From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.76]) by mx.groups.io with SMTP id smtpd.web10.19660.1590174175925007012 for ; Fri, 22 May 2020 12:02:56 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=TuIZWADC; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.92.76, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fuK2IWy4/+cbgty5+cognohRK26w7NuOHcI2eD3xM3QGM+rlPSmsyFl1YEB7AUpW8o5Oq3GuXYWP/lwRjFj0AWDeE+ULx/B1MQacNr4IFuXS6hF8XrKZyC4Qa6rcP4wdzd+SjhOzYBUvMpvHYWf6cmRA7EkLgTyfol+dq04IvgsSqLDcvxuxtwy8E7shu0P0Pxo7OoTWcHaxg6O9WqpTS1blxTAdrSMz2NLmIL74cgU1XhW8ch5t4RfXAdJY3mUkxQLUXuh8445Ka7lzMLwykPaD3YQ4hxYDAeuOtr9NFNdQCLubZBP2hH4nJjqQJdb+ujjgCALMsNBMsZWSp3hIMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aorR123GiKp9ZOjPhjSuFfx5fhHk39LMU3gGzCoYfy8=; b=H9xBlKT9xw0CXluZ6Pa5XOqL2ct5Wa1o5Rvei7mtAgfaG16gWzvE19NMW8YFRkkaLrOUWnsrXRKO7XGkQtvpTQ7ZlIaRbB+Q5i/Pef7RRVYxwVgfyhkjltLLcoRaBcwtFn0LEBXI83t56huRVWiLYe8x8bLQ7DyKsuOQ5C7uIvsGSwidhv4y+xIOGpfCNH0ulJ6jNGJ2fGACHXkmqd3IildzJvl75GgdmkilUeXQIqzo+JG1XrgEAt4myuw8golTgqEGo9uRBAGPmHRySoa+8vGvWwtQkkpItHKpFk5uzon7jAdzGVdmU1/DBfTooJQ7kLnVTG+SRfXEccRg8ehsFw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aorR123GiKp9ZOjPhjSuFfx5fhHk39LMU3gGzCoYfy8=; b=TuIZWADCX1Hcqq4n/2RbSRcmjEXVyskgv/JpsaF3IyVNr/MxRlT2NYrKPq64KYjnHo9CVz+o0ze7QDwwlCZI7mcbGlA6/CWiVropCTcWjPnDBw6ep9HChC39Oq9UER0d9hzCjaPMJ5jHjgZwWVzPkAam1Z1C7qLEaZEpdKsnNOE= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB2392.namprd12.prod.outlook.com (2603:10b6:4:b1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.24; Fri, 22 May 2020 19:02:54 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.3000.034; Fri, 22 May 2020 19:02:54 +0000 Subject: Re: [edk2-devel] [PATCH v8 15/46] OvmfPkg/VmgExitLib: Add support for CPUID NAE events To: Laszlo Ersek , devel@edk2.groups.io Cc: Jordan Justen , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh , Ard Biesheuvel References: <14058ebd-7cd0-01b9-84c7-2ebaa060038a@redhat.com> From: "Lendacky, Thomas" Message-ID: Date: Fri, 22 May 2020 14:02:52 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 In-Reply-To: <14058ebd-7cd0-01b9-84c7-2ebaa060038a@redhat.com> X-ClientProxiedBy: SN4PR0701CA0008.namprd07.prod.outlook.com (2603:10b6:803:28::18) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0701CA0008.namprd07.prod.outlook.com (2603:10b6:803:28::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.23 via Frontend Transport; Fri, 22 May 2020 19:02:53 +0000 X-Originating-IP: [67.79.209.213] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 47425bbe-313e-4b6e-78b5-08d7fe82bb80 X-MS-TrafficTypeDiagnostic: DM5PR12MB2392: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-Forefront-PRVS: 04111BAC64 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cnUOD5kEwhdQHIKuEMkk4MuBVDJKp6mxhnvxLpwPu3XRkcFgdVLy/RnwbGYF2iOFyM2cZRx+L3M+46KErDtFOXlLv+vHHw1jhxq1mMKEns6mY9iaChVvya5LSlAkbWaq7lzmHx3yhqLRUtmB5HSKEJS79qUllo9cjaFQt+hHq70Kt2JUZNoZ6psw84OqXdupTDbEpi0WSYtYNz/xYEZp2eICYF+FypSOIoxsq5lZAtxbd+kaJhkVplwQUkBkzRfwncbdy9isLmRmzzjEkiLrZaTm+pqottc/FwKrg0ovP/MzzBcsZbtdJUIld3UyWzZIp9crDev6bOUGKvuXtsuXN2eEPYkCh5vWdZ5G0R//Y3cueRiOXxdw86goZmlaSw2VbEtZVlCUMpxb5zsdkwvsSe5Mmq2VRH54eFMuVM4xkpd00KmxlAjR6HxIefTU2YQZj1eMnKHfh7kFuOlsuw5E1T2Fa06lrVRlw9CdLVUcX4mJdcjT4Po6/63Rxu9KUHfR0H5vwR/NzwGebmtAey4eFY7Pi5cjGrURX3BWwRWMRZfhtaG4E4pTCDXPlc6h/ZDKUir7j8PCCHYdR1naRp/JVg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(346002)(39860400002)(396003)(366004)(376002)(45080400002)(6506007)(8936002)(26005)(8676002)(6486002)(53546011)(2906002)(6512007)(36756003)(31696002)(86362001)(966005)(5660300002)(54906003)(478600001)(31686004)(186003)(16526019)(4326008)(66476007)(956004)(66556008)(2616005)(19627235002)(66946007)(52116002)(316002)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: OQjfBz1k4ydW6IdVe8sPomvzPafjtCYjOM6qeeTlXRXf4FOmnARjlaYLD2MDnuOXARGdrVuBD6wMK1tOrDDykoIQZqP5UNUbqXtSLwUu22askjKeH8Tj+VfgsXFx/bs4U6ClEzC0biTsusO6O94u3JTcEgL+sBKeYUP+sNmad8DwmoeQ2Orq4vF3tXPxVKo8bToQqejkzABDoHOrT6e95qsuV8/U/4ExPkAAE7f9rAI1iEzjBElZSzc3Gxh5YeBF46UCzTPWX1WFrEv4VDGjHGN8q2xoajsjNagQh+6AEMq6+9IxWzGOzBKm4/ShYzx8tdIws5+OAbNPRl4fRdDgrNJbXaM5XO/SsxvjNnPOmH05UHl3xKsprfZCLik2Z3q2ROdyJgRE3f1rfAQZ3FnPUmgOe3RZvBOAcgydPhf+lvg4os81GNmlRiirBb0VAhBVVu2oK27PJQACsv+tsx/zGrA/Dfm8rHJij0wtpdjzRyo= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 47425bbe-313e-4b6e-78b5-08d7fe82bb80 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2020 19:02:54.2846 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lCB5yiDjYZm5yccZN08Ad/e4GajPZxxgXYm4AK6mhz3tkR1Ocg8BwQvoCHSJvYlCkTqzgSmLMQZ9QwhVOkNfEA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB2392 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 5/22/20 5:27 AM, Laszlo Ersek wrote: > On 05/19/20 23:50, Lendacky, Thomas wrote: >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2198&data=02%7C01%7Cthomas.lendacky%40amd.com%7C34f8c61055564e148e1408d7fe3ab37f%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637257400397998277&sdata=96rpbKClaJMRK86jpyryqNPdUVsPDqMBOFgSuO9j%2BzA%3D&reserved=0 >> >> Under SEV-ES, a CPUID intercept generates a #VC exception. VMGEXIT must be >> used to allow the hypervisor to handle this intercept. >> >> Add support to construct the required GHCB values to support a CPUID NAE >> event. Additionally, CPUID 0x0000_000d requires XCR0 to be supplied in >> the GHCB, so add support to issue the XGETBV instruction. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Signed-off-by: Tom Lendacky >> --- >> .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 58 +++++++++++++++++++ >> 1 file changed, 58 insertions(+) >> >> diff --git a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> index 906b32e93d53..2f62795edf61 100644 >> --- a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> +++ b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c >> @@ -12,6 +12,8 @@ >> #include >> #include >> >> +#define CR4_OSXSAVE (1 << 18) >> + > > (1) Please drop this macro, and: Done. > >> // >> // Instruction execution mode definition >> // >> @@ -637,6 +639,58 @@ IoioExit ( >> return 0; >> } >> >> +/** >> + Handle a CPUID event. >> + >> + Use the VMGEXIT instruction to handle a CPUID event. >> + >> + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communication >> + Block >> + @param[in, out] Regs x64 processor context >> + @param[in] InstructionData Instruction parsing context >> + >> + @retval 0 Event handled successfully >> + @retval Others New exception value to propagate >> + >> +**/ >> +STATIC >> +UINT64 >> +CpuidExit ( >> + IN OUT GHCB *Ghcb, >> + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, >> + IN SEV_ES_INSTRUCTION_DATA *InstructionData >> + ) >> +{ >> + UINT64 Status; >> + >> + Ghcb->SaveArea.Rax = Regs->Rax; >> + GhcbSetRegValid (Ghcb, GhcbRax); >> + Ghcb->SaveArea.Rcx = Regs->Rcx; >> + GhcbSetRegValid (Ghcb, GhcbRcx); >> + if (Regs->Rax == 0x0000000d) { > > (2a) Can we use CPUID_EXTENDED_STATE here, from ? Yup. > > (2b) If so, I'd suggest updating the commit message too: replace "CPUID > 0x0000_000d" with "CPUID 0x0000_000d (CPUID_EXTENDED_STATE)". Will do. > >> + Ghcb->SaveArea.XCr0 = (AsmReadCr4 () & CR4_OSXSAVE) ? AsmXGetBv (0) : 1; > > (3) Here, please use the IA32_CR4 type from : > > IA32_CR4 Cr4; > > Cr4.UintN = AsmReadCr4 (); > Ghcb->SaveArea.XCr0 = (Cr4.Bits.OSXSAVE == 1) ? AsmXGetBv (0) : 1; Will do. > > > Some of the style requests I made under earlier patches in this series > apply here, so I won't spell them out again. > > > With the style updated: > > Acked-by: Laszlo Ersek Thanks! Tom > > Thanks > Laszlo > >> + GhcbSetRegValid (Ghcb, GhcbXCr0); >> + } >> + >> + Status = VmgExit (Ghcb, SVM_EXIT_CPUID, 0, 0); >> + if (Status) { >> + return Status; >> + } >> + >> + if (!GhcbIsRegValid (Ghcb, GhcbRax) || >> + !GhcbIsRegValid (Ghcb, GhcbRbx) || >> + !GhcbIsRegValid (Ghcb, GhcbRcx) || >> + !GhcbIsRegValid (Ghcb, GhcbRdx)) { >> + return UnsupportedExit (Ghcb, Regs, InstructionData); >> + } >> + Regs->Rax = Ghcb->SaveArea.Rax; >> + Regs->Rbx = Ghcb->SaveArea.Rbx; >> + Regs->Rcx = Ghcb->SaveArea.Rcx; >> + Regs->Rdx = Ghcb->SaveArea.Rdx; >> + >> + return 0; >> +} >> + >> /** >> Handle a #VC exception. >> >> @@ -681,6 +735,10 @@ VmgExitHandleVc ( >> >> ExitCode = Regs->ExceptionData; >> switch (ExitCode) { >> + case SVM_EXIT_CPUID: >> + NaeExit = CpuidExit; >> + break; >> + >> case SVM_EXIT_IOIO_PROT: >> NaeExit = IoioExit; >> break; >> >