From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 632CBAC182D for ; Fri, 8 Mar 2024 15:32:24 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=gFp5Y7qMYlvqwfeguEgP6XLpV1txe243n4bQMRuSWI4=; c=relaxed/simple; d=groups.io; h=Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type; s=20240206; t=1709911942; v=1; b=ppbn3DdJtV174+/ophqr2+pt5SXBlcjyEzK1Id2OVHJFHhyeavST+7ZUtaqEGhgrvNM1pWO1 Kzz6H+4K+x9/2sNLae1pdMHsudiH4uN+96LmhY5GBEQuv2rC+UFq/Jio6FLqU52+G3YX9zAeotg PIIHeP5jpQUtjSvj7R2fSYJcXbORn7NKW9L4LiSpaYGwRzoRVqmx7ygWia8ESaUAPmkj/AvBWlk 5gPC7ZIwwMm6GiLiMtRPPXKxRZN6jgNYGHwTysyW7fyEMBiODSj+iGimY5ocEvMx8YrS90DHX+e GG4lkaTETQYIZ6VAgnfaJpMXe//SoFQntzsMb9HPJwBEA== X-Received: by 127.0.0.2 with SMTP id tAwEYY7687511xEI3qjiPn2l; Fri, 08 Mar 2024 07:32:22 -0800 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (NAM10-DM6-obe.outbound.protection.outlook.com [40.107.93.48]) by mx.groups.io with SMTP id smtpd.web10.24827.1709911942297107119 for ; Fri, 08 Mar 2024 07:32:22 -0800 X-Received: from DM6PR07CA0075.namprd07.prod.outlook.com (2603:10b6:5:337::8) by PH8PR12MB6843.namprd12.prod.outlook.com (2603:10b6:510:1ca::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.28; Fri, 8 Mar 2024 15:32:20 +0000 X-Received: from CY4PEPF0000E9D8.namprd05.prod.outlook.com (2603:10b6:5:337:cafe::4e) by DM6PR07CA0075.outlook.office365.com (2603:10b6:5:337::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.29 via Frontend Transport; Fri, 8 Mar 2024 15:32:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C X-Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000E9D8.mail.protection.outlook.com (10.167.241.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7362.11 via Frontend Transport; Fri, 8 Mar 2024 15:32:19 +0000 X-Received: from tlendack-t1.amdoffice.net (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 8 Mar 2024 09:32:18 -0600 From: "Lendacky, Thomas via groups.io" To: CC: Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Laszlo Ersek , Liming Gao , Michael D Kinney , Min Xu , Zhiguang Liu , "Rahul Kumar" , Ray Ni , Michael Roth Subject: [edk2-devel] [PATCH v3 19/24] OvmfPkg/AmdSvsmLib: Add support for the SVSM_CORE_PVALIDATE call Date: Fri, 08 Mar 2024 07:32:22 -0800 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D8:EE_|PH8PR12MB6843:EE_ X-MS-Office365-Filtering-Correlation-Id: abc13534-7036-428f-27c0-08dc3f84f150 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: h2w93hhXV8XL8r06xxesuvHzJT5yW7GIgt+AMoxJX0qn/AojPJVIluO7tqHkJ/pq3E472Sl6Cofa7jWhFracGJL5mRTz5KxfN+gsjI/951gV51O8Y6g0YGFPz2d8KC5VxQe0jHm6p2AhGPjJ5zIn5p6xdUnkXI8ID3oc2qrd4xut8nDLByNqm9tkDDsRQLUvCPPAGpMeGdU6ma/paD5El0KJzQx/EYkO6pP0xnA97Vhb3Yv/65g+63NMsgREJc9qCJ9ZM8P5b23eBfIvFQ8fXRIxFv6rU1XVoG3HeE/Lso8OHt7dHOlRRyGL/0/wL25n5fINzxIqHsAukpv8SFwr+BT85iWmUXsbR40iA9H2KfT/wNoq0QHPtE5dMabPYfV5qrs2b60H7VZbe0cDPtuwYaGkSHSPoMQJsI+xQHC3Nm3+ckPahPPw/MJoC6QIuym3TJxrbn3VOijpEfUnIKSYUuXs7QctfHiIEWl1fZ8UoP3SKNuo6DkAon/cFqfg7ryvScRJ7D15NYYZXsJf5PvKB7QTI0e5dzmB8swf7mnj+eZLP4PAZ2iwmbDOkIF6UCToJWEZG5uMXe1fFJyh5y2t9Q9oZJdDJntBTRBrXvzAdHIcsDciKdwPoki/4437MMgR0UA6kAmJI1nDmuVn9acVV0ifSHlif6t5HYDNxJkFbeFPlmZ2xiUXSwCiSm88Vfroo8kFF/UtMH6/oGth1rAcWg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2024 15:32:19.5625 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: abc13534-7036-428f-27c0-08dc3f84f150 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D8.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6843 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: uF0pzPvVwkN3heMRXTIxiXPvx7686176AA= Content-Transfer-Encoding: quoted-printable Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=ppbn3DdJ; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4654 The PVALIDATE instruction can only be performed at VMPL0. An SVSM will be present when running at VMPL1 or higher. When an SVSM is present, use the SVSM_CORE_PVALIDATE call to perform memory validation instead of issuing the PVALIDATE instruction directly. Cc: Ard Biesheuvel Cc: Gerd Hoffmann Cc: Jiewen Yao Cc: Laszlo Ersek Acked-by: Gerd Hoffmann Signed-off-by: Tom Lendacky --- OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c | 183 +++++++++++++++++++- 1 file changed, 182 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c b/OvmfPkg/Library/AmdS= vsmLib/AmdSvsmLib.c index 861bf9591ae3..fb3fda70e948 100644 --- a/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c +++ b/OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.c @@ -8,6 +8,7 @@ =20 #include #include +#include #include #include #include @@ -43,6 +44,78 @@ SnpTerminate ( CpuDeadLoop (); } =20 +/** + Issue an SVSM request. + + Invokes the SVSM to process a request on behalf of the guest. + + @param[in,out] SvsmCallData Pointer to the SVSM call data + + @return Contents of RAX upon return from VMGEXIT +**/ +STATIC +UINTN +SvsmMsrProtocol ( + IN OUT SVSM_CALL_DATA *SvsmCallData + ) +{ + MSR_SEV_ES_GHCB_REGISTER Msr; + UINT64 CurrentMsr; + UINT8 Pending; + BOOLEAN InterruptState; + UINTN Ret; + + do { + // + // Be sure that an interrupt can't cause a #VC while the GHCB MSR prot= ocol + // is being used (#VC handler will ASSERT if lower 12-bits are not zer= o). + // + InterruptState =3D GetInterruptState (); + if (InterruptState) { + DisableInterrupts (); + } + + Pending =3D 0; + SvsmCallData->CallPending =3D &Pending; + + CurrentMsr =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + Msr.Uint64 =3D 0; + Msr.SnpVmplRequest.Function =3D GHCB_INFO_SNP_VMPL_REQUEST; + Msr.SnpVmplRequest.Vmpl =3D 0; + AsmWriteMsr64 (MSR_SEV_ES_GHCB, Msr.Uint64); + + // + // Guest memory is used for the guest-SVSM communication, so fence the + // invocation of the VMGEXIT instruction to ensure VMSA accesses are + // synchronized properly. + // + MemoryFence (); + Ret =3D AsmVmgExitSvsm (SvsmCallData); + MemoryFence (); + + Msr.Uint64 =3D AsmReadMsr64 (MSR_SEV_ES_GHCB); + + AsmWriteMsr64 (MSR_SEV_ES_GHCB, CurrentMsr); + + if (InterruptState) { + EnableInterrupts (); + } + + if (Pending !=3D 0) { + SnpTerminate (); + } + + if ((Msr.SnpVmplResponse.Function !=3D GHCB_INFO_SNP_VMPL_RESPONSE) || + (Msr.SnpVmplResponse.ErrorCode !=3D 0)) + { + SnpTerminate (); + } + } while (Ret =3D=3D SVSM_ERR_INCOMPLETE || Ret =3D=3D SVSM_ERR_BUSY); + + return Ret; +} + /** Report the presence of an Secure Virtual Services Module (SVSM). =20 @@ -109,6 +182,114 @@ AmdSvsmSnpGetCaa ( return AmdSvsmIsSvsmPresent () ? SvsmInfo->SvsmCaa : 0; } =20 +/** + Issue an SVSM request to perform the PVALIDATE instruction. + + Invokes the SVSM to process the PVALIDATE instruction on behalf of the + guest to validate or invalidate the memory range specified. + + @param[in] Info Pointer to a page state change structure + +**/ +STATIC +VOID +SvsmPvalidate ( + IN SNP_PAGE_STATE_CHANGE_INFO *Info + ) +{ + SVSM_CALL_DATA SvsmCallData; + SVSM_CAA *Caa; + SVSM_PVALIDATE_REQUEST *Request; + SVSM_FUNCTION Function; + BOOLEAN Validate; + UINTN Entry; + UINTN EntryLimit; + UINTN Index; + UINTN EndIndex; + UINT64 Gfn; + UINT64 GfnEnd; + UINTN Ret; + + Caa =3D (SVSM_CAA *)AmdSvsmSnpGetCaa (); + ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer)); + + Function.Id.Protocol =3D 0; + Function.Id.CallId =3D 1; + + Request =3D (SVSM_PVALIDATE_REQUEST *)Caa->SvsmBuffer; + EntryLimit =3D ((sizeof (Caa->SvsmBuffer) - sizeof (*Request)) / + sizeof (Request->Entry[0])) - 1; + + SvsmCallData.Caa =3D Caa; + SvsmCallData.RaxIn =3D Function.Uint64; + SvsmCallData.RcxIn =3D (UINT64)(UINTN)Request; + + Entry =3D 0; + Index =3D Info->Header.CurrentEntry; + EndIndex =3D Info->Header.EndEntry; + + while (Index <=3D EndIndex) { + Validate =3D Info->Entry[Index].Operation =3D=3D SNP_PAGE_STATE_PRIVAT= E; + + Request->Header.Entries++; + Request->Entry[Entry].Bits.PageSize =3D Info->Entry[Index].PageSize; + Request->Entry[Entry].Bits.Action =3D (Validate =3D=3D TRUE) ? 1 : 0= ; + Request->Entry[Entry].Bits.IgnoreCf =3D 0; + Request->Entry[Entry].Bits.Address =3D Info->Entry[Index].GuestFrameN= umber; + + Entry++; + if ((Entry > EntryLimit) || (Index =3D=3D EndIndex)) { + Ret =3D SvsmMsrProtocol (&SvsmCallData); + if ((Ret =3D=3D SVSM_ERR_PVALIDATE_FAIL_SIZE_MISMATCH) && + (Request->Entry[Request->Header.Next].Bits.PageSize !=3D 0)) + { + // Calculate the Index of the entry after the entry that failed + // before clearing the buffer so that processing can continue + // from that point + Index =3D Index - (Entry - Request->Header.Next) + 2; + + // Obtain the failing GFN before clearing the buffer + Gfn =3D Request->Entry[Request->Header.Next].Bits.Address; + + // Clear the buffer in prep for creating all new entries + ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer)); + Entry =3D 0; + + GfnEnd =3D Gfn + PAGES_PER_2MB_ENTRY - 1; + for ( ; Gfn <=3D GfnEnd; Gfn++) { + Request->Header.Entries++; + Request->Entry[Entry].Bits.PageSize =3D 0; + Request->Entry[Entry].Bits.Action =3D (Validate =3D=3D TRUE) ?= 1 : 0; + Request->Entry[Entry].Bits.IgnoreCf =3D 0; + Request->Entry[Entry].Bits.Address =3D Gfn; + + Entry++; + if ((Entry > EntryLimit) || (Gfn =3D=3D GfnEnd)) { + Ret =3D SvsmMsrProtocol (&SvsmCallData); + if (Ret !=3D 0) { + SnpTerminate (); + } + + ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer)); + Entry =3D 0; + } + } + + continue; + } + + if (Ret !=3D 0) { + SnpTerminate (); + } + + ZeroMem (Caa->SvsmBuffer, sizeof (Caa->SvsmBuffer)); + Entry =3D 0; + } + + Index++; + } +} + /** Perform a native PVALIDATE operation for the page ranges specified. =20 @@ -193,7 +374,7 @@ AmdSvsmSnpPvalidate ( IN SNP_PAGE_STATE_CHANGE_INFO *Info ) { - BasePvalidate (Info); + AmdSvsmIsSvsmPresent () ? SvsmPvalidate (Info) : BasePvalidate (Info); } =20 /** --=20 2.43.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116544): https://edk2.groups.io/g/devel/message/116544 Mute This Topic: https://groups.io/mt/104810732/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-