From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (NAM02-CY1-obe.outbound.protection.outlook.com [40.107.76.49]) by mx.groups.io with SMTP id smtpd.web12.488.1587577363782321336 for ; Wed, 22 Apr 2020 10:42:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=F9NA6WaY; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.76.49, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SeFw15cIzUlmSa8QmXPh92b8GCL5C8GN7kE3CX7HsqDCLQD1EGn7lwn5y2JFgKgJjeoS/fi1Jlq9sr2Uh+244yzmXVBHXVMbKWfGsCe1m1/rzVdRpY1ehqbNk7j+xbSuhXa66QtLO8CxByfqYO3EZJgCdOP3XAi3ODNp90tSu7/f50W+MsJ42kw8xKvcVlYcOweeIFHMyviz58v/UUONCuopICiVIc7zGc4d/g7yN+YPMfDAj8bwPSU+UJic3VMqanRSRTLOVPb2RwgC7VAxQxCGZSqTvSxorlZrTMJfQYE7E/tWZR+b5fsxOmZRUmYvKqqTNEp6L5U+SGzF5vHxzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=13SIN+eXdzNxQX0xopSwTX7WzNzPAJryhjZm/WG/6R0=; b=YQNE7so9jOQKG9X9jnc7T0FeMCrShBfVtulWMv/zMyQ2nYfX9wQYPxgEZWdOLGP5p2IfHkhyrLekdPFN48yS5R7mgAf1fm8CsuC0+o8p/Grst68A3WY3PiIelISxaCXoKv2GHPJJkTT5s4VP+YnUKFZTLhWAawi4GnKmwj3mdhypBqJxIuP3LUUZd2x1wOObvNVw+DCBCNjm5uFWsqaB/AKH+YmmGO2JVdw3IiRUbdJLxwL4HkQkLGpPwNQCyz5gJniKoeslYfBC3GPGRNyukGD0T66D25GejvEaXcCqdg5pmMrx9lukKfUZw4hAHcTJr9wionRPeezSVxvB5WOIuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=13SIN+eXdzNxQX0xopSwTX7WzNzPAJryhjZm/WG/6R0=; b=F9NA6WaYwpde8yMjHxHAhmpV7zEmSYqvLJwydNO+Ilsk89Z4TJme9NkKWQGsH+L1Vt/fTDGSm+y5XF2NgbT3XmgghUxz2JTlCbpJmo/MXs2+Pt2ynCqJyz+HgV3jObFmuM3TfK73ABMaj2q0KwhHtSFrL7e94Z/ibXnQSSyIdyQ= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) by DM6PR12MB3449.namprd12.prod.outlook.com (2603:10b6:5:3b::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.25; Wed, 22 Apr 2020 17:42:41 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::9ae:cb95:c925:d5bf]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::9ae:cb95:c925:d5bf%4]) with mapi id 15.20.2921.030; Wed, 22 Apr 2020 17:42:41 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh Subject: [PATCH v7 25/43] UefiCpuPkg/CpuExceptionHandler: Add support for DR7 Read/Write NAE events Date: Wed, 22 Apr 2020 12:41:40 -0500 Message-Id: <370d00047093eb4d20cf519b0d16008448927c23.1587577317.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM5PR04CA0060.namprd04.prod.outlook.com (2603:10b6:3:ef::22) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR04CA0060.namprd04.prod.outlook.com (2603:10b6:3:ef::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.13 via Frontend Transport; Wed, 22 Apr 2020 17:42:41 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 3e326052-1b13-4d45-ff55-08d7e6e48ea6 X-MS-TrafficTypeDiagnostic: DM6PR12MB3449:|DM6PR12MB3449: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-Forefront-PRVS: 03818C953D X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB3163.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(10009020)(4636009)(136003)(346002)(376002)(39860400002)(366004)(396003)(66556008)(16526019)(66476007)(186003)(5660300002)(4326008)(86362001)(54906003)(8936002)(81156014)(966005)(6486002)(66946007)(316002)(19627235002)(52116002)(7696005)(956004)(36756003)(6916009)(2906002)(2616005)(8676002)(478600001)(26005)(136400200001);DIR:OUT;SFP:1101; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ix6wTdSLbqRLNzNnmzx79E5Q1UPPWUqOB48YWWBowrKtFUwcu/52qYIitmw2rupWOiCp2sTPyCyWv57JNAslnrOIrXTl66c4poWr9zoBpEtuHC7ZLLJSktgGOmUwKfCdVXQWK56sAUrkacEoieoG7Le1i40DlII17IYElxxXaZdcBfSMC0b821fLpydlEJvIb3ciE8Z4LfjA81ENKAhlcIihqtkt2kXYD/txj9RlIaOlKi1PsF0iwRfGUDgk4HtGA0CUmf2w21D9u9/Lalf6r+xtD+KcfmyNnP91vTZX+GyuXZg1VkAq69eR8nqKJAmfSF22Np8cYsj2CMK988ltbFyJ0jiDSk6QYycdFnFxhu43LgJ0nCd+f3byW8ueVtvFyZoWBFQhT+LRtAoPFgGQv1pAbfv8g4s5tn53ZY/tp97r7XucuoK6i8ZzNtYmDRO5wC3yh2b8epbVZTuRIvHeIyJH9ZxfDa7T1m6J+qu2BiBtYWTIwwKvnwSULBCjZFI2cEpuzlAW4q6PZgxpODfQVNtZSCSvhYy3RdV5XgjAmH5zuVksypnNJOzvjBcC5K4zB66njE/9y5h/O58Kxt5tHw== X-MS-Exchange-AntiSpam-MessageData: uDfS1/AIOL1t66MVrCXnd+zYsuOEI2PfnFnwyyETDKV9ZpaEk7NsKXofJbhIw2me6qQ8ydk4vbf8WDG6MM1fvL001UqR5oWimKRQSnaouo7Z6cJjUl+Dam4g2W974SlIYijDEURHeWzLM4GHXLuuvw== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3e326052-1b13-4d45-ff55-08d7e6e48ea6 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2020 17:42:41.7834 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dUs5tEK+PS1T3XSL1KpEzhrxN/HuXtjzXyJgInlynoNDQk6vQhPdPjNNroKvu6S9Dlj8zmM0UB++gyrqC1T1Ww== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3449 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 Under SEV-ES, a DR7 read or write intercept generates a #VC exception. The #VC handler must provide special support to the guest for this. On a DR7 write, the #VC handler must cache the value and issue a VMGEXIT to notify the hypervisor of the write. However, the #VC handler must not actually set the value of the DR7 register. On a DR7 read, the #VC handler must return the cached value of the DR7 register to the guest. VMGEXIT is not invoked for a DR7 register read. To avoid exception recursion, a #VC exception will not try to read and push the actual debug registers into the EFI_SYSTEM_CONTEXT_X64 struct and instead push zeroes. The #VC exception handler does not make use of the debug registers from saved context. Cc: Eric Dong Cc: Ray Ni Cc: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../X64/ArchAMDSevVcHandler.c | 105 ++++++++++++++++++ .../X64/ExceptionHandlerAsm.nasm | 17 +++ 2 files changed, 122 insertions(+) diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSevVcHandler.c b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSevVcHandler.c index 023e7dc31202..af5567d85593 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSevVcHandler.c +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ArchAMDSevVcHandler.c @@ -13,6 +13,16 @@ #define CR4_OSXSAVE (1 << 18) +#define DR7_RESET_VALUE 0x400 + +// +// Per-CPU data mapping structure +// +typedef struct { + BOOLEAN Dr7Cached; + UINT64 Dr7; +} SEV_ES_PER_CPU_DATA; + // // Instruction execution mode definition // @@ -1487,6 +1497,93 @@ RdtscExit ( return 0; } +/** + Handle a DR7 register write event. + + Use the VMGEXIT instruction to handle a DR7 write event. + + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communication + Block + @param[in, out] Regs x64 processor context + @param[in] InstructionData Instruction parsing context + + @retval 0 Event handled successfully + @retval Others New exception value to propagate + +**/ +STATIC +UINT64 +Dr7WriteExit ( + IN OUT GHCB *Ghcb, + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, + IN SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext; + SEV_ES_PER_CPU_DATA *SevEsData; + INTN *Register; + UINT64 Status; + + Ext = &InstructionData->Ext; + SevEsData = (SEV_ES_PER_CPU_DATA *) (Ghcb + 1); + + DecodeModRm (Regs, InstructionData); + + /* MOV DRn always treats MOD == 3 no matter how encoded */ + Register = GetRegisterPointer (Regs, Ext->ModRm.Rm); + + /* Using a value of 0 for ExitInfo1 means RAX holds the value */ + Ghcb->SaveArea.Rax = *Register; + GhcbSetRegValid (Ghcb, GhcbRax); + + Status = VmgExit (Ghcb, SvmExitDr7Write, 0, 0); + if (Status) { + return Status; + } + + SevEsData->Dr7 = *Register; + SevEsData->Dr7Cached = TRUE; + + return 0; +} + +/** + Handle a DR7 register read event. + + Use the VMGEXIT instruction to handle a DR7 read event. + + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communication + Block + @param[in, out] Regs x64 processor context + @param[in] InstructionData Instruction parsing context + + @retval 0 Event handled successfully + +**/ +STATIC +UINT64 +Dr7ReadExit ( + IN OUT GHCB *Ghcb, + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, + IN SEV_ES_INSTRUCTION_DATA *InstructionData + ) +{ + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext; + SEV_ES_PER_CPU_DATA *SevEsData; + INTN *Register; + + Ext = &InstructionData->Ext; + SevEsData = (SEV_ES_PER_CPU_DATA *) (Ghcb + 1); + + DecodeModRm (Regs, InstructionData); + + /* MOV DRn always treats MOD == 3 no matter how encoded */ + Register = GetRegisterPointer (Regs, Ext->ModRm.Rm); + *Register = (SevEsData->Dr7Cached) ? SevEsData->Dr7 : DR7_RESET_VALUE; + + return 0; +} + /** Common #VC exception handling routine. @@ -1517,6 +1614,14 @@ DoVcCommon ( ExitCode = Regs->ExceptionData; switch (ExitCode) { + case SvmExitDr7Read: + NaeExit = Dr7ReadExit; + break; + + case SvmExitDr7Write: + NaeExit = Dr7WriteExit; + break; + case SvmExitRdtsc: NaeExit = RdtscExit; break; diff --git a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm index 19198f273137..26cae56cc5cf 100644 --- a/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm +++ b/UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/ExceptionHandlerAsm.nasm @@ -18,6 +18,8 @@ ; CommonExceptionHandler() ; +%define VC_EXCEPTION 29 + extern ASM_PFX(mErrorCodeFlag) ; Error code flags for exceptions extern ASM_PFX(mDoFarReturnFlag) ; Do far return flag extern ASM_PFX(CommonExceptionHandler) @@ -225,6 +227,9 @@ HasErrorCode: push rax ;; UINT64 Dr0, Dr1, Dr2, Dr3, Dr6, Dr7; + cmp qword [rbp + 8], VC_EXCEPTION + je VcDebugRegs ; For SEV-ES (#VC) Debug registers ignored + mov rax, dr7 push rax mov rax, dr6 @@ -237,7 +242,19 @@ HasErrorCode: push rax mov rax, dr0 push rax + jmp DrFinish +VcDebugRegs: +;; UINT64 Dr0, Dr1, Dr2, Dr3, Dr6, Dr7 are skipped for #VC to avoid exception recursion + xor rax, rax + push rax + push rax + push rax + push rax + push rax + push rax + +DrFinish: ;; FX_SAVE_STATE_X64 FxSaveState; sub rsp, 512 mov rdi, rsp -- 2.17.1