1b0db1ec87
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3008
The QemuFlashPtrWrite() flash services runtime uses the GHCB and VmgExit()
directly to perform the flash write when running as an SEV-ES guest. If an
interrupt arrives between VmgInit() and VmgExit(), the Dr7 read in the
interrupt handler will generate a #VC, which can overwrite information in
the GHCB that QemuFlashPtrWrite() has set. This has been seen with the
timer interrupt firing and the CpuExceptionHandlerLib library code,
UefiCpuPkg/Library/CpuExceptionHandlerLib/X64/
Xcode5ExceptionHandlerAsm.nasm and
ExceptionHandlerAsm.nasm
reading the Dr7 register while QemuFlashPtrWrite() is using the GHCB. In
general, it is necessary to protect the GHCB whenever it is used, not just
in QemuFlashPtrWrite().
Disable interrupts around the usage of the GHCB by modifying the VmgInit()
and VmgDone() interfaces:
- VmgInit() will take an extra parameter that is a pointer to a BOOLEAN
that will hold the interrupt state at the time of invocation. VmgInit()
will get and save this interrupt state before updating the GHCB.
- VmgDone() will take an extra parameter that is used to indicate whether
interrupts are to be (re)enabled. Before exiting, VmgDone() will enable
interrupts if that is requested.
Fixes: 437eb3f7a8
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Eric Dong <eric.dong@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <c326a4fd78253f784b42eb317589176cf7d8592a.1604685192.git.thomas.lendacky@amd.com>
77 lines
1.9 KiB
C
77 lines
1.9 KiB
C
/** @file
|
|
OVMF support for QEMU system firmware flash device: functions specific to the
|
|
runtime DXE driver build.
|
|
|
|
Copyright (C) 2015, Red Hat, Inc.
|
|
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
**/
|
|
|
|
#include <Library/UefiRuntimeLib.h>
|
|
#include <Library/MemEncryptSevLib.h>
|
|
#include <Library/VmgExitLib.h>
|
|
#include <Register/Amd/Msr.h>
|
|
|
|
#include "QemuFlash.h"
|
|
|
|
VOID
|
|
QemuFlashConvertPointers (
|
|
VOID
|
|
)
|
|
{
|
|
EfiConvertPointer (0x0, (VOID **) &mFlashBase);
|
|
}
|
|
|
|
VOID
|
|
QemuFlashBeforeProbe (
|
|
IN EFI_PHYSICAL_ADDRESS BaseAddress,
|
|
IN UINTN FdBlockSize,
|
|
IN UINTN FdBlockCount
|
|
)
|
|
{
|
|
//
|
|
// Do nothing
|
|
//
|
|
}
|
|
|
|
/**
|
|
Write to QEMU Flash
|
|
|
|
@param[in] Ptr Pointer to the location to write.
|
|
@param[in] Value The value to write.
|
|
|
|
**/
|
|
VOID
|
|
QemuFlashPtrWrite (
|
|
IN volatile UINT8 *Ptr,
|
|
IN UINT8 Value
|
|
)
|
|
{
|
|
if (MemEncryptSevEsIsEnabled ()) {
|
|
MSR_SEV_ES_GHCB_REGISTER Msr;
|
|
GHCB *Ghcb;
|
|
BOOLEAN InterruptState;
|
|
|
|
Msr.GhcbPhysicalAddress = AsmReadMsr64 (MSR_SEV_ES_GHCB);
|
|
Ghcb = Msr.Ghcb;
|
|
|
|
//
|
|
// Writing to flash is emulated by the hypervisor through the use of write
|
|
// protection. This won't work for an SEV-ES guest because the write won't
|
|
// be recognized as a true MMIO write, which would result in the required
|
|
// #VC exception. Instead, use the the VMGEXIT MMIO write support directly
|
|
// to perform the update.
|
|
//
|
|
VmgInit (Ghcb, &InterruptState);
|
|
Ghcb->SharedBuffer[0] = Value;
|
|
Ghcb->SaveArea.SwScratch = (UINT64) (UINTN) Ghcb->SharedBuffer;
|
|
VmgSetOffsetValid (Ghcb, GhcbSwScratch);
|
|
VmgExit (Ghcb, SVM_EXIT_MMIO_WRITE, (UINT64) (UINTN) Ptr, 1);
|
|
VmgDone (Ghcb, InterruptState);
|
|
} else {
|
|
*Ptr = Value;
|
|
}
|
|
}
|