Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/21/15 17:04, Laszlo Ersek wrote: > On 10/21/15 14:10, Laszlo Ersek wrote: >> On 10/15/15 00:25, Laszlo Ersek wrote: >> >>> Test environment and results: >>> >>> Host kernel: >>> - latest RHEL-7 development kernel (3.10.0-323.el7), with Paolo's >>> following patches backported by yours truly

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/21/15 17:11, Paolo Bonzini wrote: > > > On 21/10/2015 17:04, Laszlo Ersek wrote: >> Now, on TCG, reading the APIC ID register (for device "apic") happens in: >> >> apic_mem_readl() [hw/intc/apic.c] >> val = s->id << 24 >> >> Whereas on KVM, the same occurs in: >> >> kvm_apic_mem_read() [h

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/21/15 12:27, Paolo Bonzini wrote: > > > On 21/10/2015 12:22, Laszlo Ersek wrote: >> On 10/21/15 11:51, Paolo Bonzini wrote: >>> >>> >>> On 20/10/2015 12:08, Laszlo Ersek wrote: >> >> 64 KVM>=1"KVM: entry failed, hardware error 0x8021" >>

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 21/10/2015 17:04, Laszlo Ersek wrote: > Now, on TCG, reading the APIC ID register (for device "apic") happens in: > > apic_mem_readl() [hw/intc/apic.c] > val = s->id << 24 > > Whereas on KVM, the same occurs in: > > kvm_apic_mem_read() [hw/i386/kvm/apic.c] > return ~(uint64_t)0; > > Ho

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/21/15 14:10, Laszlo Ersek wrote: > On 10/15/15 00:25, Laszlo Ersek wrote: > >> Test environment and results: >> >> Host kernel: >> - latest RHEL-7 development kernel (3.10.0-323.el7), with Paolo's >> following patches backported by yours truly: >> - KVM: x86: clean up kvm_arch_vcpu_runna

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 21/10/2015 14:10, Laszlo Ersek wrote: > [...] The first message appears in the log: > > > SMRAM TileSize = 0800 > CPU[000] APIC ID= SMBASE=7FFC1000 SaveState=7FFD0C00 Size=0400 > CPU[001] APIC ID=0001 SMBASE=7FFC1800 SaveState=7FFD1400 Size=0400 > SmmReloc

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/15/15 00:25, Laszlo Ersek wrote: > Test environment and results: > > Host kernel: > - latest RHEL-7 development kernel (3.10.0-323.el7), with Paolo's > following patches backported by yours truly: > - KVM: x86: clean up kvm_arch_vcpu_runnable > - KVM: x86: fix SMI to halted VCPU > >

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/21/15 12:27, Paolo Bonzini wrote: > > > On 21/10/2015 12:22, Laszlo Ersek wrote: >> On 10/21/15 11:51, Paolo Bonzini wrote: >>> >>> >>> On 20/10/2015 12:08, Laszlo Ersek wrote: >> >> 64 KVM>=1"KVM: entry failed, hardware error 0x8021" >>

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 21/10/2015 12:22, Laszlo Ersek wrote: > On 10/21/15 11:51, Paolo Bonzini wrote: >> >> >> On 20/10/2015 12:08, Laszlo Ersek wrote: > > 64 KVM>=1"KVM: entry failed, hardware error 0x8021" > while guest in SMBASE relocation >>> Tracing KVM

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/21/15 11:51, Paolo Bonzini wrote: > > > On 20/10/2015 12:08, Laszlo Ersek wrote: 64 KVM>=1"KVM: entry failed, hardware error 0x8021" while guest in SMBASE relocation >> Tracing KVM shows the following: >> >> qemu-system-x86-3236

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 20/10/2015 12:08, Laszlo Ersek wrote: >> > >> > 64 KVM>=1"KVM: entry failed, hardware error 0x8021" >> > while guest in SMBASE relocation > Tracing KVM shows the following: > > qemu-system-x86-3236 [001] 10586.857752: kvm_enter_smm:vcpu

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/20/15 18:27, Laszlo Ersek wrote: > On 10/20/15 18:24, Laszlo Ersek wrote: >> On 10/20/15 16:37, Laszlo Ersek wrote: >> >>> The variable access fails *iff* the access is made by a VCPU that is >>> *not* VCPU#0. >>> >>> I added a bunch of debug messages to the following functions: >>> >>> - Ini

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/20/15 18:24, Laszlo Ersek wrote: > On 10/20/15 16:37, Laszlo Ersek wrote: > >> The variable access fails *iff* the access is made by a VCPU that is >> *not* VCPU#0. >> >> I added a bunch of debug messages to the following functions: >> >> - InitCommunicateBuffer(), SendCommunicateBuffer() >>

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/20/15 16:37, Laszlo Ersek wrote: > The variable access fails *iff* the access is made by a VCPU that is > *not* VCPU#0. > > I added a bunch of debug messages to the following functions: > > - InitCommunicateBuffer(), SendCommunicateBuffer() > [MdeModulePkg/Universal/Variable/RuntimeDxe/V

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/20/15 10:52, Laszlo Ersek wrote: > On 10/15/15 00:25, Laszlo Ersek wrote: > >> Test environment and results: >> >> Host kernel: >> - latest RHEL-7 development kernel (3.10.0-323.el7), with Paolo's >> following patches backported by yours truly: >> - KVM: x86: clean up kvm_arch_vcpu_runna

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/15/15 00:25, Laszlo Ersek wrote: > Test environment and results: > > Host kernel: > - latest RHEL-7 development kernel (3.10.0-323.el7), with Paolo's > following patches backported by yours truly: > - KVM: x86: clean up kvm_arch_vcpu_runnable > - KVM: x86: fix SMI to halted VCPU > >

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/15/15 00:25, Laszlo Ersek wrote: > Test environment and results: > > Host kernel: > - latest RHEL-7 development kernel (3.10.0-323.el7), with Paolo's > following patches backported by yours truly: > - KVM: x86: clean up kvm_arch_vcpu_runnable > - KVM: x86: fix SMI to halted VCPU > >

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

gt;Laszlo Ersek >Sent: Thursday, October 15, 2015 11:34 AM >To: Kinney, Michael D; edk2-de...@ml01.01.org >Cc: Paolo Bonzini; Justen, Jordan L >Subject: Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better >security (steps towards MP and X64) > >On 10/15/15 05:30, Kinn

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

On 10/15/15 05:30, Kinney, Michael D wrote: > Laszlo, > > I have 32 VCPUs booting to UEFI Shell using Windows build of 32-bit QEMU. Great! > If more than 32, then we run out of SMRAM. If you'd like to experiment with more, please locate the "gUefiOvmfPkgTokenSpaceGuid.PcdQ35TsegMbytes" PCD in t

Re: [edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

Laszlo, I have 32 VCPUs booting to UEFI Shell using Windows build of 32-bit QEMU. If more than 32, then we run out of SMRAM. I have made 2 changes from your branch to make this stable: 1) Force 32KB SMBASE alignment. Required for me because I am using pre-built QEMU binary. 2) Your patch to s

[edk2] [PATCH v3 00/52] OvmfPkg: support SMM for better security (steps towards MP and X64)

Public branch: . (Mike's v1 patches are again contained in this branch, but I have converted them to CRLF.) * Relative to v2, the following patches are new in v3 (also marked individually in the Notes sections): * PiSmmCpuDxeSmm fixes from