From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5])
 by mx.groups.io with SMTP id smtpd.web11.37960.1670832508026466823
 for <devel@edk2.groups.io>;
 Mon, 12 Dec 2022 00:08:28 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=StFku6PA;
 spf=pass (domain: linux.ibm.com, ip: 148.163.158.5, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098417.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2BC5mGJj015224;
	Mon, 12 Dec 2022 08:08:26 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : content-transfer-encoding : mime-version; s=pp1;
 bh=aXyVtC8HdS98H/J0xFTqjOVPXcKanxHw2gj6x1d5y8Q=;
 b=StFku6PAQTXHkHwimXp2E2GfEre6QN5Q2Vs8KQYLh5ZJmo8imiBFdc4EG7e7dFPvb0ED
 jmZ2GPeo72n5qVcYzsnM4BJwyx367Qo+7aMUyj9TBs/V18YUT4EbgOB+rqPLxWBk7/vG
 pUgJBRJugUx1X8ES+x0qEISaLsl8X5nvFc/H2kUwj+181LZt5WQ3aLIS1E6D572efb72
 SInvGJe2UmHX/dXo+ODJbHI2yoxgLYMdoja6OlHx/cMtjWbKrro2rW1M1C6jePjo7cWj
 wbv0PfRlETSZoWsg15oV1zjbi44Yg9EO1g+dS+f2u3BRotC54E0YytB1jbwkR8lKpmcl UQ== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3md3sjjfff-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 12 Dec 2022 08:08:25 +0000
Received: from m0098417.ppops.net (m0098417.ppops.net [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2BC6uhdY018170;
	Mon, 12 Dec 2022 08:08:25 GMT
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3md3sjjff1-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 12 Dec 2022 08:08:25 +0000
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 2BC7wZP7032042;
	Mon, 12 Dec 2022 08:08:24 GMT
Received: from smtprelay03.dal12v.mail.ibm.com ([9.208.130.98])
	by ppma01wdc.us.ibm.com (PPS) with ESMTPS id 3mchr63smh-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 12 Dec 2022 08:08:24 +0000
Received: from smtpav05.wdc07v.mail.ibm.com (smtpav05.wdc07v.mail.ibm.com [10.39.53.232])
	by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2BC88M2864684520
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Mon, 12 Dec 2022 08:08:23 GMT
Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id A7CEE58043;
	Mon, 12 Dec 2022 08:08:22 +0000 (GMT)
Received: from smtpav05.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 814C35805D;
	Mon, 12 Dec 2022 08:08:21 +0000 (GMT)
Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16])
	by smtpav05.wdc07v.mail.ibm.com (Postfix) with ESMTP;
	Mon, 12 Dec 2022 08:08:21 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Erdem Aktas <erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Jiewen Yao <Jiewen.Yao@intel.com>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Michael Roth <michael.roth@amd.com>, Min Xu <min.m.xu@intel.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v2 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate CC secret location as EfiACPIReclaimMemory
Date: Mon, 12 Dec 2022 08:08:08 +0000
Message-Id: <20221212080808.2253768-1-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: Gne1JztszjM9rJAzypTRY3zgg0Q7G2Qn
X-Proofpoint-ORIG-GUID: t5GsGvdtg4VwPvDUElPgpwh8WwvXY4qS
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-12-12_01,2022-12-08_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 bulkscore=0
 suspectscore=0 clxscore=1015 phishscore=0 malwarescore=0 mlxscore=0
 impostorscore=0 priorityscore=1501 mlxlogscore=999 lowpriorityscore=0
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2210170000 definitions=main-2212120075
Content-Transfer-Encoding: quoted-printable

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4186

Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret
area as reserved") marked the launch secret area itself (1 page) as
reserved so the guest OS can use it during the lifetime of the OS.
However, the address and size of the secret area held in the
CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct are declared as STATIC in
OVMF (in AmdSev/SecretDxe); therefore there's no guarantee that it will
not be written over by OS data.

Fix this by allocating the memory for the
CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct with the
EfiACPIReclaimMemory memory type to ensure the guest OS will not reuse
this memory.

Fixes: 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area=
 as reserved")
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <Jiewen.Yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>

---

v2 changes:
* Allocate with EfiACPIReclaimMemory memory type (thanks Ard)
---
 OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 22 ++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx=
e/SecretDxe.c
index 3d84b2545052..4f65b1ce5ba5 100644
--- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
+++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
@@ -8,11 +8,6 @@
 #include <Library/UefiBootServicesTableLib.h>=0D
 #include <Guid/ConfidentialComputingSecret.h>=0D
 =0D
-STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION  mSecretDxeTable =3D {=0D
-  FixedPcdGet32 (PcdSevLaunchSecretBase),=0D
-  FixedPcdGet32 (PcdSevLaunchSecretSize),=0D
-};=0D
-=0D
 EFI_STATUS=0D
 EFIAPI=0D
 InitializeSecretDxe (=0D
@@ -20,8 +15,23 @@ InitializeSecretDxe (
   IN EFI_SYSTEM_TABLE  *SystemTable=0D
   )=0D
 {=0D
+  EFI_STATUS                             Status;=0D
+  CONFIDENTIAL_COMPUTING_SECRET_LOCATION *SecretDxeTable;=0D
+=0D
+  Status =3D gBS->AllocatePool (=0D
+                  EfiACPIReclaimMemory,=0D
+                  sizeof (CONFIDENTIAL_COMPUTING_SECRET_LOCATION),=0D
+                  (VOID **)&SecretDxeTable=0D
+                  );=0D
+  if (EFI_ERROR (Status)) {=0D
+    return Status;=0D
+  }=0D
+=0D
+  SecretDxeTable->Base =3D FixedPcdGet32 (PcdSevLaunchSecretBase);=0D
+  SecretDxeTable->Size =3D FixedPcdGet32 (PcdSevLaunchSecretSize);=0D
+=0D
   return gBS->InstallConfigurationTable (=0D
                 &gConfidentialComputingSecretGuid,=0D
-                &mSecretDxeTable=0D
+                SecretDxeTable=0D
                 );=0D
 }=0D
--=20
2.25.1