From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web10.8331.1670486908515900673
 for <devel@edk2.groups.io>;
 Thu, 08 Dec 2022 00:08:28 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=dGAnAEuP;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0187473.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2B87VhpI001029;
	Thu, 8 Dec 2022 08:08:26 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : content-transfer-encoding : mime-version; s=pp1;
 bh=clYOb3OxVk4yiGV+pb9xLoUQT3oIqw4ggbYHDvFSC4Y=;
 b=dGAnAEuPsVgYhZQR9DCZYpdqFIxe8MYw8H4eWDYCujUHQigL2qyHtr4k7WZcrCGEVxU6
 VyUHPqA3lgYv3+tVNAvR2KFHBcDA1r/we3nN+hczHicHYqyfyTW3ai6wsniM2HN304yo
 XCkhDg9OGVOG/jo72EQLHEEr5imR0VKT8I45LLVeoDcvLUS/sFjmXONUG9jjhRfxTrI5
 Fq1dvEEAU6rWGncTFykocsvnLktG09BwMJONHmaQypcY+ZAjQawY9CdXf0ugBdhn0UiH
 ZQG+MnG8E08vDJ5JRwMejwG6t2ZrKP54UewiiWB/wEYPFS1mrMMTCUlPT5/pC+odjVt0 pw== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3mbbm68sq3-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 08 Dec 2022 08:08:26 +0000
Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2B87Wubp005038;
	Thu, 8 Dec 2022 08:08:25 GMT
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3mbbm68sph-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 08 Dec 2022 08:08:25 +0000
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.17.1.19/8.16.1.2) with ESMTP id 2B87ZIe9004171;
	Thu, 8 Dec 2022 08:03:24 GMT
Received: from smtprelay07.dal12v.mail.ibm.com ([9.208.130.99])
	by ppma04dal.us.ibm.com (PPS) with ESMTPS id 3m9sjt2msn-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 08 Dec 2022 08:03:24 +0000
Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232])
	by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2B883MLF35521012
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 8 Dec 2022 08:03:23 GMT
Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id C74EB58043;
	Thu,  8 Dec 2022 08:03:22 +0000 (GMT)
Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 8984758063;
	Thu,  8 Dec 2022 08:03:21 +0000 (GMT)
Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16])
	by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP;
	Thu,  8 Dec 2022 08:03:21 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Erdem Aktas <erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Jiewen Yao <Jiewen.Yao@intel.com>,
        Jordan Justen <jordan.l.justen@intel.com>, Min Xu <min.m.xu@intel.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as runtime memory
Date: Thu,  8 Dec 2022 08:03:11 +0000
Message-Id: <20221208080311.2025737-1-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: 406LYQXf5Gr6AaK-Utk6vHFDJAYJNx8P
X-Proofpoint-ORIG-GUID: lkX5OCUSpMNxxCn10mHT2IKiOnU3kPmp
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-12-08_04,2022-12-07_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 mlxlogscore=999
 bulkscore=0 priorityscore=1501 impostorscore=0 spamscore=0 phishscore=0
 mlxscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0 suspectscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000
 definitions=main-2212080067
Content-Transfer-Encoding: quoted-printable

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4186

Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret
area as reserved") marked the launch secret area itself (1 page) as
reserved so it the guest OS can use it during the lifetime of the OS.
However, the address and size of the secret area held in the
CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct are declared as STATIC in
OVMF (in AmdSev/SecretDxe); therefore there's no guarantee that it will
not be written over by OS data.

Fix this by allocating the memory for the
CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct with AllocateRuntimePool
to ensure the guest OS will not reuse this memory.

Fixes: 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area=
 as reserved")
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <Jiewen.Yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
 OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf |  2 ++
 OvmfPkg/AmdSev/SecretDxe/SecretDxe.c   | 17 +++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf b/OvmfPkg/AmdSev/Secret=
Dxe/SecretDxe.inf
index 40bda7ff846c..67d35f19b063 100644
--- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
+++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
@@ -23,6 +23,8 @@ [Packages]
   MdePkg/MdePkg.dec=0D
 =0D
 [LibraryClasses]=0D
+  DebugLib=0D
+  MemoryAllocationLib=0D
   UefiBootServicesTableLib=0D
   UefiDriverEntryPoint=0D
 =0D
diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx=
e/SecretDxe.c
index 3d84b2545052..615dff6cbf59 100644
--- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
+++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
@@ -5,14 +5,11 @@
   SPDX-License-Identifier: BSD-2-Clause-Patent=0D
 **/=0D
 #include <PiDxe.h>=0D
+#include <Library/DebugLib.h>=0D
 #include <Library/UefiBootServicesTableLib.h>=0D
+#include <Library/MemoryAllocationLib.h> // AllocateRuntimePool()=0D
 #include <Guid/ConfidentialComputingSecret.h>=0D
 =0D
-STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION  mSecretDxeTable =3D {=0D
-  FixedPcdGet32 (PcdSevLaunchSecretBase),=0D
-  FixedPcdGet32 (PcdSevLaunchSecretSize),=0D
-};=0D
-=0D
 EFI_STATUS=0D
 EFIAPI=0D
 InitializeSecretDxe (=0D
@@ -20,8 +17,16 @@ InitializeSecretDxe (
   IN EFI_SYSTEM_TABLE  *SystemTable=0D
   )=0D
 {=0D
+  CONFIDENTIAL_COMPUTING_SECRET_LOCATION *SecretDxeTable;=0D
+=0D
+  SecretDxeTable =3D AllocateRuntimePool (sizeof (CONFIDENTIAL_COMPUTING_S=
ECRET_LOCATION));=0D
+  ASSERT (SecretDxeTable !=3D NULL);=0D
+=0D
+  SecretDxeTable->Base =3D FixedPcdGet32 (PcdSevLaunchSecretBase);=0D
+  SecretDxeTable->Size =3D FixedPcdGet32 (PcdSevLaunchSecretSize);=0D
+=0D
   return gBS->InstallConfigurationTable (=0D
                 &gConfidentialComputingSecretGuid,=0D
-                &mSecretDxeTable=0D
+                SecretDxeTable=0D
                 );=0D
 }=0D
--=20
2.25.1