From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.79]) by mx.groups.io with SMTP id smtpd.web12.1317.1585071732848065259 for ; Tue, 24 Mar 2020 10:42:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=ACXtxOjG; spf=none, err=SPF record not found (domain: amd.com, ip: 40.107.244.79, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kRQjh0t+b/+9zKIkwXM3gIr0bsuwdISaPeje6BHlMil6aS7BKBfPX0UpyIxRm2JWYWjCD0TX5qyhd/rX9vqw9rmvl9DbsWl0uLqSuYqFIIT3fco9aIG8EPjK1iez2nLwm2pm4j6Nih5wpcXB8T/6o5PFU+kNj+kp+OmduVUeSBBArzIzxd8eFH3Zhp+fuklsA9YNS7WUJk8QyqWvD3ynXOFUzVCZt+cGAGT99/QKCLOHCzl281+8orhMrEUsyhi1OkOir4jqTo0R8eFIO9LUOvZGPkKVDwQ82+nG5+bxtEGcn5dXKTL+Bjd2+Mc+EOjXJOcJMRejKJ0xi8tQYI3LMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a3711expFyXhM9fABs1ODO1IhcLNbINmpahn1bRuZew=; b=KFvi3Jq+UI1cARB0uE5mdTIFmEsHtPucNjdByhxy25oGAtHgxewU+vwL8o+PbbtWt3EFF7lu5bQM9DsnW0DyZt+Z7jrnfsGMG/rg0AZAKPt+BFZfl3pGyGdbQwHExg/gcxFbDK9dfUvE00oYlf2RETCYlPBqG15n2vZeWXp9mym+EzxdqSBlcMJQVCpcJM9NXtxE/PRahIbFlOnZkdKRGdDQg2Zg7lpK5iWKXSFxOYQkXivnQITpFkbynECiEaNZ5fQ42Dsd0aWxgKToeABwhWBkwns3SNm8p7xSKfydsb+Gu8LBHybK8vvSNVWTeGCL/voCKwzHhwbrzqwM4ryhKw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a3711expFyXhM9fABs1ODO1IhcLNbINmpahn1bRuZew=; b=ACXtxOjGp2vVoZny2ndQ4IW/w4hQ+G43ru1tRo98v8cRUdWp2DCXsDKifG3EoWB6YZAO2ayOvrm+K/RYhpg0FpfP2xwkGFfnMnwEKZNf5w/fu1L3KI0X6gIsw5B3KHw4ChT9ih/oUH03eqKGVvSvpo5EXg9RePYCxayQ32j3qZI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) by DM6PR12MB3915.namprd12.prod.outlook.com (2603:10b6:5:1c4::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.22; Tue, 24 Mar 2020 17:42:11 +0000 Received: from DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::f0f9:a88f:f840:2733]) by DM6PR12MB3163.namprd12.prod.outlook.com ([fe80::f0f9:a88f:f840:2733%7]) with mapi id 15.20.2835.023; Tue, 24 Mar 2020 17:42:11 +0000 From: "Lendacky, Thomas" To: devel@edk2.groups.io Cc: Jordan Justen , Laszlo Ersek , Ard Biesheuvel , Michael D Kinney , Liming Gao , Eric Dong , Ray Ni , Brijesh Singh Subject: [PATCH v6 36/42] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Bypass flash detection with SEV-ES is enabled Date: Tue, 24 Mar 2020 12:40:50 -0500 Message-Id: <343eccd736a9c86060f59eaff5c1bc85ebeb9ad7.1585071656.git.thomas.lendacky@amd.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: DM5PR06CA0025.namprd06.prod.outlook.com (2603:10b6:3:5d::11) To DM6PR12MB3163.namprd12.prod.outlook.com (2603:10b6:5:15e::26) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR06CA0025.namprd06.prod.outlook.com (2603:10b6:3:5d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.19 via Frontend Transport; Tue, 24 Mar 2020 17:41:43 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [165.204.77.1] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 94993d95-abeb-42f2-a3b4-08d7d01a9e49 X-MS-TrafficTypeDiagnostic: DM6PR12MB3915:|DM6PR12MB3915: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 03524FBD26 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(376002)(366004)(346002)(136003)(396003)(39860400002)(8676002)(8936002)(186003)(316002)(54906003)(16526019)(956004)(66476007)(36756003)(6486002)(66946007)(6916009)(66556008)(2616005)(26005)(4326008)(966005)(81156014)(478600001)(81166006)(5660300002)(2906002)(6666004)(7696005)(52116002)(86362001)(136400200001)(213903007);DIR:OUT;SFP:1101;SCL:1;SRVR:DM6PR12MB3915;H:DM6PR12MB3163.namprd12.