From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.73]) by mx.groups.io with SMTP id smtpd.web10.156.1610040806914850661 for ; Thu, 07 Jan 2021 09:33:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=eSJzRfpm; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.94.73, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=blTOtCXRKtVc2EhmiHBBqNy/HW39axFT9nwNXU28iFyBesayFzWzYJ/UILO8NahXyhe/StLd/NsFAySk3Tde92VyFaPEZ0kNhCAbl32uqcsjYxTD1FK68hA3ePSpYzKTeZxMGXOB2bSjLCwZ4ELShuJJGsggjDqfJ6PZzJbfFQ/WD+oLuKN7i5uJs4QcZeKinceImoGEDSYSg4q3bZdvYGNQ6snnSK7jEwELhKscfHRM9LEmeKIILLzYj3pXMFODJinqOTd5WGR5rFJ1o71MroD29CIwiRudSOYFFNvJQLzCNp9jLexsKeGgDydHee7mFMqS6dQuGQy5jOqfpbo1qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e8hWXFiDXZ39SMk+1D8KATfR0KkfPMU2UfAxbTEbr5k=; b=eZu6Q2j1WL1GSb6XROrM9y2KLbg3/3S6itAl/R+9iXNrBeD6DgvJUfAZQA4CHnZk/mu17H503ZeM/FkFnZh4QBpLdRv/N0qWGXaGSwIPbT8bcP5MCD5PFJA3vY8BS9dNsL9+xK0FjQMkd9m5WKwV+VB4XBWw+AvFQXuGZuVSWds5jq1Wn7jNRVtYKas0GnTOBduFX8XUurszZYCeQc4EPE2eizlaY2QJYTCx+Gcn9NFPdILTkwiQr0fezKCobttrQ8jaWn8QInAt3KwK5TGtne2nIlfMEWK3EtmKaHigI5u48NMoDWpQrnqnM6lH1AFlalhhdpBl9TfF0Cr206m+gg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e8hWXFiDXZ39SMk+1D8KATfR0KkfPMU2UfAxbTEbr5k=; b=eSJzRfpmSjIdCID8RGb8VWiDZsDexr7pykqhCaz5wfBkEXljjktNU5wxKiqjZ1BT/zcPqNwOWZDaOq+I8W7l40cIHPef/MJH/UPNx3mLWRACVWiXhzS6jgrZn9R5H08kEVs09INRS3/d+5mWv2PBQe63FlBPM2oi2fH/lDohLNg= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4435.namprd12.prod.outlook.com (2603:10b6:5:2a6::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Thu, 7 Jan 2021 17:33:24 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Thu, 7 Jan 2021 17:33:24 +0000 Subject: Re: [edk2-devel] [PATCH v2 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory To: devel@edk2.groups.io, lersek@redhat.com Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <066c0b78-2177-561a-6c62-e0ab9b83fca2@redhat.com> From: "Lendacky, Thomas" Message-ID: <57b8a37f-9a61-3bb3-c87b-104d1d3b3d89@amd.com> Date: Thu, 7 Jan 2021 11:33:22 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <066c0b78-2177-561a-6c62-e0ab9b83fca2@redhat.com> X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SN4PR0201CA0005.namprd02.prod.outlook.com (2603:10b6:803:2b::15) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SN4PR0201CA0005.namprd02.prod.outlook.com (2603:10b6:803:2b::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Thu, 7 Jan 2021 17:33:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 510607ea-7691-4a6e-88b9-08d8b33255f3 X-MS-TrafficTypeDiagnostic: DM6PR12MB4435: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:6108; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tPjhak5rgA1Dzd+MqrMI0lEUCI0K0V0BI6cp5RYYWhgbADRxfm/vkIbz7RT71/AHRxC2Xd00gQVhkBr/55iWwfMxdESLm3gp7hgLYc4fNn3BEgvyUbI4R5Yz7uZNUTs3SCuoXpmY8OGwUNeHQNmwEU51C9U9NW46jDaU/KzGcJjJuwz7jjSyNYngC+5su8S5N+MUqBdUjnDcrFa/DYPvafkdZnDE8r4ulNlq3mPD1Y+UJc03txcfQpWwAbvvEe4DIwbvx0nM+FO0FY1wur3gAtObu4i1MFGO+qqBB0gz3lWJtTbX5LdUrJMJlhlA/zDcjaSQJWW+HoIwAZGN6apjDDP1jUyOIujLTzh78yidFt2YmGu6q+TZbe91ZKac9NJqqhinXq7eTm+pyIX+R/DRFypF1zzDX1euGhCCkZ/7lZB50JzksT8aRdiYryh8L5Z+U905fdH1c6j3DNUARrdjcvbcQUFzokmx8E9xBzWIBSueL6KD4b8vSql5qjMgQc1w8VtZBQB/uKGoKMiCoWSPczQIZI5rn9ZY/b7H7802fC30QZ+1gPZBrTq3abxL/om8 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(136003)(396003)(376002)(366004)(39860400002)(66476007)(66946007)(31686004)(8676002)(478600001)(316002)(54906003)(2906002)(66556008)(52116002)(45080400002)(26005)(31696002)(86362001)(4326008)(19627235002)(966005)(6512007)(83380400001)(186003)(53546011)(6506007)(6486002)(5660300002)(8936002)(956004)(2616005)(36756003)(16526019)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?b1oyeXRPa0ZhSmVjQmNhQ0R0Ky9PWFVIZGhpL0dScnNFMk1nZThZOXVLVVZ5?= =?utf-8?B?clQvMkJuNzFlWmYwdlhsM1k4cGR4VGRCemZjL1h0VWt0dGhpVVFFczhPNjN4?= =?utf-8?B?N3h2bnVHRGRPak9RRFVCWEsrcVEwT1NCQ0NZdEVzMEVkWVNTSzh2SjFaakNI?= =?utf-8?B?Mmx0UVhLNUhIV2dPY0pYVFJEMytGYjNMekI4NXgvUmd5dVBCdFNTdGU4bkpX?= =?utf-8?B?a1B6emJ6bTYxYlJ2YVovL0tGZDN2YUtGdTY1RlBmZzd5aUNUZXZ4SGpzSEVu?= =?utf-8?B?KzhhVGZ6ZUpJa0RNQWY0Rzd1UHEvelN3RU9TRzg2NVJpTElzRnJ3TzVVdG95?= =?utf-8?B?VVFzTnJGOWNxckNDdGt1YkFod3JXUnJRYmxGeUljL0JGRFB0MlRKa2NZWitw?= =?utf-8?B?WnNWOTVBWVExbTI1eGxBZEVCNW5HQjNqNDExVHlwaVZ6N2hwOVg3QzVEcDRJ?= =?utf-8?B?NDNWRXlJSmdESEFJd0tFS1pyV2lldlladS9zSXM4c0d4YmluWHFIWVVOditr?= =?utf-8?B?cjRrYnpabm51TXB0VzR5eWRLU2E3cmFmeXVTK1hMemhaYkFickZOTWlpM3hO?= =?utf-8?B?SkZ0RkZRUkhzRnlRWHhwaTYzbFIxcmFPMDNuL2pXRlRybXJVc21iR3JqZFhZ?= =?utf-8?B?VUJTK0orOGsxekswS1lHZkUxa1I3em42dlhqUXFCbE5BZjR4VnRHYTBzb3FS?= =?utf-8?B?VEYyUEVwbHFtRG16OW84cktTVEh0ZGN1RjBhbzFJRTFIeTdKZzF2eGM0ZWpm?= =?utf-8?B?STljeXJqclp6eVduVmxTNmNJNDdiRU9HVk1LOUZsRFU3ZnFiZ081b25WVTlp?= =?utf-8?B?QitjL0k5aC9GbERkRHdTNmZhNHVVNEppWnJVWVcvMTl5SFNGeGw4Qk9EWk1R?= =?utf-8?B?RjhhTXVFUG1ucC9tQkplZUsyTS95S0dKUXZGb1pWblIrOUJhd29IcFhPcXpZ?= =?utf-8?B?STFFck5rR05BMGVPazVRdkNuekp2ZC85a1BNTXMwdFBrWHVjMVdrNmRVTVAx?= =?utf-8?B?cjRTRStRSmlJSXZoeFJmditzcFE5OWZ5L3BHZnhMc3RLaHQrQnFGZ3FzRVpt?= =?utf-8?B?VlNOSHd3RDY1Q1NQZW0zaXZpTEZ4WTUzdjdyY3RZdGFJeHhwWW10YXlkWDdR?= =?utf-8?B?K21CN2syYzFPdjJaVmxQRWVFV2g4Y0tJN282cUNhRHdnUGd6bXllNURMbWVp?= =?utf-8?B?dXBka1JEWGRqdEZTRTVIOCtiaGIrOUZOKzRZNzV4WE9VZnlMaE1ZbVcybWRQ?= =?utf-8?B?RFFMOU9RdTNoUW1PdlJhQ2hhbm5sYWhHQlJxVHhBUmtQMVRNdHczUXh1VGdC?= =?utf-8?Q?0p7DhGvMl29n0dIsKipYpZxM8zAZ51QmiQ?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jan 2021 17:33:24.3715 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 510607ea-7691-4a6e-88b9-08d8b33255f3 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: YcxaasaWggE2WmnQjwB216CkkgGgeIvULyLHv6eUKZ/DIyntmpQkT8D7JApdaCPCqs9Fb+dSxRsTmJSceHmX7w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4435 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit On 1/7/21 11:27 AM, Laszlo Ersek via groups.io wrote: > On 01/06/21 22:21, Lendacky, Thomas wrote: >> From: Tom Lendacky >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7Cbb067ba9ec7d47a785b108d8b33192f1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637456372789618447%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4gBvuWLwJxtPwahzl%2BjC6sNb%2FEgb0WmGscSwSdKBPOQ%3D&reserved=0 >> >> When SEV-ES is active, and MMIO operation will trigger a #VC and the >> VmgExitLib exception handler will process this MMIO operation. >> >> A malicious hypervisor could try to extract information from encrypted >> memory by setting a reserved bit in the guests nested page tables for >> a non-MMIO area. This can result in the encrypted data being copied into >> the GHCB shared buffer area and accessed by the hypervisor. >> >> Prevent this by ensuring that the MMIO source/destination is un-encrypted >> memory. For the APIC register space, access is allowed in general. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Brijesh Singh >> Acked-by: Laszlo Ersek >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + >> OvmfPkg/OvmfPkgX64.dsc | 1 + >> OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 2 +- >> OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 2 + >> OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 2 + >> OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 81 ++++++++++++++++++++ >> 6 files changed, 88 insertions(+), 1 deletion(-) > > Looks OK, thanks. Thanks for the review, Laszlo! I've applied all of your comments for this series should a v3 need to be submitted. Thanks, Tom > Laszlo >