From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.52]) by mx.groups.io with SMTP id smtpd.web10.12336.1624990010483514547 for ; Tue, 29 Jun 2021 11:06:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=vgA74IHW; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.93.52, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=afmSVDxqi8MwgIFDWU+3EO7Ui/N7px2eh2iVifk3iLqrZZO8TtFdzkYY6js37OLNtAaJWaWCsL7ioDGDzClf1aqNmE2DZrufNEM+wWrRVC3TwKZhMAM7nwOftGdwQwAK7dU0FS49awEnsy2dBcY0jw3SJMim+hxHrbYRhqaJkJZNfZ95XMHtST5l7VvHJpUW+kCJzHU0NpgdcdVJz4Z+E8M7diuxdpIU4xmn86VyFo8MpTZ8DDy9xzoia+kpCo2HggU2iD+zcVoDuP+udY7RorCYJUDvDC8X7QR2AF0JfvXNNjEvFIBmTmp4xe2R5KeHqWiwFi+wEYr0kIEsrzEkgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UUoF95oyGZUhOsUvS+WfrMuG0kkq7jH4rFUyWXeCVW4=; b=HhclDKsIAK7UofFLS9dtfcClEMPYLknjk/igv17NKZlkWPCncr7271I5BJShEg2efk4t28Ehwfmja56n5UaPwnJcDQd2FB91URwFJp/Km+mPcUt3cnbXUwyvOy49zvkeZMPlXMcfAPq7mTpum4IJe5GM4hTXb3YJf2K6vpkhepfF9Fi0AG7pPSeYyrSiSZnkqCYbG+ybpx57jLEnBKZ0cJYUGmpIsBpldlbOKJuz/BE2y0G71GPsHK79VU3ucQrOrwIqaRz79zw+T3WkQDk/ayPrGhbWHWv0lN53/4XuO05xby5kQAbgFNWZTbAUokpEP5q1D0SeGd0E2p8HW32C8g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UUoF95oyGZUhOsUvS+WfrMuG0kkq7jH4rFUyWXeCVW4=; b=vgA74IHWKQXcFOvukHwCSG/qv4QCP5cAa8g4hGlDdKaXf2ZX7J3v09bvEKK5oy6P/b7EX2rzmFdEYgLcirvYJubZKnv6lPhZOuddIMuIaIkoqv2Zr0Q/YO2LPYpufzJaTTy/ryju2lQAE00TJuMgGjq4f9OlICfhLhujcWg8T9Q= Authentication-Results: amd.com; dkim=none (message not signed) header.d=none;amd.com; dmarc=none action=none header.from=amd.com; Received: from DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) by DM6PR12MB5006.namprd12.prod.outlook.com (2603:10b6:5:1b8::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.18; Tue, 29 Jun 2021 18:06:48 +0000 Received: from DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b]) by DM6PR12MB2714.namprd12.prod.outlook.com ([fe80::7df8:b0cd:fe1b:ae7b%5]) with mapi id 15.20.4264.026; Tue, 29 Jun 2021 18:06:48 +0000 Cc: brijesh.singh@amd.com, James Bottomley , Min Xu , Jiewen Yao , Tom Lendacky , Jordan Justen , Ard Biesheuvel , Laszlo Ersek , Erdem Aktas , Eric Dong , Ray Ni , Rahul Kumar , Michael D Kinney , Liming Gao , Zhiguang Liu , Michael Roth Subject: Re: [RFC PATCH v4 02/27] OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT To: devel@edk2.groups.io References: <20210628174223.1302-1-brijesh.singh@amd.com> <20210628174223.1302-3-brijesh.singh@amd.com> From: "Brijesh Singh" Message-ID: <376b5472-99d7-7333-3f2d-24e9f26c5c75@amd.com> Date: Tue, 29 Jun 2021 13:06:45 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: <20210628174223.1302-3-brijesh.singh@amd.com> X-Originating-IP: [165.204.77.11] X-ClientProxiedBy: SN6PR16CA0066.namprd16.prod.outlook.com (2603:10b6:805:ca::43) To DM6PR12MB2714.namprd12.prod.outlook.com (2603:10b6:5:42::18) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [172.31.11.236] (165.204.77.11) by SN6PR16CA0066.namprd16.prod.outlook.com (2603:10b6:805:ca::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.22 via Frontend Transport; Tue, 29 Jun 2021 18:06:47 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a091a5ca-ae7c-4a8e-4942-08d93b28a9df X-MS-TrafficTypeDiagnostic: DM6PR12MB5006: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EOAohlY4OBQHJ+PL6xRx0MiY2WISimPCDNqqgwe6ibA/0ZOf5U1SJrEMWS/9sJuLgS3iKIRjGmH3yRzBazRuG9jbkLgqxiPQO2quxwM67qfzXNmzhYEbtc9oTunFnD1MfiFCykubIypg4HDbJXXXEEeBZibK9W+gHQstGwOb5Ybc1R/TW7dE1V7xfCWr12QPjtUdg8l0m6CAnLemLD96RlPaxpswIjcru7plw0aHcxZPVHPKBqyNebmZ8dvsfCw9vgnnECpuqvYUKN6sitDJS+HVyt7BGoVQMWvtzERIFVSBP03ELV14sa+cw73RLesmKm8tx5xb7ZPdx2hwC9z95WvdiSHDGvdWGVvF1tTB7SPehb2HJl7b4XJqXI8vxYaXfOTzyOwE0QstCs84sPybSw2lRJBo969KkQ6O2mDRmn0HBC8svB5BKN8vtUdOceOrw/dMARf6+hsYK1NeQASprobqbFdSGJgKzE46kZXQs0xVJbYqo5xW/C/fv/6UrpGJsu/A/VphrjxFf4B+h7VVvZ5oPRDQ+9RuhaLayoB+B5mQd6KowRTtwxeleChe9e+Y48AY1/AamzOJ4PMgSqK8ZdUDi4OtoSjzRHvXd767dMS86xwtCwmr4lCmGZQShnVbZT7BvRxo+e382QqfRhbftT9yrU+DmXf7Znd0DIQVZDQcRqGMCHAAwwuoluYCccMIJ3pO1ETXBdppzd+Y1yrdZnVv87+WZeMfVXJowmayHsJroL67JFc7+OM9KAHca32jCR0S7TOTzpG/9zVhgQOEO2EjQwmu0oZD72d9whQc9nmwd6A5m7jJJPMGZ7Tl9wXInC/M8THlemyugisPGmLEtAZMCgjiejA09kLPAVCYsduoXoI6UooIvIO2b4b1ae3k X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB2714.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39850400004)(346002)(376002)(366004)(396003)(136003)(54906003)(16526019)(16576012)(31696002)(478600001)(52116002)(186003)(4326008)(36756003)(86362001)(83380400001)(966005)(53546011)(26005)(316002)(8936002)(5660300002)(6916009)(8676002)(7416002)(66556008)(66476007)(66946007)(2906002)(956004)(6486002)(31686004)(2616005)(19627235002)(44832011)(38100700002)(38350700002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MC9qdjM1UXFnUExhZ216TisyL2lrS3JOVjJjY0Nia0JVMWJra1Y2Y3l6UVNr?= =?utf-8?B?UTRDQk1PNldNREFueVVDR0dxdEtTMGlNVWFzNVIwekEwWlpzMzNBVjVSODR0?= =?utf-8?B?dmhDaElsWWVxVW5uU29ZRXNhV05tbVdXSU9lWDhUS21iQ2QrTEIvNEpZWENU?= =?utf-8?B?UUVyMEVycHFMdkI1bnZpVEhFSUJhZlhCRUR3NUhNM05rQjVrdnpaK215UjRa?= =?utf-8?B?R0JqVXVieTQ4ZXJSRVhJK0sxZGNEV2V5eWpIM3Z3Z1dKVmJYSEl5ckIySTk2?= =?utf-8?B?T25oc2JiaTJEWFdBVjBIQ1Z0dW1BZllNM21ZSWFoVG1kc2FaV0hieTRBN0tV?= =?utf-8?B?bXlOa3J0Wko3cTBUcUhVVG1pTEFqM2ZUL2Z0aFdkRWp1a1cvN0t1aWVxelFW?= =?utf-8?B?SStTWmxaSWJmZzhUU01pdGljWm9zM0s0SG5jZFVsTW96Ujh5QS9LQzFCTVY2?= =?utf-8?B?R0luVmFZSk80NXRzVzRySTlNMlYvUnQ0R1RNYnNMNlBSSWUrN0VsS0JVa2o5?= =?utf-8?B?ZmxrdEdmVE41VWhBMmxzaW1vbVh3UjVDOFZGcGUwK2RhK1B2S21PdUllQzMy?= =?utf-8?B?MnBaR2lSa1VVTWhCVFdHSS8xdnkyckI3YUdVRk5ySCtGN2UyamFOMVd5bnF6?= =?utf-8?B?SjNIK21zZkNSYkt3RGV5bFVMWjhVcGhVcFR5N2crUXorZjM3Sm5QRmJ3UC9T?= =?utf-8?B?NHF4Z0huMnBIaUlwOFFBTFJCRkFINUhjUVhEaE12OE1mRHBXd3NSYTN2bzBY?= =?utf-8?B?NWl4SVA3ODF2SUEzclp3Zm1FLy9qZ3hIR1JmQ3RRSEgrWkJjY1ZzNi9SMzEy?= =?utf-8?B?SkMyd3J6djFhVGJaM0lhZWJ1UzJqdlR1RlNvTlNWdUdzL3Z4L3ovSDFLSHpl?= =?utf-8?B?bFZWSk5pZDh2Z0JkR0F1aTI5Q0dzOEZ2a2pTRThJVXM4NVlTMHFtZjdUekkw?= =?utf-8?B?U2dVb3JPc0FXd2JRNGEzbzB2cUJXMUM4K1o5QWJmTmxlWlpzTUxGMDJONTBY?= =?utf-8?B?bFo2U1ljY2NDNkticDBqK0hoN0N1d3Q3UFdoYTJWM2RNczA4M1RhUWRGcEVk?= =?utf-8?B?RS9taHNxR21YZVVDRkN6MGl1Zm13MElhMzhBS08yK08wM0tzN0NoZ0J1L1lv?= =?utf-8?B?bEdnU0tTbGN1VVJNZ1ZMaEc3YXZrMU8xTi9xMEpiK2JPV1RBbXFEa1dReG54?= =?utf-8?B?ZkxrYzJzczBHQnlTNkZaS3pBQWFzMDdqVlFYRVJWamVGb093MmRPTXRUNzls?= =?utf-8?B?QjNLU3BsNnBqTUswYUgvZ0JpcHBVb2ZaOXljQ0F5VmF3OCtnY0RQVTZMUnFi?= =?utf-8?B?VzNPRGZ0a3JhR3owSStUNnNDL2J3RVN0NmtHZklVVUIxQnZIMDg5MWtmeTZS?= =?utf-8?B?WlBTOUNMVzJvUnRlTWI0eFk5SWpDVlNwTVhaWlcxa0NSQTdWL051N0djZS85?= =?utf-8?B?a05odk1zQVRaazZLdUNMbjJDalBLNHJ3NjVvTEdPS0NzYzMrUjlncVZva2RU?= =?utf-8?B?eDU2V3dNczdSMjlEZVc0Y09wRFBZVkFFNlV4M0k0NjhoUVpNWDRxbXZMOHNu?= =?utf-8?B?UkhwRmkrRGd1M1F0VCtOSHh0dlArazRjbXJhdjdabFlMOHJVcnhEMWdmUmdX?= =?utf-8?B?bnl6aHloR3N4OUgzWFFnYm5RQXRUZVoxNFQ2THB5K2lXenJueEJwblQ1Ylhv?= =?utf-8?B?SDlSWHFnVGhZajZRb3pwdjQxSUhqM2JmOE5KNytNT0dNVlFKMVdEL0R2VkVO?= =?utf-8?Q?5fjxmmS0fM/Sl1tC4PxDRcwje7Lav4POzMluQMy?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: a091a5ca-ae7c-4a8e-4942-08d93b28a9df X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB2714.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jun 2021 18:06:48.5908 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 79G7LUeueJ0nLdJsRBfAYStibESotbR1P2eqge+CJ9VmecswyH1QoQXraUThXVXKDGcx6eylErrewkZkg/hJQA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB5006 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit While looking carefully, I found an error in this and next patch, I will send a follow up patch to address it. SEV status and GHCB MSR value are very close and I missed it and used SEV_STATUS_MSR for both case. It should look like this and used accordingly. %define SEV_STATUS_MSR 0xc0010130 %define SEV_GHCB_MSR 0xc0010131 On 6/28/2021 12:41 PM, Brijesh Singh wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3275 > > The upcoming SEV-SNP support will need to make a few additional MSR > protocol based VMGEXIT's. Add a macro that wraps the common setup and > response validation logic in one place to keep the code readable. > > While at it, define SEV_STATUS_MSR that will be used to get the SEV STATUS > MSR instead of open coding it. > > Cc: James Bottomley > Cc: Min Xu > Cc: Jiewen Yao > Cc: Tom Lendacky > Cc: Jordan Justen > Cc: Ard Biesheuvel > Cc: Laszlo Ersek > Cc: Erdem Aktas > Suggested-by: Laszlo Ersek > Signed-off-by: Brijesh Singh > --- > OvmfPkg/ResetVector/Ia32/AmdSev.asm | 69 +++++++++++++++++++---------- > 1 file changed, 45 insertions(+), 24 deletions(-) > > diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > index b32dd3b5d656..c3b4e16bf681 100644 > --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm > +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm > @@ -35,6 +35,42 @@ BITS 32 > %define GHCB_CPUID_REGISTER_SHIFT 30 > %define CPUID_INSN_LEN 2 > > +%define SEV_STATUS_MSR 0xc0010130 > + > +; Macro is used to issue the MSR protocol based VMGEXIT. The caller is > +; responsible to populate values in the EDX:EAX registers. After the vmmcall > +; returns, it verifies that the response code matches with the expected > +; code. If it does not match then terminate the guest. The result of request > +; is returned in the EDX:EAX. > +; > +; args 1:Request code, 2: Response code > +%macro VmgExit 2 > + ; > + ; Add request code: > + ; GHCB_MSR[11:0] = Request code > + or eax, %1 > + > + mov ecx, SEV_STATUS_MSR > + wrmsr > + > + ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit > + ; mode, so work around this by temporarily switching to 64-bit mode. > + ; > +BITS 64 > + rep vmmcall > +BITS 32 > + > + mov ecx, SEV_STATUS_MSR > + rdmsr > + > + ; > + ; Verify the reponse code, if it does not match then request to terminate > + ; GHCB_MSR[11:0] = Response code > + mov ecx, eax > + and ecx, 0xfff > + cmp ecx, %2 > + jne SevEsUnexpectedRespTerminate > +%endmacro > > ; Check if Secure Encrypted Virtualization (SEV) features are enabled. > ; > @@ -85,7 +121,7 @@ CheckSevFeatures: > > ; Check if SEV memory encryption is enabled > ; MSR_0xC0010131 - Bit 0 (SEV enabled) > - mov ecx, 0xc0010131 > + mov ecx, SEV_STATUS_MSR > rdmsr > bt eax, 0 > jnc NoSev > @@ -100,7 +136,7 @@ CheckSevFeatures: > > ; Check if SEV-ES is enabled > ; MSR_0xC0010131 - Bit 1 (SEV-ES enabled) > - mov ecx, 0xc0010131 > + mov ecx, SEV_STATUS_MSR > rdmsr > bt eax, 1 > jnc GetSevEncBit > @@ -197,10 +233,10 @@ SevEsIdtNotCpuid: > mov eax, 1 > jmp SevEsIdtTerminate > > -SevEsIdtNoCpuidResponse: > +SevEsUnexpectedRespTerminate: > ; > ; Use VMGEXIT to request termination. > - ; 2 - GHCB_CPUID_RESPONSE not received > + ; 2 - Unexpected Response is received > ; > mov eax, 2 > > @@ -216,7 +252,7 @@ SevEsIdtTerminate: > shl eax, 16 > or eax, 0x1100 > xor edx, edx > - mov ecx, 0xc0010130 > + mov ecx, SEV_STATUS_MSR > wrmsr > ; > ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit > @@ -276,7 +312,7 @@ SevEsIdtVmmComm: > mov [esp + VC_CPUID_REQUEST_REGISTER], eax > > ; Save current GHCB MSR value > - mov ecx, 0xc0010130 > + mov ecx, SEV_STATUS_MSR > rdmsr > mov [esp + VC_GHCB_MSR_EAX], eax > mov [esp + VC_GHCB_MSR_EDX], edx > @@ -293,31 +329,16 @@ NextReg: > jge VmmDone > > shl eax, GHCB_CPUID_REGISTER_SHIFT > - or eax, GHCB_CPUID_REQUEST > mov edx, [esp + VC_CPUID_FUNCTION] > - mov ecx, 0xc0010130 > - wrmsr > > - ; > - ; Issue VMGEXIT - NASM doesn't support the vmmcall instruction in 32-bit > - ; mode, so work around this by temporarily switching to 64-bit mode. > - ; > -BITS 64 > - rep vmmcall > -BITS 32 > + VmgExit GHCB_CPUID_REQUEST, GHCB_CPUID_RESPONSE > > ; > - ; Read GHCB MSR > + ; Response GHCB MSR > ; GHCB_MSR[63:32] = CPUID register value > ; GHCB_MSR[31:30] = CPUID register > ; GHCB_MSR[11:0] = CPUID response protocol > ; > - mov ecx, 0xc0010130 > - rdmsr > - mov ecx, eax > - and ecx, 0xfff > - cmp ecx, GHCB_CPUID_RESPONSE > - jne SevEsIdtNoCpuidResponse > > ; Save returned value > shr eax, GHCB_CPUID_REGISTER_SHIFT > @@ -335,7 +356,7 @@ VmmDone: > ; > mov eax, [esp + VC_GHCB_MSR_EAX] > mov edx, [esp + VC_GHCB_MSR_EDX] > - mov ecx, 0xc0010130 > + mov ecx, SEV_STATUS_MSR > wrmsr > > mov eax, [esp + VC_CPUID_RESULT_EAX] >