From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.groups.io with SMTP id smtpd.web09.154.1610041733727296337 for ; Thu, 07 Jan 2021 09:48:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NUNbMOgF; spf=pass (domain: redhat.com, ip: 63.128.21.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1610041732; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MDJtiUF2ytowraPOQRk3FtjmpRGkL6DrGD15ZRzGiq0=; b=NUNbMOgF5XW/OnNCfWK1wzYBgzoPSKf1XIiiMi4HpdY/qK7CyI8c9HnZjUKhhexgwaE2Mw kHn80IetP1qe6nvmRyUAFBHxdRk+5xdF6jG1uLWonhowGdUdLH99d5h1ZB5JO7HNUmCL49 bglKw5rH+LzSKtB4yQXaMU7GqBGne8M= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-496-ZOpVuvdwP3ueQ_O1eFkxSw-1; Thu, 07 Jan 2021 12:48:48 -0500 X-MC-Unique: ZOpVuvdwP3ueQ_O1eFkxSw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6B7AF800D53; Thu, 7 Jan 2021 17:48:47 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-164.ams2.redhat.com [10.36.112.164]) by smtp.corp.redhat.com (Postfix) with ESMTP id CAE111972B; Thu, 7 Jan 2021 17:48:45 +0000 (UTC) Subject: Re: [edk2-devel] [PATCH v2 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory To: Tom Lendacky , devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <066c0b78-2177-561a-6c62-e0ab9b83fca2@redhat.com> <57b8a37f-9a61-3bb3-c87b-104d1d3b3d89@amd.com> From: "Laszlo Ersek" Message-ID: <90fd1a1a-56cc-f9b1-4982-164334f5ab11@redhat.com> Date: Thu, 7 Jan 2021 18:48:44 +0100 MIME-Version: 1.0 In-Reply-To: <57b8a37f-9a61-3bb3-c87b-104d1d3b3d89@amd.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 01/07/21 18:33, Tom Lendacky wrote: > On 1/7/21 11:27 AM, Laszlo Ersek via groups.io wrote: >> On 01/06/21 22:21, Lendacky, Thomas wrote: >>> From: Tom Lendacky >>> >>> BZ: >>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7Cbb067ba9ec7d47a785b108d8b33192f1%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637456372789618447%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4gBvuWLwJxtPwahzl%2BjC6sNb%2FEgb0WmGscSwSdKBPOQ%3D&reserved=0 >>> >>> >>> When SEV-ES is active, and MMIO operation will trigger a #VC and the >>> VmgExitLib exception handler will process this MMIO operation. >>> >>> A malicious hypervisor could try to extract information from encrypted >>> memory by setting a reserved bit in the guests nested page tables for >>> a non-MMIO area. This can result in the encrypted data being copied into >>> the GHCB shared buffer area and accessed by the hypervisor. >>> >>> Prevent this by ensuring that the MMIO source/destination is >>> un-encrypted >>> memory. For the APIC register space, access is allowed in general. >>> >>> Cc: Jordan Justen >>> Cc: Laszlo Ersek >>> Cc: Ard Biesheuvel >>> Cc: Brijesh Singh >>> Acked-by: Laszlo Ersek >>> Signed-off-by: Tom Lendacky >>> --- >>>   OvmfPkg/AmdSev/AmdSevX64.dsc                                 |  1 + >>>   OvmfPkg/OvmfPkgX64.dsc                                       |  1 + >>>   OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf |  2 +- >>>   OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf                 |  2 + >>>   OvmfPkg/Library/VmgExitLib/VmgExitLib.inf                    |  2 + >>>   OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c                | 81 >>> ++++++++++++++++++++ >>>   6 files changed, 88 insertions(+), 1 deletion(-) >> >> Looks OK, thanks. > > Thanks for the review, Laszlo! I've applied all of your comments for > this series should a v3 need to be submitted. Actually, I'd prefer that, if you have v3 handy already! If you post v3 at once, I might be able to merge it today. Thanks Laszlo