From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8CEA0941D6E for ; Thu, 22 Feb 2024 17:32:28 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=coCAGk81QUBdzEnVvIOtUBH5hgtrfrpVtkL47hR94U0=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20140610; t=1708623147; v=1; b=vyQ4S6yTdg0PEFm31/QjKaF204l159WCkoKyRFnwG39MYfrGWjTraC23IjKEeU39CZ62YUBA JtjrBt3b7MJAQfxUZjh29EOBKXhKgOL89EmG/GClFYUhsKo02RqdEcj2emnVvHqqc9ZqU3szIhf PXYk8VOwKbXAR8twvDPW/XXY= X-Received: by 127.0.0.2 with SMTP id pD0yYY7687511x3i58PQbeWh; Thu, 22 Feb 2024 09:32:27 -0800 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.69]) by mx.groups.io with SMTP id smtpd.web11.18854.1708623146574824837 for ; Thu, 22 Feb 2024 09:32:26 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SVySUTalJUID9wTlGNDHBIWdrlckY/e5njnSAGhvunlIKTGvgr6cS3mEJ5JEUOUUnYo76D9yVqbGp+v58LkwDkepQ+IKi2RNf68AJ8y57xx3CC4HVfwZMnf1IbZYQmHs8YT5bVFdYR3imAsq8n+Clyny9Mm8cTpKNrzSJRnhco4tJPV1T9KUoe5h0YkdXSxQmn2EOenxyep1nkwxapf5kvhJM/JFE+lGSFUSGKeXEEL3j+ued0tAbF0fgy2pLF2v05DxfS5HovosClsvHQX5nuKOQQAWetcffg82KoPHeXjTI4Q3fHSu0bUHmV6StLygass7dPyywOom/V171gww2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lkOVUpj5exWPYK1tA/dtdk6e1/xGikL/kAXyqilx7VM=; b=Sk8lUtxjVUnhc9WrR0ZzlI77MOV6jWn5TkR6PImt7pYP88n2MnDWke/bhGrc1SZA9cfzqQ1/IYvO9qOQeZLj4nFuhiWB7Bmx738NJ3Jkhf+XFt5w9ABC9+F+bg+Ri7ekbe4skmOZr3k73nBDRhFI55EYA6Qg5kKXrWJEjZOWEh+YDF7ds5aNWIdQRxr3qwWPDoRaSYvU5UrY7zTIossIphiQhGzUaPiIK5D0tLfWPxhjp/KvPWlQI+vLqp0J0KQEZxFcWz1BiU1WykSHVFxOTrFTbWjVqsE7kQ8JNVs+wKyGfPblHNH+6RqNz8EHXvd6VRpp3sdgm17RecRM/wv2UA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) X-Received: from BN9PR03CA0682.namprd03.prod.outlook.com (2603:10b6:408:10e::27) by IA1PR12MB7639.namprd12.prod.outlook.com (2603:10b6:208:425::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.11; Thu, 22 Feb 2024 17:32:21 +0000 X-Received: from BN2PEPF000044AB.namprd04.prod.outlook.com (2603:10b6:408:10e:cafe::c7) by BN9PR03CA0682.outlook.office365.com (2603:10b6:408:10e::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.43 via Frontend Transport; Thu, 22 Feb 2024 17:32:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044AB.mail.protection.outlook.com (10.167.243.106) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7292.25 via Frontend Transport; Thu, 22 Feb 2024 17:32:21 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 22 Feb 2024 11:32:20 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v2 18/23] OvmfPkg/CcSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Date: Thu, 22 Feb 2024 11:29:57 -0600 Message-ID: <5ab12366a86d88ea6ae81b496a366f94dbcaa944.1708623001.git.thomas.lendacky@amd.com> In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044AB:EE_|IA1PR12MB7639:EE_ X-MS-Office365-Filtering-Correlation-Id: 4a5bbc9b-b9bd-47ed-ec12-08dc33cc399a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: MnS1gc/FbD3QLZxEhm4lL3QGLub7LJRbaTqjM5ANjpIozR1jC8ewbNJGj0El6MgXMTzHHs0cd+aG87oY4P4PAbVaHLCn96gYzr7W1wIWsaczapwaYrFlCDEuvEQfUjb5IVj/aAxkfuuZ9+pBVEuQd4z9xwN29wsBnaMr/6/twwM2EyxFMBGXoFDdrMZGgUOOIl1BnprY7OME0fqYJLJwyKpIEw0sHzICHDbOKgxHzoebGYXkL05p69rtbetw/4kVbsXgd4zLVlcmHxYmoFBMujXbIJf1aEfa0+xw5wiRt4NolFk8cTU5//mECrHzINuSHiNTWf1SydyQuilJf+aCmAeqJ/c9lx2ujapnuaOB98q2sjWU8Wxv1I0Gi2bi0rN2H8s6AupGUsbo1f4uGX/Fzu2LGSa1Bi2DA7RJ6qyjH5aaS4toGGmxnSpo3tmB/Fmhvzn+ZVzzTsJLhIdWPiigrBejYQdXqt3QrsiBw44/nfJ3uV0XoN3wL3PEJt0OuNHqybsBa/1CmdvSweBZE1MjF05TuilYoVy/7936SqwixHPRldRCIsHdpG0tPGsUdITR0seJ38MHxg6gpofZDmzmfzYZGLrvkorZbmt1Tm5Z2DE1Dqhsu0o3BGi0FBf+dcKP16arepCuV9x/QQjnBMDi7A== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2024 17:32:21.2098 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4a5bbc9b-b9bd-47ed-ec12-08dc33cc399a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044AB.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7639 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: CyF2NvEIpAbbATaS79JOfyEpx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=vyQ4S6yT; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The PVALIDATE instruction can only be performed at VMPL0. An SVSM will be present when running at VMPL1 or higher. When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform memory validation instead of issuing the PVALIDATE instruction directly. Signed-off-by: Tom Lendacky --- OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c | 183 +++++++++++++++++++- 1 file changed, 182 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c b/OvmfPkg/Library/CcSvsm= Lib/CcSvsmLib.c index f45ae472783c..017ca715cee5 100644 --- a/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c +++ b/OvmfPkg/Library/CcSvsmLib/CcSvsmLib.c @@ -8,6 +8,7 @@ =20 #include #include +#include #include #include #include @@ -43,6 +44,78 @@ SnpTerminate ( CpuDeadLoop (); } =20 +/** + Issue an SVSM request. + + Invokes the SVSM to process a request on behalf of the guest. + + @param[in,out] SvsmCallData Pointer to the SVSM call data + + @return Contents of RAX upon return from VMGEXIT +**/ +STATIC +UINTN +SvsmMsrProtocol ( + IN OUT SVSM_CALL_DATA *SvsmCallData + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + UINT64 CurrentMsr; + UINT8 Pending; + BOOLEAN InterruptState; + UINTN Ret; + + do { + // + // Be sure that an interrupt can't cause a #VC while the GHCB MSR prot= ocol + // is being used (#VC handler will ASSERT if lower 12-bits are not zer= o). + // + InterruptState =3D GetInterruptState (); + if (InterruptState) { + DisableInterrupts (); + } + + Pending =3D 0; + SvsmCallData->CallPending =3D &Pending; + + CurrentMsr =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + Msr.Uint64 =3D 0; + Msr.SnpVmplRequest.Function =3D GHCB_INFO_SNP_VMPL_REQUEST; + Msr.SnpVmplRequest.Vmpl =3D 0; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64); + + // + // Guest memory is used for the guest-SVSM communication, so fence the + // invocation of the VMGEXIT instruction to ensure VMSA accesses are + // synchronized properly. + // + MemoryFence (); + Ret =3D AsmVmgExitSvsm (SvsmCallData); + MemoryFence (); + + Msr.Uint64 =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr); + + if (InterruptState) { + EnableInterrupts (); + } + + if (Pending !=3D 0) { + SnpTerminate (); + } + + if ((Msr.SnpVmplResponse.Function !=3D GHCB_INFO_SNP_VMPL_RESPONSE) || + (Msr.SnpVmplResponse.ErrorCode !=3D 0)) + { + SnpTerminate (); + } + } while (Ret =3D=3D SVSM_ERR_INCOMPLETE || Ret =3D=3D SVSM_ERR_BUSY); + + return Ret; +} + /** Report the presence of an Secure Virtual Services Module (SVSM). =20 @@ -109,6 +182,114 @@ CcSvsmSnpGetCaa ( return CcSvsmIsSvsmPresent () ? SvsmInfo->SvsmCaa : 0; } =20 +/** + Issue an SVSM request to perform the PVALIDATE instruction. + + Invokes the SVSM to process the PVALIDATE instruction on behalf of the + guest to validate or invalidate the memory range specified. + + @param[in] Info Pointer to a page state change structure + +**/ +STATIC +VOID +SvsmPvalidate ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ + SVSM_CALL_DATA SvsmCallData; + SVSM_CAA *Caa; + SVSM_PVALIDATE_REQUEST *Request; + SVSM_FUNCTION Function; + BOOLEAN Validate; + UINTN Entry; + UINTN EntryLimit; + UINTN Index; + UINTN EndIndex; + UINT64 Gfn; + UINT64 GfnEnd; + UINTN Ret; + + Caa =3D (SVSM_CAA *)CcSvsmSnpGetCaa (); + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + + Function.Id.Protocol =3D 0; + Function.Id.CallId =3D 1; + + Request =3D (SVSM_PVALIDATE_REQUEST *)Caa->SvsmBuffer; + EntryLimit =3D ((sizeof (Caa->SvsmBuffer) - sizeof (*Request)) / + sizeof (Request->Entry[0])) - 1; + + SvsmCallData.Caa =3D Caa; + SvsmCallData.RaxIn =3D Function.Uint64; + SvsmCallData.RcxIn =3D (UINT64)(UINTN)Request; + + Entry =3D 0; + Index =3D Info->Header.CurrentEntry; + EndIndex =3D Info->Header.EndEntry; + + while (Index <=3D EndIndex) { + Validate =3D Info->Entry[Index].Operation =3D=3D SNP_PAGE_STATE_PRIVAT= E; + + Request->Header.Entries++; + Request->Entry[Entry].Bits.PageSize =3D Info->Entry[Index].PageSize; + Request->Entry[Entry].Bits.Action =3D (Validate =3D=3D TRUE) ? 1 : 0= ; + Request->Entry[Entry].Bits.IgnoreCf =3D 0; + Request->Entry[Entry].Bits.Address =3D Info->Entry[Index].GuestFrameN= umber; + + Entry++; + if ((Entry > EntryLimit) || (Index =3D=3D EndIndex)) { + Ret =3D SvsmMsrProtocol (&SvsmCallData); + if ((Ret =3D=3D SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH) && + (Request->Entry[Request->Header.Next].Bits.PageSize !=3D 0)) + { + // Calculate the Index of the entry after the entry that failed + // before clearing the buffer so that processing can continue + // from that point + Index =3D Index - (Entry - Request->Header.Next) + 2; + + // Obtain the failing GFN before clearing the buffer + Gfn =3D Request->Entry[Request->Header.Next].Bits.Address; + + // Clear the buffer in prep for creating all new entries + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + Entry =3D 0; + + GfnEnd =3D Gfn + PAGES_PER_2MB_ENTRY - 1; + for ( ; Gfn <=3D GfnEnd; Gfn++) { + Request->Header.Entries++; + Request->Entry[Entry].Bits.PageSize =3D 0; + Request->Entry[Entry].Bits.Action =3D (Validate =3D=3D TRUE) ?= 1 : 0; + Request->Entry[Entry].Bits.IgnoreCf =3D 0; + Request->Entry[Entry].Bits.Address =3D Gfn; + + Entry++; + if ((Entry > EntryLimit) || (Gfn =3D=3D GfnEnd)) { + Ret =3D SvsmMsrProtocol (&SvsmCallData); + if (Ret !=3D 0) { + SnpTerminate (); + } + + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + Entry =3D 0; + } + } + + continue; + } + + if (Ret !=3D 0) { + SnpTerminate (); + } + + SetMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer), 0); + Entry =3D 0; + } + + Index++; + } +} + /** Perform a native PVALIDATE operation for the page ranges specified. =20 @@ -193,7 +374,7 @@ CcSvsmSnpPvalidate ( IN SNP_PAGE_STATE_CHANGE_INFO *Info ) { - BasePvalidate (Info); + CcSvsmIsSvsmPresent () ? SvsmPvalidate (Info) : BasePvalidate (Info); } =20 /** --=20 2.42.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#115853): https://edk2.groups.io/g/devel/message/115853 Mute This Topic: https://groups.io/mt/104512972/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-