From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124])
 by mx.groups.io with SMTP id smtpd.web09.154.1610041733727296337
 for <devel@edk2.groups.io>;
 Thu, 07 Jan 2021 09:48:54 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NUNbMOgF;
 spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1610041732;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=MDJtiUF2ytowraPOQRk3FtjmpRGkL6DrGD15ZRzGiq0=;
	b=NUNbMOgF5XW/OnNCfWK1wzYBgzoPSKf1XIiiMi4HpdY/qK7CyI8c9HnZjUKhhexgwaE2Mw
	kHn80IetP1qe6nvmRyUAFBHxdRk+5xdF6jG1uLWonhowGdUdLH99d5h1ZB5JO7HNUmCL49
	bglKw5rH+LzSKtB4yQXaMU7GqBGne8M=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-496-ZOpVuvdwP3ueQ_O1eFkxSw-1; Thu, 07 Jan 2021 12:48:48 -0500
X-MC-Unique: ZOpVuvdwP3ueQ_O1eFkxSw-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6B7AF800D53;
	Thu,  7 Jan 2021 17:48:47 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-164.ams2.redhat.com [10.36.112.164])
	by smtp.corp.redhat.com (Postfix) with ESMTP id CAE111972B;
	Thu,  7 Jan 2021 17:48:45 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v2 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory
To: Tom Lendacky <thomas.lendacky@amd.com>, devel@edk2.groups.io
Cc: Brijesh Singh <brijesh.singh@amd.com>,
 James Bottomley <jejb@linux.ibm.com>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@arm.com>
References: <cover.1609968101.git.thomas.lendacky@amd.com>
 <eaffc75abd32814f21e1420666164f0e914b7395.1609968101.git.thomas.lendacky@amd.com>
 <066c0b78-2177-561a-6c62-e0ab9b83fca2@redhat.com>
 <57b8a37f-9a61-3bb3-c87b-104d1d3b3d89@amd.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <90fd1a1a-56cc-f9b1-4982-164334f5ab11@redhat.com>
Date: Thu, 7 Jan 2021 18:48:44 +0100
MIME-Version: 1.0
In-Reply-To: <57b8a37f-9a61-3bb3-c87b-104d1d3b3d89@amd.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit

On 01/07/21 18:33, Tom Lendacky wrote:
> On 1/7/21 11:27 AM, Laszlo Ersek via groups.io wrote:
>> On 01/06/21 22:21, Lendacky, Thomas wrote:
>>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>>
>>> BZ:
>>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&amp;data=04%7C01%7Cthomas.lendacky%40amd.com%7Cbb067ba9ec7d47a785b108d8b33192f1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637456372789618447%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4gBvuWLwJxtPwahzl%2BjC6sNb%2FEgb0WmGscSwSdKBPOQ%3D&amp;reserved=0
>>>
>>>
>>> When SEV-ES is active, and MMIO operation will trigger a #VC and the
>>> VmgExitLib exception handler will process this MMIO operation.
>>>
>>> A malicious hypervisor could try to extract information from encrypted
>>> memory by setting a reserved bit in the guests nested page tables for
>>> a non-MMIO area. This can result in the encrypted data being copied into
>>> the GHCB shared buffer area and accessed by the hypervisor.
>>>
>>> Prevent this by ensuring that the MMIO source/destination is
>>> un-encrypted
>>> memory. For the APIC register space, access is allowed in general.
>>>
>>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>>> Cc: Laszlo Ersek <lersek@redhat.com>
>>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>>> Cc: Brijesh Singh <brijesh.singh@amd.com>
>>> Acked-by: Laszlo Ersek <lersek@redhat.com>
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>>> ---
>>>   OvmfPkg/AmdSev/AmdSevX64.dsc                                 |  1 +
>>>   OvmfPkg/OvmfPkgX64.dsc                                       |  1 +
>>>   OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf |  2 +-
>>>   OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf                 |  2 +
>>>   OvmfPkg/Library/VmgExitLib/VmgExitLib.inf                    |  2 +
>>>   OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c                | 81
>>> ++++++++++++++++++++
>>>   6 files changed, 88 insertions(+), 1 deletion(-)
>>
>> Looks OK, thanks.
> 
> Thanks for the review, Laszlo! I've applied all of your comments for
> this series should a v3 need to be submitted.

Actually, I'd prefer that, if you have v3 handy already! If you post v3
at once, I might be able to merge it today.

Thanks
Laszlo