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Xcj3AImLAAygXeMuH/xor20VT+Q4+2d/SMBeJGZYZkUh2qM9mPCcvGywOoB7NJrEkEP2r0/no2EztymkYn87TGfWEMbmEn7NQf7rMPWGdpH2XiSotwpDjW6CU8/6dNTj6t3Dwq+fJV4DIZGiZbGV+JQWHmglefghZSRTtH0lTHCzFC9ooVFwW8dt805qX6KyJXiq7mTu+Is4uoaf3xmoaxVYnfFPnmV8ILOgXkjbc8e0u5seQYE+GfEIcTeSQn7ua9yRXUgikNXaQDgJvWzrUlcOyC47ruWDL9iW6gylSXWSYzVBx+FFfdi/p5kjz28OiRCNqdJ0v/XisPE1eS9GjCoohVwYCLQW7qZgrfA3rVGjbyhksWyDAhxk5JJ0L78GMzXhmt5rq4xnYu7XLjbJnJs3eEt70KvFlaqBHwkxQ3F/dVGBlxYxP6oLfU1SciKhNt8PMyGBO0wTNgCUV0L6qIeUx6ZMMtrMRwo9X9glgWHK/x6CidOQ2UQNba65RdfeiY9oyP7tDiVmKyJJzyzV+rLKyYHwuqHjG/bkl/Jhnenrwrm8eUTG2xR+aM8ckHRmjqkL1lYGMzx7JTeJu2jiWAmVBxhtBzzLQ+jtiLfQPv4= X-MS-Exchange-AntiSpam-MessageData: 23Xe1iTo+cGAvRurDszVNHttlLs3VeQv2Q2G8mg25dvTA6pJ5/Kgh8jmrjYzbot4lCqIqrwu4A7fX6m6w+PiKeZH0NLkfy3lSOugVCtroMr0my0fH0WQCIxXvpnQ35G1c83zFrWWTQUvmm80s/skAg== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 94993d95-abeb-42f2-a3b4-08d7d01a9e49 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Mar 2020 17:41:44.1346 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HyguKkrxZaKG7wyb/opSuNALQOTTAaiUTBjYlO3fxINIHthPfRT/HNe2kYbytuzdaAE4DrZPQkE1yUB3NliDjg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3915 Content-Type: text/plain BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198 The flash detection routine will attempt to determine how the flash device behaves (e.g. ROM, RAM, Flash). But when SEV-ES is enabled and the flash device behaves as a ROM device (meaning it is marked read-only by the hypervisor), this check may result in an infinite nested page fault because of the attempted write. Since the instruction cannot be emulated when SEV-ES is enabled, the RIP is never advanced, resulting in repeated nested page faults. When SEV-ES is enabled, exit the flash detection early and assume that the FD behaves as Flash. This will result in QemuFlashWrite() being called to store EFI variables, which will also result in an infinite nested page fault when the write is performed. In this case, update QemuFlashWrite() to use the VmgMmioWrite function from the VmgExitLib library to have the hypervisor perform the write without having to emulate the instruction. Cc: Jordan Justen Cc: Laszlo Ersek Cc: Ard Biesheuvel Reviewed-by: Laszlo Ersek Signed-off-by: Tom Lendacky --- .../FvbServicesRuntimeDxe.inf | 2 ++ .../QemuFlash.h | 6 +++++ .../QemuFlash.c | 23 ++++++++++++++++--- .../QemuFlashDxe.c | 15 ++++++++++++ .../QemuFlashSmm.c | 9 ++++++++ 5 files changed, 52 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf index 72cabba4357d..8bb2325157ea 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf @@ -38,6 +38,7 @@ [Sources] [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec + UefiCpuPkg/UefiCpuPkg.dec OvmfPkg/OvmfPkg.dec [LibraryClasses] @@ -52,6 +53,7 @@ [LibraryClasses] UefiBootServicesTableLib UefiDriverEntryPoint UefiRuntimeLib + VmgExitLib [Guids] gEfiEventVirtualAddressChangeGuid # ALWAYS_CONSUMED diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h index f1afabcbe6ae..19ac1f733279 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.h @@ -89,5 +89,11 @@ QemuFlashBeforeProbe ( IN UINTN FdBlockCount ); +VOID +QemuFlashPtrWrite ( + IN volatile UINT8 *Ptr, + IN UINT8 Value + ); + #endif diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c index c81c58972bf2..358bce3336f2 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c @@ -9,6 +9,7 @@ #include #include +#include #include #include "QemuFlash.h" @@ -80,6 +81,21 @@ QemuFlashDetected ( DEBUG ((EFI_D_INFO, "QEMU Flash: Attempting flash detection at %p\n", Ptr)); + if (MemEncryptSevEsIsEnabled ()) { + // + // When SEV-ES is enabled, the check below can result in an infinite + // loop with respect to a nested page fault. When the memslot is mapped + // read-only, the nested page table entry is read-only. The check below + // will cause a nested page fault that cannot be emulated, causing + // the instruction to retried over and over. For SEV-ES, acknowledge that + // the FD appears as ROM and not as FLASH, but report FLASH anyway because + // FLASH behavior can be simulated using VMGEXIT. + // + DEBUG ((DEBUG_INFO, + "QEMU Flash: SEV-ES enabled, assuming FD behaves as FLASH\n")); + return TRUE; + } + OriginalUint8 = *Ptr; *Ptr = CLEAR_STATUS_CMD; ProbeUint8 = *Ptr; @@ -181,8 +197,9 @@ QemuFlashWrite ( // Ptr = QemuFlashPtr (Lba, Offset); for (Loop = 0; Loop < *NumBytes; Loop++) { - *Ptr = WRITE_BYTE_CMD; - *Ptr = Buffer[Loop]; + QemuFlashPtrWrite (Ptr, WRITE_BYTE_CMD); + QemuFlashPtrWrite (Ptr, Buffer[Loop]); + Ptr++; } @@ -190,7 +207,7 @@ QemuFlashWrite ( // Restore flash to read mode // if (*NumBytes > 0) { - *(Ptr - 1) = READ_ARRAY_CMD; + QemuFlashPtrWrite (Ptr - 1, READ_ARRAY_CMD); } return EFI_SUCCESS; diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c index 5aabe9d7b59c..83856f575083 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashDxe.c @@ -10,6 +10,8 @@ **/ #include +#include +#include #include "QemuFlash.h" @@ -32,3 +34,16 @@ QemuFlashBeforeProbe ( // Do nothing // } + +VOID +QemuFlashPtrWrite ( + IN volatile UINT8 *Ptr, + IN UINT8 Value + ) +{ + if (MemEncryptSevEsIsEnabled ()) { + VmgMmioWrite ((UINT8 *) Ptr, &Value, 1); + } else { + *Ptr = Value; + } +} diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c index 7eb426e03855..eff40ae28032 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlashSmm.c @@ -46,3 +46,12 @@ QemuFlashBeforeProbe ( ); ASSERT_EFI_ERROR (Status); } + +VOID +QemuFlashPtrWrite ( + IN volatile UINT8 *Ptr, + IN UINT8 Value + ) +{ + *Ptr = Value; +} -- 2.17.1