public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Brijesh Singh" <brijesh.singh@amd.com>
To: devel@edk2.groups.io
Cc: James Bottomley <jejb@linux.ibm.com>, Min Xu <min.m.xu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Erdem Aktas <erdemaktas@google.com>,
	Michael Roth <Michael.Roth@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Michael Roth <michael.roth@amd.com>
Subject: [PATCH v6 05/29] OvmfPkg/ResetVector: check the vmpl level
Date: Wed,  1 Sep 2021 11:16:22 -0500	[thread overview]
Message-ID: <20210901161646.24763-6-brijesh.singh@amd.com> (raw)
In-Reply-To: <20210901161646.24763-1-brijesh.singh@amd.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275

Virtual Machine Privilege Level (VMPL) is an optional feature in the
SEV-SNP architecture, which allows a guest VM to divide its address space
into four levels. The level can be used to provide the hardware isolated
abstraction layers with a VM. The VMPL0 is the highest privilege, and
VMPL3 is the least privilege. Certain operations must be done by the VMPL0
software, such as:

* Validate or invalidate memory range (PVALIDATE instruction)
* Allocate VMSA page (RMPADJUST instruction when VMSA=1)

The initial SEV-SNP support assumes that it's running on VMPL0. Let's add
a check to make sure that we are running at VMPL0 before continuing the
boot. There is no easy method to query the current VMPL level. One simple
approach is to call PVALIDATE instruction and if the instruction causes
a #GP then its SEV-SNP guest is not booted under VMPL0. See the AMD APL
volume 3 (PVALIDATE) for additional information on the PVALIDATE.

Cc: Michael Roth <michael.roth@amd.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 OvmfPkg/ResetVector/Ia32/AmdSev.asm | 90 ++++++++++++++++++++++++++++-
 1 file changed, 88 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index 0ac78c73c370..2386b15c0ce0 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -73,6 +73,12 @@ BITS    32
 ; Hypervisor does not support SEV-SNP feature
 %define TERM_HV_UNSUPPORTED_FEATURE 4
 
+; SEV-SNP guest is not launched at VMPL-0
+%define TERM_SNP_NOT_VMPL0          5
+
+; The #VC is not for PVALIDATE
+%define TERM_VC_NOT_PVALIDATE       6
+
 ; GHCB SEV Information MSR protocol
 %define GHCB_SEV_INFORMATION_REQUEST        2
 %define GHCB_SEV_INFORMATION_RESPONSE       1
@@ -236,6 +242,25 @@ GetSevCBitMaskAbove31:
 GetSevCBitMaskAbove31Exit:
     OneTimeCallRet GetSevCBitMaskAbove31
 
+; Check whether we're booted under the VMPL-0.
+;
+; There is no straightforward way to query the current VMPL level. The simplest
+; method is to use the PVALIDATE instruction to change the page state. If its
+; not a VMPL-0 guest then PVALIDATE will cause #GP.
+;
+CheckSnpVmpl0:
+    ; This routine is part of the ROM, and should have been validated by the SNP
+    ; guest launch sequence. So its safe to re-validate the page containing
+    ; this routine.
+    mov     eax, ADDR_OF(CheckSnpVmpl0)
+    mov     ecx, 0
+    mov     edx, 1
+    PVALIDATE
+
+    ; We will reach here only if we are running at VMPL-0.
+
+    OneTimeCallRet    CheckSnpVmpl0
+
 ; Check if Secure Encrypted Virtualization (SEV) features are enabled.
 ;
 ; Register usage is tight in this routine, so multiple calls for the
@@ -293,6 +318,17 @@ CheckSevFeatures:
     ; Set the work area header to indicate that the SEV is enabled
     mov     byte[WORK_AREA_GUEST_TYPE], 1
 
+    ; Check if we're SEV-SNP guest and booted under VMPL-0.
+    ;
+    ; This check should happen here because the PVALIDATE instruction
+    ; used in the check will cause an exception. The IDT is active
+    ; during the CheckSevFeatures only.
+    ;
+    bt        eax, 2
+    jnc       SkipCheckSnpVmpl0
+    OneTimeCall     CheckSnpVmpl0
+
+SkipCheckSnpVmpl0:
     ; Check for SEV-ES memory encryption feature:
     ; CPUID  Fn8000_001F[EAX] - Bit 3
     ;   CPUID raises a #VC exception if running as an SEV-ES guest
@@ -471,6 +507,37 @@ SevSnpPageStateFailureTerminate:
 SevSnpUnsupportedFeature:
     TerminateVmgExit   TERM_HV_UNSUPPORTED_FEATURE
 
+
+; Start handling of #GP exception handling routines
+;
+SevEsIdtNotPvalidate:
+    TerminateVmgExit TERM_VC_NOT_PVALIDATE
+    iret
+
+SevSnpGpException:
+    ;
+    ; If we're here, then its an SEV-SNP guest and it was due to
+    ; PVALIDATE instruction.
+    ;
+    ; Verify that its an PVALIDATE instruction
+    ; The exception stack looks like this:
+    ;     +---------+
+    ;     | ....    |
+    ;     | eip     |
+    ;     | err code|
+    ;     +---------+
+    pop     ebx
+    pop     ebx
+    mov     ecx, [ebx]
+    cmp     ecx, 0xff010ff2       ; Compare EIP with PVALIDATE menomics
+    jne     SevEsIdtNotPvalidate
+
+    ; The #GP was triggered by the PVALIDATE instruction, this will happen
+    ; only when we're not running at VMPL-0
+    ;
+    TerminateVmgExit TERM_SNP_NOT_VMPL0
+    iret
+
 ; Start of #VC exception handling routines
 ;
 
@@ -600,15 +667,34 @@ ALIGN   16
 ;
 IDT_BASE:
 ;
-; Vectors 0 - 28 (No handlers)
+; Vectors 0 - 12 (No handlers)
 ;
-%rep 29
+%rep 13
     dw      0                                    ; Offset low bits 15..0
     dw      0x10                                 ; Selector
     db      0                                    ; Reserved
     db      0x8E                                 ; Gate Type (IA32_IDT_GATE_TYPE_INTERRUPT_32)
     dw      0                                    ; Offset high bits 31..16
 %endrep
+;
+; Vector 13 (GP Exception)
+;
+    dw      (ADDR_OF(SevSnpGpException) & 0xffff)  ; Offset low bits 15..0
+    dw      0x10                                 ; Selector
+    db      0                                    ; Reserved
+    db      0x8E                                 ; Gate Type (IA32_IDT_GATE_TYPE_INTERRUPT_32)
+    dw      (ADDR_OF(SevSnpGpException) >> 16)   ; Offset high bits 31..16
+;
+; Vectors 14 - 28 (No handlers)
+;
+%rep 15
+    dw      0                                    ; Offset low bits 15..0
+    dw      0x10                                 ; Selector
+    db      0                                    ; Reserved
+    db      0x8E                                 ; Gate Type (IA32_IDT_GATE_TYPE_INTERRUPT_32)
+    dw      0                                    ; Offset high bits 31..16
+%endrep
+
 ;
 ; Vector 29 (VMM Communication Exception)
 ;
-- 
2.17.1


  parent reply	other threads:[~2021-09-01 16:17 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-01 16:16 [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 01/29] OvmfPkg: reserve SNP secrets page Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 02/29] OvmfPkg: reserve CPUID page for SEV-SNP Brijesh Singh
2021-09-02  8:04   ` Gerd Hoffmann
2021-09-02 12:28     ` Brijesh Singh
2021-09-02 21:17       ` Brijesh Singh
2021-09-03  6:28         ` Gerd Hoffmann
2021-09-03 11:56           ` [edk2-devel] " Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 03/29] OvmfPkg/ResetVector: introduce SEV-SNP boot block GUID Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 04/29] OvmfPkg/ResetVector: invalidate the GHCB page Brijesh Singh
2021-09-01 16:16 ` Brijesh Singh [this message]
2021-09-01 16:16 ` [PATCH v6 06/29] OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase Brijesh Singh
2021-09-02  8:20   ` Gerd Hoffmann
2021-09-06  1:10     ` [edk2-devel] " Min Xu
2021-09-06 12:16       ` Gerd Hoffmann
2021-09-06 13:19         ` Min Xu
2021-09-07  7:07           ` Gerd Hoffmann
2021-09-07 13:27             ` Brijesh Singh
2021-09-08  6:36               ` Min Xu
2021-09-14  3:49             ` Yao, Jiewen
2021-09-16  7:42               ` Gerd Hoffmann
2021-09-01 16:16 ` [PATCH v6 07/29] OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 08/29] UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 09/29] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 10/29] OvmfPkg/SecMain: move SEV specific routines in AmdSev.c Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 11/29] OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 12/29] OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 13/29] OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 14/29] OvmfPkg/AmdSevDxe: do not use extended PCI config space Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 15/29] OvmfPkg/MemEncryptSevLib: add support to validate system RAM Brijesh Singh
2021-09-02  9:50   ` Gerd Hoffmann
2021-09-02 13:34     ` Brijesh Singh
2021-09-03  7:04       ` Gerd Hoffmann
2021-09-01 16:16 ` [PATCH v6 16/29] OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated " Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 17/29] OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 18/29] OvmfPkg/SecMain: pre-validate the memory used for decompressing Fv Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 19/29] OvmfPkg/PlatformPei: validate the system RAM when SNP is active Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 20/29] OvmfPkg/PlatformPei: set the SEV-SNP enabled PCD Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 21/29] OvmfPkg/PlatformPei: set the Hypervisor Features PCD Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 22/29] MdePkg/GHCB: increase the GHCB protocol max version Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 23/29] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 24/29] UefiCpuPkg/MpInitLib: use BSP to do extended topology check Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 25/29] OvmfPkg/MemEncryptSevLib: change the page state in the RMP table Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 26/29] OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 27/29] OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 28/29] OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table Brijesh Singh
2021-09-01 16:16 ` [PATCH v6 29/29] UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs Brijesh Singh
2021-09-07  2:36 ` [PATCH v6 00/29] Add AMD Secure Nested Paging (SEV-SNP) support Yao, Jiewen
2021-09-08  2:29   ` Min Xu
2021-09-08  6:03     ` Yao, Jiewen
2021-09-08 19:45   ` Brijesh Singh
2021-09-09  0:31     ` Min Xu
2021-09-09 10:51       ` Brijesh Singh
2021-09-09 11:22         ` Gerd Hoffmann
2021-09-09 11:40           ` Brijesh Singh
2021-09-09 11:45             ` [edk2-devel] " Min Xu
2021-09-09 11:55         ` Yao, Jiewen
2021-09-12 22:55   ` Brijesh Singh
2021-09-13  0:33     ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210901161646.24763-6-brijesh.singh@amd.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox