From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1])
 by mx.groups.io with SMTP id smtpd.web10.132408.1671109923286089794
 for <devel@edk2.groups.io>;
 Thu, 15 Dec 2022 05:12:03 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ibm.com header.s=pp1 header.b=SISMlm8X;
 spf=pass (domain: linux.ibm.com, ip: 148.163.156.1, mailfrom: dovmurik@linux.ibm.com)
Received: from pps.filterd (m0098396.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2BFCkaQ2003333;
	Thu, 15 Dec 2022 13:12:01 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject
 : date : message-id : content-transfer-encoding : mime-version; s=pp1;
 bh=YBXXJaoIgtTnh6vTYTyIEq3JyxGwhUUFcmYB33R6UYU=;
 b=SISMlm8XPYys7flN/8MrzR6VOj8YQYaPmKJeXF0BwoeT9XIaVjq3qSRV/PFuIXKbPvWs
 1nC6wYZMLLpKSVmmU28QNzmx+Nzpv15ANa0wCcZGQuwETu9Ddwt67UVevqNntCn8iOdb
 DBh2n7poyDL/reTNz/siOJuVnx3bPk8GuIOReV/ajSFHQkryTyXwp2CSZYI3oIXdT8eR
 Bkuo2WLo1bOT3hd2o8SShEADzQ0TUMWqkdtWKzD/XTVOGOsmZI2mxkZ4ik8MrwBZkUoB
 NHV4qywW0nzosrEe8sHmI2DC5nOMznqdJYEX9R244hE7dQtB3o43W4hFjQbq/QshyCO0 qw== 
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3mg3vtgq7h-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 15 Dec 2022 13:12:01 +0000
Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2BFD09Ti003083;
	Thu, 15 Dec 2022 13:12:00 GMT
Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3mg3vtgq6x-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 15 Dec 2022 13:12:00 +0000
Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1])
	by ppma02wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 2BFApHrT000367;
	Thu, 15 Dec 2022 13:11:59 GMT
Received: from smtprelay04.wdc07v.mail.ibm.com ([9.208.129.114])
	by ppma02wdc.us.ibm.com (PPS) with ESMTPS id 3meyrvb881-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 15 Dec 2022 13:11:59 +0000
Received: from smtpav04.wdc07v.mail.ibm.com (smtpav04.wdc07v.mail.ibm.com [10.39.53.231])
	by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2BFDBvKD51642832
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Thu, 15 Dec 2022 13:11:57 GMT
Received: from smtpav04.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 9D33958052;
	Thu, 15 Dec 2022 13:11:57 +0000 (GMT)
Received: from smtpav04.wdc07v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 6ED8458054;
	Thu, 15 Dec 2022 13:11:56 +0000 (GMT)
Received: from amdrome3.watson.ibm.com (unknown [9.2.130.16])
	by smtpav04.wdc07v.mail.ibm.com (Postfix) with ESMTP;
	Thu, 15 Dec 2022 13:11:56 +0000 (GMT)
From: "Dov Murik" <dovmurik@linux.ibm.com>
To: devel@edk2.groups.io
Cc: Dov Murik <dovmurik@linux.ibm.com>, Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Ard Biesheuvel <ardb+tianocore@kernel.org>,
        Erdem Aktas <erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Jiewen Yao <Jiewen.Yao@intel.com>,
        Jordan Justen <jordan.l.justen@intel.com>,
        Michael Roth <michael.roth@amd.com>, Min Xu <min.m.xu@intel.com>,
        Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v3 1/1] OvmfPkg/AmdSev/SecretDxe: Allocate secret location as EfiACPIReclaimMemory
Date: Thu, 15 Dec 2022 13:11:51 +0000
Message-Id: <20221215131151.2359297-1-dovmurik@linux.ibm.com>
X-Mailer: git-send-email 2.25.1
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: s-k6VZFnfQ2PAJWoYTCD0idAWkXTSo6l
X-Proofpoint-GUID: mzD2IQeORO_YpPsX7mmbuyf4e-sgJBGU
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-12-15_07,2022-12-15_02,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxscore=0
 suspectscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 clxscore=1015
 impostorscore=0 phishscore=0 malwarescore=0 priorityscore=1501
 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2212070000 definitions=main-2212150106
Content-Transfer-Encoding: quoted-printable

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4186

Commit 079a58276b98 ("OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret
area as reserved") marked the launch secret area itself (1 page) as
reserved so the guest OS can use it during the lifetime of the OS.
However, the address and size of the secret area held in the
CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct are declared as STATIC in
OVMF (in AmdSev/SecretDxe); therefore there's no guarantee that it will
not be written over by OS data.

Fix this by allocating the memory for the
CONFIDENTIAL_COMPUTING_SECRET_LOCATION struct with the
EfiACPIReclaimMemory memory type to ensure the guest OS will not reuse
this memory.

Fixes: 079a58276b98
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <Jiewen.Yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>

---

v3 changes:
* Whitespace fix

v2 changes:
* Allocate with EfiACPIReclaimMemory memory type (thanks Ard)
---
 OvmfPkg/AmdSev/SecretDxe/SecretDxe.c | 22 ++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c b/OvmfPkg/AmdSev/SecretDx=
e/SecretDxe.c
index 3d84b2545052..c3258570e941 100644
--- a/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
+++ b/OvmfPkg/AmdSev/SecretDxe/SecretDxe.c
@@ -8,11 +8,6 @@
 #include <Library/UefiBootServicesTableLib.h>=0D
 #include <Guid/ConfidentialComputingSecret.h>=0D
 =0D
-STATIC CONFIDENTIAL_COMPUTING_SECRET_LOCATION  mSecretDxeTable =3D {=0D
-  FixedPcdGet32 (PcdSevLaunchSecretBase),=0D
-  FixedPcdGet32 (PcdSevLaunchSecretSize),=0D
-};=0D
-=0D
 EFI_STATUS=0D
 EFIAPI=0D
 InitializeSecretDxe (=0D
@@ -20,8 +15,23 @@ InitializeSecretDxe (
   IN EFI_SYSTEM_TABLE  *SystemTable=0D
   )=0D
 {=0D
+  EFI_STATUS                              Status;=0D
+  CONFIDENTIAL_COMPUTING_SECRET_LOCATION  *SecretDxeTable;=0D
+=0D
+  Status =3D gBS->AllocatePool (=0D
+                  EfiACPIReclaimMemory,=0D
+                  sizeof (CONFIDENTIAL_COMPUTING_SECRET_LOCATION),=0D
+                  (VOID **)&SecretDxeTable=0D
+                  );=0D
+  if (EFI_ERROR (Status)) {=0D
+    return Status;=0D
+  }=0D
+=0D
+  SecretDxeTable->Base =3D FixedPcdGet32 (PcdSevLaunchSecretBase);=0D
+  SecretDxeTable->Size =3D FixedPcdGet32 (PcdSevLaunchSecretSize);=0D
+=0D
   return gBS->InstallConfigurationTable (=0D
                 &gConfidentialComputingSecretGuid,=0D
-                &mSecretDxeTable=0D
+                SecretDxeTable=0D
                 );=0D
 }=0D
--=20
2.25.1