From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 02 Oct 2019 05:06:01 -0700 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 796BF4E924; Wed, 2 Oct 2019 12:06:00 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-71.rdu2.redhat.com [10.10.120.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id 56E095EE1D; Wed, 2 Oct 2019 12:05:58 +0000 (UTC) Subject: Re: [edk2-devel] [RFC PATCH v2 11/44] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled To: devel@edk2.groups.io, thomas.lendacky@amd.com Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , "Singh, Brijesh" References: <457424fdcd5ba463dbbc198c1018cedd3857a9b7.1568922728.git.thomas.lendacky@amd.com> From: "Laszlo Ersek" Message-ID: <67a4c41d-3431-1ac8-9d93-07be98288b03@redhat.com> Date: Wed, 2 Oct 2019 14:05:57 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <457424fdcd5ba463dbbc198c1018cedd3857a9b7.1568922728.git.thomas.lendacky@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Wed, 02 Oct 2019 12:06:00 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 09/19/19 21:52, Lendacky, Thomas wrote: > From: Tom Lendacky > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 > > The SEV support will clear the C-bit from non-RAM areas. The early GDT > lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT > will be read as un-encrypted even though it is encrypted. This will result > in a failure to be able to handle the exception. > > Move the GDT into RAM so it can be accessed without error when running as > an SEV-ES guest. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Tom Lendacky > --- > OvmfPkg/PlatformPei/AmdSev.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c > index 699bb8b11557..d6733447bdf2 100644 > --- a/OvmfPkg/PlatformPei/AmdSev.c > +++ b/OvmfPkg/PlatformPei/AmdSev.c > @@ -37,6 +37,8 @@ AmdSevEsInitialize ( > PHYSICAL_ADDRESS GhcbBasePa; > UINTN GhcbPageCount; > RETURN_STATUS PcdStatus, DecryptStatus; > + IA32_DESCRIPTOR Gdtr; > + VOID *Gdt; > > if (!MemEncryptSevEsIsEnabled ()) { > return; > @@ -72,6 +74,20 @@ AmdSevEsInitialize ( > DEBUG ((DEBUG_INFO, "SEV-ES is enabled, %u GHCB pages allocated starting at 0x%lx\n", GhcbPageCount, GhcbBase)); > > AsmWriteMsr64 (MSR_SEV_ES_GHCB, (UINT64)GhcbBasePa); > + > + // > + // The SEV support will clear the C-bit from the non-RAM areas. Since > + // the GDT initially lives in that area and it will be read when a #VC > + // exception happens, it needs to be moved to RAM for an SEV-ES guest. > + // > + AsmReadGdtr (&Gdtr); > + > + Gdt = AllocatePages (EFI_SIZE_TO_PAGES (Gdtr.Limit + 1)); EFI_SIZE_TO_PAGES() expects an UINTN argument. "Gdtr.Limit" is UINT16 ("unsigned short"), which is promoted (as part of the integer promotions) to INT32 ("int"). The addition is then performed in INT32. (1) Please cast either Gdtr.Limit, or the sum, to UINTN explicitly. > + ASSERT (Gdt); (2) Please write (Gdt != NULL). > + > + CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1); > + Gdtr.Base = (UINTN) Gdt; > + AsmWriteGdtr (&Gdtr); > } > > /** > With those changes: Reviewed-by: Laszlo Ersek Thanks Laszlo