From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.68]) by mx.groups.io with SMTP id smtpd.web10.6959.1626444964687036886 for ; Fri, 16 Jul 2021 07:16:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amd.com header.s=selector1 header.b=oX/qO6tR; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.243.68, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MxUXyqtYtrHV8+FKb9qs99hlFi/KhN6hhe6+nkWCqkoN/zksCI4fYuHODjAuLGNZekJ/7GIkGOJ9JqQ66HyI3yyW1An7wdagLUhr+/Qh7iyZ0Qjw0BJwFqQhdzwmFXne97As89FkPZXSGvxRMbXZZXXhTdqN9ZI8oY4m2s+WHclnO6wBacFPDsls1kOEU9YXSuMF1aKerfyQY3ykCx/0PPE8Gamyp4KxtUKV+kKFVLiRnBct21rM23KJqYullMOCljadfNEqecozZDpLCmGROOwO58K3h//ezvNvU25uKAE5+LN2G6yAwSix919iG2QhhXywjMQYRL5S2JVjS5FP9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2AVOlRog3Okc2zRBjxhxf7jd2WeKHwbHtjokEJ3h/h4=; b=ProaqD4YZGIeeRO1PC5+fOJBx1HPnj2IEuRV7/sSXFnt1kZH52YShjhDgeEez606y0CTtc7tP8y6LGPehRGkKxLqqX0567OesgPgj6UCQO7Rmr8iZzqioZ0ejfD1DQQY4meDWoEJekYXo4MILeCZS5yN/2ghxn4H8R/H4ZJLBgVWDG88xPFSDnGez3ubCb/KaxjIFFIunbvYeb8pISAYlHkeHhlSIrN8a6j1olsJlzO5aVUudfbq5jVoF51+y6Od4Ct+MwDdUtqgMo+Z3oy0uc+MDLZIAE6z92lCCGwQna7qXZ/E39xrFagfaYHurPvQpJebFqmvYSHtRJ1WKPzsoA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2AVOlRog3Okc2zRBjxhxf7jd2WeKHwbHtjokEJ3h/h4=; b=oX/qO6tRNaashP8ggWZOS7CcpDNLWdI5AVZHUg1jHv6vFM2MdR7DLW0tHOjKHFLopDgQ8u6DHTAdLUJ//BwVbciqsmFqjJ22h9QOU5ttXtVeJYCy/z1TegjWkWcWLtezyHisZsQdn9lMgSCGPqp+LOpkAjhcyRcoDcyVbhPAd7M= Authentication-Results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=amd.com; Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM4PR12MB5181.namprd12.prod.outlook.com (2603:10b6:5:394::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.23; Fri, 16 Jul 2021 14:16:03 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::73:2581:970b:3208%3]) with mapi id 15.20.4331.026; Fri, 16 Jul 2021 14:16:03 +0000 Subject: Re: [PATCH v5 2/4] OvmfPkg/VmgExitLib: Add support for hypercalls with SEV-ES. To: Ashish Kalra , devel@edk2.groups.io Cc: dovmurik@linux.vnet.ibm.com, brijesh.singh@amd.com, tobin@ibm.com, jejb@linux.ibm.com, lersek@redhat.com, jordan.l.justen@intel.com, ard.biesheuvel@arm.com, erdemaktas@google.com, jiewen.yao@intel.com, min.m.xu@intel.com References: <5cf6633e2510dd399aba0d8dbb7b979577e77c13.1625687246.git.ashish.kalra@amd.com> From: "Lendacky, Thomas" Message-ID: Date: Fri, 16 Jul 2021 09:16:00 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 In-Reply-To: <5cf6633e2510dd399aba0d8dbb7b979577e77c13.1625687246.git.ashish.kalra@amd.com> X-ClientProxiedBy: SA9PR11CA0007.namprd11.prod.outlook.com (2603:10b6:806:6e::12) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-ryzen.texastahm.com (67.79.209.213) by SA9PR11CA0007.namprd11.prod.outlook.com (2603:10b6:806:6e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22 via Frontend Transport; Fri, 16 Jul 2021 14:16:02 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 142ad980-24b1-45c1-b10e-08d948643e73 X-MS-TrafficTypeDiagnostic: DM4PR12MB5181: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:530; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: taXN+0QyfG/HcjcEF9jFk0fe31rmGLb4fhs7ohI3S3f7S281ge06pbbK/DzrAaOGZtbq3nWN2P9AVGFvTukbeVH8NQWW0EL5HX4jFcdNAQp2dESUYETGsTkFX00t73ZIqBLsSBbmBDj8E62AeS8V2yLkoF/yx0Xukn1uoGy2VIUjQ6ofmgAStXY5mCTqraLMPpJQykNJm2i/AcpPDwsO1uMd2o4UvHygl9MNsue7xejfzp/ZfvgNIijWfv6FAY1213h+Z+Y4xEwPkIsjjyo4Xum7VQhtkgGKgnGEZBQql3HU91G2nI0kL4mL45rSMtxVxZYneXIBk4fP/iTrFh9K+t/Al+0hG0Se7Sdpe74U1//x2ZsjT63INihRJiCO95lHt37uj778EuZDLszwj1uqybUj+GzY+R04TtKpfdbHoHOkkm6HFBIZF6Omya0L7IK2tzmtFJklYFSL21pYz3o9ZgWnAZCDGFRZIQuEbc7nIY+x//6iqksKTNct7LIi9lW/pSXe0ql3RpReFjnYOJNXB+y0gfW38/d+2k1MUJLQVclwFdvRjuMt0cWKfnb9N0HsODfauhhawXQH9H6J50o2uLcr/DZIwaF1pnBOpnsKs6FgaipWq+3qp156WcXLAwImgqpTyhcXfGasm+VZmMds+BIXklQ+Pd8wCqeo1UOv9brVl23HD2Q8qHI89WQFRor25X3S6h28MIXMCENYQ7MKmcQO/P65KUR0Xe8AVT/W5GA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(136003)(396003)(376002)(366004)(346002)(31696002)(38100700002)(6486002)(6506007)(53546011)(478600001)(6512007)(36756003)(31686004)(186003)(2906002)(26005)(86362001)(7416002)(316002)(4326008)(83380400001)(66476007)(66946007)(5660300002)(66556008)(2616005)(956004)(8676002)(8936002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?U0ZISkFMSW8xNjczZE90cmFyODhiR0xhYnhtSjhFZ2QzVkZVU2ovNkQ2a015?= =?utf-8?B?Q2VkamFZT2xWMjEyVXB1cWpNS2U5Z1BoZnYwb1FJbUZySmNubG1ObDJRR2J5?= =?utf-8?B?ckM0VHhHYTd4WXJ0Sng5b2JPRFB0L3BIOTU4enc1UWg4VVcxMlU5cU9OTDBY?= =?utf-8?B?cDhJTms0Ni9UajJQbnBleVIwSmhaK3hUbmpkUkNOS0JZQ3FaU2cwUERmZUhs?= =?utf-8?B?TmJ1Mm9RYm45Ukl2TysrR1IxTXJCRWR4QVFHWmRCU1EvSFN6Qk50bUoybVht?= =?utf-8?B?dXRFNE9senhiYm1tMHpoTjZqMDkwVXlDUHEwVnRiSzFSbEpEcndvRXA5eHRo?= =?utf-8?B?eXNVKzVnYVpWaTBFejg0MEgwRjdPSEJoZzhqZGNoTW1pQlhyZWF6U3JHWmhE?= =?utf-8?B?VFpWRkdLWGVGMlFyVFNkOXMybktnTUlFQVJZL1pmUjRFN0ZkeklTVkxRRzF2?= =?utf-8?B?N0FIWXVtR3FXUUp1QWVGaCtiVFhvNThJQXlCcmxDWmtsYUlXZVc5U0txRFVP?= =?utf-8?B?V3V1aisraGVxeGhnMEZMelN2K3dmQ2crUWZ1ZjFOWDIyeS8rK1BBWFNHOW5X?= =?utf-8?B?Tmo0RTlSQ1pOeGNVSFJIR3p3YlhrZVhrdXhHN0ZjSlU0ZlBQK3piSkxrbDgz?= =?utf-8?B?TFIrUlVXK0VIY1Q0ZDNaZDBZb3ZVRk5IMkVtQ1NlclZYM1BMZ2dNOHZLU0pF?= =?utf-8?B?cEJZR2VoQnJ5cVBYaEJWaTg3N0lrVFFla0p3SlVDQmd6ODRQVkJYYVM1U255?= =?utf-8?B?aVVISUhsYWRydlNlL2N2Um9xOHN6OUd3VWUwaUZzNDEwdVcwZXFBQVV2V21i?= =?utf-8?B?U3VvRXdFdUpiWkJQWnl0T1BMVEZvUjVGc2dzSGZSdG01STNqZjVvTzRnQ25w?= =?utf-8?B?QlRSSm5UVEFkU0xNN3JlWHp2dEU2N3lqVkphZW9HWTZnR0pIdXcxT2s4UmlL?= =?utf-8?B?ODljMEM1RkdORGlaTDc2cjBJa1JEU0xNNU9WakpaSXlheFF1cHZxM3k5QUtG?= =?utf-8?B?VUNVZkVydGVCM0lYK3JzS0JCYzRwV3d3L0tvNGdPVVJIYjIzcGR0S1Nrbmxh?= =?utf-8?B?Uld3TUYwRU44RHJkQUNOZ2JXMjhiNDNkYkU5N3BJSXFaOGJYNHN2UlRSSUVO?