public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Lendacky, Thomas" <thomas.lendacky@amd.com>
To: devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	Ard Biesheuvel <ard.biesheuvel@arm.com>,
	Eric Dong <eric.dong@intel.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Liming Gao <liming.gao@intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Ray Ni <ray.ni@intel.com>
Subject: [PATCH v12 32/46] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled
Date: Mon, 27 Jul 2020 10:26:13 -0500	[thread overview]
Message-ID: <2fa7386ea5277a5c0a833d5af240ac1b889f3884.1595863587.git.thomas.lendacky@amd.com> (raw)
In-Reply-To: <cover.1595863587.git.thomas.lendacky@amd.com>

From: Tom Lendacky <thomas.lendacky@amd.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198

The SEV support will clear the C-bit from non-RAM areas.  The early GDT
lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT
will be read as un-encrypted even though it is encrypted. This will result
in a failure to be able to handle the exception.

Move the GDT into RAM so it can be accessed without error when running as
an SEV-ES guest.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 OvmfPkg/PlatformPei/AmdSev.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
index 4fd4534cabea..a2b38c591236 100644
--- a/OvmfPkg/PlatformPei/AmdSev.c
+++ b/OvmfPkg/PlatformPei/AmdSev.c
@@ -39,6 +39,8 @@ AmdSevEsInitialize (
   PHYSICAL_ADDRESS  GhcbBasePa;
   UINTN             GhcbPageCount, PageCount;
   RETURN_STATUS     PcdStatus, DecryptStatus;
+  IA32_DESCRIPTOR   Gdtr;
+  VOID              *Gdt;
 
   if (!MemEncryptSevEsIsEnabled ()) {
     return;
@@ -83,6 +85,22 @@ AmdSevEsInitialize (
     (UINT64)GhcbPageCount, GhcbBase));
 
   AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa);
+
+  //
+  // The SEV support will clear the C-bit from non-RAM areas.  The early GDT
+  // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT
+  // will be read as un-encrypted even though it was created before the C-bit
+  // was cleared (encrypted). This will result in a failure to be able to
+  // handle the exception.
+  //
+  AsmReadGdtr (&Gdtr);
+
+  Gdt = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN) Gdtr.Limit + 1));
+  ASSERT (Gdt != NULL);
+
+  CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
+  Gdtr.Base = (UINTN) Gdt;
+  AsmWriteGdtr (&Gdtr);
 }
 
 /**
-- 
2.27.0


  parent reply	other threads:[~2020-07-27 15:30 UTC|newest]

