From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id DD824D80A5F for ; Mon, 4 Mar 2024 01:09:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=4B2YEuCWJ7nUF4EUT8hez6PF8xOkg3IyCsg6SmCq0Qg=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1709514572; v=1; b=IabRkpmPB5p3XQecw1ezdDjcCWr3eHIzQj6mvc3onLxL6+AZVdRoOJtQ2YRS2EvxZfYK4eke Pq0rTY0fx6HLvDmWxPRXIsr3enTkMYv3ezbi2kDHkHp9j9uMLQUzKORqfQajd7Y2rouW3KuREy4 XXPnkpvhRJB4VJLVckapShc4= X-Received: by 127.0.0.2 with SMTP id jVxVYY7687511xaNjJh2hRc3; Sun, 03 Mar 2024 17:09:32 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) by mx.groups.io with SMTP id smtpd.web10.87993.1709514571929496908 for ; Sun, 03 Mar 2024 17:09:31 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,11002"; a="3854434" X-IronPort-AV: E=Sophos;i="6.06,201,1705392000"; d="scan'208";a="3854434" X-Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Mar 2024 17:09:32 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,201,1705392000"; d="scan'208";a="9183819" X-Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by orviesa007.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 03 Mar 2024 17:09:30 -0800 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Sun, 3 Mar 2024 17:09:30 -0800 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Sun, 3 Mar 2024 17:09:30 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Sun, 3 Mar 2024 17:09:29 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k9hW/BJqLRCE+lp0SqylsKO1wQVmBeZiORUj5PTDaerKndoHnHfC6YQmbobnbiJ/CLB9OsLcAApQ3ropZJBF3OIltHZpPjhp1AxdTZSpxLl8pxxnMdrrxNS/3YqjRQzYD3W1dfdxRZ815qIkPlwbzK7UNrQTWBd+PvSzLySP9e2GjFhgkOqK48UTnJZdDEwbAmYvAQp9MHXM1QJ0kYdtlDaQQQpngqrF1mM8SvmmxpQ6Et7ku9Akuz3t1XB7zG63kg9bdyn3PAY2Uh5/3/gASUJv3hAie+fIEc2M+ZHjekVXe9+ruprN/7aGvtC8oqBPbLh/xK+iFsQRI8v7OCa01Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bCrFSm2hVNTUN5KAvdp7VYxFouLmAYiKBze0xMpwJJw=; b=GYi/ThQjUCRQgUSLYWcbBC+vnn/QJCAgkucN58eiAFu8TqBkANarXv5+uqgD9GZSjFdfo4Rjlcltyxh/5pCF5h5T+F5SKpyR4wIG678zq+R0un/LK7GtzsE3TQA6E+7QyBMyiqr2tfE0lEbJyS0D1FrTemvdAuuJMTztg6aumGnU5VG2uW6wnwNTUsIIDbJrxAs/e1Ssds9v96N/vCTjljCAx8XMRwb6Pcg4nOVRBKqVodUiWkit+VQXlkVz318vloMyiZ2xEaQc58i0Aojoxcjt5u4aJ9S+5HP00aoLBUe+Rey3psgcVD5+FmMLVIVKVVamIJU/Ntd5w8vQThMZXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from PH0PR11MB5064.namprd11.prod.outlook.com (2603:10b6:510:3b::15) by PH7PR11MB6881.namprd11.prod.outlook.com (2603:10b6:510:200::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.22; Mon, 4 Mar 2024 01:09:27 +0000 X-Received: from PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::d86c:2d20:296:2a47]) by PH0PR11MB5064.namprd11.prod.outlook.com ([fe80::d86c:2d20:296:2a47%2]) with mapi id 15.20.7362.019; Mon, 4 Mar 2024 01:09:25 +0000 From: "Min Xu" To: "Sun, CepingX" , "devel@edk2.groups.io" CC: "Aktas, Erdem" , James Bottomley , "Yao, Jiewen" , Tom Lendacky , Michael Roth , Gerd Hoffmann , "Yamahata, Isaku" Subject: Re: [edk2-devel] [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall Thread-Topic: [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall Thread-Index: AQHaaHNZ1ryId9gosE20JN8WehvvjLEm0EFw Date: Mon, 4 Mar 2024 01:09:24 +0000 Message-ID: References: <20240226211833.3156606-1-cepingx.sun@intel.com> <20240226211833.3156606-4-cepingx.sun@intel.com> In-Reply-To: <20240226211833.3156606-4-cepingx.sun@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR11MB5064:EE_|PH7PR11MB6881:EE_ x-ms-office365-filtering-correlation-id: 8a175279-74e9-4d62-b740-08dc3be7bb97 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: Q46AUTvIIYyDMOXQL5rfHI/r+IkZtH7DafgJxr+aFCBmfH2u1ctDs2fF0FvU/uZHYUMNZB+BN3CmJZxDZHwC/9qATZi8DAhIwCnfNMZqWasA6H8ByHxxBaPZAJznY51yNz4PCYm/RjZicRU9SGBGBKlbgTLXwCG65jSHUcrG0oQOMz600iUCVg5L/z+eNxZXl/H5P1+Avw0/ie1sr9zRkYsbCXtC0NVmHCV+DSDy5p0uOOQAyHVFVaCgojMZRcW7psQ0rYo9F9kDyc1t/55KUOtEvMh2qmTGTpv5qqdVi0mQE0kICB3Rn/tW+PIP8EEIoOKnGPBY7lPVFe8HtEZCZJL4ao6SZOplhGQDrlJUr+sMI6qaikiH97gUIf8hOj3Wef0zUjtl5oUNvhqf8o8A5l1wvr5Zahyrso+enlMOMmHkG4WiJ9r/br6Aow6fGuyxlclqi00jiZShDQP5+18HWvww/7w9dXp7FjY6kC+UzqjOVZ6JE8rE4ZR03SXrTDu/NuAoXHgb3FnKXz1jcggtTO4RsjWswIq14oKKC3a3RONGvs7MWm/1E6a42aC++nG258WxiDB5fMsRNZRTo86jrbYeEavo3qxTXDH/J+dODx9h6FGslvyxcX+KIxbz1fM9I8E0gjBRC5OJHpHLdnCkhJ+mMnEjudcmZo4Tq5sB6GxQY7Cn/6Z13gQnwHEqxpCW x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?DbLAk0ajVe3zRuKBoYFfZ4dkk1bvdOL5NPtxFPVBRQSOR9GGZ1IuxwpgGBa8?= =?us-ascii?Q?nqZd5otdeztToibb7g+9XDLhFv80IIdq0/tbqn/N+jhCu9/q8wFgAN9Vgb1f?= =?us-ascii?Q?F6NWhjjUzsiaTMgA0Upu9fi9upyuUKhnYErJ0WrTHR4X8GI3IJ8F6/smG8FX?= =?us-ascii?Q?vEwgWe5nOglUgOPcX8RTVcB+1atbrE4IyOKf72qG6AetfBy3f/Ctx+JB0MNN?= =?us-ascii?Q?U6gMDbqeR+Yudf/mBB/t03rhL1cT5XJZqhweukAxmVgCdcp60yzHPPuOm4Tm?= =?us-ascii?Q?A1u3g/MR06iXm/qmFba1XBGEAyT4YO/0MhAC2UHNarcRxxzvTzNTksRSvCko?= =?us-ascii?Q?Gj/KuAqjXnMER2NJQiQ5tjhwoYUVe0DbpRPQkZZ7wT0OLXBvSF7UMnJgkOLU?= =?us-ascii?Q?MyS63wyXptpvSkhxk/x7K3JyNq/dVZQrFtRUEE/mpEThaUdG6GNJAVx6QXVR?= =?us-ascii?Q?PqCuuF4FbTmGrDuhEVMjcXey0HsY694FwDK5W4puEkwO5oaap9v7ndvNYMwH?= =?us-ascii?Q?6qEmXiXqLiGtbj414ts3TgTXbEOlA3OiXujlr3h1Mnr9g4Qw/MRgJmse27Ps?= =?us-ascii?Q?Ki3N9TdWhGqpIc71I0y4sMA5L8LAuUaWT+kLne5UE5UXuXE6Khy9NaV2I9SM?= =?us-ascii?Q?XFePHOJKQ477gvjMVIzH25wZO28LKQdgtH6aUw2Rur77s53KmKS92cjyDDhI?= =?us-ascii?Q?IOkYy4Gcazz3Ydhbp8IvUZ0zH6ADS3fQ458ilk0TwAb5m/XnMfnCQLtUX22e?= =?us-ascii?Q?jzEOeb8svrn58deHkrNUgFcNTzTecqSrtY3mY4BdVEJqqzmN57uivAmxLBEB?= =?us-ascii?Q?ZXBX2NdzqCVDoGzimhRVLluLD0SqXmH6CJua/XwYlqu69OSDFY0+ZQ7dRFm5?= =?us-ascii?Q?hoJH8G+qsfdYgRRK0sJRqpHPKwysdswmasfekz37ByLsyR7AmK6ciHZ1J0ZS?= =?us-ascii?Q?zWF5IzOJ1OFydDluPDVPkqB8wuVN+xBbFdG5FvwgkioZi4UO5M5o9w3oGHK9?= =?us-ascii?Q?DfqXs4pi3h6pDlR0zQ6lHUg6WOjjGuz/LfQMn5EMltsI80Fx0E3ucjCP5hRO?= =?us-ascii?Q?TBEN8edSTSpqV7CdiuU6dFkjNnkSqFzMwyvHgyECwCTYg5slGz5fUvR6k2b8?= =?us-ascii?Q?w0MEHv2uGoz9YPumsEIJj56kDc2noDvkCClxYSb8Oh6NXoMBjDjWOt8pw4/Q?= =?us-ascii?Q?anTIaFVIeh8UbzQCryKkJ/qGsW0oG3KmT/qJQ22j7FRh1dwhgYXi64jvDm60?= =?us-ascii?Q?Y2UDBzbnCtrSaOhPLMs2HuVz4X7IKx+YcN5HBBuiCviTVkMbufkof130jYnG?= =?us-ascii?Q?grfLzx/lP9C2O9drLcrCfIM4jVan6ImT7mCCmGWlMGR8wwFTV30oBxLmN5eT?= =?us-ascii?Q?29I0XVQWaOTB+acj6yKyak7lO/JwImJKYd6xgKmxDdFCk5eqBe/hjec2YiR/?= =?us-ascii?Q?BenvOqwhZplorHgaPdalVAWX7+ph03rVfn2yyCQ0acRB7LAGO7diF8axdblM?= =?us-ascii?Q?vf2uRQZLAS3c8aQxuRk5GbYxMXRktt2aoo1/C/3AzU9IgD6dy3rHhAdvqhRm?= =?us-ascii?Q?HaAphz3HPJBGbMp3vGIX6XJRJosKKhZFx9w+l/Hk?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5064.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8a175279-74e9-4d62-b740-08dc3be7bb97 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2024 01:09:25.0052 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iFjuDdk7aeHw7q8UE5/ZAUDpfq5f3PxHnJtI0J6zKu1kKt9JZwSS+FrLVggXfKgXWh6C6YqE2M8M+jq4SH03ng== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6881 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,min.m.xu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ikJOaIbE70mr0DtXnoNRzBd9x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=IabRkpmP; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Reviewed-by: Min Xu > -----Original Message----- > From: Sun, CepingX > Sent: Tuesday, February 27, 2024 5:19 AM > To: devel@edk2.groups.io > Cc: Sun, CepingX ; Aktas, Erdem > ; James Bottomley ; Yao, > Jiewen ; Xu, Min M ; Tom > Lendacky ; Michael Roth > ; Gerd Hoffmann ; > Yamahata, Isaku > Subject: [PATCH V1 3/3] OvmfPkg/TdxDxe: Clear the registers before tdcall >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4696 >=20 > Refer to the [GHCI] spec, TDVF should clear the BIT5 for RBP in the mask. > And TDVF should clear the regitsers to avoid leaking secrets to VMM. >=20 > Reference: > [GHCI]: TDX Guest-Host-Communication Interface v1.5 > https://cdrdv2.intel.com/v1/dl/getContent/726792 >=20 > Cc: Erdem Aktas > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Min Xu > Cc: Tom Lendacky > Cc: Michael Roth > Cc: Gerd Hoffmann > Cc: Erdem Aktas > Cc: Isaku Yamahata > Signed-off-by: Ceping Sun > --- > OvmfPkg/TdxDxe/X64/ApRunLoop.nasm | 30 > ++++++++++++++++++++++++++---- > 1 file changed, 26 insertions(+), 4 deletions(-) >=20 > diff --git a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm > b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm > index 0bef89c48552..57560015f491 100644 > --- a/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm > +++ b/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm > @@ -20,7 +20,7 @@ SECTION .text >=20 > BITS 64 >=20 > -%define TDVMCALL_EXPOSE_REGS_MASK 0xffec > +%define TDVMCALL_EXPOSE_REGS_MASK 0xffcc > %define TDVMCALL 0x0 > %define EXIT_REASON_CPUID 0xa >=20 > @@ -28,6 +28,30 @@ BITS 64 > db 0x66, 0x0f, 0x01, 0xcc > %endmacro >=20 > +%macro tdcall_regs_preamble 2 > + mov rax, %1 > + > + xor rcx, rcx > + mov ecx, %2 > + > + ; R10 =3D 0 (standard TDVMCALL) > + > + xor r10d, r10d > + > + ; Zero out unused (for standard TDVMCALL) registers to avoid leaking > + ; secrets to the VMM. > + > + xor esi, esi > + xor edi, edi > + > + xor edx, edx > + xor ebp, ebp > + xor r8d, r8d > + xor r9d, r9d > + xor r14, r14 > + xor r15, r15 > +%endmacro > + > ; > ; Relocated Ap Mailbox loop > ; > @@ -40,11 +64,9 @@ global ASM_PFX(AsmRelocateApMailBoxLoop) > ASM_PFX(AsmRelocateApMailBoxLoop): > AsmRelocateApMailBoxLoopStart: >=20 > - mov rax, TDVMCALL > - mov rcx, TDVMCALL_EXPOSE_REGS_MASK > - xor r10, r10 > mov r11, EXIT_REASON_CPUID > mov r12, 0xb > + tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK > tdcall > test r10, r10 > jnz Panic > -- > 2.34.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116294): https://edk2.groups.io/g/devel/message/116294 Mute This Topic: https://groups.io/mt/104577524/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-