From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.158.5]) by mx.groups.io with SMTP id smtpd.web12.5884.1634117734924403049 for ; Wed, 13 Oct 2021 02:35:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ibm.com header.s=pp1 header.b=KnUWfCmr; spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19D92IEE006942; Wed, 13 Oct 2021 05:35:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : from : subject : to : cc : content-type : content-transfer-encoding : mime-version; s=pp1; bh=f1xoBe86OzVHipI0mscGZJ65/VS+b4Ic9y4QE1lY5ZA=; b=KnUWfCmr97fg55BkVXpCVO13eaqA3taT3cTrzjzNhGn7pDIUPmvw/jHdZsZA7/0QJ7qm xs5lnUPIY2ISPgmwV7epCAzQIdtoHWf+2dUYSL9ehAbbVfr5MqzwsNciaiLNBjZKbECg /0UkpUXxnWSiOL3la56IkEzsko47L2Igx52oH5drQOBIYfmq/vwSHFIuRKbcKaULGapU 5BmUF5xljawxG2hIQH64wUxyqyVGIjilaFJcx1ejhOswcMSE06UYB05pPDwGAcB3arX1 RTOvusB45nk8OEal90Yfj7eGstrvs8WoB8NUtKLn+L9jYdGN0pAOOxcoP4+Mf3YJlIsN 0w== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 3bnprj7k7b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Oct 2021 05:35:32 -0400 Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19D8ZQHo027048; Wed, 13 Oct 2021 05:35:32 -0400 Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0b-001b2d01.pphosted.com with ESMTP id 3bnprj7k72-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Oct 2021 05:35:32 -0400 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19D9XTXi032086; Wed, 13 Oct 2021 09:35:31 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma01dal.us.ibm.com with ESMTP id 3bnm3a9ca7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 13 Oct 2021 09:35:31 +0000 Received: from b01ledav005.gho.pok.ibm.com (b01ledav005.gho.pok.ibm.com [9.57.199.110]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 19D9ZUtB10682980 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 13 Oct 2021 09:35:30 GMT Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0BD0CAE063; Wed, 13 Oct 2021 09:35:30 +0000 (GMT) Received: from b01ledav005.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 10D02AE05F; Wed, 13 Oct 2021 09:35:28 +0000 (GMT) Received: from [9.65.95.104] (unknown [9.65.95.104]) by b01ledav005.gho.pok.ibm.com (Postfix) with ESMTP; Wed, 13 Oct 2021 09:35:27 +0000 (GMT) Message-ID: <25b6f2b1-0903-e39a-665f-e3d20ff16261@linux.ibm.com> Date: Wed, 13 Oct 2021 12:35:25 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 From: "Dov Murik" Subject: Error when launching SEV-ES guest with OvmfPkg/AmdSev build To: edk2-devel-groups-io Cc: Dov Murik , Tobin Feldman-Fitzthum , James Bottomley , Brijesh Singh , Min Xu , Jiewen Yao , Tom Lendacky , Gerd Hoffmann X-TM-AS-GCONF: 00 X-Proofpoint-GUID: CK5W7yYdaxmFqVP3eP3mEVZclFBlqutv X-Proofpoint-ORIG-GUID: q8owxuFQkz8dxugJJZyKYIaVU7Uo3Q8l X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-13_03,2021-10-13_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 lowpriorityscore=0 adultscore=0 impostorscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 priorityscore=1501 spamscore=0 clxscore=1011 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110130064 Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hello, I encountered the following problem when trying to launch SEV-ES (policy=0x5) guests with the OvmfPkg/AmdSev/AmdSevX64 package build: $ sudo /home/dmurik/git/qemu/build/qemu-system-x86_64 -enable-kvm -machine q35 -smp 1 -m 2G -machine confidential-guest-support=sev0 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1,policy=0x5 -drive if=pflash,format=raw,unit=0,file=/home/dmurik/git/edk2/Build/AmdSev/DEBUG_GCC5/FV/OVMF.fd,readonly=on -nographic -global isa-debugcon.iobase=0x402 -debugcon file:ovmf-1.log -monitor pty char device redirected to /dev/pts/6 (label compat_monitor0) error: kvm run failed Invalid argument EAX=0000000a EBX=0000006f ECX=00000000 EDX=00000000 ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 00000000 00000000 00000000 CS =0000 00000000 00000000 00000000 SS =0000 00000000 00000000 00000000 DS =0000 00000000 00000000 00000000 FS =0000 00000000 00000000 00000000 GS =0000 00000000 00000000 00000000 LDT=0000 00000000 00000000 00000000 TR =0000 00000000 00000000 00000000 GDT= 00000000 00000000 IDT= 00000000 00000000 CR0=c0000033 CR2=00000000 CR3=00000000 CR4=00000660 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000100 Code=?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ovmf-1.log is empty (even though OVMF is compiled with debug flags). Plain SEV (no -ES) guests work OK. The error is "kvm run failed Invalid argument", so I first tried switching kernels, but 5.11.0, 5.13.0, and 5.14.0 all gave the same result. Then I tried an older OVMF release (edk2-stable202108) -- and it worked OK. So I started a git bisect session and found this first bad commit: commit ab77b6031b03733c28fa5f477d802fd67b3f3ee0 Author: Brijesh Singh Date: Tue Aug 17 21:46:50 2021 +0800 OvmfPkg/ResetVector: update SEV support to use new work area format BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3429 Update the SEV support to switch to using the newer work area format. I wonder if any change in this series should have also touched files in OvmfPkg/AmdSev and missed them. Any other ideas on how to debug this are welcome. Let me know if this should be reported/discussed somewhere else. Thanks, -Dov