From: "sunceping" <cepingx.sun@intel.com>
To: devel@edk2.groups.io
Cc: Ceping Sun <cepingx.sun@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH V1 1/2] OvmfPkg/BaseMemEncryptTdxLib: Add TdVmCallMapGPA
Date: Fri, 27 Oct 2023 08:57:37 +0800 [thread overview]
Message-ID: <20231027005738.371-2-cepingx.sun@intel.com> (raw)
In-Reply-To: <20231027005738.371-1-cepingx.sun@intel.com>
From: Ceping Sun <cepingx.sun@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4572
According to section 3.2 of the [GHCI] spec, if the return status
is "TDG.VP.VMCALL_RETRY", TD must retry this operation for the
pages in the region starting at the GPA specified in R11.
Currently, TDVF has not handled the retry results of MapGPA. For this,
TDVF should add the API to output the GPA at which MapGPA failed in R11
to handle the retry results.
Reference:
[GHCI]: TDX Guest-Host-Communication Interface v1.0
https://cdrdv2.intel.com/v1/dl/getContent/726790
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
---
.../BaseMemEncryptTdxLib/MemoryEncryption.c | 19 +++
.../X64/TdVmCallMapGPA.nasm | 130 ++++++++++++++++++
2 files changed, 149 insertions(+)
create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm
diff --git a/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c b/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
index a01dc98852b8..b47f56b391a5 100644
--- a/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
+++ b/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c
@@ -38,6 +38,25 @@ typedef enum {
STATIC PAGE_TABLE_POOL *mPageTablePool = NULL;
+/**
+ This function is used to help request the host VMM to map a GPA range as
+ private or shared-memory mappings.
+ @param[in] Address 4K aligned start GPA of address range.
+ @param[in] Length Size of GPA region to be mapped.
+ @param[in,out] Results Returned result of the GPA at which MapGPA failed
+
+ @return 0 A successful mapping
+ @return Other Some errors occurred while mapping
+**/
+
+UINTN
+EFIAPI
+TdVmCallMapGPA (
+ IN UINT64 Address,
+ IN UINT64 Length,
+ IN OUT VOID *Results
+ );
+
/**
Returns boolean to indicate whether to indicate which, if any, memory encryption is enabled
diff --git a/OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm b/OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm
new file mode 100644
index 000000000000..37186bd0a0dd
--- /dev/null
+++ b/OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm
@@ -0,0 +1,130 @@
+;------------------------------------------------------------------------------
+;*
+;* Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+;* SPDX-License-Identifier: BSD-2-Clause-Patent
+;*
+;*
+;------------------------------------------------------------------------------
+
+DEFAULT REL
+SECTION .text
+
+%define TDVMCALL_EXPOSE_REGS_MASK 0xffec
+%define TDVMCALL 0x0
+%define TDVMCALL_MAPGPA 0x10001
+%define TDVMCALL_STATUS_RETRY 0x1
+
+%macro tdcall 0
+ db 0x66,0x0f,0x01,0xcc
+%endmacro
+
+%macro tdcall_push_regs 0
+ push rbp
+ mov rbp, rsp
+ push r15
+ push r14
+ push r13
+ push r12
+ push rbx
+ push rsi
+ push rdi
+%endmacro
+
+%macro tdcall_pop_regs 0
+ pop rdi
+ pop rsi
+ pop rbx
+ pop r12
+ pop r13
+ pop r14
+ pop r15
+ pop rbp
+%endmacro
+
+%macro tdcall_regs_preamble 2
+ mov rax, %1
+
+ xor rcx, rcx
+ mov ecx, %2
+
+ ; R10 = 0 (standard TDVMCALL)
+
+ xor r10d, r10d
+
+ ; Zero out unused (for standard TDVMCALL) registers to avoid leaking
+ ; secrets to the VMM.
+
+ xor ebx, ebx
+ xor esi, esi
+ xor edi, edi
+
+ xor edx, edx
+ xor ebp, ebp
+ xor r8d, r8d
+ xor r9d, r9d
+%endmacro
+
+%macro tdcall_regs_postamble 0
+ xor ebx, ebx
+ xor esi, esi
+ xor edi, edi
+
+ xor ecx, ecx
+ xor edx, edx
+ xor r8d, r8d
+ xor r9d, r9d
+ xor r10d, r10d
+ xor r11d, r11d
+%endmacro
+
+;------------------------------------------------------------------------------
+; 0 => RAX = TDCALL leaf
+; M => RCX = TDVMCALL register behavior
+; 1 => R10 = standard vs. vendor
+; 0xa => R11 = TDVMCALL function / MapGPA
+; RCX => R12 = p1
+; RDX => R13 = p2
+
+; UINT64
+; EFIAPI
+; TdVmCallMapGPA (
+; UINT64 Address, // Rcx
+; UINT64 Length, // Rdx
+; UINT64 *Results // r8
+; )
+global ASM_PFX(TdVmCallMapGPA)
+ASM_PFX(TdVmCallMapGPA):
+ tdcall_push_regs
+
+ mov r11, TDVMCALL_MAPGPA
+ mov r12, rcx
+ mov r13, rdx
+
+ push r8
+
+ tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
+
+ tdcall
+
+ ; ignore return dataif TDCALL reports failure.
+ test rax, rax
+ jnz .no_return_data
+
+ ; Propagate TDVMCALL success/failure to return value.
+ mov rax, r10
+
+ ; Retrieve the Val pointer.
+ pop r8
+ test r8, r8
+ jz .no_return_data
+
+ ; On Retry, propagate TDVMCALL output value to output param
+ cmp rax, TDVMCALL_STATUS_RETRY
+ jnz .no_return_data
+ mov [r8], r11
+.no_return_data:
+ tdcall_regs_postamble
+
+ tdcall_pop_regs
+
+ ret
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110158): https://edk2.groups.io/g/devel/message/110158
Mute This Topic: https://groups.io/mt/102212638/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-10-27 0:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-27 0:57 [edk2-devel] [PATCH V1 0/2] OvmfPkg/BaseMemEncryptTdxLib: Handle retry result of MapGPA sunceping
2023-10-27 0:57 ` sunceping [this message]
2023-10-27 0:57 ` [edk2-devel] [PATCH V1 2/2] " sunceping
2023-10-27 11:04 ` Gerd Hoffmann
2023-10-30 2:26 ` sunceping
2023-10-27 16:44 ` Erdem Aktas via groups.io
2023-10-30 6:41 ` sunceping
2023-10-31 0:45 ` Erdem Aktas via groups.io
2023-10-31 7:46 ` sunceping
2023-11-02 9:25 ` sunceping
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231027005738.371-2-cepingx.sun@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox