tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-08-17 23:58:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
audk/UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.c
Tom Lendacky 1b0db1ec87 UefiCpuPkg, OvmfPkg: Disable interrupts when using the GHCB 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3008

The QemuFlashPtrWrite() flash services runtime uses the GHCB and VmgExit()
directly to perform the flash write when running as an SEV-ES guest. If an
interrupt arrives between VmgInit() and VmgExit(), the Dr7 read in the
interrupt handler will generate a #VC, which can overwrite information in
the GHCB that QemuFlashPtrWrite() has set. This has been seen with the
timer interrupt firing and the CpuExceptionHandlerLib library code,
UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/
  Xcode5ExceptionHandlerAsm.nasm and
  ExceptionHandlerAsm.nasm
reading the Dr7 register while QemuFlashPtrWrite() is using the GHCB. In
general, it is necessary to protect the GHCB whenever it is used, not just
in QemuFlashPtrWrite().

Disable interrupts around the usage of the GHCB by modifying the VmgInit()
and VmgDone() interfaces:
- VmgInit() will take an extra parameter that is a pointer to a BOOLEAN
  that will hold the interrupt state at the time of invocation. VmgInit()
  will get and save this interrupt state before updating the GHCB.
- VmgDone() will take an extra parameter that is used to indicate whether
  interrupts are to be (re)enabled. Before exiting, VmgDone() will enable
  interrupts if that is requested.

Fixes: 437eb3f7a8db7681afe0e6064d3a8edb12abb766
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <c326a4fd78253f784b42eb317589176cf7d8592a.1604685192.git.thomas.lendacky@amd.com>
2020-11-10 19:07:55 +00:00

166 lines
4.6 KiB
C
Raw Permalink Blame History

/** @file
VMGEXIT Base Support Library.
Copyright (C) 2020, Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <Base.h>
#include <Uefi.h>
#include <Library/VmgExitLib.h>
/**
Perform VMGEXIT.
Sets the necessary fields of the GHCB, invokes the VMGEXIT instruction and
then handles the return actions.
The base library function returns an error in the form of a
GHCB_EVENT_INJECTION representing a GP_EXCEPTION.
@param[in, out] Ghcb A pointer to the GHCB
@param[in] ExitCode VMGEXIT code to be assigned to the SwExitCode
field of the GHCB.
@param[in] ExitInfo1 VMGEXIT information to be assigned to the
SwExitInfo1 field of the GHCB.
@param[in] ExitInfo2 VMGEXIT information to be assigned to the
SwExitInfo2 field of the GHCB.
@retval 0 VMGEXIT succeeded.
@return Exception number to be propagated, VMGEXIT
processing did not succeed.
**/
UINT64
EFIAPI
VmgExit (
IN OUT GHCB *Ghcb,
IN UINT64 ExitCode,
IN UINT64 ExitInfo1,
IN UINT64 ExitInfo2
)
{
GHCB_EVENT_INJECTION Event;
Event.Uint64 = 0;
Event.Elements.Vector = GP_EXCEPTION;
Event.Elements.Type = GHCB_EVENT_INJECTION_TYPE_EXCEPTION;
Event.Elements.Valid = 1;
return Event.Uint64;
}
/**
Perform pre-VMGEXIT initialization/preparation.
Performs the necessary steps in preparation for invoking VMGEXIT. Must be
called before setting any fields within the GHCB.
@param[in, out] Ghcb A pointer to the GHCB
@param[in, out] InterruptState A pointer to hold the current interrupt
state, used for restoring in VmgDone ()
**/
VOID
EFIAPI
VmgInit (
IN OUT GHCB *Ghcb,
IN OUT BOOLEAN *InterruptState
)
{
}
/**
Perform post-VMGEXIT cleanup.
Performs the necessary steps to cleanup after invoking VMGEXIT. Must be
called after obtaining needed fields within the GHCB.
@param[in, out] Ghcb A pointer to the GHCB
@param[in] InterruptState An indicator to conditionally (re)enable
interrupts
**/
VOID
EFIAPI
VmgDone (
IN OUT GHCB *Ghcb,
IN BOOLEAN InterruptState
)
{
}
/**
Marks a field at the specified offset as valid in the GHCB.
The ValidBitmap area represents the areas of the GHCB that have been marked
valid. Set the bit in ValidBitmap for the input offset.
@param[in, out] Ghcb Pointer to the Guest-Hypervisor Communication Block
@param[in] Offset Qword offset in the GHCB to mark valid
**/
VOID
EFIAPI
VmgSetOffsetValid (
IN OUT GHCB *Ghcb,
IN GHCB_REGISTER Offset
)
{
}
/**
Checks if a specified offset is valid in the GHCB.
The ValidBitmap area represents the areas of the GHCB that have been marked
valid. Return whether the bit in the ValidBitmap is set for the input offset.
@param[in] Ghcb A pointer to the GHCB
@param[in] Offset Qword offset in the GHCB to mark valid
@retval TRUE Offset is marked valid in the GHCB
@retval FALSE Offset is not marked valid in the GHCB
**/
BOOLEAN
EFIAPI
VmgIsOffsetValid (
IN GHCB *Ghcb,
IN GHCB_REGISTER Offset
)
{
return FALSE;
}
/**
Handle a #VC exception.
Performs the necessary processing to handle a #VC exception.
The base library function returns an error equal to VC_EXCEPTION,
to be propagated to the standard exception handling stack.
@param[in, out] ExceptionType Pointer to an EFI_EXCEPTION_TYPE to be set
as value to use on error.
@param[in, out] SystemContext Pointer to EFI_SYSTEM_CONTEXT
@retval EFI_SUCCESS Exception handled
@retval EFI_UNSUPPORTED #VC not supported, (new) exception value to
propagate provided
@retval EFI_PROTOCOL_ERROR #VC handling failed, (new) exception value to
propagate provided
**/
EFI_STATUS
EFIAPI
VmgExitHandleVc (
IN OUT EFI_EXCEPTION_TYPE *ExceptionType,
IN OUT EFI_SYSTEM_CONTEXT SystemContext
)
{
*ExceptionType = VC_EXCEPTION;
return EFI_UNSUPPORTED;
}
Reference in New Issue View Git Blame Copy Permalink