From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com []) by mx.groups.io with SMTP id smtpd.web12.973.1589925151073622217 for ; Tue, 19 May 2020 14:52:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=1bBfIFoi; spf=none, err=SPF record not found (domain: amd.com, ip: , mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bNr2TmxRHnm6Da4A2PUYojTykbuIKliy2rro+yOO3teVpW+tVnIRd3A5xdzwB3rNKfDB1f9A5d4jP8gkdSU7CYRQvyaRio0tuUq1JixQOlZdUy5pf60mtQisgyIVqLZdXAa0fzLy82xHyjpjnVUfy/t7NmV79vX8oyw4sEm7efYZpMHYl/zZ0fQF9afaofk8o44iqOI5ZnawsOhklnysbXxZZmlkc0cfDJ4tu5ECqBEzaje80hZlEqBUfpoJXMbBRPNWvBhWGlYMPz3/iZVMoVaGuyd5XUE/2OBUPO3uVcg5T5DLLFSDHsYD0PeCpB+lM0TmHod+VSskZmIYw8RZcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bhYNcWe9Dmh6ZVNNV+RLaBP3kJL4aqhaTuiWyDwt+ts=; b=KkkQGsjx27+OiEBLrVIRvUt0FdsCcMe4Y99vmZeLm/QRIqbNEfjmcy9J7MyCPyiVzkfF0yMP87Dukmu0IILBW9XCkspWjpxkFnQ+lmo9vyGdERSsAX1rv5ZdKrzRwMYi3VWsn9SUcSgf+eMoADOI6m9DRhvwMLq/7vhj9oXqzil9/PHzbPYWgvJ7QtqQ3Yy9ePyUOCKDurgmwOvq+/kHElOL8sH13C7Sj+SgHEwp3GlDlfZxjVg9jnmjmUIyPeEDIak4yI31iqi1gDaW1VXDwjWx6j1CaWmEl6PQB7ZT0WRRXRHg8Wp8iS1J/YPPQm3rm/PlkSGz2TLT6j9X5OvUDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bhYNcWe9Dmh6ZVNNV+RLaBP3kJL4aqhaTuiWyDwt+ts=; b=1bBfIFoiJsX07ISVWiMs4yjRxgApbUAcujPWceo2U7Peu7ySYDGv70be2id5EqPUMVahPY50OKwDTwfI7AphrpDgZmyUwAJPVF9Sp9yo/N1OtfKINuTWrCdVkuQK/i3CjNeV1V6A++AiN3DscAALVGIYNRyWRKu4wPylTTZI8xM= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB2504.namprd12.prod.outlook.com (2603:10b6:4:b5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.20; Tue, 19 May 2020 21:52:30 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.3000.034; Tue, 19 May 2020 21:52:30 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh Subject: [PATCH v8 32/46] OvmfPkg/PlatformPei: Move early GDT into ram when SEV-ES is enabled Date: Tue, 19 May 2020 16:51:00 -0500 Message-Id: <710be72175adbe91d24731bce13079a05868face.1589925074.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM6PR11CA0048.namprd11.prod.outlook.com (2603:10b6:5:14c::25) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM6PR11CA0048.namprd11.prod.outlook.com (2603:10b6:5:14c::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.25 via Frontend Transport; Tue, 19 May 2020 21:52:00 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 2e3951db-ae8c-4bcd-a300-08d7fc3edc68 X-MS-TrafficTypeDiagnostic: DM5PR12MB2504: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-Forefront-PRVS: 040866B734 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ngDy5m/Ow6vEKLdn11U/330miuEJBdVvnVkZlpkyD6rutbG25Zv3WU03zM+mwoKlUySsZ9vRnoCFwU9MXNuuOlyOlBc2DdBUdhAeQrw9KnZe4pUSaJOBbAG4QLoFwvOXrQsBiOpTOUz4FIWk1dJW0Zm7W2kA6Ly661ejPJxxUUgF81Sm3fgjdzjMjgRRPLZ+cDHrLxlGfLZU8SyQSdM6htxSrIMc1hzcyQFdsdwZDyEt2fnY4neyguXqZMo9suUi17ubKkv61E5vkRb1hA/1HoRcD+Bhmv2tWl/BmMai4Oa5JrseyPbLeuBk23oancyupoyYlfBUPFKbUDt0LdlosUFDUkSpmkj2K4jIBlF9khe7rRI6Q3jnGYBOh09u7bw8zRqxA1LT3/Pm+DDCvjlbargSJj+wWDG5Ugf2GNhB9/BARy8z77IBGfAqs98mXI76tUH8CmAGK