tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-08-18 16:18:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
audk/OvmfPkg/TdxDxe/X64/ApRunLoop.nasm
Ceping Sun c1eb477e06 OvmfPkg/TdxDxe: Clear GPR Mask for RBX 
Refer to intel-tdx-module-api spec section 5.5.21, GPR mask
(TDVMCALL_EXPOSE_REGS_MASK) is a bitmap that controls which
part of the guest TD GPR and XMM state is passed as-is to
the VMM and back.
- A bit value of 0 indicates that the corresponding register
   is saved by the Intel TDX module and not passed as-is to
   Host VMM.
- A bit value of 1 indicates that the corresponding register
   is passed as-is to the host VMM.

Currently, RBX is used as the mailbox address in ApRunLoop.nasm,
the corresponding bit value of RBX in MASK(Bit 3) is set as 1 which
means the value is passed to Host VMM as-is and it can be changed by
Host VMM.

So the bitmask shall be set as 0 to avoid this situation.

Reference:
[TDX-API]: intel-tdx-module-abi-spec
https://cdrdv2.intel.com/v1/dl/getContent/733579

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Hunter Adrian <adrian.hunter@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
2024-12-13 13:29:27 +00:00

114 lines
3.1 KiB
NASM
Raw Permalink Blame History

;------------------------------------------------------------------------------ ;
; Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
; SPDX-License-Identifier: BSD-2-Clause-Patent
;
; Module Name:
;
; ApRunLoop.nasm
;
; Abstract:
;
; This is the assembly code for run loop for APs in the guest TD
;
;-------------------------------------------------------------------------------
%include "TdxCommondefs.inc"
DEFAULT REL
SECTION .text
BITS 64
%define TDVMCALL_EXPOSE_REGS_MASK 0xffc4
%define TDVMCALL 0x0
%define EXIT_REASON_CPUID 0xa
%macro tdcall 0
db 0x66, 0x0f, 0x01, 0xcc
%endmacro
%macro tdcall_regs_preamble 2
mov rax, %1
xor rcx, rcx
mov ecx, %2
; R10 = 0 (standard TDVMCALL)
xor r10d, r10d
; Zero out unused (for standard TDVMCALL) registers to avoid leaking
; secrets to the VMM.
xor esi, esi
xor edi, edi
xor edx, edx
xor ebp, ebp
xor r8d, r8d
xor r9d, r9d
xor r14, r14
xor r15, r15
%endmacro
;
; Relocated Ap Mailbox loop
;
; @param[in] RBX: Relocated mailbox address
; @param[in] RBP: vCpuId
;
; @return None This routine does not return
;
global ASM_PFX(AsmRelocateApMailBoxLoop)
ASM_PFX(AsmRelocateApMailBoxLoop):
AsmRelocateApMailBoxLoopStart:
mov r11, EXIT_REASON_CPUID
mov r12, 0xb
tdcall_regs_preamble TDVMCALL, TDVMCALL_EXPOSE_REGS_MASK
tdcall
test r10, r10
jnz Panic
mov r8, r15
MailBoxLoop:
; Spin until command set
cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandNoop
je MailBoxLoop
; Determine if this is a broadcast or directly for my apic-id, if not, ignore
cmp dword [rbx + ApicidOffset], MailboxApicidBroadcast
je MailBoxProcessCommand
cmp dword [rbx + ApicidOffset], r8d
jne MailBoxLoop
MailBoxProcessCommand:
cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandWakeup
je MailBoxWakeUp
cmp dword [rbx + CommandOffset], MpProtectedModeWakeupCommandSleep
je MailBoxSleep
; Don't support this command, so ignore
jmp MailBoxLoop
MailBoxWakeUp:
mov rax, [rbx + WakeupVectorOffset]
; OS sends a wakeup command for a given APIC ID, firmware is supposed to reset
; the command field back to zero as acknowledgement.
mov qword [rbx + CommandOffset], 0
jmp rax
MailBoxSleep:
jmp $
Panic:
ud2
BITS 64
AsmRelocateApMailBoxLoopEnd:
;-------------------------------------------------------------------------------------
; AsmGetRelocationMap (&RelocationMap);
;-------------------------------------------------------------------------------------
global ASM_PFX(AsmGetRelocationMap)
ASM_PFX(AsmGetRelocationMap):
lea rax, [AsmRelocateApMailBoxLoopStart]
mov qword [rcx], rax
mov qword [rcx + 8h], AsmRelocateApMailBoxLoopEnd - AsmRelocateApMailBoxLoopStart
ret
Reference in New Issue View Git Blame Copy Permalink