Thread overview: 61+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-27 15:25 [PATCH v12 00/46] SEV-ES guest support Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 01/46] MdeModulePkg: Create PCDs to be used in support of SEV-ES Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 02/46] UefiCpuPkg: Create PCD " Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 03/46] MdePkg: Add the MSR definition for the GHCB register Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 04/46] MdePkg: Add a structure definition for the GHCB Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 05/46] MdeModulePkg/DxeIplPeim: Support GHCB pages when creating page tables Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 06/46] MdePkg/BaseLib: Add support for the XGETBV instruction Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 07/46] MdePkg/BaseLib: Add support for the VMGEXIT instruction Lendacky, Thomas
2020-07-28  1:34   ` Liming Gao
2020-07-28  4:07     ` Lendacky, Thomas
2020-07-28  7:39       ` Liming Gao
2020-07-28 12:04         ` Laszlo Ersek
2020-07-28 13:44           ` Liming Gao
2020-07-28 14:13           ` Lendacky, Thomas
2020-07-28 15:19             ` Laszlo Ersek
2020-07-29  1:13               ` Liming Gao
2020-07-27 15:25 ` [PATCH v12 08/46] UefiCpuPkg: Implement library support for VMGEXIT Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 09/46] OvmfPkg: Prepare OvmfPkg to use the VmgExitLib library Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 10/46] UefiPayloadPkg: Prepare UefiPayloadPkg " Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 11/46] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VC exception Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 12/46] OvmfPkg/VmgExitLib: Implement library support for VmgExitLib in OVMF Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 13/46] OvmfPkg/VmgExitLib: Add support for IOIO_PROT NAE events Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 14/46] OvmfPkg/VmgExitLib: Support string IO " Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 15/46] OvmfPkg/VmgExitLib: Add support for CPUID " Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 16/46] OvmfPkg/VmgExitLib: Add support for MSR_PROT " Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 17/46] OvmfPkg/VmgExitLib: Add support for NPF NAE events (MMIO) Lendacky, Thomas
2020-07-27 15:25 ` [PATCH v12 18/46] OvmfPkg/VmgExitLib: Add support for WBINVD NAE events Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 19/46] OvmfPkg/VmgExitLib: Add support for RDTSC " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 20/46] OvmfPkg/VmgExitLib: Add support for RDPMC " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 21/46] OvmfPkg/VmgExitLib: Add support for INVD " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 22/46] OvmfPkg/VmgExitLib: Add support for VMMCALL " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 23/46] OvmfPkg/VmgExitLib: Add support for RDTSCP " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 24/46] OvmfPkg/VmgExitLib: Add support for MONITOR/MONITORX " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 25/46] OvmfPkg/VmgExitLib: Add support for MWAIT/MWAITX " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 26/46] OvmfPkg/VmgExitLib: Add support for DR7 Read/Write " Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 27/46] OvmfPkg/MemEncryptSevLib: Add an SEV-ES guest indicator function Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 28/46] OvmfPkg: Add support to perform SEV-ES initialization Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 29/46] OvmfPkg: Create a GHCB page for use during Sec phase Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 30/46] OvmfPkg/PlatformPei: Reserve GHCB-related areas if S3 is supported Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 31/46] OvmfPkg: Create GHCB pages for use during Pei and Dxe phase Lendacky, Thomas
2020-07-27 15:26 ` Lendacky, Thomas [this message]
2020-07-27 15:26 ` [PATCH v12 33/46] UefiCpuPkg: Create an SEV-ES workarea PCD Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 34/46] OvmfPkg: Reserve a page in memory for the SEV-ES usage Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 35/46] OvmfPkg/PlatformPei: Reserve SEV-ES work area if S3 is supported Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 36/46] OvmfPkg/ResetVector: Add support for a 32-bit SEV check Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 37/46] OvmfPkg/Sec: Add #VC exception handling for Sec phase Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 38/46] OvmfPkg/Sec: Enable cache early to speed up booting Lendacky, Thomas
2020-07-27 15:26 ` [PATCH v12 39/46] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with SEV-ES Lendacky, Thomas
2020-07-27 17:41 ` [edk2-devel] [PATCH v12 00/46] SEV-ES guest support Laszlo Ersek
2020-07-27 17:43   ` Laszlo Ersek
2020-07-27 17:49     ` Lendacky, Thomas
2020-07-28 10:07       ` Laszlo Ersek
2020-07-28 12:52         ` Lendacky, Thomas
2020-07-28 13:59           ` Laszlo Ersek
2020-07-27 18:43 ` [PATCH v12 40/46] UefiCpuPkg: Add a 16-bit protected mode code segment descriptor Lendacky, Thomas
2020-07-27 18:43 ` [PATCH v12 41/46] UefiCpuPkg/MpInitLib: Add CPU MP data flag to indicate if SEV-ES is enabled Lendacky, Thomas
2020-07-27 18:43 ` [PATCH v12 42/46] UefiCpuPkg: Allow AP booting under SEV-ES Lendacky, Thomas
2020-07-27 18:43 ` [PATCH v12 43/46] OvmfPkg: Use the SEV-ES work area for the SEV-ES AP reset vector Lendacky, Thomas
2020-07-27 18:43 ` [PATCH v12 44/46] OvmfPkg: Move the GHCB allocations into reserved memory Lendacky, Thomas
2020-07-27 18:43 ` [PATCH v12 45/46] UefiCpuPkg/MpInitLib: Prepare SEV-ES guest APs for OS use Lendacky, Thomas
2020-07-27 18:43 ` [PATCH v12 46/46] Maintainers.txt: Add reviewers for the OvmfPkg SEV-related files Lendacky, Thomas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2fa7386ea5277a5c0a833d5af240ac1b889f3884.1595863587.git.thomas.lendacky@amd.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox