From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+117995+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 07523D806DD
	for <rebecca@openfw.io>; Thu, 18 Apr 2024 15:39:39 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=PmtjTrJtfUJTRDQMxxVLS3B/oKSFfsx6x4T8cae9lpc=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1713454778; v=1;
 b=QLR9PZf4C+jhaL1YsIVBucV9CkRQM+7q3MAK/aZ89sJD4SkOlydoRDVu8TbCUqHbVESUxq9B
 kxHgnUPG8LtxzFPpGqGhte4DvxEp9nbm7nyjgRnw1Q/HmpDPsqTvYzyjoru3zXmdY9Orylo0BIE
 N34VfiICiwf8fsF12XCIegj7M+eauQJOI3ogI8IolI30KwY+CyQCLBaKFn6APosPJLlEah1StD0
 Yk+W/5LZv8SNNnX5dV7uEngyonUz9Xmm+5ovZJmUdZ1Zs7Wjh8RLGNXsQKRwbbaFVaSZ+uVHiAe
 JUMiJTBN+zcvG1XaeDW7WrRxgp2+VyN5BPtl1KxmhmX+g==
X-Received: by 127.0.0.2 with SMTP id UgmaYY7687511xG9PRoG42nX; Thu, 18 Apr 2024 08:39:38 -0700
X-Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web11.1795.1713454772755400797
 for <devel@edk2.groups.io>;
 Thu, 18 Apr 2024 08:39:32 -0700
X-Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1e853131a9cso6795015ad.3
        for <devel@edk2.groups.io>; Thu, 18 Apr 2024 08:39:32 -0700 (PDT)
X-Gm-Message-State: QL9jkyEOQnvXTCdmPfz1cDq2x7686176AA=
X-Google-Smtp-Source: AGHT+IHZizCkvTmOA/3J72yW4KAoHI1QmcxFCj0Yx3zE723nR6DOJD8z8MagZY2ROXRJfVn8yKoQT1qd2LlNt1yU/gA=
X-Received: by 2002:a17:90a:ee93:b0:2a5:7e31:5030 with SMTP id
 i19-20020a17090aee9300b002a57e315030mr3136922pjz.15.1713454771951; Thu, 18
 Apr 2024 08:39:31 -0700 (PDT)
MIME-Version: 1.0
References: <20240417165400.3615824-1-acdunlap@google.com> <daghpwou63yyswucaecnuubjxabx47ygbza7l7fnc4xxsnvju4@hvxr3vdo54xg>
In-Reply-To: <daghpwou63yyswucaecnuubjxabx47ygbza7l7fnc4xxsnvju4@hvxr3vdo54xg>
From: "Adam Dunlap via groups.io" <acdunlap=google.com@groups.io>
Date: Thu, 18 Apr 2024 08:39:20 -0700
Message-ID: <CAMBK9=bXi5fG6KAdUy7oa7=ZWQqC4u0iYHdoL_UnuT0RKDZ-Dw@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742)
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: devel@edk2.groups.io, Borislav Petkov <bp@alien8.de>, Peter Gonda <pgonda@google.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Thu, 18 Apr 2024 08:39:32 -0700
Resent-From: acdunlap@google.com
Reply-To: devel@edk2.groups.io,acdunlap@google.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=QLR9PZf4;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io;
	dmarc=pass (policy=none) header.from=groups.io

On Thu, Apr 18, 2024 at 5:15=E2=80=AFAM Gerd Hoffmann <kraxel@redhat.com> w=
rote:
>
> On Wed, Apr 17, 2024 at 09:54:00AM -0700, Adam Dunlap via groups.io wrote=
:
> > +  UINT8  OpCode;
>
> The linux kernel patch uses "unsigned int opcode" and apparently
> checks more than just the first byte for multi-byte opcodes.  Why
> do it differently here?

Good question. This patch does check for two-byte opcodes with this snippet=
:

+  OpCode =3D *(InstructionData->OpCodes);
+  if (OpCode =3D=3D TWO_BYTE_OPCODE_ESCAPE) {
+    OpCode =3D *(InstructionData->OpCodes + 1);
+  }

This works because the first byte of two-byte opcodes is always 0x0f in the
cases that we're checking for. I was wary about blindly dereferencing two
bytes since that could cause a page fault if it was actually a 1 byte opcod=
e
that was at the very end of an allocated region. This is also what is done =
in
the MmioExit function in this file. The linux kernel instruction decoder is=
 much
more extensive than what is done here and I didn't want to duplicate the
whole thing.

> On the bigger picture:  I'm wondering why SNP allows external #VC
> injections in the first place?

Yup, I think it'd be better if it didn't.


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117995): https://edk2.groups.io/g/devel/message/117995
Mute This Topic: https://groups.io/mt/105581633/7686176
Mute #vc:https://edk2.groups.io/g/devel/mutehashtag/vc
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-