From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118037+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 73E4DD8081E
	for <rebecca@openfw.io>; Fri, 19 Apr 2024 17:39:50 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=wgfI5gZVnVDNUBIeV4U/7ABg25SHQ2QUfR0Ko/GqXjY=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1713548389; v=1;
 b=PkhJCNwYY2rCJw7UMlTicBD5+nq3EGduc20fKVHj9lT7QmiB7/t9gTgcrgfKbJiw0h7CBT3g
 fGBKFHKgsNwLkF1D+0LDKOqKEVTmoy7Z4bGS0wlbjWnNviDrIJaSa4Y6ywKGK13LzfIyeM5GKDj
 6PfXDz44BIC1G0FUMPxkgpT+1mhpSHsLgKTuB9yrrTgxAFmMxnlazGlbsbt88wKJbmDl5cqNzE8
 GDyD1Xx5ZLIZdlUsT35/b4w/JU88DugKbtkqB/X/JHJjjhDQpsY5+HRJMjVo1y9qvoi2ajCp2TO
 XjIBVtVGtktX1S1r0dhki9fxjpDPcVZ97oyxQxr/rYX1A==
X-Received: by 127.0.0.2 with SMTP id xuTrYY7687511xdaEYgcrMy6; Fri, 19 Apr 2024 10:39:49 -0700
X-Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180])
 by mx.groups.io with SMTP id smtpd.web11.127.1713548388407018542
 for <devel@edk2.groups.io>;
 Fri, 19 Apr 2024 10:39:48 -0700
X-Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-5d42e7ab8a9so1429033a12.3
        for <devel@edk2.groups.io>; Fri, 19 Apr 2024 10:39:48 -0700 (PDT)
X-Gm-Message-State: d1rlsoU5aLP7of0OxAKF57jQx7686176AA=
X-Google-Smtp-Source: AGHT+IEWoh4ynH6O33+RUKW+gFBOCzZaqSKF5dz+Bst2d9DOzFOI5lXq5qkEUO5Q5M4oC0RZpmaVjAuZihHKih8DDZI=
X-Received: by 2002:a17:90b:438a:b0:29b:22d2:9dd5 with SMTP id
 in10-20020a17090b438a00b0029b22d29dd5mr3097162pjb.38.1713548387582; Fri, 19
 Apr 2024 10:39:47 -0700 (PDT)
MIME-Version: 1.0
References: <20240417165400.3615824-1-acdunlap@google.com> <d2290ad6-8001-b088-fcf7-0b1609ee5ea9@amd.com>
In-Reply-To: <d2290ad6-8001-b088-fcf7-0b1609ee5ea9@amd.com>
From: "Adam Dunlap via groups.io" <acdunlap=google.com@groups.io>
Date: Fri, 19 Apr 2024 10:39:35 -0700
Message-ID: <CAMBK9=aVOH8Tot1g3peWk0H2iDd=u4eV82sYTunD_f2DM-mqGw@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742)
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: devel@edk2.groups.io, Borislav Petkov <bp@alien8.de>, Peter Gonda <pgonda@google.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Fri, 19 Apr 2024 10:39:48 -0700
Resent-From: acdunlap@google.com
Reply-To: devel@edk2.groups.io,acdunlap@google.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=PkhJCNwY;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=pass (policy=none) header.from=groups.io

On Fri, Apr 19, 2024 at 8:13=E2=80=AFAM Tom Lendacky <thomas.lendacky@amd.c=
om> wrote:
>
> On 4/17/24 11:54, Adam Dunlap wrote:
> > +
> > +    case SVM_EXIT_INVD:
> > +      break;
>
> This changes the current behavior today, but I'm ok with that.
>

Whoops, I should've checked that. Should we delete InvdExit() then, if
it's dead code?

> > +
> > +    case SVM_EXIT_MONITOR:
> > +      CcDecodeModRm (Regs, InstructionData);
> > +
> > +      if ((OpCode =3D=3D 0x01) && (InstructionData->ModRm.Uint8 =3D=3D=
 0xc8)) {
>
> This should also handle the MONITORX opcode (hmmm... I need to send a
> patch to the kernel).
>
> > +        return 0;
> > +      }
> > +
> > +      break;
> > +
> > +    case SVM_EXIT_MWAIT:
> > +      CcDecodeModRm (Regs, InstructionData);
> > +
> > +      if ((OpCode =3D=3D 0x01) && (InstructionData->ModRm.Uint8 =3D=3D=
 0xc9)) {
>
> Same here for MWAITX.
>
> Thanks,
> Tom

Got it! I'll send out a new patch shortly if I can figure out how to
use git send-email correctly.


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118037): https://edk2.groups.io/g/devel/message/118037
Mute This Topic: https://groups.io/mt/105581633/7686176
Mute #vc:https://edk2.groups.io/g/devel/mutehashtag/vc
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-