From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.107.220.75]) by mx.groups.io with SMTP id smtpd.web10.22531.1671638842620836895 for ; Wed, 21 Dec 2022 08:07:22 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=3etACjmg; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.220.75, mailfrom: michael.roth@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KZRWc2igtmaKH6ip4czLl9dMpdMhtTAHim1xblRXMqRD+/xNA61Bphz9MI28617+0WK5wtGu4E0Llc3HUV9pCIIM3ZTdh6rjoFsRjG3Nf9C1Ca3iwRI+EoEt9r7Jfcb3WxAUU31abfA2adAvTTGRTYBa78fKsnu+MOSPynZYW5T2G3PNNNyKQJOG1vVLTiPsfVlpSSnjKJ1HlRmVWfUMFPbr/ygZtQ56gJKaE/56+igYG3Y6D2I1L1gsYxYKpAwmFfqMczTtPD4RuGR86p9dZ164XaP7tjfu+pb56Cgz2ipO9QnVghnwDNSDIL3gyYEWG9tXd8Szd5dmv3K86rHdGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LuhOtwtVdF28xF4dU0puhbOT+U1iJ0EQxgkutcgQnxw=; b=mBHrOfHPhwdUBpe5pIBRKtrn3NTHwkxL3TsLEMaquudj8u9Dbli72UhXgo30o9kT5St1AXBRg75OuMdzPJ5/BXbD8kFCTF5/+DLZww3e66HBC0cLrK5RYSRJd9XVes60DT8hbfEjMbJzaV2nneXDPEBD6j5JBrctYFb2xcPizHOyTV557PCSTcu0Btmq0vt8BIeqSfUVSL6crDV4F0FKzIgjCMsL16LqAafiZJ55vfticv3ErLNKF19V/oRVrJ/o0DLROavTSaKfZAVIcvhxMzO5Z/fUWWjpANz7nHzTv/HL41FFU5gIwyPVRF5sOXd6rzAlJ1DWkB5kN3GGq9Cc1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LuhOtwtVdF28xF4dU0puhbOT+U1iJ0EQxgkutcgQnxw=; b=3etACjmgGmv/DRRwRHAOCAjOHdrSTJMOx61JegruuZco6NFxEW0sTWcyc4zHX8Ejw66XT7/v7XokDNp629XT0cBOn0wC6SCm2GLT97SnZBDyvxczcnrD4lJ3mil72zpZni21BZ4BuZlG8h10Q25PZOk5Tz0LOmh3STPM5NXMHzM= Received: from DS7PR07CA0013.namprd07.prod.outlook.com (2603:10b6:5:3af::19) by DS7PR12MB6023.namprd12.prod.outlook.com (2603:10b6:8:85::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.16; Wed, 21 Dec 2022 16:07:19 +0000 Received: from DM6NAM11FT022.eop-nam11.prod.protection.outlook.com (2603:10b6:5:3af:cafe::71) by DS7PR07CA0013.outlook.office365.com (2603:10b6:5:3af::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.21 via Frontend Transport; Wed, 21 Dec 2022 16:07:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DM6NAM11FT022.mail.protection.outlook.com (10.13.172.210) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5944.10 via Frontend Transport; Wed, 21 Dec 2022 16:07:19 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 21 Dec 2022 10:07:18 -0600 From: "Roth, Michael" To: CC: Tom Lendacky , Subject: [PATCH 0/4] Fixes for SEV-SNP CC blob and CPUID table handling Date: Wed, 21 Dec 2022 10:06:47 -0600 Message-ID: <20221221160651.182143-1-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Return-Path: Michael.Roth@amd.com X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6NAM11FT022:EE_|DS7PR12MB6023:EE_ X-MS-Office365-Filtering-Correlation-Id: a70bb5c9-3597-483f-0038-08dae36d6ff4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lZ5k5gjs+8ZEe3bZWXPiBk0kPTHcGIXw1E2gxeboWX2Jxt7zV1SMnzVWZsxnZIRlYQpux4M5tmv9pu3dGWIEQzn/Ae1L2elLwb2k6HuelUO5Uu+/QXflKcciLqWZoMxN7pAWM6J9mkHsWuoGlFqZoJeBhvGIsDfgFmhwrilv5AoUtEwuu18cy72kgaDEOHIuWSJng6QjomUCLECQgk09leQO1Fee0piTFL0Gav69/LiB7ERTPIkvPhOtb2oXATZlLP9ZM78O3OlD1HT4E0XoGq7VjHpIeMi2ryZUV4hiwkQ/9GTEyoiNh46L72K6BW/pfG7+JBXyt4LFjYCtBtO7hfuBbKvbS1keNRsO1zu/FT8ocQ0ez/4kjeFbqyxeWYUfneT5lcaT/GZv1ZlyokI9FON9RZc1baG74Uh1PMIkDYUYUVvCHUE2qmUraPRaOAZtzLyYgOWi8MLQUDHKmWf+B9hClPkRwvt8mZynPxMNcgK+jyK+yJL6iubNtwjCEXqdN7FXy8gzJ7szqwrf7ZokXQ38L8rzw5L90RedAIPDiZxAbNIH2avCwCg8oU4UvYU8a6J0rlJw1dahRMODbvaPvjcym95r/OwdwOl2y0nKdtX0XiJawPdStjJinuy9JWrmdleom6Cu4YJoEnH7SRzyDyof39UOZmwH+w5qM2OgjKpT4sH1aSajPn3QndDcAzEKCseA5vpwEG1hF1RQs1ZHbmvW3s1T49x4w9tc4Cvybys= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(136003)(396003)(346002)(39860400002)(376002)(451199015)(40470700004)(36840700001)(46966006)(356005)(82310400005)(36756003)(40460700003)(40480700001)(86362001)(26005)(478600001)(54906003)(316002)(6916009)(5660300002)(8676002)(2906002)(44832011)(6666004)(4326008)(70586007)(8936002)(70206006)(36860700001)(41300700001)(47076005)(83380400001)(82740400003)(2616005)(1076003)(186003)(81166007)(16526019)(426003)(336012)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 16:07:19.4767 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a70bb5c9-3597-483f-0038-08dae36d6ff4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT022.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6023 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain Here are a number of fixes related to OVMF handling of the SEV-SNP Confidential Computing blob and CPUID table. Patch #1 is a fix for recently-reported issue that can cause significant problems with some SEV-SNP guest operating systems. Please consider applying this patch directly if the other patches in this series are held up for any reason. Patches 2-4 are minor changes for things that aren't currently triggered in practice, but make OVMF's SEV-SNP implementation more robust for different build/hypervisor environments in the future. Patch #2 was submitted previously, but refreshed here to apply cleanly on top of Patch #1, with no other functional changes since the initial review. ---------------------------------------------------------------- Michael Roth (4): OvmfPkg/AmdSevDxe: Allocate SEV-SNP CC blob as EfiACPIReclaimMemory OvmfPkg/AmdSevDxe: Update ConfidentialComputing blob struct definitio= n OvmfPkg/CcExitLib: Fix SEV-SNP XSave area size calculation OvmfPkg/CcExitLib: Use documented XSave area base size for SEV-SNP OvmfPkg/AmdSevDxe/AmdSevDxe.c | 64 ++++++++++++++= ++++++++++++++++++++---------- OvmfPkg/Include/Guid/ConfidentialComputingSevSnpBlob.h | 6 +++-- OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 13 ++++----- 3 files changed, 59 insertions(+), 24 deletions(-)