From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com [40.107.236.81]) by mx.groups.io with SMTP id smtpd.web11.10841.1590080931838540568 for ; Thu, 21 May 2020 10:08:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=r2mPD7YU; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.236.81, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eWRCIwBCcwrCwL/LecuQHBS2xzeG6wlacM4NKwH4eblm7ooqXRtD6BPY2CutfOLkxyA8nJ/qEVhUTUSGDKi+wMHBb1a54vkUgAD1QUs+MChBKFI+v2P1OJnrxQdABPtu0UY+Hy/h5+1meNCdiI8YCDHxHjxGV2ttcIcezSO2/ROVxLG7Vv+4iS0cg3p18+rtydONdNg3qvYhI7+89BwiTMaD5tvblAGBLlKPaSkmWxgUpSnSXWPE51jTMeH3FIfW03S/tdPJNM/QYKta3qGqwVUF296c94p9HJ5eEWgu6OrIe/VvTVN9hNG3YO7+mBfZ1+G3hwfSBr1ImYW+e9akHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZEPBGGqWq5AzYl51TF0lReAZWuATJLjrKh4t/IF4MQ0=; b=cOHYJbOrRSkprpCGF1TcHjgQMfZcl8lcQ9pQYq9iwnUDErq1SxfFcH0xXfYGLw4CPmfWcNQR5AxX0r/a/VJBTC7sRyiqRmQGq9WElr4SHg77jSwBDOi6wOd0b1MBVduiCCwodEjdj6Uxpgjn4x0hkDPKmoxeoFOj59+OrZS+hN4fUugKnOWw8bfXHnUFWktgeMWe9hhEapWgx0pD3ImFK+R3oanMUqrtJuQo7qb4kizLDzmknfNSu/YG8oyUyWrfmDwaXzjwJ/mnIpZQKPMeZ7OWhk5lwTrIi/aqvasta7fTycL0rx9CBPWaUlrhr5n9IIa6rgIeaTgKO2jlN07Xiw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZEPBGGqWq5AzYl51TF0lReAZWuATJLjrKh4t/IF4MQ0=; b=r2mPD7YUTMxExDcxFa56KB0hfZXXFG8Vgt1mZWN8iV5ogDHS10FAHsJP2H61gMsbFWwB8IV2y6E6e1ddnyz94bXvLcz3pw+Cl6f2s69E5/delACHBo71txaWYAdU3wpuf2GG81kQKHQBrx3dUc3ipRCcQfBXv/JpK2ZAUOE/4Ck= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1929.namprd12.prod.outlook.com (2603:10b6:3:106::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.26; Thu, 21 May 2020 17:08:49 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.3000.034; Thu, 21 May 2020 17:08:49 +0000 Subject: Re: [edk2-devel] [PATCH v8 12/46] OvmfPkg/VmgExitLib: Implement library support for VmgExitLib in OVMF To: Laszlo Ersek , devel@edk2.groups.io Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Ard Biesheuvel References: From: "Lendacky, Thomas" Message-ID: <74f4c4ee-7026-733a-08ac-9a7758c1ee76@amd.com> Date: Thu, 21 May 2020 12:08:47 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: X-ClientProxiedBy: SN4PR0401CA0036.namprd04.prod.outlook.com (2603:10b6:803:2a::22) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0401CA0036.namprd04.prod.outlook.com (2603:10b6:803:2a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Thu, 21 May 2020 17:08:48 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: b4f5bccd-ced1-4d47-f8ac-08d7fda9a135 X-MS-TrafficTypeDiagnostic: DM5PR12MB1929: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 041032FF37 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +0jJtDfYtwepFX9s3GRNCRMQqGOFaBkbO+w1PRkcDOhCvm3BCOmQSHfz/t8KSQZuLkfVSJyS2Gzs3EV05sDdr1WNrCwwPF5+OMXyrUzDbCg4ksdSl15MUvcnC5VnfUwsCxx9/emNRuPjos5b8V8QAO1Kg84QVGPN84MQyxzPd2SMZUEbof0rrBg7rXruy6GwuA30EbfZVI/AUXW5Visu3k37wVWzZKu6XC0ABJOPE9Rp7azaPX0ekxARNwI7YQDF4kDLLuOdV0gXI6Eb8dK/MHCZ0k0AJ3JMLJD9WS7wwSRDI7qcH6ssdpq6oIUd7SW7WMsXMBYCK1YzNwGmGSHJqqQIuqfAmDOjlHIanTVIXNBs7GCI5OQkkHgt4N6fFBQV X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(346002)(396003)(376002)(366004)(136003)(39860400002)(6486002)(31686004)(6512007)(30864003)(66946007)(186003)(2906002)(66556008)(478600001)(8936002)(66476007)(16526019)(8676002)(5660300002)(316002)(53546011)(52116002)(19627235002)(2616005)(31696002)(4326008)(54906003)(86362001)(956004)(26005)(6506007)(36756003)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: D5C7shf4FUOUUgEh30iY4v6402YnDTRCXRXXEBEHjMDW6FBpnLzRsosZhZd4Yw03hAn94nmjHUn41SK1isE4NQeNjM9tVQSNkcgd1k1u3X6QPSFnaXb0O9LGSKoumeuYxkS/RqTFRIq+CON6Mdr9Qtb6s584FGwqBn84tkn5otRwC9CjKNTO9QLmHOs+EqiomCo6786zqfFmA0dEmdOtaqmAlNkSPmGSpABcl7ny9GKfVQjScbHnBNoEmuOfY0b1wbs2zUsl8XqpTEBTwHsOk6gAoOSwgpziq0VoF80q/WeOiR8KS/MAkOSkcBbHyh+38Y3zdVjV5o7lgcH19ZvyvFwvHVH84JgjaBZ0INjzYYDQX5lKEfeErKdH3Yxrtke11ddKWW3zbLeBHrvzfVyZcLjJ0weTm5A7wSiHTj/hQKC5mVDJ9nVD207OF3RyApjf55wIEa44spJo1MKpXY8RvjJMdcyA7t2H/1jpMPDbxZg= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: b4f5bccd-ced1-4d47-f8ac-08d7fda9a135 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 May 2020 17:08:49.4462 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: GJqP/xLksaSPMlru3zSPGNWc5vMCnv32RB/f/sJMPWKS7O1pxxl+JYLnG9CAaB06gOIBiEhsv5BqFJTf6Jae/Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1929 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 5/21/20 11:52 AM, Laszlo Ersek wrote: > On 05/19/20 23:50, Lendacky, Thomas wrote: >> The base VmgExitLib library provides a default limited interface. As it >> does not provide full support, create an OVMF version of this library to >> begin the process of providing full support of SEV-ES within OVMF. >> >> SEV-ES support is only provided for X64 builds, so only OvmfPkgX64.dsc is >> updated to make use of the OvmfPkg version of the library. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/OvmfPkgX64.dsc | 2 +- >> OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 36 ++++ >> OvmfPkg/Library/VmgExitLib/VmgExitLib.c | 155 ++++++++++++++++++ >> .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 81 +++++++++ >> OvmfPkg/Library/VmgExitLib/VmgExitLib.uni | 15 ++ > > (1) Please drop the UNI file. UNI files are needed (to my understanding) > with UPT (UEFI Packaging Tool), but OvmfPkg content is not distributed > like that. So UNI files would only be a distraction under OvmfPkg. Will do. > >> 5 files changed, 288 insertions(+), 1 deletion(-) >> create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.inf >> create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.c >> create mode 100644 OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> create mode 100644 OvmfPkg/Library/VmgExitLib/VmgExitLib.uni >> >> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >> index 0b9189ab1e38..b5f3859420d0 100644 >> --- a/OvmfPkg/OvmfPkgX64.dsc >> +++ b/OvmfPkg/OvmfPkgX64.dsc >> @@ -232,7 +232,7 @@ [LibraryClasses] >> >> [LibraryClasses.common] >> BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >> - VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf >> + VmgExitLib|OvmfPkg/Library/VmgExitLib/VmgExitLib.inf >> >> [LibraryClasses.common.SEC] >> TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf >> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf >> new file mode 100644 >> index 000000000000..0e6bc8432314 >> --- /dev/null >> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf >> @@ -0,0 +1,36 @@ >> +## @file >> +# VMGEXIT Support Library. >> +# >> +# Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
>> +# SPDX-License-Identifier: BSD-2-Clause-Patent >> +# >> +## >> + >> +[Defines] >> + INF_VERSION = 0x00010005 >> + BASE_NAME = VmgExitLib >> + MODULE_UNI_FILE = VmgExitLib.uni > > (2) Please drop MODULE_UNI_FILE too, according to (1). Will do. > >> + FILE_GUID = 0e923c25-13cd-430b-8714-ffe85652a97b >> + MODULE_TYPE = BASE >> + VERSION_STRING = 1.0 >> + LIBRARY_CLASS = VmgExitLib >> + >> +# >> +# The following information is for reference only and not required by the build tools. >> +# >> +# VALID_ARCHITECTURES = X64 >> +# >> + >> +[Sources.X64] >> + X64/VmgExitVcHandler.c >> + >> +[Sources.common] >> + VmgExitLib.c > > (3) I think this split for [Sources] does not make sense under OvmfPkg. > I'd only use one [Sources] Section, and also move VmgExitVcHandler.c out > of the X64 subdir. The X64 subdir per se doesn't look useful either. Will do. > >> + >> +[Packages] >> + MdePkg/MdePkg.dec >> + UefiCpuPkg/UefiCpuPkg.dec >> + >> +[LibraryClasses] >> + BaseLib >> + >> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.c b/OvmfPkg/Library/VmgExitLib/VmgExitLib.c >> new file mode 100644 >> index 000000000000..7b7ebea85256 >> --- /dev/null >> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.c >> @@ -0,0 +1,155 @@ >> +/** @file >> + VMGEXIT Support Library. >> + >> + Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
>> + SPDX-License-Identifier: BSD-2-Clause-Patent >> + >> +**/ >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +/** >> + Check for VMGEXIT error >> + >> + Check if the hypervisor has returned an error after completion of the VMGEXIT >> + by examining the SwExitInfo1 field of the GHCB. >> + >> + @param[in] Ghcb A pointer to the GHCB >> + >> + @retval 0 VMGEXIT succeeded. >> + @retval Others VMGEXIT processing did not succeed. Exception number to >> + be propagated. >> + >> +**/ >> +STATIC >> +UINT64 >> +VmgExitErrorCheck ( >> + IN GHCB *Ghcb >> + ) >> +{ >> + GHCB_EVENT_INJECTION Event; >> + GHCB_EXIT_INFO ExitInfo; >> + UINT64 Status; >> + >> + ExitInfo.Uint64 = Ghcb->SaveArea.SwExitInfo1; >> + ASSERT ((ExitInfo.Elements.Lower32Bits == 0) || >> + (ExitInfo.Elements.Lower32Bits == 1)); >> + >> + Status = 0; >> + if (ExitInfo.Elements.Lower32Bits == 0) { >> + return Status; >> + } >> + >> + if (ExitInfo.Elements.Lower32Bits == 1) { >> + ASSERT (Ghcb->SaveArea.SwExitInfo2 != 0); >> + >> + // Check that the return event is valid > > (4) Please prepend and append empty "//" lines. Will do. > >> + Event.Uint64 = Ghcb->SaveArea.SwExitInfo2; >> + if (Event.Elements.Valid && >> + Event.Elements.Type == GHCB_EVENT_INJECTION_TYPE_EXCEPTION) { >> + switch (Event.Elements.Vector) { >> + case GP_EXCEPTION: >> + case UD_EXCEPTION: >> + // Use returned event as return code > > (5) Same as (4). Will do. > > With these addressed: > > Acked-by: Laszlo Ersek Thanks! Tom > > Thanks, > Laszlo > >> + Status = Event.Uint64; >> + } >> + } >> + } >> + >> + if (Status == 0) { >> + GHCB_EVENT_INJECTION GpEvent; >> + >> + GpEvent.Uint64 = 0; >> + GpEvent.Elements.Vector = GP_EXCEPTION; >> + GpEvent.Elements.Type = GHCB_EVENT_INJECTION_TYPE_EXCEPTION; >> + GpEvent.Elements.Valid = 1; >> + >> + Status = GpEvent.Uint64; >> + } >> + >> + return Status; >> +} >> + >> +/** >> + Perform VMGEXIT. >> + >> + Sets the necessary fields of the GHCB, invokes the VMGEXIT instruction and >> + then handles the return actions. >> + >> + @param[in, out] Ghcb A pointer to the GHCB >> + @param[in] ExitCode VMGEXIT code to be assigned to the SwExitCode >> + field of the GHCB. >> + @param[in] ExitInfo1 VMGEXIT information to be assigned to the >> + SwExitInfo1 field of the GHCB. >> + @param[in] ExitInfo2 VMGEXIT information to be assigned to the >> + SwExitInfo2 field of the GHCB. >> + >> + @retval 0 VMGEXIT succeeded. >> + @retval Others VMGEXIT processing did not succeed. Exception >> + event to be propagated. >> + >> +**/ >> +UINT64 >> +EFIAPI >> +VmgExit ( >> + IN OUT GHCB *Ghcb, >> + IN UINT64 ExitCode, >> + IN UINT64 ExitInfo1, >> + IN UINT64 ExitInfo2 >> + ) >> +{ >> + Ghcb->SaveArea.SwExitCode = ExitCode; >> + Ghcb->SaveArea.SwExitInfo1 = ExitInfo1; >> + Ghcb->SaveArea.SwExitInfo2 = ExitInfo2; >> + >> + // >> + // Guest memory is used for the guest-hypervisor communication, so fence >> + // the invocation of the VMGEXIT instruction to ensure GHCB accesses are >> + // synchronized properly. >> + // >> + MemoryFence (); >> + AsmVmgExit (); >> + MemoryFence (); >> + >> + return VmgExitErrorCheck (Ghcb); >> +} >> + >> +/** >> + Perform pre-VMGEXIT initialization/preparation. >> + >> + Performs the necessary steps in preparation for invoking VMGEXIT. Must be >> + called before setting any fields within the GHCB. >> + >> + @param[in, out] Ghcb A pointer to the GHCB >> + >> +**/ >> +VOID >> +EFIAPI >> +VmgInit ( >> + IN OUT GHCB *Ghcb >> + ) >> +{ >> + SetMem (&Ghcb->SaveArea, sizeof (Ghcb->SaveArea), 0); >> +} >> + >> +/** >> + Perform post-VMGEXIT cleanup. >> + >> + Performs the necessary steps to cleanup after invoking VMGEXIT. Must be >> + called after obtaining needed fields within the GHCB. >> + >> + @param[in, out] Ghcb A pointer to the GHCB >> + >> +**/ >> +VOID >> +EFIAPI >> +VmgDone ( >> + IN OUT GHCB *Ghcb >> + ) >> +{ >> +} >> + >> diff --git a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> new file mode 100644 >> index 000000000000..036f030d6b34 >> --- /dev/null >> +++ b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> @@ -0,0 +1,81 @@ >> +/** @file >> + X64 #VC Exception Handler functon. >> + >> + Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
>> + SPDX-License-Identifier: BSD-2-Clause-Patent >> + >> +**/ >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +/** >> + Handle a #VC exception. >> + >> + Performs the necessary processing to handle a #VC exception. >> + >> + @param[in, out] ExceptionType Pointer to an EFI_EXCEPTION_TYPE to be set >> + as value to use on error. >> + @param[in, out] SystemContext Pointer to EFI_SYSTEM_CONTEXT >> + >> + @retval EFI_SUCCESS Exception handled >> + @retval EFI_UNSUPPORTED #VC not supported, (new) exception value to >> + propagate provided >> + @retval EFI_PROTOCOL_ERROR #VC handling failed, (new) exception value to >> + propagate provided >> + >> +**/ >> +EFI_STATUS >> +EFIAPI >> +VmgExitHandleVc ( >> + IN OUT EFI_EXCEPTION_TYPE *ExceptionType, >> + IN OUT EFI_SYSTEM_CONTEXT SystemContext >> + ) >> +{ >> + MSR_SEV_ES_GHCB_REGISTER Msr; >> + EFI_SYSTEM_CONTEXT_X64 *Regs; >> + GHCB *Ghcb; >> + UINT64 ExitCode, Status; >> + EFI_STATUS VcRet; >> + >> + VcRet = EFI_SUCCESS; >> + >> + Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB); >> + ASSERT (Msr.GhcbInfo.Function == 0); >> + ASSERT (Msr.Ghcb != 0); >> + >> + Regs = SystemContext.SystemContextX64; >> + Ghcb = Msr.Ghcb; >> + >> + VmgInit (Ghcb); >> + >> + ExitCode = Regs->ExceptionData; >> + switch (ExitCode) { >> + default: >> + Status = VmgExit (Ghcb, SVM_EXIT_UNSUPPORTED, ExitCode, 0); >> + if (Status == 0) { >> + Regs->ExceptionData = 0; >> + *ExceptionType = GP_EXCEPTION; >> + } else { >> + GHCB_EVENT_INJECTION Event; >> + >> + Event.Uint64 = Status; >> + if (Event.Elements.ErrorCodeValid) { >> + Regs->ExceptionData = Event.Elements.ErrorCode; >> + } else { >> + Regs->ExceptionData = 0; >> + } >> + >> + *ExceptionType = Event.Elements.Vector; >> + } >> + >> + VcRet = EFI_PROTOCOL_ERROR; >> + } >> + >> + VmgDone (Ghcb); >> + >> + return VcRet; >> +} >> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.uni b/OvmfPkg/Library/VmgExitLib/VmgExitLib.uni >> new file mode 100644 >> index 000000000000..a919b484c319 >> --- /dev/null >> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.uni >> @@ -0,0 +1,15 @@ >> +// /** @file >> +// VMGEXIT support library instance. >> +// >> +// VMGEXIT support library instance. >> +// >> +// Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.
>> +// SPDX-License-Identifier: BSD-2-Clause-Patent >> +// >> +// **/ >> + >> + >> +#string STR_MODULE_ABSTRACT #language en-US "OVMF VMGEXIT Support Library." >> + >> +#string STR_MODULE_DESCRIPTION #language en-US "OVMF VMGEXIT Support Library." >> + >> >