From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.46]) by mx.groups.io with SMTP id smtpd.web09.899.1610044634679536737 for ; Thu, 07 Jan 2021 10:37:15 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=XqiHMpry; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.244.46, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MmN5QjtDlgiBkDrAvA3pO1Huc4xcGXBdo4mRW+ZpWjrc3cvlrmxsb0j+7D99q4qrgwvU21nd2X2ZZhK2n6kqQyv554lUzCMd5W3BEDwhtpAuL3SkE8GliyY1QFZhxVTTIe4FzZzLfHumLdbxPZZihCYtbQ28Ny/UXxiDQM4XxjXEo0sNTUU0pZ6nUwsdcSdtagM7uiKgiFLahTWTFTsLPZmszgKUaqVJMpxkCJvkSD5AoINtLDSh09rQEm/HFHAJUP5NpfQQ1w99kQt3iYfbOoSlCxKbwuSLDz8Gd2FCJMzo899mhE9Z1hI8Uk4XeC7yy01QZFmB1MevnH8Jb2g+/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RWna0UkqNd0iRTeEdbABR0YByvckv87m1t6A2bg8bNU=; b=hZJfKMWVj/+PCaE5viH85Nx3GQLVdvILdyj67S8BBgudzrgQYY5icQXGcqEzL0ijxopGtY8i3R96JCbZv8/duuE4MgSEFqpVlD11TJLiF9sZThu2Jvp4swONuEW9fjORGjv6r5zC6dfj4HfXLzva5aG19OK4uvvRsyHAZhqrR/GzKgf4cNSKG0qg7mYJj/UztG5Fy0hX5rtzkWxfI4YhVtZAstI8vGdUYBmHqKvAYOVL7w8oET3+DpCtNh5UAQEKNO31d7yFMZOUdDDOx7GG0RoFJFgbyBBBStYvI5F9TG6q4BEDFX8Om4rpv8khLCEg9bWebMSJQ3KQ31Yk0WGUqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RWna0UkqNd0iRTeEdbABR0YByvckv87m1t6A2bg8bNU=; b=XqiHMpryhhyUHhJR+ZZHzVoHEgKwDgfPL+xfKrnzA7BTIfnGvGl1f3G3/T0t61Nwp0farpWRVXLk07nwXuq33rmHkv08rLrjNkkfoWFdhgna0pK1yaTXBEpFDIuOQkIIwFsGndF8PqkfeqJFiGzeJzyTOhVfH93DSEkjIS/BCRw= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB3579.namprd12.prod.outlook.com (2603:10b6:5:11f::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.20; Thu, 7 Jan 2021 18:37:13 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Thu, 7 Jan 2021 18:37:13 +0000 Subject: Re: [edk2-devel] [PATCH v2 15/15] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory To: Laszlo Ersek , devel@edk2.groups.io CC: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <066c0b78-2177-561a-6c62-e0ab9b83fca2@redhat.com> <57b8a37f-9a61-3bb3-c87b-104d1d3b3d89@amd.com> <90fd1a1a-56cc-f9b1-4982-164334f5ab11@redhat.com> From: "Lendacky, Thomas" Message-ID: <915122f5-46d5-b9a9-0be0-c6e8896a85be@amd.com> Date: Thu, 7 Jan 2021 12:37:10 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <90fd1a1a-56cc-f9b1-4982-164334f5ab11@redhat.com> X-Originating-IP: [67.79.209.213] X-ClientProxiedBy: SA9PR13CA0235.namprd13.prod.outlook.com (2603:10b6:806:25::30) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from office-linux.texastahm.com (67.79.209.213) by SA9PR13CA0235.namprd13.prod.outlook.com (2603:10b6:806:25::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.4 via Frontend Transport; Thu, 7 Jan 2021 18:37:12 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 05c61501-c39a-4f78-dede-08d8b33b3ff3 X-MS-TrafficTypeDiagnostic: DM6PR12MB3579: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /m1OUlj6o9hxOf6EsZQ8RzQi+6t220x1B7iJkg9ifpMOC2roIGtaXvPPj27RX1m3KGn2afOsz93dOQulG3w4NQd3Clf9fh6miKAwrtXl7S8ryy9xE+YtGciMXw/nc1MvL+FrFBxJnZWFd1wu0h4F7N1bwgEAODu7UYV3jgziBXAxuhF+wiQrkWEHlwPTiq+D4Rl5EC7/DZRIHADhWvWAPBPao0oBMPKz9tVEA65hWPKbral3kjLc57nmqgfI/dO9FUdhjPAhzcpeP9EOQPZW6k3ht8vdD7z4VWsAI3vGAcUamAXgXZLPgSieLx6le5kezswUs8qHjVqgTF7CZeSVf5nLdlTSS6eosIUh7AZqtGKurbD2MSP222vnstQDYp/pJ2I15rlL/2lGpcPcNlrGEtCOqxFTAV6KVlcHLI5LToxLSTQVQ6E0GjLjZG1NhRsa+LQ+AVlb0ifXvTlA8eoPwIiVAyR3j0A1uMyXT3lOZxZZ/PqV6MX+qUNUsgWgLqWTNyJIYoBW1ilBc8WuquHr1b2VbaqlDdHuJAmU2xxM/1lc4Y/rBmYI50rUkHAR1eCk X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39860400002)(366004)(396003)(376002)(346002)(136003)(54906003)(316002)(66476007)(66946007)(19627235002)(31686004)(86362001)(66556008)(2906002)(4326008)(45080400002)(956004)(6486002)(478600001)(8676002)(2616005)(36756003)(31696002)(966005)(5660300002)(6506007)(83380400001)(53546011)(6512007)(26005)(8936002)(186003)(16526019)(52116002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?us-ascii?Q?vHdhKr5sK/w5ZL18pvFD6clwtTob7wCGdaHI7Er5RuxlogVjxpbnnsTqhIQL?= =?us-ascii?Q?xK7yUlGXr9gPUFQe28Hk7aKfW0XIvmPVCLjM52Qjv67jRJieohmoWn0OZGLQ?= =?us-ascii?Q?LdoAHLxdFsDh63qknf27dg/G8DnLhIvczbKigGn6lyST+BSUZaN+uKx4C3BZ?= =?us-ascii?Q?RXYO8PR5NgTq8WkTyf5AVWbociuwRGTErZaFdXwl8VJX7iyjHO92Y52aBiTX?= =?us-ascii?Q?lvnpBbtIZ4QHlckVb813SkXVu0P3O0AmSiceTCy7JKSSIjAHAZIu1mWxiAby?= =?us-ascii?Q?mgZNnXxv/CTrV6GY1MSzCqZ2d1U05c49Tsx80aBCH93ge8EPvHwbTvzdZDn+?= =?us-ascii?Q?xCQDf3i1grxy+2BA8kYac7+kqj/qj7y354DjmpRdI9nh8GqCF8PxA0b/4Sxv?= =?us-ascii?Q?m2g3IFXF9ShUF7vCiMrGrtdPPRVTDnWf9XwgbzFoe54qPiGQz57D3Hq8kFEB?= =?us-ascii?Q?lvPbYjmWp81Rw9J8SQrXdW8v/ui3rkBdxBDwuPPhO7BOwpd/ZCDjHAu2o60H?= =?us-ascii?Q?rF9TVjokt8oTyI9VBoOqGMxQAZVvglU+Qx37BP2sN4cAUZCb3fkdTdNVlu//?= =?us-ascii?Q?mqHL9O3H2+oxAhUFsBb5kkAPjVVXPf/SaFmDmyuZDaaaicBMU3qJ5ODkt1zT?= =?us-ascii?Q?zZaQMHUQ5vGCLiYJCA5lhKYN3+oTgwnOy+DEnYn4yzzaXcrsygb0UvpHevas?= =?us-ascii?Q?Ul9fSWea3eaYpEvas1sXMyfX9lHkXXJXXpsVAQoSYwnz10PkPQ+O3avpqyd0?= =?us-ascii?Q?NoeNtx8VhZMLDrs1M6IYOx3WNB/SPF90RoLdzMqTtdQTypjKZl3/d0lJk0eb?= =?us-ascii?Q?WOR6sdHab8iDrgVTNdtoJbiDzzNbhfgUpk3iQKb7wwFV6WK/MORBueEHzyvU?= =?us-ascii?Q?yq4oFMz8uX2rZoKv4pD9he6zQEVptzDikdzfuLudi16+vzXN4ZlnF2c38b4X?= =?us-ascii?Q?GRUk0CR6IJhqXjSQSfEfCVWOH4xBlCUbAJ8aMBp9ZNcXFhtTizw7uhuokmHV?= =?us-ascii?Q?jwhT?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jan 2021 18:37:12.9234 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 05c61501-c39a-4f78-dede-08d8b33b3ff3 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EYH3zP4W0JcM/7jS1Byk491WMxgCvRp3motcnCMx+rzZZZFgyqXDLLrwPPt5VrIZarv12jlEeI6vqbLsmrlsmg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB3579 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 1/7/21 11:48 AM, Laszlo Ersek wrote: > On 01/07/21 18:33, Tom Lendacky wrote: >> On 1/7/21 11:27 AM, Laszlo Ersek via groups.io wrote: >>> On 01/06/21 22:21, Lendacky, Thomas wrote: >>>> From: Tom Lendacky >>>> >>>> BZ: >>>> https://nam11.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbu= gzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=3D04%7C01%7Cthomas= .lendacky%40amd.com%7C453c7f11dc9644b6d4da08d8b3347fe4%7C3dd8961fe4884e608e= 11a82d994e183d%7C0%7C0%7C637456385366877210%7CUnknown%7CTWFpbGZsb3d8eyJWIjo= iMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdat= a=3DCult780PSvxJzDcU7nDt9USCtQxffzjLgEAzsBtzmhA%3D&reserved=3D0 >>>> >>>> >>>> When SEV-ES is active, and MMIO operation will trigger a #VC and the >>>> VmgExitLib exception handler will process this MMIO operation. >>>> >>>> A malicious hypervisor could try to extract information from encrypted >>>> memory by setting a reserved bit in the guests nested page tables for >>>> a non-MMIO area. This can result in the encrypted data being copied in= to >>>> the GHCB shared buffer area and accessed by the hypervisor. >>>> >>>> Prevent this by ensuring that the MMIO source/destination is >>>> un-encrypted >>>> memory. For the APIC register space, access is allowed in general. >>>> >>>> Cc: Jordan Justen >>>> Cc: Laszlo Ersek >>>> Cc: Ard Biesheuvel >>>> Cc: Brijesh Singh >>>> Acked-by: Laszlo Ersek >>>> Signed-off-by: Tom Lendacky >>>> --- >>>> =C2=A0 OvmfPkg/AmdSev/AmdSevX64.dsc=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 |=C2=A0 1 + >>>> =C2=A0 OvmfPkg/OvmfPkgX64.dsc=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 1 + >>>> =C2=A0 OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf |= =C2=A0 2 +- >>>> =C2=A0 OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 2 + >>>> =C2=A0 OvmfPkg/Library/VmgExitLib/VmgExitLib.inf=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 |=C2=A0 2 + >>>> =C2=A0 OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= | 81 >>>> ++++++++++++++++++++ >>>> =C2=A0 6 files changed, 88 insertions(+), 1 deletion(-) >>> >>> Looks OK, thanks. >> >> Thanks for the review, Laszlo! I've applied all of your comments for >> this series should a v3 need to be submitted. >=20 > Actually, I'd prefer that, if you have v3 handy already! If you post v3 > at once, I might be able to merge it today. Will do, I'll send it out very soon. Thanks, Tom >=20 > Thanks > Laszlo >=20