From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
To: <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Erdem Aktas <erdemaktas@google.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Michael D Kinney <michael.d.kinney@intel.com>,
Min Xu <min.m.xu@intel.com>,
Zhiguang Liu <zhiguang.liu@intel.com>,
"Rahul Kumar" <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [PATCH v3 11/24] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM
Date: Fri, 08 Mar 2024 07:31:25 -0800 [thread overview]
Message-ID: <667d0ff8da68336a105c3428626726276ecfb424.1709911792.git.thomas.lendacky@amd.com> (raw)
In-Reply-To: <cover.1709911792.git.thomas.lendacky@amd.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The SVSM specification relies on a specific register calling convention to
hold the parameters that are associated with the SVSM request. The SVSM is
invoked by requesting the hypervisor to run the VMPL0 VMSA of the guest
using the GHCB MSR Protocol or a GHCB NAE event.
Create a new version of the VMGEXIT instruction that will adhere to this
calling convention and load the SVSM function arguments into the proper
register before invoking the VMGEXIT instruction. On return, perform the
atomic exchange on the SVSM call pending value as specified in the SVSM
specification.
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
MdePkg/Library/BaseLib/BaseLib.inf | 2 +
MdePkg/Include/Library/BaseLib.h | 39 ++++++++
MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm | 39 ++++++++
MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm | 94 ++++++++++++++++++++
4 files changed, 174 insertions(+)
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
index 4dbe94be71e1..26e66a8d67cf 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -187,6 +187,7 @@ [Sources.Ia32]
Ia32/XGetBv.nasm
Ia32/XSetBv.nasm
Ia32/VmgExit.nasm
+ Ia32/VmgExitSvsm.nasm
Ia32/DivS64x64Remainder.c
Ia32/InternalSwitchStack.c | MSFT
@@ -328,6 +329,7 @@ [Sources.X64]
X64/XGetBv.nasm
X64/XSetBv.nasm
X64/VmgExit.nasm
+ X64/VmgExitSvsm.nasm
ChkStkGcc.c | GCC
[Sources.EBC]
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 1fff0fb224f1..95f805599d9d 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -7876,6 +7876,45 @@ AsmVmgExit (
VOID
);
+///
+/// The structure used to supply and return data to and from the SVSM.
+///
+typedef struct {
+ VOID *Caa;
+ UINT64 RaxIn;
+ UINT64 RcxIn;
+ UINT64 RdxIn;
+ UINT64 R8In;
+ UINT64 R9In;
+ UINT64 RaxOut;
+ UINT64 RcxOut;
+ UINT64 RdxOut;
+ UINT64 R8Out;
+ UINT64 R9Out;
+ UINT8 *CallPending;
+} SVSM_CALL_DATA;
+
+/**
+ Executes a VMGEXIT instruction (VMMCALL with a REP prefix) with arguments
+ and return code
+
+ Executes a VMGEXIT instruction placing the specified arguments in the
+ corresponding registers before invocation. Upon return an XCHG is done to
+ atomically clear and retrieve the SVSM call pending value. The returned RAX
+ register value becomes the function return code. This function is intended
+ for use with an SVSM. This function is only available on IA-32 and x64.
+
+ @param[in,out] SvsmCallPending Pointer to the location of the SVSM call data
+
+ @return Value of the RAX register on return
+
+**/
+UINT32
+EFIAPI
+AsmVmgExitSvsm (
+ IN OUT SVSM_CALL_DATA *SvsmCallData
+ );
+
/**
Patch the immediate operand of an IA32 or X64 instruction such that the byte,
word, dword or qword operand is encoded at the end of the instruction's
diff --git a/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
new file mode 100644
index 000000000000..14717bd1af02
--- /dev/null
+++ b/MdePkg/Library/BaseLib/Ia32/VmgExitSvsm.nasm
@@ -0,0 +1,39 @@
+;------------------------------------------------------------------------------
+;
+; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+; VmgExitSvsm.Asm
+;
+; Abstract:
+;
+; AsmVmgExitSvsm function
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+ DEFAULT REL
+ SECTION .text
+
+;------------------------------------------------------------------------------
+; UINT32
+; EFIAPI
+; AsmVmgExitSvsm (
+; SVSM_CALL_DATA *SvsmCallData
+; );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmVmgExitSvsm)
+ASM_PFX(AsmVmgExitSvsm):
+;
+; NASM doesn't support the vmmcall instruction in 32-bit mode and NASM versions
+; before 2.12 cannot translate the 64-bit "rep vmmcall" instruction into elf32
+; format. Given that VMGEXIT does not make sense on IA32, provide a stub
+; implementation that is identical to CpuBreakpoint(). In practice,
+; AsmVmgExitSvsm() should never be called on IA32.
+;
+ int 3
+ ret
+
diff --git a/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
new file mode 100644
index 000000000000..b8af78890611
--- /dev/null
+++ b/MdePkg/Library/BaseLib/X64/VmgExitSvsm.nasm
@@ -0,0 +1,94 @@
+;------------------------------------------------------------------------------
+;
+; Copyright (C) 2024, Advanced Micro Devices, Inc. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+; VmgExitSvsm.Asm
+;
+; Abstract:
+;
+; AsmVmgExitSvsm function
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+ DEFAULT REL
+ SECTION .text
+
+;------------------------------------------------------------------------------
+; typedef struct {
+; VOID *Caa;
+; UINT64 RaxIn;
+; UINT64 RcxIn;
+; UINT64 RdxIn;
+; UINT64 R8In;
+; UINT64 R9In;
+; UINT64 RaxOut;
+; UINT64 RcxOut;
+; UINT64 RdxOut;
+; UINT64 R8Out;
+; UINT64 R9Out;
+; UINT8 *CallPending;
+; } SVSM_CALL_DATA;
+;
+; UINT32
+; EFIAPI
+; AsmVmgExitSvsm (
+; SVSM_CALL_DATA *SvsmCallData
+; );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmVmgExitSvsm)
+ASM_PFX(AsmVmgExitSvsm):
+ push r10
+ push r11
+ push r12
+
+;
+; Calling convention has SvsmCallData in RCX. Move RCX to R12 in order to
+; properly populate the SVSM register state.
+;
+ mov r12, rcx
+
+ mov rax, [r12 + 8]
+ mov rcx, [r12 + 16]
+ mov rdx, [r12 + 24]
+ mov r8, [r12 + 32]
+ mov r9, [r12 + 40]
+
+;
+; Set CA call pending
+;
+ mov r10, [r12]
+ mov byte [r10], 1
+
+ rep vmmcall
+
+ mov [r12 + 48], rax
+ mov [r12 + 56], rcx
+ mov [r12 + 64], rdx
+ mov [r12 + 72], r8
+ mov [r12 + 80], r9
+
+;
+; Perform the atomic exchange and return the CA call pending value.
+; The call pending value is a one-byte field at offset 0 into the CA,
+; which is currently the value in R10.
+;
+
+ mov r11, [r12 + 88] ; Get CallPending address
+ mov cl, byte [r11]
+ xchg byte [r10], cl
+ mov byte [r11], cl ; Return the exchanged value
+
+ pop r12
+ pop r11
+ pop r10
+
+;
+; RAX has the value to be returned from the SVSM
+;
+ ret
+
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116536): https://edk2.groups.io/g/devel/message/116536
Mute This Topic: https://groups.io/mt/104810711/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-03-08 15:31 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 01/24] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 02/24] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present Lendacky, Thomas via groups.io
2024-04-03 7:07 ` Ni, Ray
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 04/24] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 05/24] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 06/24] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
2024-03-14 10:42 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-03-14 10:43 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 09/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 10/24] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-03-08 15:31 ` Lendacky, Thomas via groups.io [this message]
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
2024-04-03 7:06 ` Ni, Ray
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
2024-04-12 18:43 ` Guo Dong
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-03-14 10:39 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
2024-03-14 9:34 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-04-03 7:05 ` Ni, Ray
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
2024-03-14 10:40 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 18/24] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 19/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 20/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 21/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 22/24] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 23/24] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
2024-03-08 15:33 ` [edk2-devel] [PATCH v3 24/24] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-03-26 18:34 ` [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-04-02 18:16 ` Lendacky, Thomas via groups.io
2024-04-03 7:09 ` Ni, Ray
2024-04-03 15:03 ` Lendacky, Thomas via groups.io
[not found] ` <17C28950368F582E.9676@groups.io>
2024-04-12 14:02 ` Lendacky, Thomas via groups.io
2024-04-12 15:05 ` Ard Biesheuvel
2024-04-12 15:14 ` Lendacky, Thomas via groups.io
2024-04-16 8:41 ` Ard Biesheuvel
2024-04-15 15:01 ` [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library Lendacky, Thomas via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files Lendacky, Thomas via groups.io
2024-04-18 0:59 ` Chang, Abner via groups.io
2024-04-18 1:53 ` Xing, Eric via groups.io
[not found] ` <DS0PR12MB9445C820230BA65D290D6451F60E2@DS0PR12MB9445.namprd12.prod.outlook.com>
[not found] ` <fc020d25-6afa-8dcb-0b19-397b075be4e6@amd.com>
2024-04-19 7:05 ` Zhai, MingXin (Duke) via groups.io
2024-04-19 8:10 ` Xing, Eric via groups.io
2024-04-19 8:26 ` Ard Biesheuvel
2024-04-19 9:06 ` Xing, Eric via groups.io
2024-04-19 9:25 ` Ard Biesheuvel
2024-04-19 11:32 ` Xing, Eric via groups.io
2024-04-19 13:00 ` Chang, Abner via groups.io
2024-04-19 14:11 ` Ard Biesheuvel
2024-04-21 15:16 ` Xing, Eric via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 2/2] Platform/Intel: " Lendacky, Thomas via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=667d0ff8da68336a105c3428626726276ecfb424.1709911792.git.thomas.lendacky@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox