From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 5F360AC18DC for ; Fri, 26 Jan 2024 22:14:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=XL7gXQyyDHw83Ft5w8zRD1GWgt3nrot49IO/qBCyVD0=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1706307272; v=1; b=akp2oZxubGMrLmNDXgewj9/Hw03DuT9x9D9y/d1jCJ4E49qqY7uZupn8po5hbDucTuK8c4rx RuaJmP65Dl8wGO7+S5Cmgww2YVUq5UoS2tM8UmYPmpK9JKUDUGkvZxCrPkdznIlbXgkXQDmtXIv DNwkJT2bqRf3dXYrfxh5uH24= X-Received: by 127.0.0.2 with SMTP id ySHjYY7687511xg6m5wh03ow; Fri, 26 Jan 2024 14:14:32 -0800 X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (NAM02-SN1-obe.outbound.protection.outlook.com [40.107.96.76]) by mx.groups.io with SMTP id smtpd.web11.2956.1706307271506538355 for ; Fri, 26 Jan 2024 14:14:31 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WIwo7fF3CqiXnkBpa0XUlZOXmHVzut28/TRhbiXKhfYresa77ziKf4pRarZoHzzcmdJHb+hFle65+v5w0vXv6NuJr1UGqS6Pnr05oVvYmaxE/CSt+0Unogx4mphxtHW11KMl7p9KnnkCN0g8QgEyBvrVKeoYA/iCCmmPJjCo1on33FDogL5KUjIO27tXjPCefov48w2BWn2uUtxNaGgNW89zNrx85DyC7Nh5hI10T3hzlx7X+Ies4Pd7XhVyl9w1yssqpsfS00mJ2jzF+BxviTvpTZ5JGrwvrS93yedRXis69GK44ZU0TEzEzAwT5xFKTKp2AnOvZXDYzdiC/w4mEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WYK3eWeyguHoRWaA6t+oz/HB+disaWtqolnVbmziYto=; b=MuHCbMtXAnOzxd+lXGABum/v6rX4R12v2AwoR7l9arDWYn0ivAYdVuFlq+A48NSMzh5YydGZEakhBn+5LLqf9zoBEyTrlw4tTpAywKO2xmpCBDbldo/hXg8r/AQrWRT/tn3du2tMmv0q/kZAZSRof2cDM3jylNDpX2GG16laApA7bpYXgZoPGJf84SBpgx8KVkTyV2SKvd7DyCmd00xrCZ5yHRclH+N3HBVK6XUVYBJeOCSJ/c8OmMuEoZRXKrb9AaCzggrSuMqmREINcRseLmDqUN9NjEUbvpkxNa9676mLXo41vtShRm/3VfhvGtHPyaoBJ1gvItGEAT4q0iyUrg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from DS7PR05CA0094.namprd05.prod.outlook.com (2603:10b6:8:56::11) by IA1PR12MB6259.namprd12.prod.outlook.com (2603:10b6:208:3e5::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7228.22; Fri, 26 Jan 2024 22:14:29 +0000 X-Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:8:56:cafe::3) by DS7PR05CA0094.outlook.office365.com (2603:10b6:8:56::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.14 via Frontend Transport; Fri, 26 Jan 2024 22:14:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7228.16 via Frontend Transport; Fri, 26 Jan 2024 22:14:28 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 26 Jan 2024 16:14:26 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH 08/16] OvmfPkg/CcExitLib: Add support for the SVSM create/delete vCPU calls Date: Fri, 26 Jan 2024 16:13:07 -0600 Message-ID: <331f753e22aa83caec3be1f3bc2168e3646e4dad.1706307195.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|IA1PR12MB6259:EE_ X-MS-Office365-Filtering-Correlation-Id: ec5c5376-8e21-4afb-3a4c-08dc1ebc2a1e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: 6OcgUpjkr/zTQntPYVnG1TfZ/+BDBFbIfKOS9IFRZ+yO6HA/uq6KAW0MVkKjulAstvGDvLaYogzhMriE+50/l1FUFQhOlpTT0GqekgqRYa+YuYz5SMDlcBt4D40lzpkfhHZbYJwYg6EQGY1AFv8hrOmOxiei33cF3Y4fhkxnKEJs3JTNvJD1Q4ainnEloZ6ZbaO1VdQbAjzDstMZpz6jqlw9HuaRP/dJ94on1Ds/am/2g4YsNK3iWSWg/YFKx8rk+UdKrvoq9yWzUyuujabtaRdRinY26tvaJQI5uXK+FSLFdmfxLNxef7shtfSSx/RprT8tAPrWDCjxe6PqTfmIdqdtWE+f14JwcnLlTjz4dXNc+txZ97nIIGA9V/oCGAeZjLa9AZbft0cGNbkHKrB9CyanF43rte3C1R8NgvCpxsz+vl5t+G8746HN7VToTzcts7G3oIqbcvkE7gvqzeN/4f9KbQau0Fi5g5XmdSXzYN3Ae4mKlctTebaOzZIPqMwDXb+LV88YwbCI6XBb+3z/DrJCE9hICGHIgu4dJ3vVNN6C9UdHlANDOW17Dn2vNRNTRhc+dsTn3dKqYyk3y0gDC1zkCfII4IiukZuDTGbNR9kwd2t132SP7QpURWxIpfy/aIMlq/yeiRjbtM3euGlcVENkZiGN4xY2Yn/23tO/TfQPJM3WD771ckq3YeIIbIX//a8JBllhNkNcrLDodSpV3icXOPN7pO0eoBjEUtSmG7CxHCtbXhgJETwyN7hq3D7dVKOB/rjsCAtdYUU/taPDCg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jan 2024 22:14:28.8296 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ec5c5376-8e21-4afb-3a4c-08dc1ebc2a1e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6259 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: KqvcrLZORMGirtcM7DsLYJRWx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=akp2oZxu; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The RMPADJUST instruction is used to alter the VMSA attribute of a page, but the VMSA attribute can only be changed when running at VMPL0. When an SVSM is present, use the SVSM_CORE_CREATE_VCPU and SVSM_CORE_DELTE_VCPU calls to add or remove the VMSA attribute on a page instead of issuing the RMPADJUST instruction directly. Implement the CcExitSnpVmsaRmpAdjust() API to perform the proper operation to update the VMSA attribute. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/CcExitLib/CcExitSvsm.c | 100 +++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c b/OvmfPkg/Library/CcExi= tLib/CcExitSvsm.c index 43e0a357efa5..3459338b2033 100644 --- a/OvmfPkg/Library/CcExitLib/CcExitSvsm.c +++ b/OvmfPkg/Library/CcExitLib/CcExitSvsm.c @@ -137,6 +137,103 @@ SvsmMsrProtocol ( return Ret; } =20 +/** + Perform an RMPADJUST operation to alter the VMSA setting of a page. + + Add or remove the VMSA attribute for a page. + + @param[in] Vmsa Pointer to an SEV-ES save area page + @param[in] ApicId APIC ID associated with the VMSA + @param[in] SetVmsa Boolean indicator as to whether to set o= r + or clear the VMSA setting for the page + + @retval EFI_SUCCESS RMPADJUST operation successful + @retval EFI_UNSUPPORTED Operation is not supported + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid + parameter was supplied + +**/ +EFI_STATUS +EFIAPI +SvsmVmsaRmpAdjust ( + IN SEV_ES_SAVE_AREA *Vmsa, + IN UINT32 ApicId, + IN BOOLEAN SetVmsa + ) +{ + SVSM_CALL_DATA SvsmCallData; + SVSM_FUNCTION Function; + UINTN Ret; + + SvsmCallData.Caa =3D SvsmGetCaa (); + + Function.Id.Protocol =3D 0; + + if (SetVmsa) { + Function.Id.CallId =3D 2; + + SvsmCallData.RaxIn =3D Function.Uint64; + SvsmCallData.RcxIn =3D (UINT64)(UINTN)Vmsa; + SvsmCallData.RdxIn =3D (UINT64)(UINTN)Vmsa + SIZE_4KB; + SvsmCallData.R8In =3D ApicId; + } else { + Function.Id.CallId =3D 3; + + SvsmCallData.RaxIn =3D Function.Uint64; + SvsmCallData.RcxIn =3D (UINT64)(UINTN)Vmsa; + } + + Ret =3D SvsmMsrProtocol (&SvsmCallData); + + return (Ret =3D=3D 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER; +} + +/** + Perform an RMPADJUST operation to alter the VMSA setting of a page. + + Add or remove the VMSA attribute for a page. + + @param[in] Vmsa Pointer to an SEV-ES save area page + @param[in] ApicId APIC ID associated with the VMSA + @param[in] SetVmsa Boolean indicator as to whether to set o= r + or clear the VMSA setting for the page + + @retval EFI_SUCCESS RMPADJUST operation successful + @retval EFI_UNSUPPORTED Operation is not supported + @retval EFI_INVALID_PARAMETER RMPADJUST operation failed, an invalid + parameter was supplied + +**/ +EFI_STATUS +EFIAPI +BaseVmsaRmpAdjust ( + IN SEV_ES_SAVE_AREA *Vmsa, + IN UINT32 ApicId, + IN BOOLEAN SetVmsa + ) +{ + UINT64 Rdx; + UINT32 Ret; + + // + // The RMPADJUST instruction is used to set or clear the VMSA bit for a + // page. The VMSA change is only made when running at VMPL0 and is ignor= ed + // otherwise. If too low a target VMPL is specified, the instruction can + // succeed without changing the VMSA bit when not running at VMPL0. Usin= g a + // target VMPL level of 1, RMPADJUST will return a FAIL_PERMISSION error= if + // not running at VMPL0, thus ensuring that the VMSA bit is set appropri= ately + // when no error is returned. + // + Rdx =3D 1; + if (SetVmsa) { + Rdx |=3D RMPADJUST_VMSA_PAGE_BIT; + } + + Ret =3D AsmRmpAdjust ((UINT64)(UINTN)Vmsa, 0, Rdx); + + return (Ret =3D=3D 0) ? EFI_SUCCESS : EFI_INVALID_PARAMETER; +} + /** Issue an SVSM request to perform the PVALIDATE instruction. =20 @@ -409,5 +506,6 @@ CcExitSnpVmsaRmpAdjust ( IN BOOLEAN SetVmsa ) { - return EFI_UNSUPPORTED; + return CcExitSnpSvsmPresent () ? SvsmVmsaRmpAdjust (Vmsa, ApicId, SetVms= a) + : BaseVmsaRmpAdjust (Vmsa, ApicId, SetVms= a); } --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114634): https://edk2.groups.io/g/devel/message/114634 Mute This Topic: https://groups.io/mt/103986458/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-