From: "Lendacky, Thomas via groups.io" <thomas.lendacky=amd.com@groups.io>
To: <devel@edk2.groups.io>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
Erdem Aktas <erdemaktas@google.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Laszlo Ersek <lersek@redhat.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Michael D Kinney <michael.d.kinney@intel.com>,
Min Xu <min.m.xu@intel.com>,
Zhiguang Liu <zhiguang.liu@intel.com>,
"Rahul Kumar" <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
Michael Roth <michael.roth@amd.com>
Subject: [edk2-devel] [PATCH v3 19/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call
Date: Fri, 08 Mar 2024 07:32:22 -0800 [thread overview]
Message-ID: <fe54b246d1e3159ff8e9e7ee72802696f1e0e40d.1709911792.git.thomas.lendacky@amd.com> (raw)
In-Reply-To: <cover.1709911792.git.thomas.lendacky@amd.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4654
The PVALIDATE instruction can only be performed at VMPL0. An SVSM will
be present when running at VMPL1 or higher.
When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform
memory validation instead of issuing the PVALIDATE instruction directly.
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 183 +++++++++++++++++++-
1 file changed, 182 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
index 861bf9591ae3..fb3fda70e948 100644
--- a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
+++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c
@@ -8,6 +8,7 @@
#include <Base.h>
#include <Uefi.h>
+#include <Library/BaseMemoryLib.h>
#include <Library/AmdSvsmLib.h>
#include <Register/Amd/Msr.h>
#include <Register/Amd/Svsm.h>
@@ -43,6 +44,78 @@ SnpTerminate (
CpuDeadLoop ();
}
+/**
+ Issue an SVSM request.
+
+ Invokes the SVSM to process a request on behalf of the guest.
+
+ @param[in,out] SvsmCallData Pointer to the SVSM call data
+
+ @return Contents of RAX upon return from VMGEXIT
+**/
+STATIC
+UINTN
+SvsmMsrProtocol (
+ IN OUT SVSM_CALL_DATA *SvsmCallData
+ )
+{
+ MSR_SEV_ES_GHCB_REGISTER Msr;
+ UINT64 CurrentMsr;
+ UINT8 Pending;
+ BOOLEAN InterruptState;
+ UINTN Ret;
+
+ do {
+ //
+ // Be sure that an interrupt can't cause a #VC while the GHCB MSR protocol
+ // is being used (#VC handler will ASSERT if lower 12-bits are not zero).
+ //
+ InterruptState = GetInterruptState ();
+ if (InterruptState) {
+ DisableInterrupts ();
+ }
+
+ Pending = 0;
+ SvsmCallData->CallPending = &Pending;
+
+ CurrentMsr = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+ Msr.Uint64 = 0;
+ Msr.SnpVmplRequest.Function = GHCB_INFO_SNP_VMPL_REQUEST;
+ Msr.SnpVmplRequest.Vmpl = 0;
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64);
+
+ //
+ // Guest memory is used for the guest-SVSM communication, so fence the
+ // invocation of the VMGEXIT instruction to ensure VMSA accesses are
+ // synchronized properly.
+ //
+ MemoryFence ();
+ Ret = AsmVmgExitSvsm (SvsmCallData);
+ MemoryFence ();
+
+ Msr.Uint64 = AsmReadMsr64 (MSR_SEV_ES_GHCB);
+
+ AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr);
+
+ if (InterruptState) {
+ EnableInterrupts ();
+ }
+
+ if (Pending != 0) {
+ SnpTerminate ();
+ }
+
+ if ((Msr.SnpVmplResponse.Function != GHCB_INFO_SNP_VMPL_RESPONSE) ||
+ (Msr.SnpVmplResponse.ErrorCode != 0))
+ {
+ SnpTerminate ();
+ }
+ } while (Ret == SVSM_ERR_INCOMPLETE || Ret == SVSM_ERR_BUSY);
+
+ return Ret;
+}
+
/**
Report the presence of an Secure Virtual Services Module (SVSM).
@@ -109,6 +182,114 @@ AmdSvsmSnpGetCaa (
return AmdSvsmIsSvsmPresent () ? SvsmInfo->SvsmCaa : 0;
}
+/**
+ Issue an SVSM request to perform the PVALIDATE instruction.
+
+ Invokes the SVSM to process the PVALIDATE instruction on behalf of the
+ guest to validate or invalidate the memory range specified.
+
+ @param[in] Info Pointer to a page state change structure
+
+**/
+STATIC
+VOID
+SvsmPvalidate (
+ IN SNP_PAGE_STATE_CHANGE_INFO *Info
+ )
+{
+ SVSM_CALL_DATA SvsmCallData;
+ SVSM_CAA *Caa;
+ SVSM_PVALIDATE_REQUEST *Request;
+ SVSM_FUNCTION Function;
+ BOOLEAN Validate;
+ UINTN Entry;
+ UINTN EntryLimit;
+ UINTN Index;
+ UINTN EndIndex;
+ UINT64 Gfn;
+ UINT64 GfnEnd;
+ UINTN Ret;
+
+ Caa = (SVSM_CAA *)AmdSvsmSnpGetCaa ();
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+
+ Function.Id.Protocol = 0;
+ Function.Id.CallId = 1;
+
+ Request = (SVSM_PVALIDATE_REQUEST *)Caa->SvsmBuffer;
+ EntryLimit = ((sizeof (Caa->SvsmBuffer) - sizeof (*Request)) /
+ sizeof (Request->Entry[0])) - 1;
+
+ SvsmCallData.Caa = Caa;
+ SvsmCallData.RaxIn = Function.Uint64;
+ SvsmCallData.RcxIn = (UINT64)(UINTN)Request;
+
+ Entry = 0;
+ Index = Info->Header.CurrentEntry;
+ EndIndex = Info->Header.EndEntry;
+
+ while (Index <= EndIndex) {
+ Validate = Info->Entry[Index].Operation == SNP_PAGE_STATE_PRIVATE;
+
+ Request->Header.Entries++;
+ Request->Entry[Entry].Bits.PageSize = Info->Entry[Index].PageSize;
+ Request->Entry[Entry].Bits.Action = (Validate == TRUE) ? 1 : 0;
+ Request->Entry[Entry].Bits.IgnoreCf = 0;
+ Request->Entry[Entry].Bits.Address = Info->Entry[Index].GuestFrameNumber;
+
+ Entry++;
+ if ((Entry > EntryLimit) || (Index == EndIndex)) {
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+ if ((Ret == SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH) &&
+ (Request->Entry[Request->Header.Next].Bits.PageSize != 0))
+ {
+ // Calculate the Index of the entry after the entry that failed
+ // before clearing the buffer so that processing can continue
+ // from that point
+ Index = Index - (Entry - Request->Header.Next) + 2;
+
+ // Obtain the failing GFN before clearing the buffer
+ Gfn = Request->Entry[Request->Header.Next].Bits.Address;
+
+ // Clear the buffer in prep for creating all new entries
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+ Entry = 0;
+
+ GfnEnd = Gfn + PAGES_PER_2MB_ENTRY - 1;
+ for ( ; Gfn <= GfnEnd; Gfn++) {
+ Request->Header.Entries++;
+ Request->Entry[Entry].Bits.PageSize = 0;
+ Request->Entry[Entry].Bits.Action = (Validate == TRUE) ? 1 : 0;
+ Request->Entry[Entry].Bits.IgnoreCf = 0;
+ Request->Entry[Entry].Bits.Address = Gfn;
+
+ Entry++;
+ if ((Entry > EntryLimit) || (Gfn == GfnEnd)) {
+ Ret = SvsmMsrProtocol (&SvsmCallData);
+ if (Ret != 0) {
+ SnpTerminate ();
+ }
+
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+ Entry = 0;
+ }
+ }
+
+ continue;
+ }
+
+ if (Ret != 0) {
+ SnpTerminate ();
+ }
+
+ ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer));
+ Entry = 0;
+ }
+
+ Index++;
+ }
+}
+
/**
Perform a native PVALIDATE operation for the page ranges specified.
