From: "Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>
To: tobin@ibm.com, dovmurik@linux.vnet.ibm.com, jejb@linux.ibm.com,
frankeh@us.ibm.com, pbonzini@redhat.com, ashish.kalra@amd.com,
thomas.lendacky@amd.com, brijesh.singh@amd.com,
dgilbert@redhat.com, srutherford@google.com,
devel@edk2.groups.io, ard.biesheuvel@arm.com,
jiewen.yao@intel.com
Subject: [RFC PATCH 8/9] OvmfPkg/AmdSev: Add Migration Handler entry point
Date: Wed, 18 Aug 2021 17:20:47 -0400 [thread overview]
Message-ID: <20210818212048.162626-9-tobin@linux.ibm.com> (raw)
In-Reply-To: <20210818212048.162626-1-tobin@linux.ibm.com>
The Migration Handler runs in the mirror VM. The MH is started
directly by the hypervisor. SetupMigrationHandler runs in the main
VM and sets up the migration entry point. The HV starts execution
of the mirror vCPU at the entry point, which trampolines to
MigrationHandlerMain
Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
---
OvmfPkg/OvmfPkg.dec | 3 ++
OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++
.../ConfidentialMigrationDxe.inf | 2 +
.../ConfidentialMigrationPei.inf | 2 +
.../ConfidentialMigrationDxe.c | 48 +++++++++++++++++
.../ConfidentialMigrationPei.c | 6 +++
.../MigrationEntryPoint.nasm | 51 +++++++++++++++++++
7 files changed, 115 insertions(+)
create mode 100644 OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 1252582c99..c6e07accf6 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -336,6 +336,9 @@
gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|0x0|UINT32|0x4b
gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize|0x0|UINT32|0x4c
+ gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase|0x0|UINT32|0x4d
+ gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntrySize|0x0|UINT32|0x4e
+
[PcdsDynamic, PcdsDynamicEx]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index a8e296e641..8687fadfcc 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -74,6 +74,9 @@ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.P
0x020000|0x003000
gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase|gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize
+0x023000|0x001000
+gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase|gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntrySize
+
0x120000|0x0E0000
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfPeiMemFvSize
FV = PEIFV
diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
index 42875095fc..b879037586 100644
--- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
+++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.inf
@@ -16,6 +16,7 @@
[Sources]
ConfidentialMigrationDxe.c
VirtualMemory.h
+ MigrationEntryPoint.nasm
[Packages]
MdePkg/MdePkg.dec
@@ -31,6 +32,7 @@
gUefiOvmfPkgTokenSpaceGuid.PcdIsConfidentialMigrationTarget
gUefiOvmfPkgTokenSpaceGuid.PcdStartConfidentialMigrationHandler
gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase
[Depex]
TRUE
diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf
index 918cf22abd..6233b82cc2 100644
--- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf
+++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.inf
@@ -30,6 +30,8 @@
[FixedPcd]
gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxBase
gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationMailboxSize
+ gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntryBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdConfidentialMigrationEntrySize
[Depex]
TRUE
diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
index 2de35a7bb1..5e96206d17 100644
--- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
+++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationDxe.c
@@ -38,11 +38,23 @@ typedef volatile struct {
UINT32 Done;
} MH_COMMAND_PARAMETERS;
+//
+// Addresses to be used in the entry point
+//
+typedef struct {
+ UINT32 Cr3;
+ UINT64 StackBase;
+ UINT64 MhBase;
+} ENTRY_ADDRS;
+
//
// Offset for non-cbit mapping.
//
#define UNENC_VIRT_ADDR_BASE 0xffffff8000000000ULL
+void MigrationHandlerEntryPoint(void);
+void MigrationHandlerEntryPoint64(void);
+
STATIC PAGE_TABLE_POOL *mPageTablePool = NULL;
PHYSICAL_ADDRESS mMigrationHandlerPageTables = 0;
PHYSICAL_ADDRESS mMigrationHandlerStackBase = 0;
@@ -193,6 +205,16 @@ SetupMigrationHandler (
IN EFI_SYSTEM_TABLE *SystemTable
)
{
+ UINT32 LongModeOffset;
+ UINT32 EntryAddrsOffset;
+ UINT32 GdtOffset;
+ IA32_DESCRIPTOR GdtPtr;
+ UINT64 EntryPoint;
+ ENTRY_ADDRS *EntryData;
+
+ LongModeOffset = 0x200;
+ EntryAddrsOffset = 0x400;
+ GdtOffset = 0x600;
if (!PcdGetBool(PcdStartConfidentialMigrationHandler)) {
return 0;
@@ -205,6 +227,32 @@ SetupMigrationHandler (
PrepareMigrationHandlerPageTables ();
+ //
+ // Copy Migration Handler entry point to a known location.
+ //
+ EntryPoint = PcdGet32 (PcdConfidentialMigrationEntryBase);
+ CopyMem ((void *)EntryPoint, MigrationHandlerEntryPoint, 0x50);
+
+ CopyMem ((void *)(EntryPoint + LongModeOffset),
+ MigrationHandlerEntryPoint64, 0x50);
+
+ //
+ // Copy Migration Handler GDT to a known location.
+ //
+ AsmReadGdtr (&GdtPtr);
+ CopyMem ((void *)(EntryPoint + GdtOffset), (void *)GdtPtr.Base,
+ GdtPtr.Limit);
+
+ //
+ // Populate entry point with address of page tables, stack,
+ // and MigrationHandlerMain
+ //
+ EntryData = (void *)(EntryPoint + EntryAddrsOffset);
+
+ EntryData->Cr3 = mMigrationHandlerPageTables;
+ EntryData->StackBase = mMigrationHandlerStackBase;
+ EntryData->MhBase = (UINT64)MigrationHandlerMain;
+
//
// If VM is migration target, wait until hypervisor modifies CPU state
// and restarts execution.
diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c
index ce304bc07b..5371ef23a9 100644
--- a/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c
+++ b/OvmfPkg/AmdSev/ConfidentialMigration/ConfidentialMigrationPei.c
@@ -21,5 +21,11 @@ InitializeConfidentialMigrationPei (
EfiRuntimeServicesData
);
+ BuildMemoryAllocationHob (
+ PcdGet32 (PcdConfidentialMigrationEntryBase),
+ PcdGet32 (PcdConfidentialMigrationEntrySize),
+ EfiRuntimeServicesData
+ );
+
return EFI_SUCCESS;
}
diff --git a/OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm b/OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm
new file mode 100644
index 0000000000..9375771b88
--- /dev/null
+++ b/OvmfPkg/AmdSev/ConfidentialMigration/MigrationEntryPoint.nasm
@@ -0,0 +1,51 @@
+; Entrypoint for Migration Handler
+
+ DEFAULT REL
+ SECTION .text
+
+%define ENABLE_DEBUG 1
+%define X86_CR0_PG BIT31
+%define X86_EFER_LME BIT8
+%define X86_CR4_PAE BIT5
+
+%define ENTRY_BASE FixedPcdGet32 (PcdConfidentialMigrationEntryBase)
+
+%define LONG_MODE_OFFSET 0x200;
+%define ENTRY_ADDRS_OFFSET 0x400
+%define GDT_OFFSET 0x600
+
+%define LONG_MODE_ADDR ENTRY_BASE + LONG_MODE_OFFSET
+%define LINEAR_CODE64_SEL 0x38
+
+BITS 32
+
+global ASM_PFX(MigrationHandlerEntryPoint)
+ASM_PFX(MigrationHandlerEntryPoint):
+
+ ; CR3
+ mov edi, [ENTRY_BASE + ENTRY_ADDRS_OFFSET]
+ mov cr3, edi
+
+ ; EFER.LME
+ mov ecx, 0xc0000080
+ rdmsr
+ bts eax, 8
+ wrmsr
+
+ ; CR0.PG
+ mov eax, cr0
+ bts eax, 31
+ mov cr0, eax
+
+ ; Far jump to enter long mode
+ jmp LINEAR_CODE64_SEL:LONG_MODE_ADDR
+
+BITS 64
+global ASM_PFX(MigrationHandlerEntryPoint64)
+ASM_PFX(MigrationHandlerEntryPoint64):
+
+ ; RSP
+ mov rsp, [ENTRY_BASE + ENTRY_ADDRS_OFFSET + 0x8]
+
+ ; Jump to MH
+ jmp [ENTRY_BASE + ENTRY_ADDRS_OFFSET + 0x10]
--
2.20.1
next prev parent reply other threads:[~2021-08-18 21:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-18 21:20 [RFC PATCH 0/9] Firmware Support for Fast Live Migration for AMD SEV Tobin Feldman-Fitzthum
2021-08-18 21:20 ` [RFC PATCH 1/9] OvmfPkg/AmdSev: Base for Confidential Migration Handler Tobin Feldman-Fitzthum
2021-08-18 21:20 ` [RFC PATCH 2/9] OvmfPkg/PlatfomPei: Set Confidential Migration PCD Tobin Feldman-Fitzthum
2021-08-18 21:20 ` [RFC PATCH 3/9] OvmfPkg/AmdSev: Setup Migration Handler Mailbox Tobin Feldman-Fitzthum
2021-08-18 21:20 ` [RFC PATCH 4/9] OvmfPkg/AmdSev: MH support for mailbox protocol Tobin Feldman-Fitzthum
2021-08-18 21:20 ` [RFC PATCH 5/9] OvmfPkg/AmdSev: Build page table for migration handler Tobin Feldman-Fitzthum
2021-08-18 21:20 ` [RFC PATCH 6/9] OvmfPkg/AmdSev: Don't overwrite mailbox or pagetables Tobin Feldman-Fitzthum
2021-08-18 21:20 ` [RFC PATCH 7/9] OvmfPkg/AmdSev: Don't overwrite MH stack Tobin Feldman-Fitzthum
2021-08-18 21:20 ` Tobin Feldman-Fitzthum [this message]
2021-08-18 21:20 ` [RFC PATCH 9/9] OvmfPkg/ResetVector: Expose Migration Handler Entry Addresses Tobin Feldman-Fitzthum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210818212048.162626-9-tobin@linux.ibm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox