From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web10.3975.1666945804923465446 for ; Fri, 28 Oct 2022 01:30:05 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=DWm+EZIz; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1666945805; x=1698481805; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=lVCoIIQJqWUkigIPlOZ8AYa4mkS6P87GB4wDNIu4G9Q=; b=DWm+EZIzhKuZmZkVIB+Z4xHO/tbPDWQpQl+ZpdqnBQstoNpluAL3mpu7 3gkL9281YfpsdOjr5YU+C0sv24bURd2gOOQhMM6zyerZu2aOliRrKaalu g5uI3HuTh8R00xPBY43N54GLgJFYi4tCUbhiWc1SClMgLW6/XXLFz3YEy HgFeCuF4JdE5Ryl5wuUIJJMAC3wROGY++9wWtHZWHyvbEP7jvzWaxc4DN a5n7xbKQ/rsZp1Gai40N1tw/rQA6872A7rxY23Wh7aQOnw1VH+urN6u6d 6LffMMDW9FGediwE6c8b8LJnUdrtkbdFxQQLaqOUeJrS3UPqDiR6PwTrb g==; X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="291742600" X-IronPort-AV: E=Sophos;i="5.95,220,1661842800"; d="scan'208";a="291742600" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2022 01:30:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="665993247" X-IronPort-AV: E=Sophos;i="5.95,220,1661842800"; d="scan'208";a="665993247" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga001.jf.intel.com with ESMTP; 28 Oct 2022 01:30:03 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 28 Oct 2022 01:30:03 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Frontend Transport; Fri, 28 Oct 2022 01:30:03 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.168) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.31; Fri, 28 Oct 2022 01:30:03 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l+G+9VTkZAau26JiMCYLMBW8utgyuc7PWbJLS4AGbDPLwrT8wO2RUnkJBUmnhnajPe3mKHk0C7rF1Fdp9VKJZ9R3HTy78FSELmra9SseL2fHFufEXoPQ5qYk4KkKbB2gu7kxph3r1PBtZjUBUVXBFH6xHTB6xi9D2NpnAwRDgu3tl2+ddzBBuIAtO3RTUhrVqAbNkymcoQec+4ZViQbuvoDci+5Lz40BSxIvzoW0B0/ILabii4cAky/p3mTlllL9i8+VPfLZHIfY6wYCQU/mm8kmDntBmUL4U79S81i5Tli8hgDJmFBURQd3I5jaGGbVu7gTHnoGBHZ6wLz2++xxIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=q6wVRYgk0kUc2xO/YWe1tkdNNuRgIk1dJwDncyViXmE=; b=HqCYgvL2d9AauihomnADirfEACNS2jZPcab2lfuk/TaELrH+ZaHiwCHI9MHj39nbdw/EowzPuljATB8fjs4m8AxeCYDvUwGPRcGf6uLy4YwX0ODzxl5qYN43OTnDO+Lw2AnU2cj2jXAJIkH1AUtclMIYi4O/rzxPMO31hY9kSZEBXBcz8wBmh8Gga2AHwBDcNuE5TGxR517QgZNEPT23G0pq+DLtmOf1OAcAFuv0uclYqwsCW+Nny1j5wLPnC8bcV56cBJfMQ+GlWzP+fKxK330NdeipPSqOwOaRqx72gGMT6t7wvy+OTNP0n4qGDTv1CKWyYjs8DM/f+c9fAiGJSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by PH7PR11MB6954.namprd11.prod.outlook.com (2603:10b6:510:205::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Fri, 28 Oct 2022 08:30:00 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::8a27:e262:8996:473]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::8a27:e262:8996:473%9]) with mapi id 15.20.5723.033; Fri, 28 Oct 2022 08:30:00 +0000 From: "Yao, Jiewen" To: "Xu, Min M" , "devel@edk2.groups.io" CC: "Aktas, Erdem" , Gerd Hoffmann , James Bottomley , Tom Lendacky Subject: Re: [PATCH V2 1/1] OvmfPkg/VmgExitLig: HALT on #VE when access to private memory Thread-Topic: [PATCH V2 1/1] OvmfPkg/VmgExitLig: HALT on #VE when access to private memory Thread-Index: AQHY6qa1naXODwJZm0S2sa+OT/6PCa4jeYxw Date: Fri, 28 Oct 2022 08:30:00 +0000 Message-ID: References: <20221028082401.1227-1-min.m.xu@intel.com> In-Reply-To: <20221028082401.1227-1-min.m.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.500.17 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|PH7PR11MB6954:EE_ x-ms-office365-filtering-correlation-id: c6355bd1-508e-44d4-1166-08dab8be9ae6 x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: rfwVQg7vLLs0sRzQY9jSXlSyw1T1ldRKr/WF13TjqT/UyTpa6hIZ9Hk/oWo82XAZy+/UCP9nXq724cgr0dc8tlCYkMcGcAc0K7/rklRDm4q9PZmoxI31qi7gR1aeQvwPgBKA+smfg8i754NwM/mjz1TihoN31s2zllkLKxOKkXGLB02pXwzKWYyhfK8gEC82wk37cSw6hXCsp+ZzNNdp0fTKgjeV9/nI1bbH3nTspwf7lzOyxqVEm5ClW94JqFsbsp9BF88wTRos1jG0ppFKkxaSDQy0qDgs6zbFJYDSjSgcvuIrxeYPXOBiSD4okAMbT4qHx84JigSGVxnIfy1tM7FO/47ZYdgHUN80WZ8VKii7Ey/P5fJAcToyhu17fRyuyvD/z48eDON4zkWUMHUGH19uNT6ZMeKw79UydYH8nwdoMkvLuFMbDkKGs9W+5M5ZpmTz/YOeZrnvhT0iIs3u/K1pK2Ejr3dgHGpZ+UDiUAhcKfBDK0YGfYBIs+dIUrTsp1YMWiChVr+MHdb108x3GZx03zzC2kejYy0pO+lCmeKCGSyuTnxR0XIAhXlI27sPnq7NaDI9IJ6nzLqjrheos4VBbM1SjHBq7bCAzrQgnPM7ksJXkLrM3kt+NotIyGPn/U9/eed4RGQK9X8qoH8Pe8UzAn7JLqRrKV00eUtcW+u1xg8VwhrqI3FzI+5UUL6U9rndzsvJFJppTPRjN4dcQdWjm512Q4kdO/l4/H2Nz9/vHKU3IsaM98f7Wn04BsQmuGxFUyj1aDNu/Gv76OrGIoe9B9FrXa4ZsD6pEqmztpc= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(396003)(346002)(136003)(39860400002)(366004)(376002)(451199015)(2906002)(41300700001)(8936002)(6506007)(66946007)(66446008)(66556008)(66476007)(86362001)(4326008)(76116006)(54906003)(8676002)(26005)(966005)(5660300002)(7696005)(53546011)(316002)(71200400001)(38070700005)(110136005)(38100700002)(82960400001)(33656002)(52536014)(122000001)(9686003)(55016003)(83380400001)(64756008)(186003)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?KCudfBL/uprd2UweeaENq1L64dYmis3U/cQwY0ESNR9RxMtmB2CmFMX1osmd?= =?us-ascii?Q?h5blhEVQyKG4EfjAun8McUuoyYgCw+kprWJ71S1doTrOY1fEJesC4XsjN2mr?= =?us-ascii?Q?9SDv7fprESKhbRikpSgv8QHu4aoCv3ZWmbrkmA1jncxyvVp75E9a6VNlrdbA?= =?us-ascii?Q?STVftpU7GaSOA47wZHJSWxghjXoA4YhCC+wUtzS13DzPtCLDiFGKgoCrZvss?= =?us-ascii?Q?nhHm7baYNorqbBrmMeM7jyPGbROFYiTb6xyeyqyr6Y0WkAypMnsV22bG797H?= =?us-ascii?Q?69KPmZ+SdP3dMaii1wiowOq48iVckpwSbsO//vwEWV/TxwVxZj8zbSYIgNFl?= =?us-ascii?Q?jyMSXbgghyabhM2ttvXjwmsLy2w9U1K3+o9wXWAZ4L/yOOHFOZJa3oLSxfRw?= =?us-ascii?Q?tXFcTGPLdEk19RZfS8QACnZzriFpv3BGrlYKrn1na3AbmK8TdqXYADuE8Ozg?= =?us-ascii?Q?zcs8gqPJ3oG5JOleOBInQN6aw6iIZ5BDR86mdNAtUJw5oMCGTrwh5t+Az2YR?= =?us-ascii?Q?A1crwU+0hk3ht8PHg+ct1qKv4tUok8Gcb0pvyzafTTfrJR36EUn9jeppTkSo?= =?us-ascii?Q?O97lNJW8+V0c2mz6+2QWiYnlvYj+vJolZOmmlfm3XCRBEBXCm5BnF3K1rfzr?= =?us-ascii?Q?70B7vDgrJZGWa35txa8iO3aoFKZ+R2wHp0qGYwS/EZEHvKfVmJ3ccBXQlH1y?= =?us-ascii?Q?S+R5jEOZSwxuIby0PLLZ3NRbRRZByPhqf21n7YnSjCDfiyp2y/Y2g4iaeBNn?= =?us-ascii?Q?pGWlVuuCsaC/BaNQBVe3iKBNILZqP3fACl33e6fQRZNKaF7sF1gUKzJWEgD2?= =?us-ascii?Q?tUwbl++wMd7S/LzXWV7IU0brPyusG480QBgNpV6ph6owf8WGYU5RKHkpDvKz?= =?us-ascii?Q?OEqQN/Shb76JhWKdBjBqxcdFynRP7mql83yrlztSKklC2wDTqgNf2CwfAgos?= =?us-ascii?Q?8SD6XlI8Do+mYDbRMz+bAfjG+wyg8QMQTsjY5piDIhK2z8Db+cynSoYLERAm?= =?us-ascii?Q?fXCWJCURhMU6F6z7bh/orFuWPosSY1C81/IYNvXIN20pb8U3OdDYjQ+XfP6Q?= =?us-ascii?Q?Kb7lDmOb/vvWOEKlxaDzLlWB2g6O4qgN/c+qrYmttdTyy2rQrnDk+94UCPvB?= =?us-ascii?Q?AIlc43eFx40r+3tzG1atggyPBV4c56hXZ94jmfRtK6pIEhmCJazNnFcDkvp1?= =?us-ascii?Q?zV+aOihVzikInxnHA1BZZAYBr8F59x80uErDV5QdvJTnaENX7aYyC2e86hHC?= =?us-ascii?Q?HK1we+uY/BzmNL3HnRbu9iM4Bie/ttZpNGikV1D9u2IokI3TEgyW4e3gjKvA?= =?us-ascii?Q?j3iTMeNFnfTfy1hmatIM24U9cIXCNGMeA+oqpzTneFH2TsdcXgP+D0L277Zg?= =?us-ascii?Q?N+2UU+W6sSyybJ1Qg5dF+bDuNaHF0zaSOs3KSwLU/0G8ggrnai5cGgnAa30K?= =?us-ascii?Q?jVuOiwyxZVf7Yw5V10SpR0yqTNFtOisHYca/SZjeDUGZJLUbX3jYOKBmRfoy?= =?us-ascii?Q?VR+cPjbImFvDvtp2g8VAWNl9pxV1t8sCRqhNgzjCTY4bGF9qpif3KSqUoKKD?= =?us-ascii?Q?SYNWThK26U5AXcsRMc9U4X50P8cONuioCarkjGpB?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c6355bd1-508e-44d4-1166-08dab8be9ae6 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2022 08:30:00.7787 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vQ8eFiKQaayQS/HGA5AWI3WkcyRrzhI12B8KNlY+ceh0RGX6mwTz9hvB7/6/GLfdHRtB8OXK6jjF1epvt+CEdA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB6954 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Xu, Min M > Sent: Friday, October 28, 2022 4:24 PM > To: devel@edk2.groups.io > Cc: Xu, Min M ; Aktas, Erdem > ; Gerd Hoffmann ; James > Bottomley ; Yao, Jiewen ; > Tom Lendacky > Subject: [PATCH V2 1/1] OvmfPkg/VmgExitLig: HALT on #VE when access to > private memory >=20 > From: Min M Xu >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4125 >=20 > EPT-violation #VE should be always on shared memory, which means the > shared bit of the GuestPA should be set. But in current #VE Handler > it is not checked. When it occurs, stop TD immediately and log out > the error. >=20 > Cc: Erdem Aktas > Cc: Gerd Hoffmann > Cc: James Bottomley > Cc: Jiewen Yao > Cc: Tom Lendacky > Signed-off-by: Min Xu > --- > .../Library/VmgExitLib/VmTdExitVeHandler.c | 40 ++++++++++++++----- > 1 file changed, 29 insertions(+), 11 deletions(-) >=20 > diff --git a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c > b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c > index b73e877c093b..c89268c5d8e8 100644 > --- a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c > +++ b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c > @@ -300,23 +300,41 @@ MmioExit ( > IN TDCALL_VEINFO_RETURN_DATA *Veinfo > ) > { > - UINT64 Status; > - UINT32 MmioSize; > - UINT32 RegSize; > - UINT8 OpCode; > - BOOLEAN SeenRex; > - UINT64 *Reg; > - UINT8 *Rip; > - UINT64 Val; > - UINT32 OpSize; > - MODRM ModRm; > - REX Rex; > + UINT64 Status; > + UINT32 MmioSize; > + UINT32 RegSize; > + UINT8 OpCode; > + BOOLEAN SeenRex; > + UINT64 *Reg; > + UINT8 *Rip; > + UINT64 Val; > + UINT32 OpSize; > + MODRM ModRm; > + REX Rex; > + TD_RETURN_DATA TdReturnData; > + UINT8 Gpaw; > + UINT64 TdSharedPageMask; >=20 > Rip =3D (UINT8 *)Regs->Rip; > Val =3D 0; > Rex.Val =3D 0; > SeenRex =3D FALSE; >=20 > + Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); > + if (Status =3D=3D TDX_EXIT_REASON_SUCCESS) { > + Gpaw =3D (UINT8)(TdReturnData.TdInfo.Gpaw & 0x3f); > + TdSharedPageMask =3D 1ULL << (Gpaw - 1); > + } else { > + DEBUG ((DEBUG_ERROR, "TDCALL failed with status=3D%llx\n", Status)); > + return Status; > + } > + > + if ((Veinfo->GuestPA & TdSharedPageMask) =3D=3D 0) { > + DEBUG ((DEBUG_ERROR, "EPT-violation #VE on private memory is not > allowed!")); > + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); > + CpuDeadLoop (); > + } > + > // > // Default to 32bit transfer > // > -- > 2.29.2.windows.2