From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.47]) by mx.groups.io with SMTP id smtpd.web11.19785.1590174374821196719 for ; Fri, 22 May 2020 12:06:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=j6133O/2; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.244.47, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RIJD5Ym+u1aUUJStZhowtSiOTAeswsCEebfp9y+6KuzWZPp5pyAQkEckvs5Riy+nCvmMPept1EaoBGgXgRSJ1C9LbEZG4D3tiVMTC8tYcunlwRVceJN9Z7+kByzu6gzV9Onf5Z1K9E37x3POIkPFW7OGZ4uFwcrCTtd8GQr9vOwLnHWoVAc4hh3ZS4bYRddeVXRpM/xHUpSGZMKw0sPCiLs6nLYqOCJuq/Atekd/RpMXqYBRtBWw7g7Vzn8W7qLzW9NQO0sIK8/dy+oy/3m1lLfFYnqwhkTrFr8PpK4AIlpAXJ0ig/CiEk8F/YAwOrxcG2tELT4Ri6gpcsksZE0OlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wRwX2zAcI0fCEywGW7EZkqgnIS3011Hd1Fvdmr5TH94=; b=mDVfcJOTL/T49VKGafKX3qUw/6PYMZvq+t+IGxnNvKIxkTEpEp4VlNd5S9WgLGQRsK+AXlMtX9eXo0jsihe5HrnCqFPkcUwjGNe/bimRR8BwVSz/KfdgjMtK/rohdRFFMOxEPSOCOh+7wt9bGfB6KUPe5CVjHpTNdIlWC2SSFr8RFd/trK+OI31mstPXYjNQKlhRe28iQadkadQ9qsJjY1j+aGMvJsXWRCPKIynehKz1AGtn4A8PScEExMs3j/B0ASMH8T/sVChc5YQ8evwoUfsb7ZvKBDdHPv8SDM8M303t5Sd39/K4DLU+GOel+nrZFimoSfJBaKo3DPaCRKXVIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wRwX2zAcI0fCEywGW7EZkqgnIS3011Hd1Fvdmr5TH94=; b=j6133O/2AJ11+jO6mMwEGCb6w98bennchzC7Tlj/W4HA7a9MBj/p610cT9VQBBLg1VxVAeWofDaH8PcQS+d2K79oAeYbM4+Ul2/Jul/gU6Y23hiGr33M9QY04Bmx9DHc5MByb1TdJvt+i8RSryHr2Bz+LqPRgmbplZKOROAgFUk= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1929.namprd12.prod.outlook.com (2603:10b6:3:106::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.26; Fri, 22 May 2020 19:06:11 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.3000.034; Fri, 22 May 2020 19:06:11 +0000 Subject: Re: [edk2-devel] [PATCH v8 16/46] OvmfPkg/VmgExitLib: Add support for MSR_PROT NAE events To: Laszlo Ersek , devel@edk2.groups.io Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Ard Biesheuvel References: <0c535885cd63be2633ae1f421014f5d2598fe0cc.1589925074.git.thomas.lendacky@amd.com> <0e6d2b87-4ad9-2600-b986-a0b58ca0b8ac@redhat.com> From: "Lendacky, Thomas" Message-ID: <82382823-c48c-35e2-24f4-7808d13e025c@amd.com> Date: Fri, 22 May 2020 14:06:09 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: <0e6d2b87-4ad9-2600-b986-a0b58ca0b8ac@redhat.com> X-ClientProxiedBy: SN6PR2101CA0020.namprd21.prod.outlook.com (2603:10b6:805:106::30) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN6PR2101CA0020.namprd21.prod.outlook.com (2603:10b6:805:106::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.5 via Frontend Transport; Fri, 22 May 2020 19:06:10 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: fa55e53e-fa4e-4200-dc7b-08d7fe8330fe X-MS-TrafficTypeDiagnostic: DM5PR12MB1929: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-Forefront-PRVS: 04111BAC64 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: vIoHpibICPDBnmqj9EtPPHJhNI0Jkrey1JJwZmKQaMrcWJAO7I4RGnng3PxFSUFnK8bFtO8VcL0aMXDstVV8tHrKjOA9OhQ9+Lh3VELUtoPP/TRBMKJISdIUZZ6sEqXyrMIushdhpxv4UCpPpv1kEt9kVbk6tCKbja/HKEh4XWHuJADnmt8PAuE9proXfgI+Tkxfle2XEhxukiHH2CgMx7FXOZb+UebZw2hARdyo07dU4Ze7kq03aOybg8w4NCgBL4vBkj1tXbTluSJ0GPT8Pot3JaR1HLbK8Aqw8sBHver3tGCzpdq7ZvPgmH37+VNROw7lrgGK/i14eGer2BwK5FbeJr9pWtgoPB1ZTLgn8ovfrYHcrv9nSCVK9UT3mmn4x5tlkTR895nK/MuEW4iuoMrz9d5VzI0eIDj0usLjbrRC+zSYmyL3YpIxeNs34ZyxZuOx4vXGLBmZUyJQYF5mug== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(136003)(376002)(396003)(346002)(366004)(52116002)(31696002)(4326008)(53546011)(5660300002)(316002)(86362001)(956004)(26005)(2616005)(6506007)(19627235002)(54906003)(36756003)(6512007)(45080400002)(66476007)(6486002)(8676002)(478600001)(8936002)(966005)(66946007)(31686004)(16526019)(66556008)(2906002)(186003)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: D+szKiPjOmdJhHz0q1U9b3i/kVrIgbJqKmq+LxuyHEPg7pnXtXqiNCTFIyRY0suDc3NHvqhtG550iJRARAJiB4OaywySrwF690l0+jfXrJZqsOfMDvsUtQ5LHqn8fZabq8IOvBwk5R4i2/FnZ1vIwH6NkGD7DYR5CqR2IPFWG0byfLSejSxAZRIDc/N1UoKIfSd5y6YHBOiV9gKqEFBwg/fMJFa9WP+fnF2oMzd9eVzdLvnkoJ49L4LSm9m/1i3tHfrO68iVYsvplNhIqvxZGcH10V57186bd9bbqnqzO9UVeJBx0toCcDg8mZeVCyCxMZl1+K2rIFoSEt335K3QgXxO9v+Tg7D/FMqpwGAdG83nw2kQvz5owYp4fyPISKbRhCPK70xsRiyAWmx/C+YgEDmp0R9+qw2kvCRxfvb4wGtBuYAjPP50VSExkwmokvxqBI2iFET1pDT/24eZO9sC9oGIZ7FexQq0SwMJ7FMqX88= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: fa55e53e-fa4e-4200-dc7b-08d7fe8330fe X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2020 19:06:11.4163 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oJWn9Mff1kHKNNh/sOSXFQA3JNAa1BKb1FHhGflhZxQl8+PN/z+JhXnd26SM43Zhz4yIvnqcTMz76ScTQJ0nsg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1929 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 5/22/20 5:31 AM, Laszlo Ersek wrote: > On 05/19/20 23:50, Lendacky, Thomas wrote: >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2198&data=02%7C01%7Cthomas.lendacky%40amd.com%7C95b407c13bd44ad1b89608d7fe3b450a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637257402837183063&sdata=jSpUywdrvuJ5Iw1lfVb30VUuZc%2FBOGn%2B670DymPBePY%3D&reserved=0 >> >> Under SEV-ES, a MSR_PROT intercept generates a #VC exception. VMGEXIT must >> be used to allow the hypervisor to handle this intercept. >> >> Add support to construct the required GHCB values to support an MSR_PROT >> NAE event. Parse the instruction that generated the #VC exception to >> determine whether it is RDMSR or WRMSR, setting the required register >> register values in the GHCB and creating the proper SW_EXIT_INFO1 value in >> the GHCB. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Signed-off-by: Tom Lendacky >> --- >> .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 63 +++++++++++++++++++ >> 1 file changed, 63 insertions(+) >> >> diff --git a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> index 2f62795edf61..1c6b472a47c4 100644 >> --- a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> +++ b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> @@ -411,6 +411,65 @@ UnsupportedExit ( >> return Status; >> } >> >> +/** >> + Handle an MSR event. >> + >> + Use the VMGEXIT instruction to handle either a RDMSR or WRMSR event. >> + >> + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communication >> + Block >> + @param[in, out] Regs x64 processor context >> + @param[in] InstructionData Instruction parsing context >> + >> + @retval 0 Event handled successfully >> + @retval Others New exception value to propagate >> + >> +**/ >> +STATIC >> +UINT64 >> +MsrExit ( >> + IN OUT GHCB *Ghcb, >> + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, >> + IN SEV_ES_INSTRUCTION_DATA *InstructionData >> + ) >> +{ >> + UINT64 ExitInfo1, Status; >> + >> + ExitInfo1 = 0; >> + >> + switch (*(InstructionData->OpCodes + 1)) { >> + case 0x30: // WRMSR > > This comment looks great! > >> + ExitInfo1 = 1; >> + Ghcb->SaveArea.Rax = Regs->Rax; >> + GhcbSetRegValid (Ghcb, GhcbRax); >> + Ghcb->SaveArea.Rdx = Regs->Rdx; >> + GhcbSetRegValid (Ghcb, GhcbRdx); >> + /* Fallthrough */ > > (1) This comment is very appreciated (I vaguely remember that the coding > style actually requires it), but we're supposed to put it like this: > > // > // fall through > // > > (See: "git grep -B1 -A1 -i 'fall through'".) > Will do. >> + case 0x32: // RDMSR >> + Ghcb->SaveArea.Rcx = Regs->Rcx; >> + GhcbSetRegValid (Ghcb, GhcbRcx); >> + break; >> + default: >> + return UnsupportedExit (Ghcb, Regs, InstructionData); >> + } >> + >> + Status = VmgExit (Ghcb, SVM_EXIT_MSR, ExitInfo1, 0); >> + if (Status) { > > (2) As usual, please check (Status > 0) or (Status != 0) explicitly. Yup. > > Acked-by: Laszlo Ersek Thanks! Tom > > Thanks > Laszlo > >> + return Status; >> + } >> + >> + if (!ExitInfo1) { >> + if (!GhcbIsRegValid (Ghcb, GhcbRax) || >> + !GhcbIsRegValid (Ghcb, GhcbRdx)) { >> + return UnsupportedExit (Ghcb, Regs, InstructionData); >> + } >> + Regs->Rax = Ghcb->SaveArea.Rax; >> + Regs->Rdx = Ghcb->SaveArea.Rdx; >> + } >> + >> + return 0; >> +} >> + >> #define IOIO_TYPE_STR (1 << 2) >> #define IOIO_TYPE_IN 1 >> #define IOIO_TYPE_INS (IOIO_TYPE_IN | IOIO_TYPE_STR) >> @@ -743,6 +802,10 @@ VmgExitHandleVc ( >> NaeExit = IoioExit; >> break; >> >> + case SVM_EXIT_MSR: >> + NaeExit = MsrExit; >> + break; >> + >> default: >> NaeExit = UnsupportedExit; >> } >> >