On 05/19/20 23:50, Lendacky, Thomas wrote:
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
>
> Under SEV-ES, a MSR_PROT intercept generates a #VC exception. VMGEXIT must
> be used to allow the hypervisor to handle this intercept.
>
> Add support to construct the required GHCB values to support an MSR_PROT
> NAE event. Parse the instruction that generated the #VC exception to
> determine whether it is RDMSR or WRMSR, setting the required register
> register values in the GHCB and creating the proper SW_EXIT_INFO1 value in
> the GHCB.
>
> Cc: Jordan Justen <jordan.l.jus...@intel.com>
> Cc: Laszlo Ersek <ler...@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheu...@arm.com>
> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
> ---
> .../Library/VmgExitLib/X64/VmgExitVcHandler.c | 63 +++++++++++++++++++
> 1 file changed, 63 insertions(+)
>
> diff --git a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c
> b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c
> index 2f62795edf61..1c6b472a47c4 100644
> --- a/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c
> +++ b/OvmfPkg/Library/VmgExitLib/X64/VmgExitVcHandler.c
> @@ -411,6 +411,65 @@ UnsupportedExit (
> return Status;
> }
>
> +/**
> + Handle an MSR event.
> +
> + Use the VMGEXIT instruction to handle either a RDMSR or WRMSR event.
> +
> + @param[in, out] Ghcb Pointer to the Guest-Hypervisor
> Communication
> + Block
> + @param[in, out] Regs x64 processor context
> + @param[in] InstructionData Instruction parsing context
> +
> + @retval 0 Event handled successfully
> + @retval Others New exception value to propagate
> +
> +**/
> +STATIC
> +UINT64
> +MsrExit (
> + IN OUT GHCB *Ghcb,
> + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs,
> + IN SEV_ES_INSTRUCTION_DATA *InstructionData
> + )
> +{
> + UINT64 ExitInfo1, Status;
> +
> + ExitInfo1 = 0;
> +
> + switch (*(InstructionData->OpCodes + 1)) {
> + case 0x30: // WRMSR
This comment looks great!
> + ExitInfo1 = 1;
> + Ghcb->SaveArea.Rax = Regs->Rax;
> + GhcbSetRegValid (Ghcb, GhcbRax);
> + Ghcb->SaveArea.Rdx = Regs->Rdx;
> + GhcbSetRegValid (Ghcb, GhcbRdx);
> + /* Fallthrough */
(1) This comment is very appreciated (I vaguely remember that the coding
style actually requires it), but we're supposed to put it like this:
//
// fall through
//
(See: "git grep -B1 -A1 -i 'fall through'".)
> + case 0x32: // RDMSR
> + Ghcb->SaveArea.Rcx = Regs->Rcx;
> + GhcbSetRegValid (Ghcb, GhcbRcx);
> + break;
> + default:
> + return UnsupportedExit (Ghcb, Regs, InstructionData);
> + }
> +
> + Status = VmgExit (Ghcb, SVM_EXIT_MSR, ExitInfo1, 0);
> + if (Status) {
(2) As usual, please check (Status > 0) or (Status != 0) explicitly.
Acked-by: Laszlo Ersek <ler...@redhat.com>
Thanks
Laszlo
> + return Status;
> + }
> +
> + if (!ExitInfo1) {
> + if (!GhcbIsRegValid (Ghcb, GhcbRax) ||
> + !GhcbIsRegValid (Ghcb, GhcbRdx)) {
> + return UnsupportedExit (Ghcb, Regs, InstructionData);
> + }
> + Regs->Rax = Ghcb->SaveArea.Rax;
> + Regs->Rdx = Ghcb->SaveArea.Rdx;
> + }
> +
> + return 0;
> +}
> +
> #define IOIO_TYPE_STR (1 << 2)
> #define IOIO_TYPE_IN 1
> #define IOIO_TYPE_INS (IOIO_TYPE_IN | IOIO_TYPE_STR)
> @@ -743,6 +802,10 @@ VmgExitHandleVc (
> NaeExit = IoioExit;
> break;
>
> + case SVM_EXIT_MSR:
> + NaeExit = MsrExit;
> + break;
> +
> default:
> NaeExit = UnsupportedExit;
> }
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#60111): https://edk2.groups.io/g/devel/message/60111
Mute This Topic: https://groups.io/mt/74336570/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
