From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.50]) by mx.groups.io with SMTP id smtpd.web09.12942.1619100909400809510 for ; Thu, 22 Apr 2021 07:15:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=gSXbmw1J; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.92.50, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cRGUR/v4U0cESiJ/WcmWMpmUjviNBrMuQy4/NfKc7fUCedYpo4ziCOHn0c3Vpl0/4Ur51WEpsU+3icl8Y6l/8EBC/cBJDYKWGaYJkpPThqtzieYdO8ai7SI6Q0kkktQnVuo76UtdzCQGNv+kYZyHfsf3MnTTrm7nrfab91LEtCP4F7dRQd2AFGuUuHwQRzWQQ58gC0oZlgZScL+kYm1Ap3Mjn5pe37yFvPFPe7czlB7N/PBGtwHkuUxgGm9LdDEwfn8zkWAKpyl8yknNbXhccVpnor7GxiSrmDOwayLma4+ZxYvqVVz7x+tA0mRy0JzP/OV2grPCrwTpZ3D3L5ffXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YGshPcmuoCVLTIhmhnZm7PnJKTnIblYphWuLOXKVD30=; b=OVil71fFPM9FSzV67GQykvaUWBEE0A/Ars25aNVkR420YSR0d6JgVJqOrPRGd4X87ZiH/4/zi2cKGwCR3X23jSczc7YXhMxk+grdoeicIhzXSW9I1MwZIAQ19Ta3NI2qbkQHvAwfsD2EmFw9Vdnfa2RxEGT5QUGz+mWLkbhRBfsPTU7u3jCzP+riCDCqO2Vye9S8+P/tAfDfit0AMbHq4gIi26Uz8A+5T44TRk1ZGhwW9Q2GABkIg9hUpc9Cqfh6NvMtIMEy1fhcvbNurf/+HhPoHcOXmStx8/iI1CxbHLG6NryTspVfRGUm7xsXSOo++an8Odel/JA5CVTQTMl4Eg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YGshPcmuoCVLTIhmhnZm7PnJKTnIblYphWuLOXKVD30=; b=gSXbmw1JJuCXmF26+SPd4YeTb+3wk0PyoGu3nAlE3I6contxU0Wa1XvFy3Ynm5WPi93T0luk4xlSgPwd6s8DZxOH7+zCtvBk5NA9CAq4EhKqXQUu1M4LHIXnGoAq4IHvWVz2lVuLJhfFy4LfIuc84D0boylQ5dtJCdCvmtq/kgc= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4219.namprd12.prod.outlook.com (2603:10b6:5:217::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Thu, 22 Apr 2021 14:15:06 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::b914:4704:ad6f:aba9%12]) with mapi id 15.20.4065.023; Thu, 22 Apr 2021 14:15:06 +0000 Subject: Re: [edk2-devel] [PATCH 2/3] OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes To: devel@edk2.groups.io, lersek@redhat.com Cc: Joerg Roedel , Borislav Petkov , Ard Biesheuvel , Jordan Justen , Brijesh Singh , James Bottomley , Jiewen Yao , Min Xu References: <79ed645c089ffab10716cdb8813f191f6e0afcfb.1618959281.git.thomas.lendacky@amd.com> From: "Lendacky, Thomas" Message-ID: <5d4e5bdd-65ea-7594-3b51-e33284fe990f@amd.com> Date: Thu, 22 Apr 2021 09:15:03 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 In-Reply-To: X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SN4PR0201CA0002.namprd02.prod.outlook.com (2603:10b6:803:2b::12) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0201CA0002.namprd02.prod.outlook.com (2603:10b6:803:2b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21 via Frontend Transport; Thu, 22 Apr 2021 14:15:05 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 616a654f-d0cb-4433-5f03-08d90599074b X-MS-TrafficTypeDiagnostic: DM6PR12MB4219: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2AIOBYtGjyGhKvSfjHk19ZRAMhztLct0CEaVJi3PSNkSQO41kwY7hr7OEa2jjBYAFtN2gSdzhVyqfMnVMxzfscGD/2DkVn02Mxa6OYIWVHrKuRwXVv/eMptcKBUKaTHffPBWGro7ycdz77HRd2AS14JkNAwvMJRGtdaX8af1oKcN8bOLFiQwzM0f8JyFCv1eRlms3XQ17pZ5xnj0ts6icpdr6jEFcf2DOnRnRImW74Oqqn6V2h+ykRoVTUctTzyF+mwH8bBfPKv/HDeKMPgm+awlC9bsh8y7/BqzQWQjwrMxwKpCrukPrQFyVQ1h10hiPbS4tviT2X+wc4fTVS3tyr9ckFbnJ/tjlWKP/j8qhYdxwTOIaySM3+48tCdtGxITkBCxz4qM7KRiSoT8uWr+XZTb1Dj8A4CTsDm/RuKujeDi77/BXijafsOOKOl9ccC4fzxT9Yq7NxtwMlZOqbS2vd16WvJT1h5w0fGX9S6Sc9Nl5yf9AsSoYUHQ+2/OMXS9ha9Pg0v6nH4R8clIC2/pNmfKaSG3fnMerY5UR6WgP/PStNaZimAhyDCK57shDINtVnRgCuobcUXmj9W73B6t9oL+NIVfg5FcpoP2GGFEakB4mBQqgaU89vJo14lEk8Yz/8BQvSAZMpF9zakYJ+mI0VKiBQWyIKx6zQeUWkQ+2Osg+IfamtHpNLc5EAtdAc5YgcVKM8m7yuOG4ETy0IP/AmtOLvatdh0xImQYvFzgVSkEt50ki591aTz31eEudaXhWdajNiogw7upCOz/MePCyQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(39860400002)(366004)(346002)(376002)(396003)(5660300002)(53546011)(86362001)(316002)(16526019)(4326008)(6506007)(186003)(6486002)(6512007)(83380400001)(956004)(66476007)(2906002)(36756003)(478600001)(31696002)(38100700002)(8676002)(45080400002)(66556008)(8936002)(966005)(31686004)(54906003)(2616005)(26005)(66946007)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?RUxTZW9weE9FaVEwWm5VbUI0Q3ExY3ZjelRvTnludG5MYVF2b3JNK3RobVQ1?= =?utf-8?B?OXR1S0QyOG9UMStWU1BhTkVUNU9qeEhBemQzN2F4cmtuYjFPazZvRGtRQzJq?= =?utf-8?B?T1hkMUpDelB5cDdNek0wck9EdUtSMUQ1R2tUSE56ZnR3NWNLWk5uNFdFQXBt?= =?utf-8?B?UHg2R0F3Y1Y4c0xZRDFyQU01TlJGTDBSYktWRGVDMENabmUxZjF1dlN1RTlO?= =?utf-8?B?RzZ4WGxwamUwZXR5OEY0bnNNemplSm9LTlRNMFcwa2k5MTNCSXA5R052eURK?= =?utf-8?B?ZzRIOHRYRzQ5aDFZS3dGNUMvdk5kOWt4SmViQVNVRmUzVk85SEQxVHRWMmNs?= =?utf-8?B?RDk2bXlyR3hKS1psbFN1UlFXTHBkNTNyaUFSUkNkZWlZRjRCdUd2TGZLV21K?= =?utf-8?B?YUdGdndIdkE4T0VaYi9CczBReW9oZUZuTytXZnllSit2OGJ3TFNsR1FtVUFR?= =?utf-8?B?K3I1Ri96Si9ycWJ6MGFmQ0hKL2RleEV1MGFpQVprR1BOMy83cUJvNmNVM0lR?= =?utf-8?B?dmxTWjRpWDd0TnpoQ0UxOHFzV0xxaUw0NmVkbFFpdWovMUl2d3dZWXJ4ZWQ0?= =?utf-8?B?QmtNRW42Mi9sMXZTV0t6VVRudThzMGxaanB4NWdsYlBpVkNXNkM0bVFmNnhP?= =?utf-8?B?dFRFN3NLTEhLTW9WWmFUMThMY25rRGNiSm11aDZiT1dEVUNVR3h1dzRaaUxL?= =?utf-8?B?K3N6RnZXTnJyYVo2ZHdTa0JqN0FSMFdHWDNaUnQ0SzZuSnE2a0pQK0VVTEZO?= =?utf-8?B?MFBIb25qRUpDMXEvVE5EM0JLNzlqZEs2UGwvNFFoRjhreDhIeVBLbkNKdzhB?= =?utf-8?B?cWNiVHVMK2dxK1h2YTBJNnBraTl5TnpXUjZaNklEZi9TWEFMYWptb1JmT2RC?= =?utf-8?B?VHNkQUJSTXRER1lCZFBlRW1DMk4yNmJPWGgybVBoUG5jTzhQNCtydVRsSitD?= =?utf-8?B?MWhNRTNxRXRzMmhRMTBJdXZ5d0xqWjlkZGpzejc4QkZZYlZXQkVJL3dpTThW?= =?utf-8?B?OTZCOEVOdFhzcEx6am40ZGJ6Q2cxcXV1U1NGL1NBODZkbVF4dFkrZHJhNEli?= =?utf-8?B?TFhtbjl6RFVTb2VybWdvR2xUckk4N3JCZElpT2E5ODArYnFhR080Q3piU29j?= =?utf-8?B?NDBNMzcvNkxuQjNsZ3d3MkRHZ2U5Y1hFTDY1MlBMUjZUQ3oybVE1a3pLeXNO?= =?utf-8?B?T0x2VGtNVk9EUGZ3S3U0T1paUWpOVWN3QTA2K1dJR1ozSCthcmN5aUI1VFZL?= =?utf-8?B?ek1oNTZwdk9hbEttS2FQR29wd1hXeDlIcnJZYUNnb2ZEYm4zMUx1eGQxeGZF?= =?utf-8?B?bm8xMG5xZUpKaXY1eW5JRFZnVlhIemlNV1p5RVo0QzR6WnhlOWtmelRoK1pv?= =?utf-8?B?c2ZUeHZ2cllnZHU3TWtkclc4YnBJeTVENFV3M0lwSk84MVNvTVdPdkw2WkFt?= =?utf-8?B?VFZSUG53TXRwU2oxR2RKaDhsNFc4ODc1RXdhNkw4c1NucHdycnRPK3oyWVVr?= =?utf-8?B?SGxnc1NLc1E5a0RybGdKUTF5Zk5TVk9VUHl4SldLM09QNGRuSGtCNlg3ajRC?= =?utf-8?B?VmZTUkkrckhrMWJwNkxSWWxYWit5R3JxU21lLytVV2dFWVpjTmJRUjBCMmh3?= =?utf-8?B?SDIzSE1wSmdQeUNySFpGTlJqMTdEOVZhZzhBaXozM3dNUXN1OGl6VUM2MEE3?= =?utf-8?B?NitDR1ViQnh6MWN3QXVVR1B0YWxycER0ZU9rR3ljVEpTTDhmVHJWNm9pT2lR?= =?utf-8?Q?6yg/1B0mKY4A82b8c74fb7fEXt5qpmWWvKguY3S?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 616a654f-d0cb-4433-5f03-08d90599074b X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2021 14:15:06.2330 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: z26VamrzYvpvEzX9HqyCiT7Kov1G2Ibta+hfoghDiDXFgpuYsbyM7kWzR2ap2yVBZJ9IDkRLdXMN7D5stQRP6g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4219 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 4/22/21 12:50 AM, Laszlo Ersek via groups.io wrote: > On 04/21/21 00:54, Lendacky, Thomas wrote: >> From: Tom Lendacky >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3345&data=04%7C01%7Cthomas.lendacky%40amd.com%7C19a7d97e2a7b461830ed08d905528472%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546674232278910%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=znSezOvpnItW7mHAJkr%2FtJtkQNFc2H0dG9STpmOpVqU%3D&reserved=0 >> >> Enabling TPM support results in guest termination of an SEV-ES guest >> because it uses MMIO opcodes that are not currently supported. >> >> Add support for the new MMIO opcodes (0xA0 - 0xA3), MOV instructions which >> use a memory offset directly encoded in the instruction. Also, add a DEBUG >> statement to identify an unsupported MMIO opcode being used. >> >> Fixes: c45f678a1ea2080344e125dc55b14e4b9f98483d >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Jordan Justen >> Cc: Brijesh Singh >> Cc: James Bottomley >> Cc: Jiewen Yao >> Cc: Min Xu >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 99 +++++++++++++++++++ >> 1 file changed, 99 insertions(+) >> >> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c >> index 273f36499988..f9660b757d8e 100644 >> --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c >> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c >> @@ -678,6 +678,7 @@ MmioExit ( >> UINTN Bytes; >> UINT64 *Register; >> UINT8 OpCode, SignByte; >> + UINTN Address; >> >> Bytes = 0; >> >> @@ -727,6 +728,51 @@ MmioExit ( >> } >> break; >> >> + // >> + // MMIO write (MOV moffsetX, aX) >> + // >> + case 0xA2: >> + Bytes = 1; >> + // >> + // fall through >> + // >> + case 0xA3: >> + Bytes = ((Bytes != 0) ? Bytes : >> + (InstructionData->DataSize == Size16Bits) ? 2 : >> + (InstructionData->DataSize == Size32Bits) ? 4 : >> + (InstructionData->DataSize == Size64Bits) ? 8 : >> + 0); >> + >> + InstructionData->ImmediateSize = (UINTN) (1 << InstructionData->AddrSize); >> + InstructionData->End += (UINTN) (1 << InstructionData->AddrSize); >> + >> + if (InstructionData->AddrSize == Size8Bits) { >> + Address = *(UINT8 *) InstructionData->Immediate; >> + } else if (InstructionData->AddrSize == Size16Bits) { >> + Address = *(UINT16 *) InstructionData->Immediate; >> + } else if (InstructionData->AddrSize == Size32Bits) { >> + Address = *(UINT32 *) InstructionData->Immediate; >> + } else { >> + Address = *(UINTN *) InstructionData->Immediate; >> + } > > (1) Can we simplify this as follows? > > InstructionData->ImmediateSize = 1 << InstructionData->AddrSize; > InstructionData->End += InstructionData->ImmediateSize; > Address = 0; > CopyMem (&Address, InstructionData->Immediate, > InstructionData->ImmediateSize); Yup, that can be done. > >> + >> + Status = ValidateMmioMemory (Ghcb, Address, Bytes); >> + if (Status != 0) { >> + return Status; >> + } >> + >> + ExitInfo1 = Address; >> + ExitInfo2 = Bytes; >> + CopyMem (Ghcb->SharedBuffer, &Regs->Rax, Bytes); >> + >> + Ghcb->SaveArea.SwScratch = (UINT64) Ghcb->SharedBuffer; >> + VmgSetOffsetValid (Ghcb, GhcbSwScratch); >> + Status = VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, ExitInfo1, ExitInfo2); >> + if (Status != 0) { >> + return Status; >> + } >> + break; >> + >> // >> // MMIO write (MOV reg/memX, immX) >> // >> @@ -809,6 +855,58 @@ MmioExit ( >> CopyMem (Register, Ghcb->SharedBuffer, Bytes); >> break; >> >> + // >> + // MMIO read (MOV aX, moffsetX) >> + // >> + case 0xA0: >> + Bytes = 1; >> + // >> + // fall through >> + // >> + case 0xA1: >> + Bytes = ((Bytes != 0) ? Bytes : >> + (InstructionData->DataSize == Size16Bits) ? 2 : >> + (InstructionData->DataSize == Size32Bits) ? 4 : >> + (InstructionData->DataSize == Size64Bits) ? 8 : >> + 0); >> + >> + InstructionData->ImmediateSize = (UINTN) (1 << InstructionData->AddrSize); >> + InstructionData->End += (UINTN) (1 << InstructionData->AddrSize); >> + >> + if (InstructionData->AddrSize == Size8Bits) { >> + Address = *(UINT8 *) InstructionData->Immediate; >> + } else if (InstructionData->AddrSize == Size16Bits) { >> + Address = *(UINT16 *) InstructionData->Immediate; >> + } else if (InstructionData->AddrSize == Size32Bits) { >> + Address = *(UINT32 *) InstructionData->Immediate; >> + } else { >> + Address = *(UINTN *) InstructionData->Immediate; >> + } > > (2) Similar question as (1). Will do. > >> + >> + Status = ValidateMmioMemory (Ghcb, Address, Bytes); >> + if (Status != 0) { >> + return Status; >> + } >> + >> + ExitInfo1 = Address; >> + ExitInfo2 = Bytes; >> + >> + Ghcb->SaveArea.SwScratch = (UINT64) Ghcb->SharedBuffer; >> + VmgSetOffsetValid (Ghcb, GhcbSwScratch); >> + Status = VmgExit (Ghcb, SVM_EXIT_MMIO_READ, ExitInfo1, ExitInfo2); >> + if (Status != 0) { >> + return Status; >> + } >> + >> + if (Bytes == 4) { >> + // >> + // Zero-extend for 32-bit operation >> + // >> + Regs->Rax = 0; >> + } > > (3) This is also seen with opcode 0x8B, but can you remind me please why > we ignore (Bytes == 1) and (Bytes == 2) for zero extension? That comes from the APM Vol 3, Table B-1, that says, in 64-bit mode, for a 32-bit operand size the 32-bit register results are zero-extended to 64-bits. > >> + CopyMem (&Regs->Rax, Ghcb->SharedBuffer, Bytes); >> + break; >> + >> // >> // MMIO read w/ zero-extension ((MOVZX regX, reg/memX) >> // >> @@ -886,6 +984,7 @@ MmioExit ( >> break; >> >> default: >> + DEBUG ((DEBUG_INFO, "Invalid MMIO opcode (%x)\n", OpCode)); >> Status = GP_EXCEPTION; >> ASSERT (FALSE); >> } >> > > (4) We should use the DEBUG_ERROR log mask here. Will change. Thanks, Tom > > Thanks > Laszlo > > > > > >