From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web10.7138.1619168867549212847
 for <devel@edk2.groups.io>;
 Fri, 23 Apr 2021 02:07:47 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZRwKXmXh;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1619168866;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=R467LmbpsCiORvleyprjVwme2VlPdPMi0goNiOqEDUQ=;
	b=ZRwKXmXh8hDeUSk9F06z5pTWGQVd+8q0Jp8eZY8za1oUPM0O/2A8eEFakgforIcqBVe6bG
	lEs35taI8yn9qhEvsM+E33Gc1xODiXWIT6Rywwd/yRPsR0BhjfSiLXSMO7ODDnfaL0RMYZ
	xoIAUcWPaHrh4J+LXuQc+Y14NHuPnUM=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-274-lMh-WRiBPN6jlrKK9NQ27w-1; Fri, 23 Apr 2021 05:07:42 -0400
X-MC-Unique: lMh-WRiBPN6jlrKK9NQ27w-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0576A343A2;
	Fri, 23 Apr 2021 09:07:41 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-2.ams2.redhat.com [10.36.115.2])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 8695560C21;
	Fri, 23 Apr 2021 09:07:37 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH 1/3] OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes
To: Tom Lendacky <thomas.lendacky@amd.com>, devel@edk2.groups.io
Cc: Joerg Roedel <joro@8bytes.org>, Borislav Petkov <bp@alien8.de>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Brijesh Singh <brijesh.singh@amd.com>, James Bottomley <jejb@linux.ibm.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Min Xu <min.m.xu@intel.com>
References: <cover.1618959281.git.thomas.lendacky@amd.com>
 <71864a75c680c4f7f07ebf9611c9cc2d351ce5d0.1618959281.git.thomas.lendacky@amd.com>
 <7bf6b4ce-85c7-578e-973a-f976bdfa706b@redhat.com>
 <56f2c943-523e-46d5-dc4d-19e2bb31b07b@amd.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <040a4754-74cb-0281-5312-a449016e2a27@redhat.com>
Date: Fri, 23 Apr 2021 11:07:36 +0200
MIME-Version: 1.0
In-Reply-To: <56f2c943-523e-46d5-dc4d-19e2bb31b07b@amd.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 04/22/21 15:35, Tom Lendacky wrote:
> On 4/22/21 12:28 AM, Laszlo Ersek wrote:
>> On 04/21/21 00:54, Lendacky, Thomas wrote:
>>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>>
>>> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3345&amp;data=04%7C01%7Cthomas.lendacky%40amd.com%7C22bf3a3ae9cb4421e93208d9054f79c8%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637546661229697941%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=1EmUDf%2FfuCuu%2BkXPZijzatfliplMhKEQH8kiZ9Z8ZF0%3D&amp;reserved=0
>>>
>>> The MOVZX and MOVSX instructions use the ModRM byte in the instruction,
>>> but the instruction decoding support was not decoding it. This resulted
>>> in invalid decoding and failing of the MMIO operation. Also, when
>>> performing the zero-extend or sign-extend operation, the memory operation
>>> should be using the size, and not the size enumeration value.
>>>
>>> Add the ModRM byte decoding for the MOVZX and MOVSX opcodes and use the
>>> true data size to perform the extend operations. Additionally, add a
>>> DEBUG statement identifying the MMIO address being flagged as encrypted
>>> during the MMIO address validation.
>>>
>>> Fixes: c45f678a1ea2080344e125dc55b14e4b9f98483d
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
>>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>> Cc: Brijesh Singh <brijesh.singh@amd.com>
>>> Cc: James Bottomley <jejb@linux.ibm.com>
>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>> Cc: Min Xu <min.m.xu@intel.com>
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>>> ---
>>>  OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 7 +++++--
>>>  1 file changed, 5 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
>>> index 24259060fd65..273f36499988 100644
>>> --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
>>> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
>>> @@ -643,6 +643,7 @@ ValidateMmioMemory (
>>>    //
>>>    // Any state other than unencrypted is an error, issue a #GP.
>>>    //
>>> +  DEBUG ((DEBUG_INFO, "MMIO using encrypted memory: %lx\n", MemoryAddress));
>>>    GpEvent.Uint64 = 0;
>>>    GpEvent.Elements.Vector = GP_EXCEPTION;
>>>    GpEvent.Elements.Type   = GHCB_EVENT_INJECTION_TYPE_EXCEPTION;
>>
>> (1) This can potentially generate a large number of debug messages;
>> please use the DEBUG_VERBOSE log mask.
> 
> Actually, you will see this only once since the code will propagate a GP
> and the guest will terminate in this situation.

Ugh, sorry, I must have completely lost track of the context here. I
apologize.

In that case however, it should be DEBUG_ERROR.

Thanks,
Laszlo

> 
>>
>> (2) "MemoryAddress" has type UINTN, but %lx takes UINT64. Given that
>> this is X64-only code, functionally there is no bug, but it's still
>> cleaner to pass "(UINT64)MemoryAddress" to %lx.
> 
> Will do.
> 
> Thanks,
> Tom
> 
>>
>> With that:
>>
>> Acked-by: Laszlo Ersek <lersek@redhat.com>
>>
>> Thanks
>> Laszlo
>>
>>
>>> @@ -817,6 +818,7 @@ MmioExit (
>>>      // fall through
>>>      //
>>>    case 0xB7:
>>> +    DecodeModRm (Regs, InstructionData);
>>>      Bytes = (Bytes != 0) ? Bytes : 2;
>>>  
>>>      Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
>>> @@ -835,7 +837,7 @@ MmioExit (
>>>      }
>>>  
>>>      Register = GetRegisterPointer (Regs, InstructionData->Ext.ModRm.Reg);
>>> -    SetMem (Register, InstructionData->DataSize, 0);
>>> +    SetMem (Register, (UINTN) (1 << InstructionData->DataSize), 0);
>>>      CopyMem (Register, Ghcb->SharedBuffer, Bytes);
>>>      break;
>>>  
>>> @@ -848,6 +850,7 @@ MmioExit (
>>>      // fall through
>>>      //
>>>    case 0xBF:
>>> +    DecodeModRm (Regs, InstructionData);
>>>      Bytes = (Bytes != 0) ? Bytes : 2;
>>>  
>>>      Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
>>> @@ -878,7 +881,7 @@ MmioExit (
>>>      }
>>>  
>>>      Register = GetRegisterPointer (Regs, InstructionData->Ext.ModRm.Reg);
>>> -    SetMem (Register, InstructionData->DataSize, SignByte);
>>> +    SetMem (Register, (UINTN) (1 << InstructionData->DataSize), SignByte);
>>>      CopyMem (Register, Ghcb->SharedBuffer, Bytes);
>>>      break;
>>>  
>>>
>>
>