From: "Brijesh Singh" <brijesh.singh@amd.com>
To: Laszlo Ersek <lersek@redhat.com>, devel@edk2.groups.io
Cc: brijesh.singh@amd.com, James Bottomley <jejb@linux.ibm.com>,
Min Xu <min.m.xu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Erdem Aktas <erdemaktas@google.com>
Subject: Re: [edk2-devel] [PATCH RFC v2 03/28] MdePkg: Define the GHCB GPA structure
Date: Mon, 3 May 2021 07:55:23 -0500 [thread overview]
Message-ID: <ae72d97e-0749-1a80-7667-4913ad3fca96@amd.com> (raw)
In-Reply-To: <bbb1ddc7-9d8f-d306-34eb-ba5a0b5292a5@redhat.com>
On 5/3/21 7:19 AM, Laszlo Ersek wrote:
> On 05/03/21 12:24, Laszlo Ersek wrote:
>> On 04/30/21 13:51, Brijesh Singh wrote:
>>> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cbrijesh.singh%40amd.com%7C9eac9a93753d403dcc4d08d90e2dbcb5%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637556411874265560%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=eNafEGfhCMOkOboQOJnxq8Rw%2BOTuvAUGIziDuELV8%2Bk%3D&reserved=0
>>>
>>> An SEV-SNP guest is required to perform the GHCB GPA registration. See
>>> the GHCB specification for further details.
>>>
>>> Cc: James Bottomley <jejb@linux.ibm.com>
>>> Cc: Min Xu <min.m.xu@intel.com>
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Tom Lendacky <thomas.lendacky@amd.com>
>>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Erdem Aktas <erdemaktas@google.com>
>>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>>> ---
>>> MdePkg/Include/Register/Amd/Fam17Msr.h | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>
>>> diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Register/Amd/Fam17Msr.h
>>> index a65d51ab12..e19bd04b6c 100644
>>> --- a/MdePkg/Include/Register/Amd/Fam17Msr.h
>>> +++ b/MdePkg/Include/Register/Amd/Fam17Msr.h
>>> @@ -53,6 +53,11 @@ typedef union {
>>> UINT64 Features:52;
>>> } GhcbHypervisorFeatures;
>>>
>>> + struct {
>>> + UINT64 Function:12;
>>> + UINT64 GuestFrameNumber:52;
>>> + } GhcbGpaRegister;
>>> +
>>> VOID *Ghcb;
>>>
>>> UINT64 GhcbPhysicalAddress;
>>> @@ -62,6 +67,8 @@ typedef union {
>>> #define GHCB_INFO_SEV_INFO_GET 2
>>> #define GHCB_INFO_CPUID_REQUEST 4
>>> #define GHCB_INFO_CPUID_RESPONSE 5
>>> +#define GHCB_INFO_GHCB_GPA_REGISTER_REQUEST 18
>>> +#define GHCB_INFO_GHCB_GPA_REGISTER_RESPONSE 19
>>> #define GHCB_HYPERVISOR_FEATURES_REQUEST 128
>>> #define GHCB_HYPERVISOR_FEATURES_RESPONSE 129
>>> #define GHCB_INFO_TERMINATE_REQUEST 256
>>>
>> The number match the spec (2.0), but I have some remarks / questions.
>>
>> (1) Patch #2 (SVM_EXIT_HYPERVISOR_FEATURES) and this patch
>> (GHCB_INFO_GHCB_GPA_REGISTER_REQUEST) break the nice alignments of the
>> macro values (replacement texts) in both header files. Can you prepend a
>> whitespace-only patch that simply moves the affected "columns" to the
>> right far enough?
Sure, do you want me to the post after all the new VMGEXIT's are defined ?
>>
>> (2) I've checked section 2.3.2 "GHCB GPA Registration" in the spec
>> (2.0). What is the specific risk of allowing a guest to switch from one
>> GHCB address to another?
The GHCB is a shared page, there is no risk to switch from one page to
another. This feature is designed to simplify some of the hypervisor
implementation. Since the GHCB is accessed on every vmgexit, a
hypervisor may prefer to create a map during the registration and refer
the map instead of creating a new mapping on every vmgexit.
