From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.60]) by mx.groups.io with SMTP id smtpd.web11.32796.1620044433206626211 for ; Mon, 03 May 2021 05:20:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=L0djc7I3; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.60, mailfrom: brijesh.singh@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K9XnF+EYnTJx4Zoe0s21BxeLZVspa6b46GrcWa0TWe7kvC4P2uSNNcRmAa5o69dZu16rpGcllqis0gKgIsz2DvjLW6YSffwVwj9+cU3osmyD791BTPPFycn8MAqNkM3u2tRzvVqd8QR8XSFXjPgm3hYTJnV2JYSc+4q3fz4zPHzOdyt2y2IHgvdVND1yLL/AWSuwbzkiR/kNzAYZ+FUYI8up1LwrRSZz/X8GpkmhMhMi9lazpPpWX/74Ys4uW2aTM3vSAHTVVr4vAT76rPlf6awBGrnOLIPJDxe5hqzxAgyw0/sNgzLGGCJvS5/+aPQ3ZpRifOjO4PTZSBNRmytAVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BJjglRadtD9YylawGQtKoNt0Kl+bQ5DYmpHuacfk/Y4=; b=ijiTAO2mCVSyaO9ax0nNNL21h2wn/20Rgc922yNgPOphMdla+ftvQ3/cT31WoyLLTIwZEbF3TEV/Qsj226IP0DHrXixlFy7UgS4uFtVcU6rXhulLMYQix0Ob8AxFhaf89sWpkKUTcx9g+Ptey0TZFYblKVraWVVEwqHe+TqzfEJ5dVUMNu9P/+ayd7CTJdsEs4wNZ5AoFeh/aoqOfSS/STEch2EhrDYk2b+aydzF/aJmoy4BuClFujosL7wt9VPdzqYtaGJS+HlHFpmyfYHnjdTjHt2AeSbe0AXEL4/pC6ZlyP59xTVlNNs0gBYbiua9JyNlXFr34AFip5qOFvhCbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BJjglRadtD9YylawGQtKoNt0Kl+bQ5DYmpHuacfk/Y4=; b=L0djc7I3ZXgwSY/YGlpT9KlRl9ICUw+ggh0/hnjsUmPLnws/u+E6NIxuszbphRP6jgfzoMKCCOvhh+RqIKnQZFkSkpJNRaAdXH800w/jT0oDeUSRV6omEjSVD+BKoeJJc6EdZyokhKpTwBe/6McUC7c9TcxbuN5yTZZB/6XdKmM= Authentication-Results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=amd.com; Received: from SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) by SN1PR12MB2414.namprd12.prod.outlook.com (2603:10b6:802:2e::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.43; Mon, 3 May 2021 12:20:30 +0000 Received: from SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94]) by SN6PR12MB2718.namprd12.prod.outlook.com ([fe80::9898:5b48:a062:db94%6]) with mapi id 15.20.4087.044; Mon, 3 May 2021 12:20:30 +0000 Cc: brijesh.singh@amd.com, devel@edk2.groups.io, James Bottomley , Min Xu , Jiewen Yao , Jordan Justen , Ard Biesheuvel , Erdem Aktas Subject: Re: [edk2-devel] [PATCH RFC v2 02/28] MdePkg: Define the GHCB Hypervisor features To: Laszlo Ersek , Tom Lendacky References: <20210430115148.22267-1-brijesh.singh@amd.com> <20210430115148.22267-3-brijesh.singh@amd.com> <3eaa0aa6-9ebc-7e7f-fa69-564f049ce68d@redhat.com> From: "Brijesh Singh" Message-ID: Date: Mon, 3 May 2021 07:20:28 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 In-Reply-To: <3eaa0aa6-9ebc-7e7f-fa69-564f049ce68d@redhat.com> X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: SN7PR04CA0230.namprd04.prod.outlook.com (2603:10b6:806:127::25) To SN6PR12MB2718.namprd12.prod.outlook.com (2603:10b6:805:6f::22) Return-Path: brijesh.singh@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from Brijeshs-MacBook-Pro.local (70.112.153.56) by SN7PR04CA0230.namprd04.prod.outlook.com (2603:10b6:806:127::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.37 via Frontend Transport; Mon, 3 May 2021 12:20:29 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8592f46e-d683-4e02-bdf4-08d90e2dd7a0 X-MS-TrafficTypeDiagnostic: SN1PR12MB2414: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gptm2wTeihYAy8YTM1WSJP596DEBEYKDFo60xj+4PUEtpC5J70QtxBIynQdDrlk10u+XUStKHOV0ApfNqnoUsstv03BwYE1HI8bXy6Itvt+0M2s1S50O6LPnbdRqYyr82JV/8/moNqHROVycELoyoSRSdphOuGNJNnA2FjWgDzHgUquV0Tf5GrcDasXWyTHOZyze9v+c4p50rxEPhSAq/42OCLqP7qbwRPCQZWb6Esl3+5igS7+et2+u7XEiJDqtYqd93Egjk0JvPrOR50rqLgbHegnUeLxvsJ/wsFpFW1eHqHXOsY0ft7GmLR1/empg6rP6l5ojtaVSKW70e+CD8iqgRRZqTuoiBMGSM6jnY7R9u2dMKqAvj+oDLTkQY5lRHIqYOtAfUdUIv5icCkTPTrNRK0VkW1bREaJjBkjpDgv1gJo7yJwgh9n9om/NoLWMTtLYagWNVAGM7tejUGSVjemoc/i6F8qL66eOyJKaxV2zoJhjKoqdYPirNLbi3Xim29OkLfnMIhybO/hFQheoeajXTMGG8V53ND5m1pud0wisMtJukCstRajFLoJSiWsk1bfSxxKyQK8meYTbfCILpl1lcJTALnsa4BYqWWHZ6dwNxIxv/0/dEmL7PUdMgEX+k86vXpCMO6V1Dq3PSnwRmOal59ryqWW3fsDTPT3D95yLjGIz7a7MjdcxJEDEqAxvn+k5P526yitvOo8VhrNjnHxV2P7LIFSsfB7WvNLye75t6UoBVBcQg7v96d4Lqeh5GoSci+UZGK07K7x48CeHAaArCNTM+/hsL9KlYifym+gD/Bogazh4fUAgzO2/Qvfc X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2718.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(136003)(396003)(39860400002)(346002)(366004)(376002)(8676002)(6512007)(110136005)(54906003)(5660300002)(31696002)(6486002)(2906002)(19627235002)(53546011)(6506007)(44832011)(4326008)(66556008)(66476007)(8936002)(66946007)(52116002)(36756003)(38100700002)(186003)(31686004)(83380400001)(16526019)(478600001)(45080400002)(6636002)(966005)(86362001)(956004)(316002)(26005)(2616005)(38350700002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?RzhzWGtVdmR2TkVOMngxMmlpV3pzdU5pWUhuUXFRL0w2Z3VTcWx4akJNQWV1?= =?utf-8?B?MEtCK1NCUnVyV0dpek9WL3lUdktEWkVMaWdJdldLRitzUFZoTzYzUUY1bnR0?= =?utf-8?B?WWliZmlQTnJnbFhzZmJ3eUtpNmV6Vm16SHlQeUpRZlU3QUFndXNac3lkcjJi?= =?utf-8?B?TDcxMUk5WXkzYWZrbG1hdkJ1VEhieEdTVTA2NFI4V0Iyb1RoLzRVeVdCRUZS?= =?utf-8?B?b3ZkM29DWTcrS1V6Nk5WUk02bU1LSURmWE9pWWsrcFFSaHJwTlcyeVBuY2ZS?= =?utf-8?B?VTBmcHFUYlpkRU1iT0NwQXFqOUlyK0hVUlBKQ1VYWXBRZm0rUld1L3VlU212?= =?utf-8?B?Mk4yL0Zvd2diTU9XQkNDRUxSdkhGZmFaSVd5c01IWUt0ODhMem9xMG5KSkd2?= =?utf-8?B?SUQ3OUk0SmRIUE52NjZlSmRncTF6RlZRWXRYUUxlQnlYdVZjaHhMNUdwL0R0?= =?utf-8?B?LzJaVWlyOXVIVnAxc0NDV2tLdW02cDN5WDVSYmN4UkZPWktuMHlYVjhaL0pX?= =?utf-8?B?b2pYd3poSHVhb1BlQVZRMERzSDkwUm1FUmtHVit3d2pWeGZkaDhVOFNwajhR?= =?utf-8?B?eGdTbENjZ3pYcGNEOTRqODUxZEhnL251NWExMDc2YmtoZ0I4aEVNV0JrQm5m?= =?utf-8?B?ZHJXaUo0Q0g2UEIxY1VVVFROWWZkK004SkN6aHYwZk9nY3JleExhTFFaQkJM?= =?utf-8?B?ZVlSMnFCbytsN1hKUzVyMzBxdmx6VXNyM0pSdmduV0VpSS92Tk1IZGY2SW05?= =?utf-8?B?MW5RQzZOL3YyTmVBR1NxUlVLSFRneGJZWlc2eFdRa09XcC9SbWtIL25OTURq?= =?utf-8?B?U1Buam5TbHJZQW1UTGlvZndoTXE0akVYYzFUNTJodGp2L3ZQWHlWakpxeWVu?= =?utf-8?B?T1NYTWwrTXVRWFlwRlVJNHFMRWtDMGVPYVBwdjcvYUFWd25ZaTQwVDJCL3Jy?= =?utf-8?B?cjV2bmJ0ZEJaaDVuUmprRStPajUwa2liV2RmNWc0SDlzdHRHV2JVN00zQ1Y3?= =?utf-8?B?Z1Vnd3h6ckhDbXBmQzF6U1JSWjdvenZqenkyQ1VrbFBCWElTbW5YYlRrekVv?= =?utf-8?B?UFkyY1pNNUlZbjRLdVhVVy9TYzdCYnBnYlpsek10b1N6a09WQnlPQ1NDVE56?= =?utf-8?B?TGxqTEd1Vkx3MVczK0ZMZnpxUmZZSDdJZmRJWmRSQWVkRFFMdG94dy9wTTRl?= =?utf-8?B?TFhkVnFZYW9WdWZBamp0amRKL25ONllENk9zMHBFbTFSdVdrdVJTemd6ZGV0?= =?utf-8?B?TkdBVVhzR3lWMHpDQUpwMGtIalNJYWJObkJtRmpZS1dlVk9FNm9ycGFBNFBJ?= =?utf-8?B?MitkNktlTEFFblV0RUw5azZNQjRJY3BzREpxekhtZFlQeklZRmQ5YkxKQzV5?= =?utf-8?B?RjF2cEdMWXhUc0lyell0aEQwRVlkRDI2Z1dmS2pGUHFCRDdhcS9FMmZQMmdt?= =?utf-8?B?em15SEJ6bXgvMjZBV1FDa2FxZTlJYkFoYU9iRW5aWUJNWjkvY2N4c01hSWJ1?= =?utf-8?B?NThJYXVXNEtlTU9lbWNxRkNlbkpiSDFjRDR4NEpkSnJuNEl5ak5iQ3Q2ZDU2?= =?utf-8?B?T1Q2THVtN3lLU1JuZ1J4ZTF0Q3E3NndOWTQ3TnVwU3lLKzlXamQrU3ZRUzdL?= =?utf-8?B?K0dQSC9icWVEaHE2eHB0TUJRd3BvNnE5SXJCb2ZPYkErNjVXdUt1QzN6NWZY?= =?utf-8?B?amZxbitxZXBHV3MxdWlIbHJmcGYzcVR0UE9mallOZHJCMmRQQjJpbDloanNR?= =?utf-8?Q?SYa4pu09NNfIkDd6msWlU3gT8cZ/WtItvs94N4r?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8592f46e-d683-4e02-bdf4-08d90e2dd7a0 X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 May 2021 12:20:30.4438 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nMSDgwhP3ON8edN0z++T52BEOx1nnVG1fXrkSZ1NS+hTZ0lKGEnJDiW383cywYapRbtuKCxX2Ma7HdPUln1Z2w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB2414 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US On 5/3/21 5:10 AM, Laszlo Ersek wrote: > Hi Brijesh, Tom, > > On 04/30/21 13:51, Brijesh Singh wrote: >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cbrijesh.singh%40amd.com%7C9a7e31fbf85043c6ee8508d90e1ba94d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637556334239842920%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fSThw3T7P4LcLhcZz9tfy4ZB1Y7Zny0BzwA2jTyWAkY%3D&reserved=0 >> >> Version 2 of GHCB introduces advertisement of features that are supported >> by the hypervisor. See the GHCB spec section 2.2 for an additional details. >> >> Cc: James Bottomley >> Cc: Min Xu >> Cc: Jiewen Yao >> Cc: Tom Lendacky >> Cc: Jordan Justen >> Cc: Ard Biesheuvel >> Cc: Laszlo Ersek >> Cc: Erdem Aktas >> Signed-off-by: Brijesh Singh >> --- >> MdePkg/Include/Register/Amd/Fam17Msr.h | 7 +++++++ >> MdePkg/Include/Register/Amd/Ghcb.h | 6 ++++++ >> 2 files changed, 13 insertions(+) >> >> diff --git a/MdePkg/Include/Register/Amd/Fam17Msr.h b/MdePkg/Include/Register/Amd/Fam17Msr.h >> index 4d33bef220..a65d51ab12 100644 >> --- a/MdePkg/Include/Register/Amd/Fam17Msr.h >> +++ b/MdePkg/Include/Register/Amd/Fam17Msr.h >> @@ -48,6 +48,11 @@ typedef union { >> UINT32 Reserved2:32; >> } GhcbTerminate; >> >> + struct { >> + UINT64 Function:12; >> + UINT64 Features:52; >> + } GhcbHypervisorFeatures; >> + >> VOID *Ghcb; >> >> UINT64 GhcbPhysicalAddress; >> @@ -57,6 +62,8 @@ typedef union { >> #define GHCB_INFO_SEV_INFO_GET 2 >> #define GHCB_INFO_CPUID_REQUEST 4 >> #define GHCB_INFO_CPUID_RESPONSE 5 >> +#define GHCB_HYPERVISOR_FEATURES_REQUEST 128 >> +#define GHCB_HYPERVISOR_FEATURES_RESPONSE 129 >> #define GHCB_INFO_TERMINATE_REQUEST 256 >> >> #define GHCB_TERMINATE_GHCB 0 >> diff --git a/MdePkg/Include/Register/Amd/Ghcb.h b/MdePkg/Include/Register/Amd/Ghcb.h >> index ccdb662af7..2d64a4c28f 100644 >> --- a/MdePkg/Include/Register/Amd/Ghcb.h >> +++ b/MdePkg/Include/Register/Amd/Ghcb.h >> @@ -54,6 +54,7 @@ >> #define SVM_EXIT_NMI_COMPLETE 0x80000003ULL >> #define SVM_EXIT_AP_RESET_HOLD 0x80000004ULL >> #define SVM_EXIT_AP_JUMP_TABLE 0x80000005ULL >> +#define SVM_EXIT_HYPERVISOR_FEATURES 0x8000FFFDULL >> #define SVM_EXIT_UNSUPPORTED 0x8000FFFFULL >> >> // >> @@ -154,4 +155,9 @@ typedef union { >> #define GHCB_EVENT_INJECTION_TYPE_EXCEPTION 3 >> #define GHCB_EVENT_INJECTION_TYPE_SOFT_INT 4 >> >> +// Hypervisor features > (1) Comment style -- leading and trailing // lines missing. Noted. > > >> +#define GHCB_HV_FEATURES_SNP BIT0 >> +#define GHCB_HV_FEATURES_SNP_AP_CREATE (GHCB_HV_FEATURES_SNP | BIT1) >> +#define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION (GHCB_HV_FEATURES_SNP_AP_CREATE | BIT2) >> +#define GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION_TIMER (GHCB_HV_FEATURES_SNP_RESTRICTED_INJECTION | BIT3) >> #endif >> > I'm going to take this series slow, because I need to rebuild whatever > understanding I've ever had of SEV-ES from the bottom up. > > The patch looks good to me (I checked the GHCB spec 2.0, and the values > seem to match). > > But I need some confirmation. The GHCB spec defines the "GHCB MSR" > protocol, where MSR_SEV_ES_GHCB can be used for a direct > request/response protocol when the least significant 12 bits are nonzero > (i.e., they stand for a "function"). The sequence in this case (from the > guest side is): wrmsr, vmgexit, rdmsr. > > On the host side, upon vmgexit, the MSR's twelve least significant bits > are checked, and if they are nonzero, the function is handled, and the > response is provided in the high-order bits of the MSR. Otherwise, if > the "function" is zero, the MSR's contents are taken as a GPA, and then > the pointed-to page (the GHCB) is consulted for the actual request. > > This means that some functions are possible for the guest to call in two > ways -- with and without a (decrypted) GHCB existing. (The spec writes > in 2.3.1, "The GHCB MSR protocol is valid at any time but is most useful > when the GHCB page cannot be written by the guest in an unencrypted > fashion"). > > One of the new things the GHCB 2.0 spec introduces is the "hypervisor > feature advertisement", which is (apparently) one of those functions > that are available to the guest via both the GHCB *MSR protocol* > (function = GHCB_HYPERVISOR_FEATURES_REQUEST) and the GHCB *page* > (SwExitCode = SVM_EXIT_HYPERVISOR_FEATURES, response in SwExitInfo2). > > My question is: when is it useful to fetch the hv features through the > GHCB *page* (i.e., not through the MSR protocol)? At the end of the > series, I don't see any use for SVM_EXIT_HYPERVISOR_FEATURES. In my OVMF and Linux-guest patches I am using the MSR protocol based HV_FEATUERS because I query the features during the negotiation and cache it. The value is saved in Es workarea and platformPei saves in a PCD. In a different implementation, a guest can call the HV_FEATURES every time they need to consult the feature values. I think spec wanted to keep the flexibility that feature can be queried through the non-MSR based vmgexit so that the guest does not need save/restore the GHCB address after the GHCB is established. If I was not caching the feature value in patch #16 then I would have used the non-MSR based vmgexit to query the value in PlatformPei to build the PCD. > A similarly unused macro (from before this series) is > SVM_EXIT_NMI_COMPLETE. So I guess the approach in the edk2 SEV* work has > been to incorporate all spec-defined constants in MdePkg. That's a valid > approach per se; what I'd like to understand is what use case for > SVM_EXIT_HYPERVISOR_FEATURES the GHCB *spec* foresees. > (2) Does the spec define SVM_EXIT_HYPERVISOR_FEATURES for completeness' > sake -- so that no function be restricted to the MSR protocol? (IOW, > should the MSR protocol be a subset, by principle, of the functions > available through the GHCB *page*?) I think non-MSR based vmgexit is done for completeness sake. It maybe used by other HV or Guests (e.g Windows, Unix etc etc). At this time I am not using it in OVMF or Linux guest. > > I prefer to define only such macros in edk2 that are actually used -- > but I admit that may be different from the general MdePkg rules. So I > don't mind SVM_EXIT_HYPERVISOR_FEATURES, it's just a bit more difficult > to review / understand without actual use. Good point, I have no issue removing the unused macro. If we see a need for it then it can be added in the future. > > (3) I suggest the following subject: > > MdePkg/Register/Amd: define GHCB macros for hypervisor feature detection > > (72 chars) > > With (1) and (3) fixed: > > Reviewed-by: Laszlo Ersek > > > Thanks > Laszlo >