From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.86]) by mx.groups.io with SMTP id smtpd.web11.10860.1591363696270315134 for ; Fri, 05 Jun 2020 06:28:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=oCgHb631; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.243.86, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bvs1lM/oUnuw1yQ2GcLdfTw4uFl47/qUx9b3kMIvyJ4LmU1M1xuLnEelrK53ju7VSdIhXRaNx3SDpjCZnih4aFCW4GC5bj/sVG/GGMCx/Vs6jFub3l/G34kcEvA1q4yydkifc+1OpjFt247OVWW6tzOPKvct86H14IfajrK/k23HjE181O+3QNBId3dTlU0k2Z+5JJYH9Kkb1EBuiBEn1l00tIbM5D/WQ26yQGIjAZeWS6uxbdBXUfBdVss8yK6u0vr+uQ4Eip3qvcEvtpFwiicXDFAgWPVKYHRnrTZYYW4dDpkzNBjqgy1moy3LOk2nvBwJD4jH3eE7g0/NN41npw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0CI9HNW9M3kTyEx2BebsPDrNr+FG+12DAcINua02qGc=; b=P7BluYFO+YGwhvuf+h/QUul0TyqsAxcutcVJV7lJVQgVpPWXM+AbHP5K0F/ElxbS2rKHu1YyiF/SMbRoJAWhbze+hwQ/HQ0SdHJ4PpHWraGB/Lz86OdZpUY/cxNAC4oWMr3P5+f2H5iEACGC4qKmiyArHAALQ27FAv22LDlsP3p3nGYblRZePuine/Ru4oIBBcZGvV20Me2iHeQhdNhDu3aEeifNsV4ySmJ5dlNuyNoSWPn/qGtmek082S59xOdS6Xj1c7L9Npl9YUqqpa2bIxX2ajFv75nMdsDbKc5EFcSMyWrR4gTfasTCZr1T+76zV8TmkBsu42kBq4s8513VmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0CI9HNW9M3kTyEx2BebsPDrNr+FG+12DAcINua02qGc=; b=oCgHb631mlFKcLcW1H8VpC7KtoKvwJzSCjIJ7qvMeiPD5omgBmXoiSioSc5bGnb5tlBvduPg4TmD/FTptfAr4Vc/Ze14Z6Sk9c8UFG1wa2koSB8AJe5YKklizD/jm/aWXsA9X0Bzom85MvCjD8SoJb/0Nri2LL74hcAgOlH6Syo= Authentication-Results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM5PR12MB1354.namprd12.prod.outlook.com (2603:10b6:3:7a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.20; Fri, 5 Jun 2020 13:28:14 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::4ce1:9947:9681:c8b1%10]) with mapi id 15.20.3066.019; Fri, 5 Jun 2020 13:28:14 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io Cc: Brijesh Singh , Ard Biesheuvel , Eric Dong , Jordan Justen , Laszlo Ersek , Liming Gao , Michael D Kinney , Ray Ni Subject: [PATCH v9 26/46] OvmfPkg/VmgExitLib: Add support for DR7 Read/Write NAE events Date: Fri, 5 Jun 2020 08:27:17 -0500 Message-Id: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: X-ClientProxiedBy: DM5PR19CA0060.namprd19.prod.outlook.com (2603:10b6:3:116::22) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR19CA0060.namprd19.prod.outlook.com (2603:10b6:3:116::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Fri, 5 Jun 2020 13:28:13 +0000 X-Mailer: git-send-email 2.27.0 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6ed3e62b-c984-4a2e-58a8-08d809544cde X-MS-TrafficTypeDiagnostic: DM5PR12MB1354: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-Forefront-PRVS: 0425A67DEF X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: peYPWsBUkZUE1GOu5i/qGlR4ubaGJalbzLWuIpM2bNIMyBGtMBF+GfFLoPlOT69XYKDzPYu9w/rzgemhqaVw+yAqXctY6P5AUHN/dev3em1YCainahynuUuFd07iE/5kMp10l6+e1Q2CKS/AlMxxndMKCiErlDiAeuS/wWq8CDYW0Y+pDUlsIpqAzqLPMO1guyQJrSyVcQvNj6F//+DhcvEmrBUee1m0LwvIlrC1Qu3S02GEw92VfuTRIfbuttILJU9ynqx8FXv3HxafDKhvwxGEDuL8t49jmb40eOC2xfPi9iItx9mBHq4adJPxbeU0QHnZHSLoflcqJNAoN7o2C9Wp/U2Y4foAQWrYAIAQPyTeweBk/trbWgGPTUD1P5cRHbYoA+sU1cSq4qDwaXwFMMTmjZwFotqn3Pq1FRZJWenDGVhm1gyMNln4Tf+eYnYqzQ/m8h6grnq3jWfq0kImXA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(346002)(39860400002)(376002)(366004)(396003)(136003)(52116002)(83380400001)(26005)(316002)(7696005)(54906003)(6486002)(478600001)(956004)(16526019)(86362001)(4326008)(36756003)(2616005)(966005)(6916009)(2906002)(8936002)(5660300002)(8676002)(66476007)(66946007)(66556008)(186003)(136400200001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: LziVI8/UtSxtN9QK7SPWdRywrZxFLFpwWP95kYw/fq60HZgnUADjiIE+L6YV32wVPd+q5+7Ipl3Tgiz+XbID2oAXFyPxdobKHc8g9IEiUy9m2mU6OY2lVbkOKdCUNB4PCOWtbiRs51myaFc4VNZdPfaAsp4l0NTU0QrZyVN4HEtN0jnxqzs6n2LP2a8uYxhf23fDTLm/AIwzBbVOf1A40DZ4mrPp5d43C/ZN3Cmtar8XKOb9ahIOyIAMQM/JyFtXafpvZ+c2USuZnfX69j24dkT2YGftGWS0l242Ne7ZYHpujAtDd/Dk+sX0ksK747H/8AbF6LpSI94KtHT9r3bYLunsJUt/2f9P+prwLy770RUmgJz7MRLC9gQvykfBR6OXR/S3eOncqopzMeSBzM/WEs4o/VB7S1eDGfPK3VlT5nR/GVBxkAD0G0xa9Aeu8jBouCmNwrLvppf6hteN7ce+mDmgpHYRsSD59v52f7hkmPo= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6ed3e62b-c984-4a2e-58a8-08d809544cde X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jun 2020 13:28:14.7896 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 36PpgCqL2BiBq1w88yXjLj5Z9h6opYx3a5C7vD2WcoQOA6MPrA89bvZy8mqjkV4643UwZCVOqwNpn367m1AciA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1354 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2198 Under SEV-ES, a DR7 read or write intercept generates a #VC exception. The #VC handler must provide special support to the guest for this. On a DR7 write, the #VC handler must cache the value and issue a VMGEXIT to notify the hypervisor of the write. However, the #VC handler must not actually set the value of the DR7 register. On a DR7 read, the #VC handler must return the cached value of the DR7 register to the guest. VMGEXIT is not invoked for a DR7 register read. The caching of the DR7 values will make use of the per-CPU data pages that are allocated along with the GHCB pages. The per-CPU page for a vCPU is the page that immediately follows the vCPU's GHCB page. Since each GHCB page is unique for a vCPU, the page that follows becomes unique for that vCPU. The SEC phase will reserves an area of memory for a single GHCB and per-CPU page for use by the BSP. After transitioning to the PEI phase, new GHCB and per-CPU pages are allocated for the BSP and all APs. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Signed-off-by: Tom Lendacky --- OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 114 ++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Librar= y/VmgExitLib/VmgExitVcHandler.c index 9d93e30a8ea4..e8f9d3fa01a8 100644 --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c @@ -126,6 +126,14 @@ UINT64 SEV_ES_INSTRUCTION_DATA *InstructionData=0D );=0D =0D +//=0D +// Per-CPU data mapping structure=0D +//=0D +typedef struct {=0D + BOOLEAN Dr7Cached;=0D + UINT64 Dr7;=0D +} SEV_ES_PER_CPU_DATA;=0D +=0D =0D /**=0D Checks the GHCB to determine if the specified register has been marked v= alid.=0D @@ -1478,6 +1486,104 @@ RdtscExit ( return 0;=0D }=0D =0D +/**=0D + Handle a DR7 register write event.=0D +=0D + Use the VMGEXIT instruction to handle a DR7 write event.=0D +=0D + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communi= cation=0D + Block=0D + @param[in, out] Regs x64 processor context=0D + @param[in] InstructionData Instruction parsing context=0D +=0D + @return 0 Event handled successfully=0D + @return Others New exception value to propagate=0D +=0D +**/=0D +STATIC=0D +UINT64=0D +Dr7WriteExit (=0D + IN OUT GHCB *Ghcb,=0D + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs,=0D + IN SEV_ES_INSTRUCTION_DATA *InstructionData=0D + )=0D +{=0D + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext;=0D + SEV_ES_PER_CPU_DATA *SevEsData;=0D + UINT64 *Register;=0D + UINT64 Status;=0D +=0D + Ext =3D &InstructionData->Ext;=0D + SevEsData =3D (SEV_ES_PER_CPU_DATA *) (Ghcb + 1);=0D +=0D + DecodeModRm (Regs, InstructionData);=0D +=0D + //=0D + // MOV DRn always treats MOD =3D=3D 3 no matter how encoded=0D + //=0D + Register =3D GetRegisterPointer (Regs, Ext->ModRm.Rm);=0D +=0D + //=0D + // Using a value of 0 for ExitInfo1 means RAX holds the value=0D + //=0D + Ghcb->SaveArea.Rax =3D *Register;=0D + GhcbSetRegValid (Ghcb, GhcbRax);=0D +=0D + Status =3D VmgExit (Ghcb, SVM_EXIT_DR7_WRITE, 0, 0);=0D + if (Status !=3D 0) {=0D + return Status;=0D + }=0D +=0D + SevEsData->Dr7 =3D *Register;=0D + SevEsData->Dr7Cached =3D TRUE;=0D +=0D + return 0;=0D +}=0D +=0D +/**=0D + Handle a DR7 register read event.=0D +=0D + Use the VMGEXIT instruction to handle a DR7 read event.=0D +=0D + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Communi= cation=0D + Block=0D + @param[in, out] Regs x64 processor context=0D + @param[in] InstructionData Instruction parsing context=0D +=0D + @return 0 Event handled successfully=0D +=0D +**/=0D +STATIC=0D +UINT64=0D +Dr7ReadExit (=0D + IN OUT GHCB *Ghcb,=0D + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs,=0D + IN SEV_ES_INSTRUCTION_DATA *InstructionData=0D + )=0D +{=0D + SEV_ES_INSTRUCTION_OPCODE_EXT *Ext;=0D + SEV_ES_PER_CPU_DATA *SevEsData;=0D + UINT64 *Register;=0D +=0D + Ext =3D &InstructionData->Ext;=0D + SevEsData =3D (SEV_ES_PER_CPU_DATA *) (Ghcb + 1);=0D +=0D + DecodeModRm (Regs, InstructionData);=0D +=0D + //=0D + // MOV DRn always treats MOD =3D=3D 3 no matter how encoded=0D + //=0D + Register =3D GetRegisterPointer (Regs, Ext->ModRm.Rm);=0D +=0D + //=0D + // If there is a cached valued for DR7, return that. Otherwise return th= e=0D + // DR7 standard reset value of 0x400 (no debug breakpoints set).=0D + //=0D + *Register =3D (SevEsData->Dr7Cached) ? SevEsData->Dr7 : 0x400;=0D +=0D + return 0;=0D +}=0D +=0D /**=0D Handle a #VC exception.=0D =0D @@ -1522,6 +1628,14 @@ VmgExitHandleVc ( =0D ExitCode =3D Regs->ExceptionData;=0D switch (ExitCode) {=0D + case SVM_EXIT_DR7_READ:=0D + NaeExit =3D Dr7ReadExit;=0D + break;=0D +=0D + case SVM_EXIT_DR7_WRITE:=0D + NaeExit =3D Dr7WriteExit;=0D + break;=0D +=0D case SVM_EXIT_RDTSC:=0D NaeExit =3D RdtscExit;=0D break;=0D --=20 2.27.0