/s5K5TYK9Jn3uk2pIXD9OrTfvL66kYxaV6WB64tKCfFY2nrNz6f4JZ1JkxmS2+z71QpDh4Z+hGfRZV943IuUyuoh1L2WNJQ8OlcVKgdyhFi/U3rgIAxNV9yp9NBxCs4t3ihliKA5ws7SA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(376002)(39860400002)(136003)(346002)(396003)(366004)(316002)(86362001)(2906002)(54906003)(7696005)(52116002)(2616005)(956004)(66946007)(66476007)(66556008)(36756003)(26005)(16526019)(186003)(4326008)(8676002)(5660300002)(966005)(6486002)(8936002)(6916009)(478600001)(136400200001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: hEV/2D618oAMwvaNz19HcmvMBJltTBT3+7M2GudcK6wJhcPBh++7rXHzA66OshIi4F8amfVD+k30UJTY65NrpDJQk0RbrGS8FMpq102duzt+IRpS53xN6ZxRArYVJwnFQXpVVk6vPAz4mLzQF5VQvaxOYx8sFzfs0G/sOEReW/aJbhdElSKRL58uQ4RnshSi/VxfkQzHq8KbCFx1V4W64jD2S6NdbMYLvxKUn2y4yKwM7hzaAE5mS5SdSZuWVFw+srVp143CMZph5kYUqVJ0Hot0gy/oZi9Lh77gR6aCP4TO6sTBsDkDVso+5DJ8ZxoBHWjmORHU3tHvd8+wqI1ddHC+nQ+kT5UD1wOoThdRLRqYSl0+oslx1emtWbKFPUJwWoyuErHfJbuAQ3UDNIPV35N7OLuAZukxqId6Pf7Ba2/tlfwslfJNsrO5CF9Zras7BLLQvD6T1KpZvLf9HdrzzIofupu1iAAUMrO4y7Hc6ec= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2e3951db-ae8c-4bcd-a300-08d7fc3edc68 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 May 2020 21:52:01.3930 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: gsZhlSSi6bj+IlreeDaifeI8Kn/gcnOSSArmGmdFqzuWrOZ9EyxPfZRevHGjWfPJ0UG5ab9ZIzmtuWcLmA+PLQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB2504 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The SEV support will clear the C-bit from non-RAM areas. The early GDT lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT will be read as un-encrypted even though it is encrypted. This will result in a failure to be able to handle the exception. Move the GDT into RAM so it can be accessed without error when running as an SEV-ES guest. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky --- OvmfPkg/PlatformPei/AmdSev.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c index 4fd4534cabea..a2b38c591236 100644 --- a/OvmfPkg/PlatformPei/AmdSev.c +++ b/OvmfPkg/PlatformPei/AmdSev.c @@ -39,6 +39,8 @@ AmdSevEsInitialize ( PHYSICAL_ADDRESS GhcbBasePa; UINTN GhcbPageCount, PageCount; RETURN_STATUS PcdStatus, DecryptStatus; + IA32_DESCRIPTOR Gdtr; + VOID *Gdt; if (!MemEncryptSevEsIsEnabled ()) { return; @@ -83,6 +85,22 @@ AmdSevEsInitialize ( (UINT64)GhcbPageCount, GhcbBase)); AsmWriteMsr64 (MSR_SEV_ES_GHCB, GhcbBasePa); + + // + // The SEV support will clear the C-bit from non-RAM areas. The early GDT + // lives in a non-RAM area, so when an exception occurs (like a #VC) the GDT + // will be read as un-encrypted even though it was created before the C-bit + // was cleared (encrypted). This will result in a failure to be able to + // handle the exception. + // + AsmReadGdtr (&Gdtr); + + Gdt = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN) Gdtr.Limit + 1)); + ASSERT (Gdt != NULL); + + CopyMem (Gdt, (VOID *) Gdtr.Base, Gdtr.Limit + 1); + Gdtr.Base = (UINTN) Gdt; + AsmWriteGdtr (&Gdtr); } /** -- 2.17.1