From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, thomas.lendacky@amd.com
Cc: Brijesh Singh <brijesh.singh@amd.com>,
James Bottomley <jejb@linux.ibm.com>,
Jordan Justen <jordan.l.justen@intel.com>,
Ard Biesheuvel <ard.biesheuvel@arm.com>
Subject: Re: [edk2-devel] [PATCH 12/12] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory
Date: Tue, 5 Jan 2021 11:28:53 +0100 [thread overview]
Message-ID: <6490ab16-b27b-1538-7cef-e05d7065efda@redhat.com> (raw)
In-Reply-To: <36dee4fe5bcc0d982b25a429fd37269bce72346e.1608065471.git.thomas.lendacky@amd.com>
On 12/15/20 21:51, Lendacky, Thomas wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
>
> When SEV-ES is active, and MMIO operation will trigger a #VC and the
> VmgExitLib exception handler will process this MMIO operation.
>
> A malicious hypervisor could try to extract information from encrypted
> memory by setting a reserved bit in the guests nested page tables for
> a non-MMIO area. This can result in the encrypted data being copied into
> the GHCB shared buffer area and accessed by the hypervisor.
>
> Prevent this by ensuring that the MMIO source/destination is un-encrypted
> memory. For the APIC register space, access is allowed in general.
>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
> OvmfPkg/OvmfPkgX64.dsc | 1 +
> .../DxeBaseMemEncryptSevLib.inf | 2 +-
> OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 1 +
> OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 2 +
> OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 81 +++++++++++++++++++
> 6 files changed, 87 insertions(+), 1 deletion(-)
>
> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
> index 3e5a3f648ad5..d0e9d28fc492 100644
> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
> @@ -237,6 +237,7 @@ [LibraryClasses.common.SEC]
> CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
> !endif
> VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf
>
> [LibraryClasses.common.PEI_CORE]
> HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index 226b576545a9..2a230888c636 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -265,6 +265,7 @@ [LibraryClasses.common.SEC]
> CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
> !endif
> VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf
>
> [LibraryClasses.common.PEI_CORE]
> HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf
> index 04728a5dd256..10f794759207 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf
> @@ -14,7 +14,7 @@ [Defines]
> FILE_GUID = c1594631-3888-4be4-949f-9c630dbc842b
> MODULE_TYPE = BASE
> VERSION_STRING = 1.0
> - LIBRARY_CLASS = MemEncryptSevLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER
> + LIBRARY_CLASS = MemEncryptSevLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER
>
> #
> # The following information is for reference only and not required by the build
> diff --git a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> index df14de3c21bc..9c8de326f3d1 100644
> --- a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> +++ b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf
> @@ -35,6 +35,7 @@ [LibraryClasses]
> BaseLib
> BaseMemoryLib
> DebugLib
> + MemEncryptSevLib
> PcdLib
>
> [FixedPcd]
> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
> index b3c3e56ecff8..c66c68726cdb 100644
> --- a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf
> @@ -35,4 +35,6 @@ [LibraryClasses]
> BaseLib
> BaseMemoryLib
> DebugLib
> + LocalApicLib
> + MemEncryptSevLib
>
(1) I don't understand why LocalApicLib is added only to
"VmgExitLib.inf", and not "SecVmgExitLib.inf". The source file
"VmgExitVcHandler.c" is shared between both INF files, and that file
gets a GetLocalApicBaseAddress() call below. And, "SecVmgExitLib.inf"
doesn't list the LocalApicLib class dependency from any earlier patch.
... Hm, the issue is masked because "OvmfPkg/Sec/SecMain.inf" lists
LocalApicLib already, so when the SEC module is linked, the LocalApicLib
dependency is ultimately (independently) noted/satisfied.
But, that doesn't make this omission right; please amend the
"SecVmgExitLib.inf" file.
With that update:
Acked-by: Laszlo Ersek <lersek@redhat.com>
Thanks
Laszlo
> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
> index ce577e4677eb..24259060fd65 100644
> --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c
> @@ -9,6 +9,7 @@
> #include <Base.h>
> #include <Uefi.h>
> #include <Library/BaseMemoryLib.h>
> +#include <Library/LocalApicLib.h>
> #include <Library/MemEncryptSevLib.h>
> #include <Library/VmgExitLib.h>
> #include <Register/Amd/Msr.h>
> @@ -595,6 +596,61 @@ UnsupportedExit (
> return Status;
> }
>
> +/**
> + Validate that the MMIO memory access is not to encrypted memory.
> +
> + Examine the pagetable entry for the memory specified. MMIO should not be
> + performed against encrypted memory. MMIO to the APIC page is always allowed.
> +
> + @param[in] Ghcb Pointer to the Guest-Hypervisor Communication Block
> + @param[in] MemoryAddress Memory address to validate
> + @param[in] MemoryLength Memory length to validate
> +
> + @retval 0 Memory is not encrypted
> + @return New exception value to propogate
> +
> +**/
> +STATIC
> +UINT64
> +ValidateMmioMemory (
> + IN GHCB *Ghcb,
> + IN UINTN MemoryAddress,
> + IN UINTN MemoryLength
> + )
> +{
> + MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE State;
> + GHCB_EVENT_INJECTION GpEvent;
> + UINTN Address;
> +
> + //
> + // Allow APIC accesses (which will have the encryption bit set during
> + // SEC and PEI phases).
> + //
> + Address = MemoryAddress & ~(SIZE_4KB - 1);
> + if (Address == GetLocalApicBaseAddress ()) {
> + return 0;
> + }
> +
> + State = MemEncryptSevGetAddressRangeState (
> + 0,
> + MemoryAddress,
> + MemoryLength
> + );
> + if (State == MemEncryptSevAddressRangeUnencrypted) {
> + return 0;
> + }
> +
> + //
> + // Any state other than unencrypted is an error, issue a #GP.
> + //
> + GpEvent.Uint64 = 0;
> + GpEvent.Elements.Vector = GP_EXCEPTION;
> + GpEvent.Elements.Type = GHCB_EVENT_INJECTION_TYPE_EXCEPTION;
> + GpEvent.Elements.Valid = 1;
> +
> + return GpEvent.Uint64;
> +}
> +
> /**
> Handle an MMIO event.
>
> @@ -653,6 +709,11 @@ MmioExit (
> return UnsupportedExit (Ghcb, Regs, InstructionData);
> }
>
> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> + if (Status != 0) {
> + return Status;
> + }
> +
> ExitInfo1 = InstructionData->Ext.RmData;
> ExitInfo2 = Bytes;
> CopyMem (Ghcb->SharedBuffer, &InstructionData->Ext.RegData, Bytes);
> @@ -683,6 +744,11 @@ MmioExit (
> InstructionData->ImmediateSize = Bytes;
> InstructionData->End += Bytes;
>
> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> + if (Status != 0) {
> + return Status;
> + }
> +
> ExitInfo1 = InstructionData->Ext.RmData;
> ExitInfo2 = Bytes;
> CopyMem (Ghcb->SharedBuffer, InstructionData->Immediate, Bytes);
> @@ -717,6 +783,11 @@ MmioExit (
> return UnsupportedExit (Ghcb, Regs, InstructionData);
> }
>
> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> + if (Status != 0) {
> + return Status;
> + }
> +
> ExitInfo1 = InstructionData->Ext.RmData;
> ExitInfo2 = Bytes;
>
> @@ -748,6 +819,11 @@ MmioExit (
> case 0xB7:
> Bytes = (Bytes != 0) ? Bytes : 2;
>
> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> + if (Status != 0) {
> + return Status;
> + }
> +
> ExitInfo1 = InstructionData->Ext.RmData;
> ExitInfo2 = Bytes;
>
> @@ -774,6 +850,11 @@ MmioExit (
> case 0xBF:
> Bytes = (Bytes != 0) ? Bytes : 2;
>
> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes);
> + if (Status != 0) {
> + return Status;
> + }
> +
> ExitInfo1 = InstructionData->Ext.RmData;
> ExitInfo2 = Bytes;
>
>
next prev parent reply other threads:[~2021-01-05 10:29 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-15 20:50 [PATCH 00/12] SEV-ES security mitigations Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 01/12] Ovmf/ResetVector: Simplify and consolidate the SEV features checks Lendacky, Thomas
2021-01-04 18:58 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 02/12] OvmfPkg/Sec: Move SEV-ES SEC workarea definition to common header file Lendacky, Thomas
2021-01-04 19:02 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 03/12] OvmfPkg/ResetVector: Validate the encryption bit position for SEV/SEV-ES Lendacky, Thomas
2021-01-04 19:59 ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:45 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 04/12] OvmfPkg/ResetVector: Perform a simple SEV-ES sanity check Lendacky, Thomas
2021-01-04 20:00 ` [edk2-devel] " Laszlo Ersek
2021-01-04 20:48 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 05/12] OvmfPkg/MemEncryptSevLib: Add an interface to retrieve the encryption mask Lendacky, Thomas
2021-01-04 20:34 ` [edk2-devel] " Laszlo Ersek
2021-01-04 21:09 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 06/12] OvmfPkg/AmdSevDxe: Clear encryption bit on PCIe MMCONFIG range Lendacky, Thomas
2021-01-04 21:04 ` [edk2-devel] " Laszlo Ersek
2021-01-05 22:48 ` Lendacky, Thomas
2021-01-06 15:38 ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 07/12] OvmfPkg/VmgExitLib: Check for an explicit DR7 cached value Lendacky, Thomas
2021-01-04 21:05 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 08/12] OvmfPkg/MemEncryptSevLib: Make the MemEncryptSevLib available for SEC Lendacky, Thomas
2021-01-05 9:40 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:34 ` Lendacky, Thomas
2021-01-05 15:38 ` Lendacky, Thomas
2021-01-06 14:22 ` Laszlo Ersek
2021-01-06 14:21 ` Laszlo Ersek
2020-12-15 20:51 ` [PATCH 09/12] OvmfPkg/MemEncryptSevLib: Address range encryption state interface Lendacky, Thomas
2021-01-05 9:48 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 10/12] OvmfPkg/VmgExitLib: Support nested #VCs Lendacky, Thomas
2021-01-05 10:08 ` [edk2-devel] " Laszlo Ersek
2020-12-15 20:51 ` [PATCH 11/12] OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported Lendacky, Thomas
2021-01-05 10:13 ` [edk2-devel] " Laszlo Ersek
2021-01-05 14:40 ` Lendacky, Thomas
2020-12-15 20:51 ` [PATCH 12/12] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory Lendacky, Thomas
2021-01-05 10:28 ` Laszlo Ersek [this message]
2021-01-05 14:45 ` [edk2-devel] " Lendacky, Thomas
2020-12-17 14:23 ` [PATCH 00/12] SEV-ES security mitigations Laszlo Ersek
2020-12-21 15:02 ` [edk2-devel] " Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6490ab16-b27b-1538-7cef-e05d7065efda@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox