public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, thomas.lendacky@amd.com
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: Re: [edk2-devel] [PATCH v2 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory
Date: Thu, 7 Jan 2021 18:27:47 +0100	[thread overview]
Message-ID: <066c0b78-2177-561a-6c62-e0ab9b83fca2@redhat.com> (raw)
In-Reply-To: <eaffc75abd32814f21e1420666164f0e914b7395.1609968101.git.thomas.lendacky@amd.com>

On 01/06/21 22:21, Lendacky, Thomas wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
> 
> When SEV-ES is active, and MMIO operation will trigger a #VC and the
> VmgExitLib exception handler will process this MMIO operation.
> 
> A malicious hypervisor could try to extract information from encrypted
> memory by setting a reserved bit in the guests nested page tables for
> a non-MMIO area. This can result in the encrypted data being copied into
> the GHCB shared buffer area and accessed by the hypervisor.
> 
> Prevent this by ensuring that the MMIO source/destination is un-encrypted
> memory. For the APIC register space, access is allowed in general.
> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Acked-by: Laszlo Ersek <lersek@redhat.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  OvmfPkg/AmdSev/AmdSevX64.dsc                                 |  1 +
>  OvmfPkg/OvmfPkgX64.dsc                                       |  1 +
>  OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf |  2 +-
>  OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf                 |  2 +
>  OvmfPkg/Library/VmgExitLib/VmgExitLib.inf                    |  2 +
>  OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c                | 81 ++++++++++++++++++++
>  6 files changed, 88 insertions(+), 1 deletion(-)

Looks OK, thanks.
Laszlo

> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index c4d93f39b9f1..dad8635c3388 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -237,6 +237,7 @@ [LibraryClasses.common.SEC]
>    CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
>  !endif
>    VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> +  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
>  
>  [LibraryClasses.common.PEI_CORE]
>    HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index bfa9dd7cac1f..70ff2bcf2342 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -266,6 +266,7 @@ [LibraryClasses.common.SEC]
>    CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
>  !endif
>    VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> +  MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
>  
>  [LibraryClasses.common.PEI_CORE]
>    HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
> index 8e3b8ddd5a95..f2e162d68076 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
> @@ -14,7 +14,7 @@ [Defines]
>    FILE_GUID                      = c1594631-3888-4be4-949f-9c630dbc842b
>    MODULE_TYPE                    = BASE
>    VERSION_STRING                 = 1.0
> -  LIBRARY_CLASS                  = MemEncryptSevLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER
> +  LIBRARY_CLASS                  = MemEncryptSevLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER
>  
>  #
>  # The following information is for reference only and not required by the build
> diff --git a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> index df14de3c21bc..e6f6ea7972fd 100644
> --- a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> +++ b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> @@ -35,6 +35,8 @@ [LibraryClasses]
>    BaseLib
>    BaseMemoryLib
>    DebugLib
> +  LocalApicLib
> +  MemEncryptSevLib
>    PcdLib
>  
>  [FixedPcd]
> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
> index b3c3e56ecff8..c66c68726cdb 100644
> --- a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
> @@ -35,4 +35,6 @@ [LibraryClasses]
>    BaseLib
>    BaseMemoryLib
>    DebugLib
> +  LocalApicLib
> +  MemEncryptSevLib
>  
> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
> index ce577e4677eb..24259060fd65 100644
> --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
> @@ -9,6 +9,7 @@
>  #include <Base.h>
>  #include <Uefi.h>
>  #include <Library/BaseMemoryLib.h>
> +#include <Library/LocalApicLib.h>
>  #include <Library/MemEncryptSevLib.h>
>  #include <Library/VmgExitLib.h>
>  #include <Register/Amd/Msr.h>
> @@ -595,6 +596,61 @@ UnsupportedExit (
>    return Status;
>  }
>  
> +/**
> +  Validate that the MMIO memory access is not to encrypted memory.
> +
> +  Examine the pagetable entry for the memory specified. MMIO should not be
> +  performed against encrypted memory. MMIO to the APIC page is always allowed.
> +
> +  @param[in] Ghcb           Pointer to the Guest-Hypervisor Communication Block
> +  @param[in] MemoryAddress  Memory address to validate
> +  @param[in] MemoryLength   Memory length to validate
> +
> +  @retval 0          Memory is not encrypted
> +  @return            New exception value to propogate
> +
> +**/
> +STATIC
> +UINT64
> +ValidateMmioMemory (
> +  IN GHCB   *Ghcb,
> +  IN UINTN  MemoryAddress,
> +  IN UINTN  MemoryLength
> +  )
> +{
> +  MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE  State;
> +  GHCB_EVENT_INJECTION                 GpEvent;
> +  UINTN                                Address;
> +
> +  //
> +  // Allow APIC accesses (which will have the encryption bit set during
> +  // SEC and PEI phases).
> +  //
> +  Address = MemoryAddress & ~(SIZE_4KB - 1);
> +  if (Address == GetLocalApicBaseAddress ()) {
> +    return 0;
> +  }
> +
> +  State = MemEncryptSevGetAddressRangeState (
> +            0,
> +            MemoryAddress,
> +            MemoryLength
> +            );
> +  if (State == MemEncryptSevAddressRangeUnencrypted) {
> +    return 0;
> +  }
> +
> +  //
> +  // Any state other than unencrypted is an error, issue a #GP.
> +  //
> +  GpEvent.Uint64 = 0;
> +  GpEvent.Elements.Vector = GP_EXCEPTION;
> +  GpEvent.Elements.Type   = GHCB_EVENT_INJECTION_TYPE_EXCEPTION;
> +  GpEvent.Elements.Valid  = 1;
> +
> +  return GpEvent.Uint64;
> +}
> +
>  /**
>    Handle an MMIO event.
>  
> @@ -653,6 +709,11 @@ MmioExit (
>        return UnsupportedExit (Ghcb, Regs, InstructionData);
>      }
>  
> +    Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> +    if (Status != 0) {
> +      return Status;
> +    }
> +
>      ExitInfo1 = InstructionData->Ext.RmData;
>      ExitInfo2 = Bytes;
>      CopyMem (Ghcb->SharedBuffer, &InstructionData->Ext.RegData, Bytes);
> @@ -683,6 +744,11 @@ MmioExit (
>      InstructionData->ImmediateSize = Bytes;
>      InstructionData->End += Bytes;
>  
> +    Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> +    if (Status != 0) {
> +      return Status;
> +    }
> +
>      ExitInfo1 = InstructionData->Ext.RmData;
>      ExitInfo2 = Bytes;
>      CopyMem (Ghcb->SharedBuffer, InstructionData->Immediate, Bytes);
> @@ -717,6 +783,11 @@ MmioExit (
>        return UnsupportedExit (Ghcb, Regs, InstructionData);
>      }
>  
> +    Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> +    if (Status != 0) {
> +      return Status;
> +    }
> +
>      ExitInfo1 = InstructionData->Ext.RmData;
>      ExitInfo2 = Bytes;
>  
> @@ -748,6 +819,11 @@ MmioExit (
>    case 0xB7:
>      Bytes = (Bytes != 0) ? Bytes : 2;
>  
> +    Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> +    if (Status != 0) {
> +      return Status;
> +    }
> +
>      ExitInfo1 = InstructionData->Ext.RmData;
>      ExitInfo2 = Bytes;
>  
> @@ -774,6 +850,11 @@ MmioExit (
>    case 0xBF:
>      Bytes = (Bytes != 0) ? Bytes : 2;
>  
> +    Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> +    if (Status != 0) {
> +      return Status;
> +    }
> +
>      ExitInfo1 = InstructionData->Ext.RmData;
>      ExitInfo2 = Bytes;
>  
> 


  reply	other threads:[~2021-01-07 17:27 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-06 21:21 [PATCH v2 00/15] SEV-ES security mitigations Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 01/15] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 02/15] OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 03/15] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES Lendacky, Thomas
2021-01-07 14:43   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 04/15] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Lendacky, Thomas
2021-01-07 14:44   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 05/15] OvmfPkg/MemEncryptSevLib: Save the encryption mask at boot time Lendacky, Thomas
2021-01-07 14:52   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 06/15] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask Lendacky, Thomas
2021-01-07 15:50   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 07/15] OvmfPkg/MemEncryptSevLib: Obtain encryption mask using the new interface Lendacky, Thomas
2021-01-07 15:56   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 08/15] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range Lendacky, Thomas
2021-01-07 17:11   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 09/15] OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 10/15] OvmfPkg/MemEncryptSevLib: Coding style fixes in prep for SEC library Lendacky, Thomas
2021-01-07 17:12   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 11/15] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC Lendacky, Thomas
2021-01-07 17:22   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 12/15] OvmfPkg/MemEncryptSevLib: Address range encryption state interface Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 13/15] OvmfPkg/VmgExitLib: Support nested #VCs Lendacky, Thomas
2021-01-06 21:21 ` [PATCH v2 14/15] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Lendacky, Thomas
2021-01-07 17:25   ` [edk2-devel] " Laszlo Ersek
2021-01-06 21:21 ` [PATCH v2 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory Lendacky, Thomas
2021-01-07 17:27   ` Laszlo Ersek [this message]
2021-01-07 17:33     ` [edk2-devel] " Lendacky, Thomas
2021-01-07 17:48       ` Laszlo Ersek
2021-01-07 18:37         ` Lendacky, Thomas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=066c0b78-2177-561a-6c62-e0ab9b83fca2@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox