From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id BA1069408DD for ; Fri, 27 Oct 2023 00:58:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=OumIkspiXVheMyRsua8YnIXCn+1z0qPJOLqOSwvI+UA=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1698368287; v=1; b=EV2xJqm2ZnhrYK2INm/jhPrNozCqUdm1Y4usMjg/3U6DkRZzYTGtliGGbYJkf/eXowXBREks XWtvdYizhJE0w1SPaX5RJROxGLd1fyzTWR3NE5UoNSiUOgSEN6a7NmFGUdETc5eDGWzeMXPz93n W/VNKd3eJPiGe3FdD/cFZlt0= X-Received: by 127.0.0.2 with SMTP id AxObYY7687511xvu4vJ0CX08; Thu, 26 Oct 2023 17:58:07 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web10.216621.1698368286934136500 for ; Thu, 26 Oct 2023 17:58:06 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10875"; a="384890086" X-IronPort-AV: E=Sophos;i="6.03,255,1694761200"; d="scan'208";a="384890086" X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2023 17:58:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10875"; a="1006585845" X-IronPort-AV: E=Sophos;i="6.03,255,1694761200"; d="scan'208";a="1006585845" X-Received: from cepingsx-mobl1.ccr.corp.intel.com ([10.239.49.140]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2023 17:58:04 -0700 From: "sunceping" To: devel@edk2.groups.io Cc: Ceping Sun , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu , Tom Lendacky , Michael Roth , Gerd Hoffmann Subject: [edk2-devel] [PATCH V1 1/2] OvmfPkg/BaseMemEncryptTdxLib: Add TdVmCallMapGPA Date: Fri, 27 Oct 2023 08:57:37 +0800 Message-Id: <20231027005738.371-2-cepingx.sun@intel.com> In-Reply-To: <20231027005738.371-1-cepingx.sun@intel.com> References: <20231027005738.371-1-cepingx.sun@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,cepingx.sun@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 2MXIMdmBgeapcbuZOPmwlU6Nx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=EV2xJqm2; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Ceping Sun REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4572 According to section 3.2 of the [GHCI] spec, if the return status is "TDG.VP.VMCALL_RETRY", TD must retry this operation for the pages in the region starting at the GPA specified in R11. Currently, TDVF has not handled the retry results of MapGPA. For this, TDVF should add the API to output the GPA at which MapGPA failed in R11 to handle the retry results. Reference: [GHCI]: TDX Guest-Host-Communication Interface v1.0 https://cdrdv2.intel.com/v1/dl/getContent/726790 Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Cc: Tom Lendacky Cc: Michael Roth Cc: Gerd Hoffmann Signed-off-by: Ceping Sun --- .../BaseMemEncryptTdxLib/MemoryEncryption.c | 19 +++ .../X64/TdVmCallMapGPA.nasm | 130 ++++++++++++++++++ 2 files changed, 149 insertions(+) create mode 100644 OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm diff --git a/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c b/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c index a01dc98852b8..b47f56b391a5 100644 --- a/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c +++ b/OvmfPkg/Library/BaseMemEncryptTdxLib/MemoryEncryption.c @@ -38,6 +38,25 @@ typedef enum { STATIC PAGE_TABLE_POOL *mPageTablePool = NULL; +/** + This function is used to help request the host VMM to map a GPA range as + private or shared-memory mappings. + @param[in] Address 4K aligned start GPA of address range. + @param[in] Length Size of GPA region to be mapped. + @param[in,out] Results Returned result of the GPA at which MapGPA failed + + @return 0 A successful mapping + @return Other Some errors occurred while mapping +**/ + +UINTN +EFIAPI +TdVmCallMapGPA ( + IN UINT64 Address, + IN UINT64 Length, + IN OUT VOID *Results + ); + /** Returns boolean to indicate whether to indicate which, if any, memory encryption is enabled diff --git a/OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm b/OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm new file mode 100644 index 000000000000..37186bd0a0dd --- /dev/null +++ b/OvmfPkg/Library/BaseMemEncryptTdxLib/X64/TdVmCallMapGPA.nasm @@ -0,0 +1,130 @@ +;------------------------------------------------------------------------------ +;* +;* Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.
+;* SPDX-License-Identifier: BSD-2-Clause-Patent +;* +;* +;------------------------------------------------------------------------------ + +DEFAULT REL +SECTION .text + +%define TDVMCALL_EXPOSE_REGS_MASK 0xffec +%define TDVMCALL 0x0 +%define TDVMCALL_MAPGPA 0x10001 +%define TDVMCALL_STATUS_RETRY 0x1 + +%macro tdcall 0 + db 0x66,0x0f,0x01,0xcc +%endmacro + +%macro tdcall_push_regs 0 + push rbp + mov rbp, rsp + push r15 + push r14 + push r13 + push r12 + push rbx + push rsi + push rdi +%endmacro + +%macro tdcall_pop_regs 0 + pop rdi + pop rsi + pop rbx + pop r12 + pop r13 + pop r14 + pop r15 + pop rbp +%endmacro + +%macro tdcall_regs_preamble 2 + mov rax, %1 + + xor rcx, rcx + mov ecx, %2 + + ; R10 = 0 (standard TDVMCALL) + + xor r10d, r10d + + ; Zero out unused (for standard TDVMCALL) registers to avoid leaking + ; secrets to the VMM. + + xor ebx, ebx + xor esi, esi + xor edi, edi + + xor edx, edx + xor ebp, ebp + xor r8d, r8d + xor r9d, r9d +%endmacro + +%macro tdcall_regs_postamble 0 + xor ebx, ebx + xor esi, esi + xor edi, edi + + xor ecx, ecx + xor edx, edx + xor r8d, r8d + xor r9d, r9d + xor r10d, r10d + xor r11d, r11d +%endmacro + +;------------------------------------------------------------------------------ +; 0 => RAX = TDCALL leaf +; M => RCX = TDVMCALL register behavior +; 1 => R10 = standard vs. vendor +; 0xa => R11 = TDVMCALL function / MapGPA +; RCX => R12 = p1 +; RDX => R13 = p2 + +; UINT64 +; EFIAPI +; TdVmCallMapGPA ( +; UINT64 Address, // Rcx +; UINT64 Length, // Rdx +; UINT64 *Results // r8 +; ) +global ASM_PFX(TdVmCallMapGPA) +ASM_PFX(TdVmCallMapGPA): + tdcall_push_regs + + mov r11, TDVMCALL_MAPGPA + mov r12, rcx + mov r13, rdx + + push r8 + + tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK + + tdcall + + ; ignore return dataif TDCALL reports failure. + test rax, rax + jnz .no_return_data + + ; Propagate TDVMCALL success/failure to return value. + mov rax, r10 + + ; Retrieve the Val pointer. + pop r8 + test r8, r8 + jz .no_return_data + + ; On Retry, propagate TDVMCALL output value to output param + cmp rax, TDVMCALL_STATUS_RETRY + jnz .no_return_data + mov [r8], r11 +.no_return_data: + tdcall_regs_postamble + + tdcall_pop_regs + + ret -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110158): https://edk2.groups.io/g/devel/message/110158 Mute This Topic: https://groups.io/mt/102212638/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-