From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.83]) by mx.groups.io with SMTP id smtpd.web11.10849.1619540500416858745 for ; Tue, 27 Apr 2021 09:21:40 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amd.com header.s=selector1 header.b=lb715w2k; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.83, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nscF5/YLLQmOF+2epgp0w8g1uoDfEwaK4yJlS85xUVEnf7/27ncNUg4mv7boXgsuaEH1mrgkE6RHBch+2MqwnwPZi4thE350resT5YVGXgUcwPKeIJJK0099scPaCp8bmy2r+8Q6maHzyvF1kJkcjzvmgnECXny0OxicZMc9v/WEF+cpctXckqFNsc8El78Lddc9+tvRaWai+t5k204kKe/Swu08ZPhrsYwMufH56Fmc6KE+rtqWBxMqDrlQm4eu287xj9Dhr1Va2E7xLN5Ue/axe8cQc5hvLLxTUI1U61XDnHdLCQOn6DAYpPxvjhMBJ71SQ+OZ718JNKNcLJIiTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CzyBn6AyjMETyz23YU2ogF6/ASt3/TWPpReD6QVAaMY=; b=jfKPdRs5NCXonpJ6M7Pm9nITw8eSQLXyFT+8V0Guh5eXtBafYM2x1o5MT6DwIM50U/zw0sBLe9roTZmxGpRO7ZdY5194EzgpvkLMLHlxUVMv6XPBWB5x2QCyVvYKgHvcNboXcfFv382zMKSmiYH/suy3Ld5+UXrdGE8/HVZFgTyZvs0O799sUjyOwVZJhMZVwInjTolFzwSf7nsRWuDKYYC4DV98ETUeQNVTvsSLTuHTjWpiFMcRNBajL0k8t89OF6Dti4Aiq6s7q4y4gFtAP1ih0gKeBISl+z017ob9Erq51owxlQVx64nPQBKAg1Ciz5Pd6yVejsJQ6H5WLtwzgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CzyBn6AyjMETyz23YU2ogF6/ASt3/TWPpReD6QVAaMY=; b=lb715w2kmxvMX2Eed8cn9wtvZL7AzatEEf651a1l4glHTAlcmi4pJunUw+F+RYUZalGa7+aTtk4a97OUFyCLy4bmBmVT7xly9teFZ7kZLTgptHBiC4eALLztxDzEglU7x07yU6R19bNL0MCSnLRnWkAm70b+X5m9C/x5SZpFtoY= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4960.namprd12.prod.outlook.com (2603:10b6:5:1bc::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.25; Tue, 27 Apr 2021 16:21:39 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.026; Tue, 27 Apr 2021 16:21:39 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io CC: Joerg Roedel , Borislav Petkov , Laszlo Ersek , Ard Biesheuvel , Jordan Justen , Brijesh Singh , Erdem Aktas , James Bottomley , Jiewen Yao , Min Xu Subject: [PATCH v2 2/4] OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes Date: Tue, 27 Apr 2021 11:21:08 -0500 Message-ID: <3f4995357e4c980eac70e9b3be070a37b3a6fe66.1619540470.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.31.0 In-Reply-To: References: X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SA0PR11CA0184.namprd11.prod.outlook.com (2603:10b6:806:1bc::9) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by SA0PR11CA0184.namprd11.prod.outlook.com (2603:10b6:806:1bc::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21 via Frontend Transport; Tue, 27 Apr 2021 16:21:38 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bc9aab4b-b33f-48e8-6de8-08d9099888ff X-MS-TrafficTypeDiagnostic: DM6PR12MB4960: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kCpK0NIf9lq7XC/69bl8a/BCELTHOl5GBG4CiSfV6OzDQ2y7p//+VqUuqjlsjpK0GoaCJe1hXOrMuVQWKmK9ZN7fs832Kizc4QPMxKjExYnqF1Apdg4OBD7cVsJyxhGGnfXvHe3puJIDCr/sHAHETDyB7vSyN2TS/UjeKCjj8oJstF9zNoB4QnXVofHw1nusliF+RKvgl5Rz0xXjGMsmLc2YkVfau9a3r8VB8RJzlbO0LU/jJX3mq6UMSwPCtd6OGFWJm0XwTQ8pMyCXfDilAHEY1KY6rwJF2AkqGmuSDpw8iphNMbdrezx32sDOvJYyUvmRLhXLAkgI00dyywBnPuzmCVKRVp7DbgbDo2yJqyeLbEuxK2bKvdSft5w67MLWI9BrKit+3/b0Fk9vV20mdugIvClGqiIwuEsGgB1wpRPJgPHta5TzAfjGU6UIM4vmU9eP73Y0XFjjh8hYTEoy7G/o+0iuL11EAr3lxViiW8KI5A04KNxLbzpRJDnlua35mtHfoGWKbGD3ccZGlyn/ymMZQ0Dyw5UKgeBSF75aDvaADsqkjwhlkB1tDgpZ65PQhmJifalxtewHXoxx2RSCzpFUwm2OOi4zBKPSg0w8+PeimiM+Gnc2Q8WJ6hjKotbbzVV5s1/jKzPZ8nSTccHPiMFB9ZnRC1d3DIK8iQWrUAKZH7W61BrEbNWcX8/YGbudA+h8dH18rlsVPZ3n7EkQicaBz0ISzUiYlqAqoXOyhHl8hY3MSWYjcYOL3OUaSmJ0 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(366004)(346002)(396003)(376002)(38100700002)(38350700002)(5660300002)(2906002)(6666004)(26005)(186003)(8676002)(16526019)(83380400001)(54906003)(6916009)(86362001)(966005)(6486002)(7696005)(36756003)(52116002)(4326008)(2616005)(66556008)(66476007)(66946007)(956004)(478600001)(7416002)(316002)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?vNDibJLfJ68rjiN+gJgstXpdi9Eg3O6cW8RR5i8WM6wfBqFdincSTgNtxfye?= =?us-ascii?Q?sS0foQO8XdPdZVJV0mBavwgk9m4oHvr1DFtZ+1OCBiWPS85qo4gV1+nZC0E2?= =?us-ascii?Q?DxDVYHPSBjlYMcGfhYeiso1m785aCOGCMe6aW55zRrhzl4yhCT04+Ao4MI6I?= =?us-ascii?Q?zLv450GnZ72RlqpVbEcI+bfASwNZXKZbf6CgJvn7htLJ54Kom4HUmaz+lnY9?= =?us-ascii?Q?tdFr7PaY3NxWHTMM+4XQbdwAMor46RKJzom1OPn0YId1c++AudJw8cHU0FqV?= =?us-ascii?Q?96gyXnznuuOpJ9L3aalCEY+hk69OiPeyC6lRjXyHOf7OV8MuVhuUOn9ICA0z?= =?us-ascii?Q?6LZOAiPr1PJwDTrrcqjxkqheU6KYAV2W9RU2aEv6IYvIln518I+2LkzJJ217?= =?us-ascii?Q?ylOomJ9e4wZF1Fg0I/CoIKBxdkYe6v91N31jpVtr9xMHhURxdCWZ2+hAeati?= =?us-ascii?Q?jfxn4t0enq0i0kd9uzL+KmEsIEQgIuAgi/PZZ3PkSUBYizD6l0XO7KZMw9gB?= =?us-ascii?Q?BmJe8tIHPJp/XBpT40orQPjHufvIfM3oBngtYrBFcQQXif47I0TkOTCK0dc+?= =?us-ascii?Q?y5aatGma1wqqX4V2T0+/iEXwT3DXYdm1onez4THpPq1DvHcuhHeL4LwlPoEy?= =?us-ascii?Q?nba+dVv/OfrXS1aLvVxKVsIJt6GblxAJssBJ914j2KbyXNjOtz0/FSQOo8oz?= =?us-ascii?Q?jxDPdLqM3+BglhhQdzuMPWx3tqvHricym/8GQ3jHTnsUqdQXvh7IBHqFCT6o?= =?us-ascii?Q?oOzwdWhqs1pCmxaNjaHO/Vfn/HdPhWgiTDcCC4ze8FU6uouhSbqbi1j0AvN2?= =?us-ascii?Q?xFnkqw9loTPFrkyTS2NUlqFirPjw6f9mxC9JgGxz2UXdoAX9MTegognU3OjY?= =?us-ascii?Q?T54wNQe0xzOIFZFFq+xhAKqvNUFvXQoT0uIFkadD7rWxcTLqZfABeEcwwBSy?= =?us-ascii?Q?oQj2ruteu0rtnSgCna+Urml6Iwv9z1VFbjW2W4jUqQ8SM6G1FLuGHLbimhLp?= =?us-ascii?Q?JjzesLS3PtMSvcxkqzELmkQpNHoSL2b8Bopxzsmc+DGW4rGqMwX5gBreFdUx?= =?us-ascii?Q?cZraV/dleCNjZ4IlJj5WGNyAWhgwleKP0PieLfDlHx5tDDgfcU8maaBSMHZB?= =?us-ascii?Q?ylHzIiHALzkpOiAD0/zziG3v3vBu61TAiSX5qhOjJKGIzmsWS+L3E3UgUR5m?= =?us-ascii?Q?2nJvXB9+Ey2DuuV6uGBLFPR1cfpu24Z4PhN07BWneyCVHvgbqh75c3im4jw4?= =?us-ascii?Q?/ipU5SCkTMiTj3Q7oJl1gJJ6K5wADD6qBBYeyYdmO/5N+1sl5gTgRPIZAhfV?= =?us-ascii?Q?B09+BQ/LVjwl/wTav+eJpMk/?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bc9aab4b-b33f-48e8-6de8-08d9099888ff X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Apr 2021 16:21:38.8885 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: q1J3XtbJZHetilZ6wUi1Ff1RTCHV6Ml9K8MtbD4nPewhlwj2VYVTrBAYb0ViPkWuWML9Un9cRPAxJ5J/OO8tkQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4960 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable From: Tom Lendacky BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3345 Enabling TPM support results in guest termination of an SEV-ES guest because it uses MMIO opcodes that are not currently supported. Add support for the new MMIO opcodes (0xA0 - 0xA3), MOV instructions which use a memory offset directly encoded in the instruction. Also, add a DEBUG statement to identify an unsupported MMIO opcode being used. Fixes: c45f678a1ea2080344e125dc55b14e4b9f98483d Cc: Laszlo Ersek Cc: Ard Biesheuvel Cc: Jordan Justen Cc: Brijesh Singh Cc: Erdem Aktas Cc: James Bottomley Cc: Jiewen Yao Cc: Min Xu Signed-off-by: Tom Lendacky --- OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 111 ++++++++++++++++++++ 1 file changed, 111 insertions(+) diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index dd117f971134..4d001406d30f 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -678,6 +678,7 @@ MmioExit ( UINTN Bytes; UINT64 *Register; UINT8 OpCode, SignByte; + UINTN Address; =20 Bytes =3D 0; =20 @@ -727,6 +728,57 @@ MmioExit ( } break; =20 + // + // MMIO write (MOV moffsetX, aX) + // + case 0xA2: + Bytes =3D 1; + // + // fall through + // + case 0xA3: + Bytes =3D ((Bytes !=3D 0) ? Bytes : + (InstructionData->DataSize =3D=3D Size16Bits) ? 2 : + (InstructionData->DataSize =3D=3D Size32Bits) ? 4 : + (InstructionData->DataSize =3D=3D Size64Bits) ? 8 : + 0); + + InstructionData->ImmediateSize =3D (UINTN) (1 << InstructionData->Addr= Size); + InstructionData->End +=3D InstructionData->ImmediateSize; + + // + // This code is X64 only, so a possible 8-byte copy to a UINTN is ok. + // Use a STATIC_ASSERT to be certain the code is being built as X64. + // + STATIC_ASSERT ( + sizeof (UINTN) =3D=3D sizeof (UINT64), + "sizeof (UINTN) !=3D sizeof (UINT64), this file must be built as X64= " + ); + + Address =3D 0; + CopyMem ( + &Address, + InstructionData->Immediate, + InstructionData->ImmediateSize + ); + + Status =3D ValidateMmioMemory (Ghcb, Address, Bytes); + if (Status !=3D 0) { + return Status; + } + + ExitInfo1 =3D Address; + ExitInfo2 =3D Bytes; + CopyMem (Ghcb->SharedBuffer, &Regs->Rax, Bytes); + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + Status =3D VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, ExitInfo1, ExitInfo2); + if (Status !=3D 0) { + return Status; + } + break; + // // MMIO write (MOV reg/memX, immX) // @@ -809,6 +861,64 @@ MmioExit ( CopyMem (Register, Ghcb->SharedBuffer, Bytes); break; =20 + // + // MMIO read (MOV aX, moffsetX) + // + case 0xA0: + Bytes =3D 1; + // + // fall through + // + case 0xA1: + Bytes =3D ((Bytes !=3D 0) ? Bytes : + (InstructionData->DataSize =3D=3D Size16Bits) ? 2 : + (InstructionData->DataSize =3D=3D Size32Bits) ? 4 : + (InstructionData->DataSize =3D=3D Size64Bits) ? 8 : + 0); + + InstructionData->ImmediateSize =3D (UINTN) (1 << InstructionData->Addr= Size); + InstructionData->End +=3D InstructionData->ImmediateSize; + + // + // This code is X64 only, so a possible 8-byte copy to a UINTN is ok. + // Use a STATIC_ASSERT to be certain the code is being built as X64. + // + STATIC_ASSERT ( + sizeof (UINTN) =3D=3D sizeof (UINT64), + "sizeof (UINTN) !=3D sizeof (UINT64), this file must be built as X64= " + ); + + Address =3D 0; + CopyMem ( + &Address, + InstructionData->Immediate, + InstructionData->ImmediateSize + ); + + Status =3D ValidateMmioMemory (Ghcb, Address, Bytes); + if (Status !=3D 0) { + return Status; + } + + ExitInfo1 =3D Address; + ExitInfo2 =3D Bytes; + + Ghcb->SaveArea.SwScratch =3D (UINT64) Ghcb->SharedBuffer; + VmgSetOffsetValid (Ghcb, GhcbSwScratch); + Status =3D VmgExit (Ghcb, SVM_EXIT_MMIO_READ, ExitInfo1, ExitInfo2); + if (Status !=3D 0) { + return Status; + } + + if (Bytes =3D=3D 4) { + // + // Zero-extend for 32-bit operation + // + Regs->Rax =3D 0; + } + CopyMem (&Regs->Rax, Ghcb->SharedBuffer, Bytes); + break; + // // MMIO read w/ zero-extension ((MOVZX regX, reg/memX) // @@ -886,6 +996,7 @@ MmioExit ( break; =20 default: + DEBUG ((DEBUG_ERROR, "Invalid MMIO opcode (%x)\n", OpCode)); Status =3D GP_EXCEPTION; ASSERT (FALSE); } --=20 2.31.0