From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.64]) by mx.groups.io with SMTP id smtpd.web12.8287.1617888669203080051 for ; Thu, 08 Apr 2021 06:31:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=NynWsRwv; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.64, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eDUx+mDvg1RCZOfeRunpPHIbCWIMG6QMuQ7GLjBbYCzc0fIwaFu7/7J96vF6GFJlfrAgwZULw4cX/yqGXOn2gdWrWJ28wjZSyxeNoVXP+nbg/03NOQeGbUkuRqGJlqfZ8DtJ5ptPwdYL2+7nLDbaO3eXxl7VHjRXjCkhp7BWJtYYEf0gFG0/xaimiutkFxJSCHkYFXwQReZn9f2ikpxaZKOTp5Fco8W5YGQ3BmG+rP2mEIkQur0pQTLocospNjaeY5L4M5CQmd4He88EAVITsVwUdAbUgv4Kvl3MEI4ZjMZJRTQYFHuvEB+MnE8shaJ1F1ZnCNoAYvsgXI3/bSDIDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z20sNO8k9vJdC/uFpuYuRGRkN5nQz8cOUj14mu/n770=; b=Abu/WHOQQ+ldEmH82cK7BfuTsgNcv2M9UxdR+PHx7XokKVUq/TsPynbostLmvbNA9p5lX5ZtUcXCO2vtGXCHc6c6I66KGQjaoX9Vk0hG4VQeQoWmIXM+2QwVxajtiu009JlwqXlUkFhuOR1C69qM6YCQc4n7xtfYb227pMt13dC5fjanInhEsJo3EQs/CkZou8ZiLPgGdHwu8sFZ5TVSebfv6o2t+GVZNprT3uAm3V9uSt/RCDsOLwZx4LQOTb8uvHUV+n1Af5XXgHL7vfdKdfc6Q/n+NDbx6bHCcjgZT7Lq89JN5b32CV97Sq6yCOAZiR3zcDHEvrip2uOJjS0f2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z20sNO8k9vJdC/uFpuYuRGRkN5nQz8cOUj14mu/n770=; b=NynWsRwvsr2JND2QpqwlvjpqmfsHjZBSfWumJTdgvzmZXTAlqHreR0KLo8jL8zXtUZgMJ32iQD+CYDXa4IF+9UgeHIJ656KNCSdGBinZ6BUmR3znmWuYFTc+8rR/3KPwGN9YylSDkS7e9Ve5Sq8Qb2tYWYGX/7HfgdhNkKTmRWk= Authentication-Results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1641.namprd12.prod.outlook.com (2603:10b6:4:10::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.17; Thu, 8 Apr 2021 13:31:06 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::c9b6:a9ce:b253:db70]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::c9b6:a9ce:b253:db70%6]) with mapi id 15.20.3999.034; Thu, 8 Apr 2021 13:31:06 +0000 Subject: Re: [edk2-devel] [RFC PATCH 01/19] OvmfPkg: Reserve the Secrets and Cpuid page for the SEV-SNP guest To: "Xu, Min M" , "devel@edk2.groups.io" , "lersek@redhat.com" , "jejb@linux.ibm.com" , Brijesh Singh Cc: "Yao, Jiewen" , "Justen, Jordan L" , Ard Biesheuvel References: <20210324153215.17971-1-brijesh.singh@amd.com> <20210324153215.17971-2-brijesh.singh@amd.com> <719a63e555376ca65a7bbe0c7e23c20b6b631cd3.camel@linux.ibm.com> <9aa00ba0-def0-9a4e-1578-0b55b8047ebd@redhat.com> From: "Lendacky, Thomas" Message-ID: <2ff2c569-1032-3e5f-132a-159c47c9f067@amd.com> Date: Thu, 8 Apr 2021 08:31:03 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 In-Reply-To: X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SN4PR0401CA0002.namprd04.prod.outlook.com (2603:10b6:803:21::12) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0401CA0002.namprd04.prod.outlook.com (2603:10b6:803:21::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.16 via Frontend Transport; Thu, 8 Apr 2021 13:31:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 34fa2efa-dbed-4302-fac4-08d8fa929029 X-MS-TrafficTypeDiagnostic: DM5PR12MB1641: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3383; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 6P+7X3CR9Zsa3FTchUK0NkSdThM/T1iJldemOc+5vGMEDj3h/pJ6OQpuvgDf8ULp0r4BhivT5idX4ddIsDXcz7I6LwtUIVRC5bXdJPI5kG2XJ4q11gDCCmn2DIk6rPFYzk2DzFB3ia/W7HHyX+s1zJ0oRj8Ug7u+wpduaZKxfM7jMGC02J0g1NopqVGzy8yADBd8U08dbujbNx8dVUcd1Fvqba0UPHfRnSy7TekAo37/7QrZli6R3QyosXH7dRpVNnojsYAv+4ulwYy+hAmWXtdcMkXRmQoNtuGsxBkbIQuUUrFphw569FZ3Y8s2oX7LMN3vYqhKsuMeFHsS14qx024uYcHgEjhJHC4jIJCin5pYdzTe7K++DHnC+gq44SotVOyJJyyxICkyji3yEEVSX8vW9+XQDQnIn36iTOPkQC/klSh4CBs5XGCsbTtMe6DU6SHVJSpcIh2m1ntGUJ2SrzlsVzJnHCpH2dduuyrrXWHRh+1hbGt4BVxWcO911isXTLssexcLD3zQ6cdmahXoNf0VA9dGfj2qCOYELfprw8MszEkwXgvoF0MwNWYyQnBQp9ysf9qiFCco6RdlUsQNZPLqexr8UneeS1I9HW3NIE0hzGdn52PtuDzIxr3/pTrme51CO4qzNTZ50IJriutKRRxScskmHRhKB9zU6OZnyLvQiPtz375x9s9oYhLqPFnfPPYvoyn2nh5GPX9YB1bZu3uKaRECwXMNyJz7cpqhPaFGaSjMip8E/y9znNKAyODCWPeuXBqMPwiBuYGC9AFGc5vkPzyMdIIp3TloeEz2pig= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(376002)(136003)(39860400002)(366004)(396003)(346002)(5660300002)(86362001)(36756003)(31686004)(4326008)(38100700001)(66476007)(45080400002)(478600001)(31696002)(66556008)(19627235002)(66946007)(83380400001)(956004)(2616005)(8676002)(2906002)(6512007)(186003)(6486002)(53546011)(8936002)(16526019)(966005)(54906003)(110136005)(316002)(6506007)(6636002)(26005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?UXM1RWJyWlIrTTh4Ykx4RVZFRkxOMkhRZXFvZjBLc3BoRTJhQnE4OTh3RFh1?= =?utf-8?B?cnd1SFhCVUtHMVVPYlJWOFVEOUgvWjlya3dqYjM1QUZoeTFpR0k4WUlYckxs?= =?utf-8?B?cEsyRDYzRWxMTlZ1ekhCMnVDT1hDTi9NZkJabEErQmJnUVUzcVRSSXdHaFVR?= =?utf-8?B?aDBaODJDTForK0d4Si8zWml0VHk0Q3hhNXZpN3ZaR0xBME4xUGZmTXAwK1lN?= =?utf-8?B?Tm0ycHVYeFlmMCtIbmgwaW92M1U3OUZ5T0xFamRZQ3hMMzk5MHNseHdJejR6?= =?utf-8?B?aTY1Rm5WOUxmSUtnWHpIZCt0czFhZ0NvVFliOUhFd3N6YnprSW8yNEs5Rldr?= =?utf-8?B?Zm5XYm13clpybGtOYVFpYWN4UVE0WlN3QUo5ajc0YTA3bVo1TDZCNkpwWm9G?= =?utf-8?B?UmFhd0ZSYzdQZ3E0V3BlcE9IL1JzS2p6RXNtQ1ExTERzRFUxMkR1Z2NDN2VZ?= =?utf-8?B?VEV2bkVoc3VPeE1jdFNoZzAwQVZsa3RQZlVrZ29sa0F3US9zVFJvYWFMV24w?= =?utf-8?B?QTludTdrUUNOelBlOVFRUnBPTEU1S0ZselNyKzd6YmN2Zmk4dVYwUUVHWVhW?= =?utf-8?B?dXhINFl2MmhMczgxZVlueTFISzYxaFNVRUpqWU9ZZm5welkzZXVDQXp5L2hv?= =?utf-8?B?dS9iQnVDcm13WHJ5OTMxeUFjOTJHM05FbDRPVzd4b0RmUEQ3dFlpQlFReDVW?= =?utf-8?B?WUV4U2EwTkJGMWk0UzNudFQraHFIZ1pBTzNYYjFhMmZaZjBxVlZRczRRbzdh?= =?utf-8?B?VVdrbEZHanduNFZ1K0tZMTd4SDFGaEl2c0hZa0dLcUt6OThheVIzcjNMeVZl?= =?utf-8?B?K0hPRUdmVXFrRzZzcHJqRWlJb0RRblNrMHh4SERQU0ZWMmUwa3RmQTNkK2gv?= =?utf-8?B?ZFdqUnNweUlsQW5QczFLeElLZHlTWHh4eHQ2SXBVMDJsc1dZSFJMd2RLeWc1?= =?utf-8?B?Sjl4S0ZlRXN0S241NjRRMzNBWmd5Rm8yWEJ4M2JiaXBVTElid296RE1rbjY0?= =?utf-8?B?bTdpV3FJQWxPSkR6bUNodDFSZDJGdDhHOFdpMEdpR3JSdjlZZUo3UVg4L29J?= =?utf-8?B?ZEhLNWRRR0lhZzdSVGl6Q1pjTlFDWWlabmhuZDB4ZEF5T1ppazk4a1FseWtP?= =?utf-8?B?eFFqRjA5Z3VSMGpuTjdnb3l0dlBRV2huajlmam1nSHBkNURGMGdhcVFhSEFM?= =?utf-8?B?OE5OcVYwSmZIRUpBbjNvMU1VV1dvd20vVXpaS3JPdFEwSGNjaGU4b0ZDRHhV?= =?utf-8?B?WHBFVkR0cGdzWDFQYmljSmZzZG1vQnVNMjhOd3VVaXViZ3RvUmVzYjJkMHNH?= =?utf-8?B?bHpFZHFNTUhpUzQ3dk1jTVk5REdFdHFDMHlLYWJFU3MrSlZSS3BkT1lUWmtK?= =?utf-8?B?WmFhUjhlOUwwMEpiYTdKUVo5b0RwQ1A0ekg0aHhNYi9TZjBWRjhmcUJUNEFt?= =?utf-8?B?VGZqYk1QQTJPbEkvb0QyZUdaTUd5R2poL1hHY0FPczl0YnQrNTBlb0l3LzEz?= =?utf-8?B?RjlubWhPSnBndGtRSW9waGJrekVsbUVBZjNTVjF5V3VHaFpnUGEwV1NpaXdT?= =?utf-8?B?QjNZeVM4TU0xemEzYnc2REo1ZDNyY29MTHlxUWlxek9ObXIzZXFxelZKVkpx?= =?utf-8?B?amx2WC9XbnZVZ283ZGUyVWdZRmF1OHZUM1k4Y09JNGNVK1d5QVFUdnFRUzZL?= =?utf-8?B?cW1vRWt2b2pyZGdXYTJpcytra3UxaVhZMEU3MUpaSmUvTkpRZDRwOWIrT0FD?= =?utf-8?Q?p9ofY89p4Fba3NJH0vzxjCDGCCI/NL/Dig+pvYh?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 34fa2efa-dbed-4302-fac4-08d8fa929029 X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2021 13:31:06.5853 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tPb0uhf9sWbxmw+4YgM+qsUp2C0fyZWL4i3/ntT9zIzuUwVHI+FuI3oeflgqt/BTkq7hDc1O4bN5Q9pfOx63kA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1641 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 4/8/21 1:24 AM, Xu, Min M wrote: > On Wednesday, April 7, 2021 11:03 PM, Laszlo wrote: >> On 04/07/21 02:44, James Bottomley wrote: >>> On Wed, 2021-04-07 at 00:21 +0000, Xu, Min M wrote: >>>> Hi, Laszlo >>>> >>>> For Intel TDX supported guest, all processors start in 32-bit >>>> protected mode, while for Non-Td guest, it starts in 16-bit real >>>> mode. To make the ResetVector work on both Td-guest and Non-Td guest, >>>> ResetVector are updated as below: >>>> ------------------------------------------------------------------ >>>> ALIGN 16 >>>> resetVector: >>>> ; >>>> ; Reset Vector >>>> ; >>>> ; This is where the processor will begin execution >>>> ; >>>> nop >>>> nop >>>> smsw ax >>>> test al, 1 >>>> jnz EarlyBspPmEntry >>>> jmp EarlyBspInitReal16 >>> >>> Well, then use the rel8 jump like the compiler would in this situation: >>> >>> smsw ax >>> test al, 1 >>> jz 1f >>> jmp EarlyBspPmEntry >>> 1: >>> jmp EarlyBspInitReal16 >>> >>> So now both entries can be 32k away. >> >> The problem is that we need NASM to generate such *shared* entry code that >> behaves correctly when executed in either 16-bit or 32-bit mode. >> >> The rel8 near jumps ("short jumps") are like that -- for example, the >> "74 cb" opcode decodes to the same "JZ rel8" in both modes. >> >> But the rel16 ("non-short") near jumps turn into rel32 near jumps when >> decoded in 32-bit mode. For example, "E9 cw" decodes to "JMP rel16" in 16-bit >> mode, but it gets parsed as "E9 cd" (= "JMP rel32") in 32-bit mode. >> >> So the idea is to add more BITS directives, for covering the non-short near >> jumps themselves: > > Yes this is the root cause. TDX requires the startup mode to be 32-bit > protected mode while the legacy VM startup mode is 16-bit real mode. > Add more BITS directives can work round this. I have tried it and it works. > > So my initial solution is to use *jmp rel8* because it works in both 16-bit > and 32-bit mode. But *jmp rel8* depends on the distance which should > be less than 128 bytes. If more metadata is added in the ResetVector.asm > then we have to use the BITS solution. To me, it sounds like the BITS solution should be the approach you use from the start. Thanks, Tom > >> >>> ; instructions up to and including the rel8 JZ decode identically ; >>> between BITS 16 and BITS 32 BITS 16 >>> smsw ax >>> test al, 1 >>> jz Real >>> >>> ; the unconditional near jumps are mode-specific BITS 32 >>> jmp near EarlyBspPmEntry >>> BITS 16 >>> Real: >>> jmp near EarlyBspInitReal16 >>> >>> ; -------------------- >>> >>> BITS 16 >>> EarlyBspInitReal16: >>> nop >>> >>> BITS 32 >>> EarlyBspPmEntry: >>> nop >> >> $ nasm -f bin jz.nasmb >> >> Decoded (executed) in 16-bit mode: >> >> $ ndisasm -b 16 -k 7,5 -k 0x10,1 jz >> 00000000 0F01E0 smsw ax >> 00000003 A801 test al,0x1 >> 00000005 7405 jz 0xc ; taken >> 00000007 skipping 0x5 bytes >> 0000000C E90000 jmp word 0xf >> 0000000F 90 nop >> 00000010 skipping 0x1 bytes >> >> Decoded (executed) in 32-bit mode: >> >> $ ndisasm -b 32 -k 0xc,4 jz >> 00000000 0F01E0 smsw eax >> 00000003 A801 test al,0x1 >> 00000005 7405 jz 0xc ; not taken >> 00000007 E904000000 jmp dword 0x10 >> 0000000C skipping 0x4 bytes >> 00000010 90 nop >> >> >> With the garbage *not* hidden: >> >> $ ndisasm -b 16 -s 0xc jz >> >> 00000000 0F01E0 smsw ax >> 00000003 A801 test al,0x1 >> 00000005 7405 jz 0xc ; taken >> 00000007 E90400 jmp word 0xe ; garbage >> 0000000A 0000 add [bx+si],al ; garbage >> 0000000C E90000 jmp word 0xf >> 0000000F 90 nop >> 00000010 90 nop ; garbage >> >> $ ndisasm -b 32 -s 0x10 jz >> >> 00000000 0F01E0 smsw eax >> 00000003 A801 test al,0x1 >> 00000005 7405 jz 0xc ; not taken >> 00000007 E904000000 jmp dword 0x10 >> 0000000C E9 db 0xe9 ; garbage >> 0000000D 0000 add [eax],al ; garbage >> 0000000F 90 nop ; garbage >> 00000010 90 nop >> >> Thanks >> Laszlo >> >> >> >> >> >