ResetVector: leave SEV VC handler installed longer

Lendacky, Thomas via groups.io Thu, 29 Feb 2024 07:47:54 -0800

On 2/22/24 05:54, Gerd Hoffmann wrote:

When running in SEV mode keep the VC handler installed.
Add a function to uninstall it later.


This allows using the cpuid instruction in SetCr3ForPageTables64,
which is needed to check for la57 & 1G page support.

Signed-off-by: Gerd Hoffmann <kra...@redhat.com>


Looks good, just one minor comment below.

Reviewed-by: Tom Lendacky <thomas.lenda...@amd.com>

---
  OvmfPkg/ResetVector/Ia32/AmdSev.asm       | 12 ++++++++++--
  OvmfPkg/ResetVector/Ia32/PageTables64.asm |  1 +
  OvmfPkg/ResetVector/Main.asm              |  4 ++++
  3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/ResetVector/Ia32/AmdSev.asm 
b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
index ed94f1dc668f..9063ce1080d3 100644
--- a/OvmfPkg/ResetVector/Ia32/AmdSev.asm
+++ b/OvmfPkg/ResetVector/Ia32/AmdSev.asm
@@ -320,9 +320,9 @@ NoSevEsVcHlt:
  NoSevPass:
      xor       eax, eax

-SevExit:

      ;
-    ; Clear exception handlers and stack
+    ; When NOT running in SEV mode: clear exception handlers and stack here.
+    ; Otherwise: SevClearVcHandlerAndStack must be called later.
      ;
      push      eax
      mov       eax, ADDR_OF(IdtrClear)
@@ -330,8 +330,16 @@ SevExit:
      pop       eax
      mov       esp, 0

+SevExit:

      OneTimeCallRet CheckSevFeatures

+SevClearVcHandlerAndStack:

+    ; Clear exception handlers and stack
+    mov       eax, ADDR_OF(IdtrClear)
+    lidt      [cs:eax]
+    mov       esp, 0
+    OneTimeCallRet SevClearVcHandlerAndStack
+
  ; Start of #VC exception handling routines
  ;

diff --git a/OvmfPkg/ResetVector/Ia32/PageTables64.asm b/OvmfPkg/ResetVector/Ia32/PageTables64.asm

index ada3dc0ffbe0..6e2063430802 100644
--- a/OvmfPkg/ResetVector/Ia32/PageTables64.asm
+++ b/OvmfPkg/ResetVector/Ia32/PageTables64.asm
@@ -250,6 +250,7 @@ SevInit:
      CreatePageTables4Level edx
      ; Clear the C-bit from the GHCB page if the SEV-ES is enabled.
      OneTimeCall   SevClearPageEncMaskForGhcbPage
+    OneTimeCall   SevClearVcHandlerAndStack
      jmp SetCr3

TdxBspInit:

diff --git a/OvmfPkg/ResetVector/Main.asm b/OvmfPkg/ResetVector/Main.asm
index 46cfa87c4c0a..88b25db3bc9e 100644
--- a/OvmfPkg/ResetVector/Main.asm
+++ b/OvmfPkg/ResetVector/Main.asm
@@ -80,7 +80,11 @@ SearchBfv:
      ; Set the OVMF/SEV work area as appropriate.
      ;
      OneTimeCall CheckSevFeatures
+    cmp         byte[WORK_AREA_GUEST_TYPE], 1
+    jnz         NoSevIa32
+    OneTimeCall SevClearVcHandlerAndStack

I think it is safe to invoke SevClearVcHandlerAndStack no matter what ifyou want to avoid the cmp and jnz instructions.


Thanks,
Tom

+NoSevIa32:

      ;
      ; Restore initial EAX value into the EAX register
      ;



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116176): https://edk2.groups.io/g/devel/message/116176
Mute This Topic: https://groups.io/mt/104506799/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 09/10] OvmfPkg/ResetVector: leave SEV VC handler installed longer

Reply via email to