From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+116250+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 1C6C5D80D5A
	for <rebecca@openfw.io>; Fri,  1 Mar 2024 13:01:05 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=9L9Fzl2l2WTcPVLvBpxrUW7WRma0JiusMJ8sgq2X9qE=;
 c=relaxed/simple; d=groups.io;
 h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1709298064; v=1;
 b=ataORv35tfe9DyR/iZrWDuFl3i6z5EYHgok7bTAwb1OVLrQ2BJB9u9DG3DNeVmvThz8CNXr8
 2HemqKnN3oPHPZKPeKTgcX8sS2YAHzRJNfQHhyiTOkwIAxxzBMYEPLAiaTDagutpHaFGVLivQat
 1Vvq2CU2w6tz7tTUJdLhLLCE=
X-Received: by 127.0.0.2 with SMTP id ufNXYY7687511xWSbOHXq4aF; Fri, 01 Mar 2024 05:01:04 -0800
X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by mx.groups.io with SMTP id smtpd.web10.21966.1709298064071096434
 for <devel@edk2.groups.io>;
 Fri, 01 Mar 2024 05:01:04 -0800
X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-475-x7FhgBqkMc2-PsLM550lnQ-1; Fri, 01 Mar 2024 08:00:59 -0500
X-MC-Unique: x7FhgBqkMc2-PsLM550lnQ-1
X-Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 72E0585A599;
	Fri,  1 Mar 2024 13:00:58 +0000 (UTC)
X-Received: from [10.39.194.215] (unknown [10.39.194.215])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9E1C34D905;
	Fri,  1 Mar 2024 13:00:56 +0000 (UTC)
Message-ID: <f93350aa-34e7-2a65-d05a-d746c452d85d@redhat.com>
Date: Fri, 1 Mar 2024 14:00:55 +0100
MIME-Version: 1.0
Subject: Re: [edk2-devel] [PATCH v2 09/10] OvmfPkg/ResetVector: leave SEV VC handler installed longer
To: devel@edk2.groups.io, kraxel@redhat.com
Cc: Jiewen Yao <jiewen.yao@intel.com>, Oliver Steffen <osteffen@redhat.com>,
 Michael Roth <michael.roth@amd.com>, Erdem Aktas <erdemaktas@google.com>,
 Min Xu <min.m.xu@intel.com>, Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Tom Lendacky <thomas.lendacky@amd.com>
References: <20240301074402.98625-1-kraxel@redhat.com>
 <20240301074402.98625-10-kraxel@redhat.com>
From: "Laszlo Ersek" <lersek@redhat.com>
In-Reply-To: <20240301074402.98625-10-kraxel@redhat.com>
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,lersek@redhat.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: rQlRS1gkcFyhDasoqGcfemzwx7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=ataORv35;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none)

On 3/1/24 08:44, Gerd Hoffmann wrote:
> When running in SEV mode keep the VC handler installed.
> Add a function to uninstall it later.
>=20
> This allows using the cpuid instruction in SetCr3ForPageTables64,
> which is needed to check for la57 & 1G page support.
>=20
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 12 ++++++++++--
>  OvmfPkg/ResetVector/Ia32/PageTables64.asm |  1 +
>  OvmfPkg/ResetVector/Main.asm              |  4 ++++
>  3 files changed, 15 insertions(+), 2 deletions(-)
>=20
> diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm b/OvmfPkg/ResetVector/Ia=
32/AmdSev.asm
> index 23e4c5ebbe92..cbb86871636f 100644
> --- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> +++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
> @@ -320,9 +320,9 @@ NoSevEsVcHlt:
>  NoSevPass:
>      xor       eax, eax
> =20
> -SevExit:
>      ;
> -    ; Clear exception handlers and stack
> +    ; When NOT running in SEV mode: clear exception handlers and stack h=
ere.
> +    ; Otherwise: SevClearVcHandlerAndStack must be called later.
>      ;
>      push      eax
>      mov       eax, ADDR_OF(IdtrClear)
> @@ -330,8 +330,16 @@ SevExit:
>      pop       eax
>      mov       esp, 0
> =20
> +SevExit:
>      OneTimeCallRet CheckSevFeatures
> =20
> +SevClearVcHandlerAndStack:
> +    ; Clear exception handlers and stack
> +    mov       eax, ADDR_OF(IdtrClear)
> +    lidt      [cs:eax]
> +    mov       esp, 0
> +    OneTimeCallRet SevClearVcHandlerAndStack
> +
>  ; Start of #VC exception handling routines
>  ;
> =20
> diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVec=
tor/Ia32/PageTables64.asm
> index b922c845f297..29ce155eed8d 100644
> --- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> +++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
> @@ -254,6 +254,7 @@ SevInit:
>      CreatePageTables4Level edx
>      ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
>      OneTimeCall   SevClearPageEncMaskForGhcbPage
> +    OneTimeCall   SevClearVcHandlerAndStack
>      jmp SetCr3
> =20
>  TdxBspInit:
> diff --git a/OvmfPkg/ResetVector/Main.asm b/OvmfPkg/ResetVector/Main.asm
> index 46cfa87c4c0a..88b25db3bc9e 100644
> --- a/OvmfPkg/ResetVector/Main.asm
> +++ b/OvmfPkg/ResetVector/Main.asm
> @@ -80,7 +80,11 @@ SearchBfv:
>      ; Set the OVMF/SEV work area as appropriate.
>      ;
>      OneTimeCall CheckSevFeatures
> +    cmp         byte[WORK_AREA_GUEST_TYPE], 1
> +    jnz         NoSevIa32
> +    OneTimeCall SevClearVcHandlerAndStack
> =20
> +NoSevIa32:
>      ;
>      ; Restore initial EAX value into the EAX register
>      ;

Did you miss Tom's review under v1?

https://edk2.groups.io/g/devel/message/116176

The patch is identical to its v1 counterpart, which should not be a
problem in itself (Tom mentioned a small, *optional*, simplification,
IIUC); however, I don't understand why you didn't pick up Tom's R-b.

I'm ready to merge this (adding Tom's R-b, if you, Gerd, confirm that
that's what you want).

Having deferred to Tom's judgement on this:

Acked-by: Laszlo Ersek <lersek@redhat.com>



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116250): https://edk2.groups.io/g/devel/message/116250
Mute This Topic: https://groups.io/mt/104660115/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-