@@ -193,7 +374,7 @@ AmdSvsmSnpPvalidate (
IN SNP_PAGE_STATE_CHANGE_INFO *Info
)
{
- BasePvalidate (Info);
+ AmdSvsmIsSvsmPresent () ? SvsmPvalidate (Info) : BasePvalidate (Info);
}
/**
--
2.43.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116544): https://edk2.groups.io/g/devel/message/116544
Mute This Topic: https://groups.io/mt/104810732/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-03-08 15:32 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-08 15:30 [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 01/24] OvmfPkg/BaseMemEncryptLib: Fix error check from AsmRmpAdjust() Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 02/24] MdePkg: GHCB APIC ID retrieval support definitions Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 03/24] UefiCpuPkg/MpInitLib: Always use AP Create if GhcbApicIds HOB is present Lendacky, Thomas via groups.io
2024-04-03 7:07 ` Ni, Ray
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 04/24] OvmfPkg/PlatformPei: Retrieve APIC IDs from the hypervisor Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 05/24] OvmfPkg/BaseMemEncryptSevLib: Fix uncrustify errors Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 06/24] OvmfPkg/BaseMemEncryptSevLib: Calculate memory size for Page State Change Lendacky, Thomas via groups.io
2024-03-08 15:30 ` [edk2-devel] [PATCH v3 07/24] MdePkg: Avoid hardcoded value for number of Page State Change entries Lendacky, Thomas via groups.io
2024-03-14 10:42 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 09/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 08/24] OvmfPkg/BaseMemEncryptSevLib: Re-organize page state change support Lendacky, Thomas via groups.io
2024-03-14 10:43 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 10/24] MdePkg/Register/Amd: Define the SVSM related information Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 11/24] MdePkg/BaseLib: Add a new VMGEXIT instruction invocation for SVSM Lendacky, Thomas via groups.io
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 12/24] UefiCpuPkg/AmdSvsmLib: Create the AmdSvsmLib library to support an SVSM Lendacky, Thomas via groups.io
2024-04-03 7:06 ` Ni, Ray
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 13/24] UefiPayloadPkg: Prepare UefiPayloadPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
2024-04-12 18:43 ` Guo Dong
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 15/24] Ovmfpkg/AmdSvsmLib: Create AmdSvsmLib to handle SVSM related services Lendacky, Thomas via groups.io
2024-03-14 10:39 ` Gerd Hoffmann
2024-03-08 15:31 ` [edk2-devel] [PATCH v3 14/24] Ovmfpkg: Prepare OvmfPkg to use the AmdSvsmLib library Lendacky, Thomas via groups.io
2024-03-14 9:34 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 16/24] UefiCpuPkg/MpInitLib: Use AmdSvsmSnpVmsaRmpAdjust() to set/clear VMSA Lendacky, Thomas via groups.io
2024-04-03 7:05 ` Ni, Ray
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 17/24] OvmfPkg/BaseMemEncryptSevLib: Use AmdSvsmSnpPvalidate() to validate pages Lendacky, Thomas via groups.io
2024-03-14 10:40 ` Gerd Hoffmann
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 18/24] OvmfPkg: Create a calling area used to communicate with the SVSM Lendacky, Thomas via groups.io
2024-03-08 15:32 ` Lendacky, Thomas via groups.io [this message]
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 20/24] OvmfPkg/BaseMemEncryptSevLib: Maximize Page State Change efficiency Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 21/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM create/delete vCPU calls Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 22/24] UefiCpuPkg/MpInitLib: AP creation support under an SVSM Lendacky, Thomas via groups.io
2024-03-08 15:32 ` [edk2-devel] [PATCH v3 23/24] Ovmfpkg/CcExitLib: Provide SVSM discovery support Lendacky, Thomas via groups.io
2024-03-08 15:33 ` [edk2-devel] [PATCH v3 24/24] OvmfPkg/BaseMemEncryptLib: Check for presence of an SVSM when not at VMPL0 Lendacky, Thomas via groups.io
2024-03-26 18:34 ` [edk2-devel] [PATCH v3 00/24] Provide SEV-SNP support for running under an SVSM Lendacky, Thomas via groups.io
2024-04-02 18:16 ` Lendacky, Thomas via groups.io
2024-04-03 7:09 ` Ni, Ray
2024-04-03 15:03 ` Lendacky, Thomas via groups.io
[not found] ` <17C28950368F582E.9676@groups.io>
2024-04-12 14:02 ` Lendacky, Thomas via groups.io
2024-04-12 15:05 ` Ard Biesheuvel
2024-04-12 15:14 ` Lendacky, Thomas via groups.io
2024-04-16 8:41 ` Ard Biesheuvel
2024-04-15 15:01 ` [edk2-devel] [PATCH 0/2] Update DSC files to include AmdSvsmLib library Lendacky, Thomas via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 1/2] Platform/AMD: Add AmdSvsmLib to required DSC files Lendacky, Thomas via groups.io
2024-04-18 0:59 ` Chang, Abner via groups.io
2024-04-18 1:53 ` Xing, Eric via groups.io
[not found] ` <DS0PR12MB9445C820230BA65D290D6451F60E2@DS0PR12MB9445.namprd12.prod.outlook.com>
[not found] ` <fc020d25-6afa-8dcb-0b19-397b075be4e6@amd.com>
2024-04-19 7:05 ` Zhai, MingXin (Duke) via groups.io
2024-04-19 8:10 ` Xing, Eric via groups.io
2024-04-19 8:26 ` Ard Biesheuvel
2024-04-19 9:06 ` Xing, Eric via groups.io
2024-04-19 9:25 ` Ard Biesheuvel
2024-04-19 11:32 ` Xing, Eric via groups.io
2024-04-19 13:00 ` Chang, Abner via groups.io
2024-04-19 14:11 ` Ard Biesheuvel
2024-04-21 15:16 ` Xing, Eric via groups.io
2024-04-15 15:01 ` [edk2-devel] [PATCH 2/2] Platform/Intel: " Lendacky, Thomas via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fe54b246d1e3159ff8e9e7ee72802696f1e0e40d.1709911792.git.thomas.lendacky@amd.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox