[v8,19/19] hvf: arm: Handle Windows 10 SMC call

Message ID	20210519202253.76782-20-agraf@csgraf.de (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=PO0h=KO=nongnu.org=qemu-devel-bounces+qemu-devel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BD409611C2 From: Alexander Graf <agraf@csgraf.de> To: QEMU Developers <qemu-devel@nongnu.org> Subject: [PATCH v8 19/19] hvf: arm: Handle Windows 10 SMC call Date: Wed, 19 May 2021 22:22:53 +0200 Message-Id: <20210519202253.76782-20-agraf@csgraf.de> In-Reply-To: <20210519202253.76782-1-agraf@csgraf.de> References: <20210519202253.76782-1-agraf@csgraf.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=85.25.223.15; envelope-from=agraf@csgraf.de; helo=zulu616.server4you.de X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: Peter Maydell <peter.maydell@linaro.org>, Eduardo Habkost <ehabkost@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= <philmd@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Cameron Esfahani <dirty@apple.com>, Roman Bolshakov <r.bolshakov@yadro.com>, qemu-arm <qemu-arm@nongnu.org>, Frank Yang <lfy@google.com>, Paolo Bonzini <pbonzini@redhat.com>, Peter Collingbourne <pcc@google.com> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	hvf: Implement Apple Silicon Support \| expand [v8,00/19] hvf: Implement Apple Silicon Support [v8,01/19] hvf: Move assert_hvf_ok() into common directory [v8,02/19] hvf: Move vcpu thread functions into common directory [v8,03/19] hvf: Move cpu functions into common directory [v8,04/19] hvf: Move hvf internal definitions into common header [v8,05/19] hvf: Make hvf_set_phys_mem() static [v8,06/19] hvf: Remove use of hv_uvaddr_t and hv_gpaddr_t [v8,07/19] hvf: Split out common code on vcpu init and destroy [v8,08/19] hvf: Use cpu_synchronize_state() [v8,09/19] hvf: Make synchronize functions static [v8,10/19] hvf: Remove hvf-accel-ops.h [v8,11/19] hvf: Introduce hvf vcpu struct [v8,12/19] hvf: Simplify post reset/init/loadvm hooks [v8,13/19] hvf: Add Apple Silicon support [v8,14/19] arm/hvf: Add a WFI handler [v8,15/19] hvf: arm: Implement -cpu host [v8,16/19] hvf: arm: Implement PSCI handling [v8,17/19] arm: Add Hypervisor.framework build target [v8,18/19] arm: Enable Windows 10 trusted SMCCC boot call [v8,19/19] hvf: arm: Handle Windows 10 SMC call

Message ID

20210519202253.76782-20-agraf@csgraf.de (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BD409611C2
From: Alexander Graf <agraf@csgraf.de>
To: QEMU Developers <qemu-devel@nongnu.org>
Subject: [PATCH v8 19/19] hvf: arm: Handle Windows 10 SMC call
Date: Wed, 19 May 2021 22:22:53 +0200
Message-Id: <20210519202253.76782-20-agraf@csgraf.de>
In-Reply-To: <20210519202253.76782-1-agraf@csgraf.de>
References: <20210519202253.76782-1-agraf@csgraf.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=85.25.223.15; envelope-from=agraf@csgraf.de;
 helo=zulu616.server4you.de
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Peter Maydell <peter.maydell@linaro.org>,
 Eduardo Habkost <ehabkost@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud?=
	=?utf-8?q?=C3=A9?= <philmd@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Cameron Esfahani <dirty@apple.com>, Roman Bolshakov <r.bolshakov@yadro.com>,
 qemu-arm <qemu-arm@nongnu.org>, Frank Yang <lfy@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>, Peter Collingbourne <pcc@google.com>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>

Series

hvf: Implement Apple Silicon Support | expand

Commit Message

Alexander Graf May 19, 2021, 8:22 p.m. UTC

Windows 10 calls an SMCCC call via SMC unconditionally on boot. It lives
in the trusted application call number space, but its purpose is unknown.

In our current SMC implementation, we inject a UDEF for unknown SMC calls,
including this one. However, Windows breaks on boot when we do this. Instead,
let's return an error code.

With this patch applied I can successfully boot the current Windows 10
Insider Preview in HVF.

Signed-off-by: Alexander Graf <agraf@csgraf.de>

---

v7 -> v8:

  - fix checkpatch
---
 target/arm/hvf/hvf.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Sergio Lopez May 27, 2021, 11:22 a.m. UTC | #1

On Wed, May 19, 2021 at 10:22:53PM +0200, Alexander Graf wrote:
> Windows 10 calls an SMCCC call via SMC unconditionally on boot. It lives
> in the trusted application call number space, but its purpose is unknown.
> 
> In our current SMC implementation, we inject a UDEF for unknown SMC calls,
> including this one. However, Windows breaks on boot when we do this. Instead,
> let's return an error code.
> 
> With this patch applied I can successfully boot the current Windows 10
> Insider Preview in HVF.
> 
> Signed-off-by: Alexander Graf <agraf@csgraf.de>
> 
> ---
> 
> v7 -> v8:
> 
>   - fix checkpatch
> ---
>  target/arm/hvf/hvf.c | 4 ++++
>  1 file changed, 4 insertions(+)

Reviewed-by: Sergio Lopez <slp@redhat.com>
Tested-by: Sergio Lopez <slp@redhat.com>

Peter Maydell June 15, 2021, 9:31 a.m. UTC | #2

On Wed, 19 May 2021 at 21:23, Alexander Graf <agraf@csgraf.de> wrote:
>
> Windows 10 calls an SMCCC call via SMC unconditionally on boot. It lives
> in the trusted application call number space, but its purpose is unknown.
>
> In our current SMC implementation, we inject a UDEF for unknown SMC calls,
> including this one. However, Windows breaks on boot when we do this. Instead,
> let's return an error code.
>
> With this patch applied I can successfully boot the current Windows 10
> Insider Preview in HVF.
>
> Signed-off-by: Alexander Graf <agraf@csgraf.de>
>
> ---
>
> v7 -> v8:
>
>   - fix checkpatch
> ---
>  target/arm/hvf/hvf.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
> index 65c33e2a14..be670af578 100644
> --- a/target/arm/hvf/hvf.c
> +++ b/target/arm/hvf/hvf.c
> @@ -931,6 +931,10 @@ int hvf_vcpu_exec(CPUState *cpu)
>          cpu_synchronize_state(cpu);
>          if (!hvf_handle_psci_call(cpu)) {
>              advance_pc = true;
> +        } else if (env->xregs[0] == QEMU_SMCCC_TC_WINDOWS10_BOOT) {
> +            /* This special SMC is called by Windows 10 on boot. Return error */
> +            env->xregs[0] = -1;
> +            advance_pc = true;
>          } else {
>              trace_hvf_unknown_smc(env->xregs[0]);
>              hvf_raise_exception(env, EXCP_UDEF, syn_uncategorized());

Where can I find documentation on what this SMC call is and what
it's supposed to do ?

thanks
-- PMM

Alexander Graf June 27, 2021, 9:07 p.m. UTC | #3

On 15.06.21 11:31, Peter Maydell wrote:
> On Wed, 19 May 2021 at 21:23, Alexander Graf <agraf@csgraf.de> wrote:
>> Windows 10 calls an SMCCC call via SMC unconditionally on boot. It lives
>> in the trusted application call number space, but its purpose is unknown.
>>
>> In our current SMC implementation, we inject a UDEF for unknown SMC calls,
>> including this one. However, Windows breaks on boot when we do this. Instead,
>> let's return an error code.
>>
>> With this patch applied I can successfully boot the current Windows 10
>> Insider Preview in HVF.
>>
>> Signed-off-by: Alexander Graf <agraf@csgraf.de>
>>
>> ---
>>
>> v7 -> v8:
>>
>>   - fix checkpatch
>> ---
>>  target/arm/hvf/hvf.c | 4 ++++
>>  1 file changed, 4 insertions(+)
>>
>> diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
>> index 65c33e2a14..be670af578 100644
>> --- a/target/arm/hvf/hvf.c
>> +++ b/target/arm/hvf/hvf.c
>> @@ -931,6 +931,10 @@ int hvf_vcpu_exec(CPUState *cpu)
>>          cpu_synchronize_state(cpu);
>>          if (!hvf_handle_psci_call(cpu)) {
>>              advance_pc = true;
>> +        } else if (env->xregs[0] == QEMU_SMCCC_TC_WINDOWS10_BOOT) {
>> +            /* This special SMC is called by Windows 10 on boot. Return error */
>> +            env->xregs[0] = -1;
>> +            advance_pc = true;
>>          } else {
>>              trace_hvf_unknown_smc(env->xregs[0]);
>>              hvf_raise_exception(env, EXCP_UDEF, syn_uncategorized());
> Where can I find documentation on what this SMC call is and what
> it's supposed to do ?


It's 0xc3000001 which according to the SMCCC spec [1] means OR'ed values
of the following:

0x80000000 = Fast Call
0x40000000 = SMC64
0x03000000 = OEM Service Calls
0x00000001 = Function number 1

So, uh. I'm not sure how to answer the question above. I don't have
source level access to Windows to read what the call is supposed to do
:). But it's definitely calling something OEM specific that it really
shouldn't be callling.

Reading the SMCCC spec section 5.2, unknown SMCCC calls should return
-1. It advises against probing by just calling them, but does not
specify any other fault behavior than the -1 return (such as the #UDEF
we inject in TCG).


Alex

[1] https://developer.arm.com/documentation/den0028/latest

diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index 65c33e2a14..be670af578 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -931,6 +931,10 @@  int hvf_vcpu_exec(CPUState *cpu)
         cpu_synchronize_state(cpu);
         if (!hvf_handle_psci_call(cpu)) {
             advance_pc = true;
+        } else if (env->xregs[0] == QEMU_SMCCC_TC_WINDOWS10_BOOT) {
+            /* This special SMC is called by Windows 10 on boot. Return error */
+            env->xregs[0] = -1;
+            advance_pc = true;
         } else {
             trace_hvf_unknown_smc(env->xregs[0]);
             hvf_raise_exception(env, EXCP_UDEF, syn_uncategorized());

[v8,19/19] hvf: arm: Handle Windows 10 SMC call

Commit Message

Comments

Patch