diff options
| author | Tom Lendacky <thomas.lendacky@amd.com> | 2021-01-07 12:48:23 -0600 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2021-01-07 19:34:39 +0000 |
| commit | 5667dc43d82396589d2fabd790e7f6a214386969 (patch) | |
| tree | ddf0d66ff4e0d7e5f9a456018fca515c358884e6 /OvmfPkg/Include/Library | |
| parent | c330af0246ac9b1c37d17fc79881fc2dd96ec80c (diff) | |
| download | edk2-5667dc43d82396589d2fabd790e7f6a214386969.tar.gz | |
OvmfPkg/VmgExitLib: Support nested #VCs
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
In order to be able to issue messages or make interface calls that cause
another #VC (e.g. GetLocalApicBaseAddress () issues RDMSR), add support
for nested #VCs.
In order to support nested #VCs, GHCB backup pages are required. If a #VC
is received while currently processing a #VC, a backup of the current GHCB
content is made. This allows the #VC handler to continue processing the
new #VC. Upon completion of the new #VC, the GHCB is restored from the
backup page. The #VC recursion level is tracked in the per-vCPU variable
area.
Support is added to handle up to one nested #VC (or two #VCs total). If
a second nested #VC is encountered, an ASSERT will be issued and the vCPU
will enter CpuDeadLoop ().
For SEC, the GHCB backup pages are reserved in the OvmfPkgX64.fdf memory
layout, with two new fixed PCDs to provide the address and size of the
backup area.
For PEI/DXE, the GHCB backup pages are allocated as boot services pages
using the memory allocation library.
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <ac2e8203fc41a351b43f60d68bdad6b57c4fb106.1610045305.git.thomas.lendacky@amd.com>
Diffstat (limited to 'OvmfPkg/Include/Library')
| -rw-r--r-- | OvmfPkg/Include/Library/MemEncryptSevLib.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/OvmfPkg/Include/Library/MemEncryptSevLib.h b/OvmfPkg/Include/Library/MemEncryptSevLib.h index ec470b8d03..99f15a7d12 100644 --- a/OvmfPkg/Include/Library/MemEncryptSevLib.h +++ b/OvmfPkg/Include/Library/MemEncryptSevLib.h @@ -14,6 +14,29 @@ #include <Base.h>
//
+// Define the maximum number of #VCs allowed (e.g. the level of nesting
+// that is allowed => 2 allows for 1 nested #VCs). I this value is changed,
+// be sure to increase the size of
+// gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
+// in any FDF file using this PCD.
+//
+#define VMGEXIT_MAXIMUM_VC_COUNT 2
+
+//
+// Per-CPU data mapping structure
+// Use UINT32 for cached indicators and compare to a specific value
+// so that the hypervisor can't indicate a value is cached by just
+// writing random data to that area.
+//
+typedef struct {
+ UINT32 Dr7Cached;
+ UINT64 Dr7;
+
+ UINTN VcCount;
+ VOID *GhcbBackupPages;
+} SEV_ES_PER_CPU_DATA;
+
+//
// Internal structure for holding SEV-ES information needed during SEC phase
// and valid only during SEC phase and early PEI during platform
// initialization.
|