>>
>> (3) It seems strange to expect that a guest stick with a particular GHCB
>> address for its entire lifetime (including firmware and OS) -- in fact
>> OVMF already uses multiple GHCB addresses. The spec does not explain how
>> the guest can "unlock" (de-register) a registered GHCB address.
>> Furthermore, if a guest can do that *at all* (which I think it must --
>> we're already using different GHCB addresses between SEC and DXE, for
>> example), then what protection does the *temporary* locking of the GHCB
>> address provide?
The spec does not force that GHCB should *never* change once registered.
It says that before switching to new GHCB page, the guest must register
the page. As you rightly said that OVMF uses multiple GHCBs from SEC to
DXE. There is no unregister, registering a new GHCB is a hint to
hypervisor that it should drop the old GHCB mapping. The GHCB
registration is not a PSP function, and are not designed to mitigate a
security exploits. It is purely a hypevisor virtualized feature.
>> I'll stop reviewing here, because I think I need to understand your
>> answers. I'd like to have a rudimentary mental basis for reviewing the rest.
> ... interestingly, with reference to my question (2) under patch "RFC v2
> 02/28", the GHCB GPA registration function is one that can *only* be
> performed with the GHCB MSR protocol, and not through the GHCB page.
>
> So that shows that the MSR protocol's functions cannot be considered a
> pure subset of the GHCB page's functions. If
> SVM_EXIT_HYPERVISOR_FEATURES didn't exist (and the same function would
> only be accessible via GHCB_HYPERVISOR_FEATURES_REQUEST), then no
> "larger principle" would be damaged.
That is correct, not every exit have both MSR and non MSR protocol based
vmgexit. It seems that during the spec review no other HV vendor saw the
need for non-MSR based exit. Certainly, I don't see a need for it in KVM
and can't comment on other HV ;)
>
> Thanks
> Laszlo
>
next prev parent reply other threads:[~2021-05-03 12:55 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-30 11:51 [PATCH RFC v2 00/28] Add AMD Secure Nested Paging (SEV-SNP) support Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 01/28] MdePkg: Expand the SEV MSR to include the SNP definition Brijesh Singh
2021-05-03 8:39 ` [edk2-devel] " Laszlo Ersek
2021-05-03 11:42 ` Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 02/28] MdePkg: Define the GHCB Hypervisor features Brijesh Singh
2021-05-03 10:10 ` [edk2-devel] " Laszlo Ersek
2021-05-03 12:20 ` Brijesh Singh
2021-05-03 13:40 ` Laszlo Ersek
2021-04-30 11:51 ` [PATCH RFC v2 03/28] MdePkg: Define the GHCB GPA structure Brijesh Singh
2021-05-03 10:24 ` [edk2-devel] " Laszlo Ersek
2021-05-03 12:19 ` Laszlo Ersek
2021-05-03 12:55 ` Brijesh Singh [this message]
2021-05-03 13:50 ` Laszlo Ersek
2021-05-03 13:55 ` Laszlo Ersek
2021-04-30 11:51 ` [PATCH RFC v2 04/28] MdePkg: Define the Page State Change VMGEXIT structures Brijesh Singh
2021-05-04 12:33 ` [edk2-devel] " Laszlo Ersek
2021-05-04 13:59 ` Laszlo Ersek
2021-05-04 14:48 ` Lendacky, Thomas
2021-05-04 18:07 ` Laszlo Ersek
2021-05-04 18:53 ` Brijesh Singh
2021-05-05 18:24 ` Laszlo Ersek
2021-05-05 19:27 ` Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 05/28] MdePkg: Add AsmPvalidate() support Brijesh Singh
2021-05-04 13:58 ` [edk2-devel] " Laszlo Ersek
2021-05-04 14:09 ` Laszlo Ersek
2021-05-04 19:07 ` Brijesh Singh
2021-05-05 18:56 ` Laszlo Ersek
[not found] ` <167BF2A01FA60569.6407@groups.io>
2021-05-04 19:55 ` Brijesh Singh
2021-05-05 19:10 ` Laszlo Ersek
[not found] ` <167BF53DA09B327E.22277@groups.io>
2021-05-04 20:28 ` Brijesh Singh
2021-05-04 23:03 ` Brijesh Singh
2021-05-05 19:19 ` Laszlo Ersek
2021-05-05 19:17 ` Laszlo Ersek
2021-04-30 11:51 ` [PATCH RFC v2 06/28] OvmfPkg/BaseMemEncryptSevLib: Introduce MemEncryptSevClearMmioPageEncMask() Brijesh Singh
2021-05-06 10:39 ` [edk2-devel] " Laszlo Ersek
2021-05-06 19:18 ` Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 07/28] OvmfPkg: Use MemEncryptSevClearMmioPageEncMask() to clear EncMask from Mmio Brijesh Singh
2021-05-06 10:50 ` [edk2-devel] " Laszlo Ersek
2021-05-06 19:20 ` Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 08/28] OvmfPkg/BaseMemEncryptSevLib: Remove CacheFlush parameter Brijesh Singh
2021-05-06 11:08 ` [edk2-devel] " Laszlo Ersek
2021-04-30 11:51 ` [PATCH RFC v2 09/28] OvmfPkg/VmgExitLib: Allow PMBASE register access in Dxe phase Brijesh Singh
2021-05-06 14:08 ` [edk2-devel] " Laszlo Ersek
2021-05-06 14:12 ` Laszlo Ersek
2021-05-07 13:29 ` Brijesh Singh
2021-05-07 15:10 ` Laszlo Ersek
2021-05-07 15:19 ` Brijesh Singh
2021-05-07 15:47 ` Laszlo Ersek
2021-04-30 11:51 ` [PATCH RFC v2 10/28] OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 11/28] OvmfPkg: Reserve Secrets page in MEMFD Brijesh Singh
2021-05-05 6:42 ` [edk2-devel] " Dov Murik
2021-05-05 13:11 ` Brijesh Singh
2021-05-05 19:33 ` Laszlo Ersek
2021-05-06 10:57 ` Dov Murik
2021-05-06 15:06 ` Laszlo Ersek
2021-05-06 16:12 ` James Bottomley
2021-05-06 16:02 ` James Bottomley
2021-04-30 11:51 ` [PATCH RFC v2 12/28] OvmfPkg: Reserve CPUID page for the SEV-SNP guest Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 13/28] OvmfPkg: Validate the data pages used in the Reset vector and SEC phase Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 14/28] UefiCpuPkg: Define the SEV-SNP specific dynamic PCDs Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 15/28] OvmfPkg/MemEncryptSevLib: extend the workarea to include SNP enabled field Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 16/28] OvmfPkg/MemEncryptSevLib: Extend Es Workarea to include hv features Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 17/28] OvmfPkg/ResetVector: Invalidate the GHCB page Brijesh Singh
2021-05-03 13:05 ` Erdem Aktas
2021-05-03 14:28 ` Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 18/28] OvmfPkg: Add a library to support registering GHCB GPA Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 19/28] OvmfPkg: register GHCB gpa for the SEV-SNP guest Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 20/28] UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 21/28] OvmfPkg/MemEncryptSevLib: Add support to validate system RAM Brijesh Singh
2021-05-03 14:04 ` Erdem Aktas
2021-05-03 18:56 ` Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 22/28] OvmfPkg/BaseMemEncryptSevLib: Skip the pre-validated " Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 23/28] OvmfPkg/MemEncryptSevLib: Add support to validate > 4GB memory in PEI phase Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 24/28] OvmfPkg/SecMain: Pre-validate the memory used for decompressing Fv Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 25/28] OvmfPkg/PlatformPei: Validate the system RAM when SNP is active Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 26/28] OvmfPkg/MemEncryptSevLib: Change the page state in the RMP table Brijesh Singh
2021-04-30 11:51 ` [PATCH RFC v2 27/28] OvmfPkg/AmdSev: Expose the SNP reserved pages through configuration table Brijesh Singh
2021-05-05 7:10 ` [edk2-devel] " Dov Murik
2021-05-05 19:37 ` Laszlo Ersek
2021-04-30 11:51 ` [PATCH RFC v2 28/28] MdePkg/GHCB: Increase the GHCB protocol max version Brijesh Singh
2021-04-30 16:49 ` [edk2-devel] [PATCH RFC v2 00/28] Add AMD Secure Nested Paging (SEV-SNP) support Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ae72d97e-0749-1a80-7667-4913ad3fca96@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox