/AmdSevMemEncryptLib.h>
> > +#include <Guid/EventGroup.h>
> > #include <Library/PcdLib.h>
> >
> > +STATIC
> > +VOID
> > +EFIAPI
> > +AmdSevDxeOnEndOfDxe (
> > + IN EFI_EVENT Event,
> > + IN VOID *EventToSignal
> > + )
> > +{
> > + EFI_STATUS Status;
> > + BOOLEAN SevLiveMigrationEnabled;
> > +
> > + SevLiveMigrationEnabled = MemEncryptSevLiveMigrationIsEnabled();
> > +
> > + if (SevLiveMigrationEnabled) {
> > + Status = gRT->SetVariable (
> > + L"SevLiveMigrationEnabled",
> > + &gAmdSevMemEncryptGuid,
> > + EFI_VARIABLE_NON_VOLATILE |
> > + EFI_VARIABLE_BOOTSERVICE_ACCESS |
> > + EFI_VARIABLE_RUNTIME_ACCESS,
> > + sizeof SevLiveMigrationEnabled,
> > + &SevLiveMigrationEnabled
> > + );
> > +
> > + DEBUG ((
> > + DEBUG_INFO,
> > + "%a: Setting SevLiveMigrationEnabled variable, status = %lx\n",
> > + __FUNCTION__,
> > + Status
> > + ));
> > + }
> > +}
> > +
> > EFI_STATUS
> > EFIAPI
> > AmdSevDxeEntryPoint (
> > @@ -30,6 +67,7 @@ AmdSevDxeEntryPoint (
> > EFI_GCD_MEMORY_SPACE_DESCRIPTOR *AllDescMap;
> > UINTN NumEntries;
> > UINTN Index;
> > + EFI_EVENT Event;
> >
> > //
> > // Do nothing when SEV is not enabled
> > @@ -130,5 +168,31 @@ AmdSevDxeEntryPoint (
> > }
> > }
> >
> > + //
> > + // AmdSevDxe module is an apriori driver so it gets loaded between PEI
> > + // and DXE phases and the SetVariable call will fail at the driver's
> > + // entry point as the Variable DXE module is still not loaded yet.
> > + // So we need to wait for an event notification which is signaled
> > + // after the Variable DXE module is loaded, hence, using the
> > + // EndOfDxe event notification to make this call.
> > + //
> > + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event.
> > + // The notification function sets the runtime variable indicating OVMF
> > + // support for SEV live migration.
> > + //
> > + Status = gBS->CreateEventEx (
> > + EVT_NOTIFY_SIGNAL,
> > + TPL_CALLBACK,
> > + AmdSevDxeOnEndOfDxe,
> > + NULL,
> > + &gEfiEndOfDxeEventGroupGuid,
> > + &Event
> > + );
> > +
> > + if (EFI_ERROR (Status)) {
> > + DEBUG ((DEBUG_INFO, "%a: CreateEventEx(): %r\n",
>
> DEBUG_ERROR?
>
> > + __FUNCTION__, Status));
>
> Should there be an "ASSERT_EFI_ERROR (Status)" after the DEBUG call?
>
I don't think we should do an assert here and abort booting, failure
here will simply disable live migration support but i don't think that
it is such a fatal error that we should abort booting because of that.
OTOH, if there is a failure when doing page encryption status hypercalls
then aborting boot makes sense as guest page encryption status tracking
may be critical for multiple guest operations and not only live
migration.
Thanks,
Ashish