On September 15, 2021 3:53 AM, Brijesh Singh wrote:
>
> Hi Vishal,
>
> On 9/14/21 2:00 PM, Vishal Annapurve wrote:
> > Hi Min, Brijesh,
> >
> > Regarding:
> >> diff --git a/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> >> b/OvmfPkg/ResetVector/Ia16/ResetVectorVtf0.asm
> >> ...
> >> +%ifdef ARCH_IA32
> >> nop
> >> nop
> >> jmp EarlyBspInitReal16
> >>
> >>+%else
> >>+
> >>+ smsw ax
> >
> > We are having intermittent VM crashes with running this code in
> > AMD-SEV enabled VMs. As per the AMD64 manual
> >
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
> > .amd.com%2Fsystem%2Ffiles%2FTechDocs%2F24593.pdf&data=04%7C01%
> 7Cbrijes
> >
> h.singh%40amd.com%7C652023e953924957972a08d977b2031a%7C3dd896
> 1fe4884e6
> >
> 08e11a82d994e183d%7C0%7C0%7C637672430875783281%7CUnknown%7C
> TWFpbGZsb3d
> >
> 8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3
> D%7C3000&sdata=VFiIbcV6H4xx5XZd%2F0OZjerSfJwLfUjK7mPU9JHY05E%3D
> &reserved=0> section 15.8.1, executing "smsw" instruction doesn't result in
> bit
> 63 being set in EXITINFO1 and KVM ends up emulating "smsw" instruction by
> trying to read encrypted guest VM memory as per the code
> <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.ke
> rnel.org%2Fpub%2Fscm%2Fvirt%2Fkvm%2Fkvm.git%2Ftree%2Farch%2Fx86%
> 2Fkvm%2Fsvm%2Fsvm.c%23n2495&data=04%7C01%7Cbrijesh.singh%40amd.
> com%7C652023e953924957972a08d977b2031a%7C3dd8961fe4884e608e11
> a82d994e183d%7C0%7C0%7C637672430875783281%7CUnknown%7CTWFp
> bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI
> 6Mn0%3D%7C3000&sdata=jSw7PLfXjhB8utM7Dxx2P%2F5M3fqvO3q3DBaFW
> %2Bu03A8%3D&reserved=0>.
> > Since KVM tries to make sense of different random cipher texts in
> > different boots, it seems to intermittently result in visible issues.
> >
>
> The smsw does not provide decode assist, in those cases KVM reads the
> guest memory and tries to decode. With encrypted guest, the memory
> contains the ciphertext and hypervisor will not be able to decode the
> instruction.
>
> But it brings a question to Min, why we are using the smsw ? why cannot
> use mov CRx. The smsw was meant for very old processors (286 or 8086
> etc) and is used for legacy compatibility. The recommendation is to use
> the mov CRx. The mov CRx will provide the decode assist to HV.
As I mentioned in my last mail, in the beginning I missed the limitation of
smsw.
So I update the code (ResetVectorVtf0.asm) as below using mov CRx.
<1> BITS 16
176 00000800 0F20C0 <1> mov eax, cr0 <-- previously it
was smsw
177 00000803 A801 <1> test al, 1
178 00000805 7405 <1> jz .Real
179 <1> BITS 32
180 00000807 E951FFFFFF <1> jmp Main32
181 <1> BITS 16
182 <1> .Real:
183 0000080C E939FF <1> jmp EarlyBspInitReal16
I test the code in a AMD SEV server and try to launch a SEV guest. This time it
stuck at the *mov eax, cr0*.
I am curious if *mov eax, cr0* works in real mode in a SEV guest?
I also test the code in a legacy vm guest and td guest, all passed.
Did I miss something?
I followed https://github.com/AMDESE/AMDSEV to set up the AMD SEV environment
and successfully launched SEV guest with the OVMF image.
Thanks!
Min
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80844): https://edk2.groups.io/g/devel/message/80844
Mute This Topic: https://groups.io/mt/85597386/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
