From: Zixuan Wang <zxwang42@gmail.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Zixuan Wang <zixuanwang@google.com>,
kvm@vger.kernel.org, drjones@redhat.com,
Marc Orr <marcorr@google.com>,
"Hyunwook (Wooky) Baek" <baekhw@google.com>,
tmroeder@google.com, erdemaktas@google.com, rientjes@google.com,
seanjc@google.com, brijesh.singh@amd.com,
Thomas.Lendacky@amd.com, varad.gautam@suse.com, jroedel@suse.de,
bp@suse.de
Subject: Re: [kvm-unit-tests PATCH v2 14/17] x86 AMD SEV-ES: Load GDT with UEFI segments
Date: Mon, 20 Sep 2021 21:41:04 -0700 [thread overview]
Message-ID: <CAEDJ5ZQEcmV8d_YXyV-7c6u1Q7FTGSY7esw-08vYyYzoNfLVsg@mail.gmail.com> (raw)
In-Reply-To: <34173c4c-d704-5d28-8aac-c2debf224a86@redhat.com>
On Mon, Sep 20, 2021 at 6:27 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> On 27/08/21 05:12, Zixuan Wang wrote:
> > + *
> > + * This is because KVM-Unit-Tests reuses UEFI #VC handler that requires UEFI
> > + * code and data segments to run. The UEFI #VC handler crashes the guest VM if
> > + * these segments are not available. So we need to copy these two UEFI segments
> > + * into KVM-Unit-Tests GDT.
> > + *
> > + * UEFI uses 0x30 as code segment and 0x38 as data segment. Fortunately, these
> > + * segments can be safely overridden in KVM-Unit-Tests as they are used as
> > + * protected mode and real mode segments (see x86/efi/efistart64.S for more
> > + * details), which are not used in EFI set up process.
>
> Is 0x30/0x38 the same as kvm-unit-tests's 0x08/0x10? Can kvm-unit-tests
> simply change its ring-0 64-bit CS/DS to 0x30 and 0x38 instead of 0x08
> and 0x10? I can help with that too, since there would be some more
> shuffling to keep similar descriptors together:
>
> * 0x00 NULL descriptor NULL descriptor
> * 0x08 intr_alt_stack TSS ring-0 code segment (32-bit)
> * 0x10 (0x13) **unused** ring-3 code segment (64-bit)
> * 0x18 ring-0 code segment (P=0) ring-0 code segment (64-bit, P=0)
> * 0x20 ring-0 code segment (16-bit) same
> * 0x28 ring-0 data segment (16-bit) same
> * 0x30 ring-0 code segment (32-bit) ring-0 code segment (64-bit)
> * 0x38 ring-0 data segment (32-bit) ring-0 data segment (32/64-bit)
> * 0x40 (0x43) ring-3 code segment (32-bit) same
> * 0x48 (0x4b) ring-3 data segment (32-bit) ring-3 data segment (32/64-bit)
> * 0x50-0x78 free to use for test cases same
>
> or:
>
> old new
> ---- ----
> 0x00 0x00
> 0x20 0x08
> 0x48 0x10
> 0x18 0x18
> 0x28 0x20
> 0x30 0x28
> 0x08 0x30
> 0x10 0x38
> 0x38 0x40
> 0x40 0x48
>
> Thanks,
>
> Paolo
>
Thank you for the detailed explanation! Updating KVM-unit-tests GDT is
one way to solve the problem, but we found a more straightforward
solution [1]:
We found it possible to update the 'code segment selector' field in
the #VC IDT entry and point it to the KVM-unit-tests code segment.
This allows the UEFI #VC handler to use KVM-unit-tests segments, and
we do not need to copy the UEFI segments.
I will update this into the next version.
[1] https://github.com/TheNetAdmin/KVM-Unit-Tests-dev-fork/commit/ab480fd0fbad813c2922526a0bccadf121cb9240
Best regards,
Zixuan
next prev parent reply other threads:[~2021-09-21 4:41 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-27 3:12 [kvm-unit-tests PATCH v2 00/17] x86_64 UEFI and AMD SEV/SEV-ES support Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 01/17] x86 UEFI: Copy code from Linux Zixuan Wang
2021-09-20 14:33 ` Paolo Bonzini
2021-09-21 3:58 ` Zixuan Wang
2021-09-21 6:37 ` Varad Gautam
2021-09-21 16:33 ` Andrew Jones
2021-09-22 20:10 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 02/17] x86 UEFI: Implement UEFI function calls Zixuan Wang
2021-09-21 16:43 ` Andrew Jones
2021-09-22 20:17 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 03/17] x86 UEFI: Copy code from GNU-EFI Zixuan Wang
2021-10-04 12:44 ` Andrew Jones
2021-10-04 22:09 ` Zixuan Wang
2021-10-05 5:58 ` Andrew Jones
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 04/17] x86 UEFI: Boot from UEFI Zixuan Wang
2021-10-04 12:55 ` Andrew Jones
2021-10-04 21:30 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 05/17] x86 UEFI: Load IDT after UEFI boot up Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 06/17] x86 UEFI: Load GDT and TSS " Zixuan Wang
2021-09-20 15:40 ` Paolo Bonzini
2021-09-21 4:15 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 07/17] x86 UEFI: Set up memory allocator Zixuan Wang
2021-10-04 13:06 ` Andrew Jones
2021-10-04 21:43 ` Zixuan Wang
2021-10-05 6:05 ` Andrew Jones
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 08/17] x86 UEFI: Set up RSDP after UEFI boot up Zixuan Wang
2021-10-04 13:21 ` Andrew Jones
2021-10-04 21:58 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 09/17] x86 UEFI: Set up page tables Zixuan Wang
2021-09-20 15:43 ` Paolo Bonzini
2021-09-21 4:31 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 10/17] x86 UEFI: Convert x86 test cases to PIC Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 11/17] x86 AMD SEV: Initial support Zixuan Wang
2021-08-27 14:51 ` Tom Lendacky
2021-08-31 19:36 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 12/17] x86 AMD SEV: Page table with c-bit Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 13/17] x86 AMD SEV-ES: Check SEV-ES status Zixuan Wang
2021-08-27 14:55 ` Tom Lendacky
2021-08-31 19:38 ` Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 14/17] x86 AMD SEV-ES: Load GDT with UEFI segments Zixuan Wang
2021-09-20 16:00 ` Paolo Bonzini
2021-09-21 4:41 ` Zixuan Wang [this message]
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 15/17] x86 AMD SEV-ES: Copy UEFI #VC IDT entry Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 16/17] x86 AMD SEV-ES: Set up GHCB page Zixuan Wang
2021-08-27 3:12 ` [kvm-unit-tests PATCH v2 17/17] x86 AMD SEV-ES: Add test cases Zixuan Wang
2021-10-04 13:27 ` [kvm-unit-tests PATCH v2 00/17] x86_64 UEFI and AMD SEV/SEV-ES support Andrew Jones
2021-10-04 20:54 ` Zixuan Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEDJ5ZQEcmV8d_YXyV-7c6u1Q7FTGSY7esw-08vYyYzoNfLVsg@mail.gmail.com \
--to=zxwang42@gmail.com \
--cc=Thomas.Lendacky@amd.com \
--cc=baekhw@google.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=drjones@redhat.com \
--cc=erdemaktas@google.com \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=marcorr@google.com \
--cc=pbonzini@redhat.com \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=tmroeder@google.com \
--cc=varad.gautam@suse.com \
--cc=zixuanwang@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.