= =?utf-8?B?RlZETjBxWEx5Y3ErL0szbEM3MEFiYU1aNi9QRmpWMzlES3V2UW8wTHBBdXBk?= =?utf-8?B?ZVhkclFnckpuYWJ0b29vWXFpV3Zqa1VTWUNPTEgrMUFWS2Jic3pmQUdNbnpN?= =?utf-8?B?UDBUamxlcDMyUUJTeGlDNWZBbTV4M095N3Bqbkl3MlR3bWY1YVZ5eXRMWDRq?= =?utf-8?B?UFlEZE1POTBGR3FvcFNING93MmVMU28yVk5FdnJDWWNrSkdHRzFkeUp0Sk5D?= =?utf-8?B?czFRTE10MzE3Z3Z6ekFYeVViVkhhOFNtdnZyMzRiMmU0M24zeEV6Qis4YWZ3?= =?utf-8?B?TGJlQ0RmK2NJR2Vva2Y4NTFzam45eHR6aTlXUGx6eVkyNktxUGJNdlpVREQ5?= =?utf-8?B?QnFMRWZtTjdWaVlISnltdS9KdWhqWitVWmxRblZ5a09PbWU2VDlXamk2NFZL?= =?utf-8?B?dXRVNFZZWnlIZW1OTGRuTzEyMUVsa0pSS0MwVEtGZmVxUkhEVndSQ1QzcFN2?= =?utf-8?B?dzBEUkFXaFVhOFdNWHBmM1JMNkxwTjdDQWJWdjJlMmw0cFhCWHY3NUZ6VTE1?= =?utf-8?B?WFlOUk1aNGtHWlhTV3AwcXRkdXkwYmFQbXFhdThqaVVzeWUvY2lXc24yWlY3?= =?utf-8?Q?Xuh6yakSQaACVioGcDN892lgnPKwdIYc07Ai2Ao?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 142ad980-24b1-45c1-b10e-08d948643e73 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jul 2021 14:16:03.2599 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oVnrEnUha3fRAH0+O7GEWoaSScvMauOY4aFF7KQ7/dRnOIXJO9QVtqNNfnMIAyQZ/eHkRh5n7L4jaSK3KyGC+g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5181 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 7/8/21 9:08 AM, Ashish Kalra wrote: > From: Ashish Kalra > The subject isn't correct since the #VC handler already supports hypercalls. It should say something like "Make the #VC handler aware of the encryption state change hypercall" or "Update the #VC handler to support the encryption state change hypercall" or something like that. > Make the VC handler hypercall aware by adding support > to compare the hypercall number and add the additional > register values used by hypercall in the GHCB. > > Also mark the SEC GHCB page (that is mapped as > unencrypted in ResetVector code) in the hypervisor > guest page status tracking. This part of the commit message shoudn't be here any more. > > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Signed-off-by: Ashish Kalra > --- > OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c > index 41b0c8cc53..7f69bfab5f 100644 > --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c > +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c > @@ -1171,6 +1171,15 @@ VmmCallExit ( > Ghcb->SaveArea.Cpl = (UINT8) (Regs->Cs & 0x3); > VmgSetOffsetValid (Ghcb, GhcbCpl); > Add a comment that this hypercall requires these extra registers so you are explicitly adding them. Thanks, Tom > + if (Regs->Rax == KVM_HC_MAP_GPA_RANGE) { > + Ghcb->SaveArea.Rbx = Regs->Rbx; > + VmgSetOffsetValid (Ghcb, GhcbRbx); > + Ghcb->SaveArea.Rcx = Regs->Rcx; > + VmgSetOffsetValid (Ghcb, GhcbRcx); > + Ghcb->SaveArea.Rdx = Regs->Rdx; > + VmgSetOffsetValid (Ghcb, GhcbRdx); > + } > + > Status = VmgExit (Ghcb, SVM_EXIT_VMMCALL, 0, 0); > if (Status != 0) { > return Status; >