From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id DAC0174004C for ; Mon, 22 Apr 2024 14:12:29 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=tb0PPPTvWPFnZj8vPshC0cG/bQb3PQZiKl/51Bq9niA=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:User-Agent:Subject:To:References:From:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713795148; v=1; b=nYIpK3DPEe06PS8Kz7DNpVJ/CttkBI/V0pZhuEkyqH3v44B0mJcR/P2wwhbBisEnUXVHlilW oKzlm/tbtozFoJXs1fzqCuduSjvcqi0QWE1IuMdsFnOTdSzQJanLrJ78DF2ZicxbyjUT52RvPH5 sdsKvPVbYjPzNhW+Mxl9uTSlhdSDX8hUnGvwGNaxb+IIcla5c8m29eKKUsD5vlq9vIaBrlZCzU+ VvXRy8qJPh670eE65325RYya/dasli2XcFXBiAGAOl4ZBsxdwJ3BZhNJKNaplftfrncCWHamZfU IJYe+6SSEIdLpktiSA+VOabV82RvPuOWTBmEJ9+R/21fw== X-Received: by 127.0.0.2 with SMTP id lirgYY7687511xJW1eiCayeY; Mon, 22 Apr 2024 07:12:28 -0700 X-Received: from NAM10-BN7-obe.outbound.protection.outlook.com (NAM10-BN7-obe.outbound.protection.outlook.com [40.107.92.46]) by mx.groups.io with SMTP id smtpd.web11.19594.1713795147551200634 for ; Mon, 22 Apr 2024 07:12:27 -0700 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) by CH0PR12MB8532.namprd12.prod.outlook.com (2603:10b6:610:191::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.44; Mon, 22 Apr 2024 14:12:24 +0000 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52]) by BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52%7]) with mapi id 15.20.7472.044; Mon, 22 Apr 2024 14:12:24 +0000 Message-ID: <08e3b20a-19dd-7e50-cfa4-b628825eed00@amd.com> Date: Mon, 22 Apr 2024 09:12:21 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [edk2-devel] [PATCH v2] OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742) To: devel@edk2.groups.io, acdunlap@google.com, Borislav Petkov , Peter Gonda , Ard Biesheuvel , Erdem Aktas , Gerd Hoffmann , Jiewen Yao , Michael Roth , Min Xu , Yuan Yu References: <20240419182146.699506-1-acdunlap@google.com> From: "Lendacky, Thomas via groups.io" In-Reply-To: <20240419182146.699506-1-acdunlap@google.com> X-ClientProxiedBy: SA1P222CA0141.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c2::8) To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|CH0PR12MB8532:EE_ X-MS-Office365-Filtering-Correlation-Id: fcdc69dc-6c7c-4b4f-97c4-08dc62d63b4e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: =?utf-8?B?ZS8yOHluTHY5RmJSM01zMEVJMlpvTitVUU9relVRamtjNWdETnliTWdwcGow?= =?utf-8?B?SXpHWDBmN0dqTEgrM2xZazFGalY0RS9zdFhQT1hMOWRtS1JVemptOWthQ2Vi?= =?utf-8?B?ZWVQWWQyanJVU1pEZ3ZBUTVLTWZIelltbFB1V3JFZi9yQVBiTFBKb0h1R1VF?= =?utf-8?B?aUt6K2trYVR6WndiWS8vNzlTb3o5djZRRkd3ZFpjRmtjTHVYSGNTZGhqdloz?= =?utf-8?B?RlFoWEtWNE5wd2E5WFFXbmZaRjhCZW1kRUhwcU9JR3hybEMraWQ5Nnl5dmsv?= =?utf-8?B?MTl3QVYwZmxvemhOMFNKbncxWlljY3BqVDB4K0ViWVFYZDJ2VGJxeW12UVhZ?= =?utf-8?B?dlV3WVVkQ05VdVZUTm00NzRoK05nQ1hFQjRPSXNkeWx6MityRDdmSnIraTgr?= =?utf-8?B?NWFBc2FnUFBnZmNqamdlWXVYNWM3NzErWFRDelVxUm4rZEluSXFaMVZvWVdq?= =?utf-8?B?SjU3dy9ueG1kSFBucVBHbGwyZlBHME82eEhQMnNqRStJVHFIdEpHbHBVMGJ0?= =?utf-8?B?bHBTN0duSUdzdlR2bFUrZVIwWWRIVXBDaEJOc0RmRlA5Z3MvRmtNeTE1ejJE?= =?utf-8?B?bGlEWHdkS0p4T3pxb2lUUjl4a1UzMDZObWRhZkp1dS93NlhwNElmcTJsNVFr?= =?utf-8?B?TE5QVDJSSmdyOXNjZXNuZndxUUxRRjJxRmJFdDdWUlRiWEZhaGhNaDAwNUI1?= =?utf-8?B?N1lzU2dvQU9RaGZPemZUc1NvQlFvb3ZTZ2hGckJiOElJWUQ3bGxvQ29GUU9U?= =?utf-8?B?NFJxTWhsZ3JHZlVWL3dkdnMwaElFMmdNeFY0VmhmRkowY2Zsd2pYRTB2WUd1?= =?utf-8?B?UDVEMStPSlJneXBaNlZoZC9XRHkwVzFWd2o5ZGJjc3NQU3U4SzdCUHhKUnVo?= =?utf-8?B?UGQ1elBvMHF0bWpQSm5hQ0RuWVV2OUZLdE5IZHZndnJJNWp0bkJuZHlMN0RN?= =?utf-8?B?eXNRTThERW9uSkl1L1Ara2VMWjVieVB4MGxyVmsxS2dMYkRBdHM4cGpzeTJu?= =?utf-8?B?NC9ITTh2YzJ4ZmN4Z3JEb25tR05uNVltYnpHenErdWFvZVlqaEJkUmZNWDdE?= =?utf-8?B?N25tNlR1bnBXU0ZHczRLaWJGQzhCSjBGYmdqZ3NqT2tZZ3FyZHp2Zk9SSVk2?= =?utf-8?B?ZTBXTzRFaXdWUEtrYXRGZFhtbFhlRXRjUkdjQVVOVUZjVWZwNEk4a1lVT2p6?= =?utf-8?B?TDVKTGFVdEFJUXlERkc5V3RhV1JPSE1RNEJ2MXBPdWtRWDUyYitzaVpRVjdT?= =?utf-8?B?QVdoOEhPUGYrSi9FdGdXdzF6SHAxTFNKQ0F6MEhZbVV0Y0NtRmtQUkdDanNK?= =?utf-8?B?YXZaeC9MWlF1RHpHeklNMU1JbTdOSlNGVW5UTjB1L0ZTL285dEtjWHlZZTRF?= =?utf-8?B?cUNob0xCUnVyaXh0eU9vVGI0NWRKOEw3d2VoYzZmQTJOOW5pZVVoa1ZhOGVo?= =?utf-8?B?RzNhWW5Oakdvd01NSm5QOTZLb0F6SklzWFc2bndBVXord3RRdklYME1YUVli?= =?utf-8?B?aGJqRFI4UW10SHpkN1FDcFJnWFpZUmsraEFudUtQTTRQVjhuQ09ObzU5SWNO?= =?utf-8?B?TjdZZ0FBaytuMzVMRG1EWVdwanFkVER3dE1UUHQ3elNhNUZFSmc0KzNnVGUr?= =?utf-8?B?ZXlhclFPL1dza1ZaZjlpd016TlNNTy9zcTA5aWQvNE1teHlXNVFuZjI1dmZQ?= =?utf-8?B?dmpKTTJtRmFlUTJvMnJpOW85Y3V1Y3Brb0M5dDVPUGJGMVNsM1cvM25BPT0=?= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bHZjalJoZm1oMk5iT0tJbnlDdjlCcnc3UjlLVmJVZUJpQzNlMlcxZDM1cVgx?= =?utf-8?B?b0tHbld5U2tYMy9MQWlkNjNhZ3RvMXRUUHVjOTA5S0c3UTVOYlpoeTJlYVo0?= =?utf-8?B?TFZCUmI3d1A2bFh1aTlJREY1Y04xUndaUmhPV3JBWHk5TmNOTGsxWE04akZU?= =?utf-8?B?UkdFL2xXbUFDbmFkaitialhIUFlkY1k0MUtvVTEzNWViVG85NFRjajdXVDBW?= =?utf-8?B?K3BWZENGQXRVUVUrUHdLVCtUNTlrMTJnSVBDc2hCRnZRdzdjeCszR2NBemFu?= =?utf-8?B?RzFabXF5U2c4cWsvVzc4ZHg2Y3ZSMTR4aWp5cWJNUkFHbTgrUGhRcGk0ZzZH?= =?utf-8?B?Q1JYL29GZWhjQnBlLzcwWERHSWlxRjBNVkVHbDR1Vm1GaUdwaG9KaGxpcVRn?= =?utf-8?B?dzM4c3ZnWFd0b1MyTGtZNml4dHBvNm51a2hoUlNZelk2S3ZYSE9nZy9YcTRt?= =?utf-8?B?V1hnc1dldGFZTkhKZjFxTjBxdy9qNTVOSlZxTmdNdXU4ZUVqaTEyYVdUSmNK?= =?utf-8?B?anloUDdRbklFbUR5d09vQ0dBR0lBdktqeTNLWlBTbWlPWWRIN25NR2oycXg1?= =?utf-8?B?VDJnbVB3enFadEkwUmM1MDJjYzJ1RjUwV2Jzbld2RGFwam1aSXI4ckpKS3Vq?= =?utf-8?B?YTd6Mys1dkxFS05ndCs0SFdWaTZJZ1N6cGRCMS92ZDFhd3NkYXJ4eHVEUHZK?= =?utf-8?B?V1BDKy8zSGYzZXFvbVd6bGhsRytZSmhpS1AxSTE3UDVSdUVOekhqNHZsUGRW?= =?utf-8?B?TXRGbUlQdUw5ZnNDeks5cUpSYzRKZC9oK2tYcHFWamJ6d3JKWEdBYUNzNzFH?= =?utf-8?B?UFptMUdsVDFHWFQ0SHIwb0oyT3ppQXNFbGRJdHpGcTRKaytkUlhtQ0NGRVlo?= =?utf-8?B?eUZLNFVKTFVoaW45dTZBMzhCWFlZRWYyL29YV2JFamcyb2Z1V3Q4aHVMM2RK?= =?utf-8?B?SE95Sk0yc3hFT1ZUTFRqcjlOdDhoL0R3MzZBSm5sc0NucFIwM0JEOTVkYUhH?= =?utf-8?B?cmZKSnhJRGdmTEtVS1NHSHZSOUQ5SGN3UHNRa1JBak1iWTRQYUx2alBqUjRo?= =?utf-8?B?UWFzVzV4dEcrWEZKNmVJSEt2cDN3czVXdkxKTkZLeWx6N1RMbFI2aDFaaTRQ?= =?utf-8?B?RnpFeSsxRDRCT25GNGdlQ2NSMkdMSUIzNk5kbU1zbXMyZC9oQmVsam4weDRV?= =?utf-8?B?bHA1OFQyemFaYmwrM3llREdVVERMa3ZWZ2czMFdwd0VjQjF5ZWdzL29kbHRJ?= =?utf-8?B?NG1kVVVWd1d5SktRb3YxcEI1U2dxZUFZUkVsbDU5Zyt2Yks5VEppWDNyckR0?= =?utf-8?B?SlJDdGtWMVdGT1k0Y3ZxUzY5NmcyRHArdXp4Rm9yaU5Kbm50ejhiMHZFSms3?= =?utf-8?B?aHVJdzFFaGIzM0YvVDZFRi9Id0NlVmlMYW9IeE82YmpSeGtlcmZETXhFQ3p5?= =?utf-8?B?VHM0WXdIck8rc1AwM2xkVmIrNU1nNlcwTWtweXl6dWNiNCs0TkxQeEFnb1Fw?= =?utf-8?B?czhId2NXc0Nqc1IzT2E1dnFkaW0xOGdLb29wcWIvclhud3haTjBiUFV3U0hQ?= =?utf-8?B?M3pvVGNCamFVa01YYW93NnRnS3ZQNFpyTFcydDllbHZZY2pubXAyd3NpUlRO?= =?utf-8?B?a0VwcXl5RkFiKy9GZ1A0T3ZnOC9NSkR4VktXNUVsZFpDNXFndnhuY241QnZy?= =?utf-8?B?WjM0Wmt6SmVtOHFicTA1Y1R0OVVGS2thZ0hSRmRUTlZzbG9jaDJYNVhYbmd0?= =?utf-8?B?VDlhRkZzV05jQUEyaW1DQ1RiRXU1andLSCtIWUpLNjB2aWN3NjR3dVBxTlc4?= =?utf-8?B?OVhFLzB6S1Qrcmo0ZjRQR2s1TlJJL3VhVmNiTjVEaVpGb1pLbUhMZ1NwdUNh?= =?utf-8?B?cXZqcktQOU9IMXZJNDdJWVJWVTNWMUR3UllXUC9KRUpKVnRiNUU5K2NRc2NU?= =?utf-8?B?SktGWDY2dTU4ZGtoVWJtUXBaLzRxU2FIZ0x6Rnhyd2hRaVNEMDY3ekFuZ3Fq?= =?utf-8?B?T1ovc2EyRmtMWXErUS9xVGc3NWd0N0VzSjh6cXNSenhGQ1V2dVdFNCtWc3FK?= =?utf-8?B?VDIrMTVDN1pzWjNYTG1IQVY0TzMzbWUwVTFheUJsWGFSeVRFSG1YcWpWNTRl?= =?utf-8?Q?ZuCh8u4Fs2P7qZXP90dSBCCnP?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: fcdc69dc-6c7c-4b4f-97c4-08dc62d63b4e X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2024 14:12:23.9110 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: M23ZjrpWAM4njFhMiSy+X7s88A8Y1tYCosgu8SfL3Zjchp8vfwyXg8bi5oi08oCXO6wuPU0w2E8BRmBQNy+vvg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB8532 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 22 Apr 2024 07:12:27 -0700 Resent-From: thomas.lendacky@amd.com Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ZY0ht8eeRodXi4xyCRyi2ewWx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=nYIpK3DP; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On 4/19/24 13:21, Adam Dunlap via groups.io wrote: > Ensure that when a #VC exception happens, the instruction at the > instruction pointer matches the instruction that is expected given the > error code. This is to mitigate the ahoi WeSee attack [1] that could > allow hypervisors to breach integrity and confidentiality of the > firmware by maliciously injecting interrupts. This change is a > translated version of a linux patch e3ef461af35a ("x86/sev: Harden #VC > instruction emulation somewhat") >=20 > [1] https://ahoi-attacks.github.io/wesee/ >=20 > Cc: Borislav Petkov (AMD) > Cc: Tom Lendacky > Signed-off-by: Adam Dunlap Reviewed-by: Tom Lendacky > --- >=20 > Patch changelog: > V1 -> V2: Added the MWAITX/MONITORX opcodes. Added the opcode for INVD. > Added a comment to explain skipping the exit handling if the opcode does > not match. >=20 > OvmfPkg/Library/CcExitLib/CcExitVcHandler.c | 184 ++++++++++++++++++-- > 1 file changed, 173 insertions(+), 11 deletions(-) >=20 > diff --git a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c b/OvmfPkg/Librar= y/CcExitLib/CcExitVcHandler.c > index 0fc30f7bc4..31587586fe 100644 > --- a/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c > +++ b/OvmfPkg/Library/CcExitLib/CcExitVcHandler.c > @@ -532,8 +532,6 @@ MwaitExit ( > IN CC_INSTRUCTION_DATA *InstructionData > ) > { > - CcDecodeModRm (Regs, InstructionData); > - > Ghcb->SaveArea.Rax =3D Regs->Rax; > CcExitVmgSetOffsetValid (Ghcb, GhcbRax); > Ghcb->SaveArea.Rcx =3D Regs->Rcx; > @@ -564,8 +562,6 @@ MonitorExit ( > IN CC_INSTRUCTION_DATA *InstructionData > ) > { > - CcDecodeModRm (Regs, InstructionData); > - > Ghcb->SaveArea.Rax =3D Regs->Rax; // Identity mapped, so VA =3D PA > CcExitVmgSetOffsetValid (Ghcb, GhcbRax); > Ghcb->SaveArea.Rcx =3D Regs->Rcx; > @@ -670,8 +666,6 @@ VmmCallExit ( > { > UINT64 Status; > =20 > - CcDecodeModRm (Regs, InstructionData); > - > Ghcb->SaveArea.Rax =3D Regs->Rax; > CcExitVmgSetOffsetValid (Ghcb, GhcbRax); > Ghcb->SaveArea.Cpl =3D (UINT8)(Regs->Cs & 0x3); > @@ -1603,8 +1597,6 @@ Dr7WriteExit ( > Ext =3D &InstructionData->Ext; > SevEsData =3D (SEV_ES_PER_CPU_DATA *)(Ghcb + 1); > =20 > - CcDecodeModRm (Regs, InstructionData); > - > // > // MOV DRn always treats MOD =3D=3D 3 no matter how encoded > // > @@ -1655,8 +1647,6 @@ Dr7ReadExit ( > Ext =3D &InstructionData->Ext; > SevEsData =3D (SEV_ES_PER_CPU_DATA *)(Ghcb + 1); > =20 > - CcDecodeModRm (Regs, InstructionData); > - > // > // MOV DRn always treats MOD =3D=3D 3 no matter how encoded > // > @@ -1671,6 +1661,170 @@ Dr7ReadExit ( > return 0; > } > =20 > +/** > + Check that the opcode matches the exit code for a #VC. > + > + Each exit code should only be raised while executing certain instructi= ons. > + Verify that rIP points to a correct instruction based on the exit code= to > + protect against maliciously injected interrupts via the hypervisor. If= it does > + not, report an unsupported event to the hypervisor. > + > + Decodes the ModRm byte into InstructionData if necessary. > + > + @param[in, out] Ghcb Pointer to the Guest-Hypervisor Commu= nication > + Block > + @param[in, out] Regs x64 processor context > + @param[in, out] InstructionData Instruction parsing context > + @param[in] ExitCode Exit code given by #VC. > + > + @retval 0 No problems detected. > + @return New exception value to propagate > + > + > +**/ > +STATIC > +UINT64 > +VcCheckOpcodeBytes ( > + IN OUT GHCB *Ghcb, > + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, > + IN OUT CC_INSTRUCTION_DATA *InstructionData, > + IN UINT64 ExitCode > + ) > +{ > + UINT8 OpCode; > + > + // > + // Expected opcodes are either 1 or 2 bytes. If they are 2 bytes, they= always > + // start with TWO_BYTE_OPCODE_ESCAPE (0x0f), so skip over that. > + // > + OpCode =3D *(InstructionData->OpCodes); > + if (OpCode =3D=3D TWO_BYTE_OPCODE_ESCAPE) { > + OpCode =3D *(InstructionData->OpCodes + 1); > + } > + > + switch (ExitCode) { > + case SVM_EXIT_IOIO_PROT: > + case SVM_EXIT_NPF: > + /* handled separately */ > + return 0; > + > + case SVM_EXIT_CPUID: > + if (OpCode =3D=3D 0xa2) { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_INVD: > + if (OpCode =3D=3D 0x08) { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_MONITOR: > + CcDecodeModRm (Regs, InstructionData); > + > + if ((OpCode =3D=3D 0x01) && > + ( (InstructionData->ModRm.Uint8 =3D=3D 0xc8) /* MONITOR */ > + || (InstructionData->ModRm.Uint8 =3D=3D 0xfa))) /* MONITORX */ > + { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_MWAIT: > + CcDecodeModRm (Regs, InstructionData); > + > + if ((OpCode =3D=3D 0x01) && > + ( (InstructionData->ModRm.Uint8 =3D=3D 0xc9) /* MWAIT */ > + || (InstructionData->ModRm.Uint8 =3D=3D 0xfb))) /* MWAITX */ > + { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_MSR: > + /* RDMSR */ > + if ((OpCode =3D=3D 0x32) || > + /* WRMSR */ > + (OpCode =3D=3D 0x30)) > + { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_RDPMC: > + if (OpCode =3D=3D 0x33) { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_RDTSC: > + if (OpCode =3D=3D 0x31) { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_RDTSCP: > + CcDecodeModRm (Regs, InstructionData); > + > + if ((OpCode =3D=3D 0x01) && (InstructionData->ModRm.Uint8 =3D=3D 0= xf9)) { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_DR7_READ: > + CcDecodeModRm (Regs, InstructionData); > + > + if ((OpCode =3D=3D 0x21) && > + (InstructionData->Ext.ModRm.Reg =3D=3D 7)) > + { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_VMMCALL: > + CcDecodeModRm (Regs, InstructionData); > + > + if ((OpCode =3D=3D 0x01) && (InstructionData->ModRm.Uint8 =3D=3D 0= xd9)) { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_DR7_WRITE: > + CcDecodeModRm (Regs, InstructionData); > + > + if ((OpCode =3D=3D 0x23) && > + (InstructionData->Ext.ModRm.Reg =3D=3D 7)) > + { > + return 0; > + } > + > + break; > + > + case SVM_EXIT_WBINVD: > + if (OpCode =3D=3D 0x9) { > + return 0; > + } > + > + break; > + > + default: > + break; > + } > + > + return UnsupportedExit (Ghcb, Regs, InstructionData); > +} > + > /** > Handle a #VC exception. > =20 > @@ -1773,7 +1927,15 @@ InternalVmgExitHandleVc ( > =20 > CcInitInstructionData (&InstructionData, Ghcb, Regs); > =20 > - Status =3D NaeExit (Ghcb, Regs, &InstructionData); > + Status =3D VcCheckOpcodeBytes (Ghcb, Regs, &InstructionData, ExitCode)= ; > + > + // > + // If the opcode does not match the exit code, do not process the exce= ption > + // > + if (Status =3D=3D 0) { > + Status =3D NaeExit (Ghcb, Regs, &InstructionData); > + } > + > if (Status =3D=3D 0) { > Regs->Rip +=3D CcInstructionLength (&InstructionData); > } else { -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118096): https://edk2.groups.io/g/devel/message/118096 Mute This Topic: https://groups.io/mt/105623545/7686176 Mute #vc:https://edk2.groups.io/g/devel/mutehashtag/vc Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-