From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web12.11813.1620905410718982558 for ; Thu, 13 May 2021 04:30:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SxRJKfxx; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620905409; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fSiWtkLZdFShig5T4i6b/sEARPvTEaN9tLB4fOHGZGA=; b=SxRJKfxxh0KzDuGJzMXLiMpT9ouhYnpg1ha3FkGv9XR0Ub6zJBiEzL/tg095x8GDntwdNG fHXh69Vw8vurJ1AlZfS/6Yg8dlCuZtVHVkAqwE96ozuEZbcbXENZURBaFuMkVzYnrIPdwP yjI/7s9URWEIMpS9smmsrbbzWhmpcXE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-172-SRvB74OOOCaOkx_PAY_koA-1; Thu, 13 May 2021 07:30:01 -0400 X-MC-Unique: SRvB74OOOCaOkx_PAY_koA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0559F1966325; Thu, 13 May 2021 11:30:00 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-183.ams2.redhat.com [10.36.112.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2C78119C95; Thu, 13 May 2021 11:29:56 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH 06/13] MdePkg/Register/Amd: define GHCB macros for SNP AP creation To: Tom Lendacky , devel@edk2.groups.io, brijesh.singh@amd.com Cc: James Bottomley , Min Xu , Jiewen Yao , Jordan Justen , Ard Biesheuvel , Erdem Aktas , Michael D Kinney , Liming Gao , Zhiguang Liu References: <20210507203838.23706-1-brijesh.singh@amd.com> <20210507203838.23706-7-brijesh.singh@amd.com> <541e97fd-7f49-1cd0-fa69-14dd58b2432b@redhat.com> <9d9d6def-5e15-6795-71cf-02c86279ef67@amd.com> From: "Laszlo Ersek" Message-ID: Date: Thu, 13 May 2021 13:29:56 +0200 MIME-Version: 1.0 In-Reply-To: <9d9d6def-5e15-6795-71cf-02c86279ef67@amd.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 05/11/21 17:43, Tom Lendacky wrote: > On 5/11/21 4:59 AM, Laszlo Ersek wrote: >> On 05/07/21 22:38, Brijesh Singh wrote: >>> From: Tom Lendacky >>> >>> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3275&data=04%7C01%7Cthomas.lendacky%40amd.com%7C92c1323bd1e84a2a38e208d914636ddf%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637563239563579592%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DMDhcseilROSsL6EISUoT9p0pI%2BmXtEC3rLHIQS4NmI%3D&reserved=0 >>> >>> Version 2 of GHCB introduces NAE for creating AP when SEV-SNP is >>> enabled in the guest VM. See the GHCB spec section for additional >>> details. >> >> (1) The actual section reference is missing. I'll fix it up: from where >> the spec introduces exit code 0x8000_0013, the sections appear to be >> 4.1.9 and 4.3.2. Also, Table 5. "List of Supported Non-Automatic Events" >> is relevant for the SVM_VMGEXIT_SNP_AP_* macros. > > There are some needed changes to this patch, so I can fix that up. I just > avoided putting actual section numbers in there because it is possible > that they can change in future versions. As long as AMD keeps older revisions of the spec available for download, I think it's fine to include precise references (covering the spec revision number too). >>> +#define SEV_ES_RESET_CS_ATTRIBUTES (BIT7 | BIT4 | BIT3 | BIT1) >>> +#define SEV_ES_RESET_DS_ATTRIBUTES (BIT7 | BIT4 | BIT1) >>> +#define SEV_ES_RESET_ES_ATTRIBUTES SEV_ES_RESET_DS_ATTRIBUTES >>> +#define SEV_ES_RESET_FS_ATTRIBUTES SEV_ES_RESET_DS_ATTRIBUTES >>> +#define SEV_ES_RESET_GS_ATTRIBUTES SEV_ES_RESET_DS_ATTRIBUTES >>> +#define SEV_ES_RESET_SS_ATTRIBUTES SEV_ES_RESET_DS_ATTRIBUTES >>> + >>> +#define SEV_ES_RESET_GDTR_ATTRIBUTES 0 >>> +#define SEV_ES_RESET_LDTR_ATTRIBUTES (BIT7 | 2) >>> +#define SEV_ES_RESET_IDTR_ATTRIBUTES 0 >>> +#define SEV_ES_RESET_TR_ATTRIBUTES (BIT7 | 3) >> >> (4) ... I guess I can't go ahead merging this myself, after all (Liming >> may of course still merge the MdePkg patches, if he wants to). >> >> My problem here is that the bit positions are cryptic. >> >> I've found the *normal* (not SEV-ES) segment descriptor attributes in >> the AMD APM (publication #24593, revision 3.37, date March 2021, volume >> 2, sections sections 4.7 and 4.8). >> >> However, the bit positions SEV-ES descriptors are surely different. For >> the "normal" segment descriptors, we already have the >> IA32_SEGMENT_DESCRIPTOR type in edk2, with the nicely broken-out >> attribute bits. The bit meanings within >> "SEV_ES_SEGMENT_REGISTER.Attributes" remain unclear to me. >> >> Please at least provide a *specific* documentation reference in the >> commit message where I can verify (or at least "decode") the attribute bits. > > Yeah, it is a strange format. The format is documented in sections 15.5 > (VMRUN Instruction) and 10 (System-Management Mode). > > I can try to further document the bit assignments, e.g. > > #define SEV_ES_SEGMENT_ATTRIBUTE_PRESENT BIT7 > #define SEV_ES_SEGMENT_ATTRIBUTE_USER BIT4 > etc. If it's not a big burden, can you please do both? I.e., (a) include the spec reference(s) in the commit message, and (b) introduce either bit-fields, or symbolic names (macros), for the relevant bits? Thanks! Laszlo