From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by mx.groups.io with SMTP id smtpd.web11.3591.1666941298358925817
 for <devel@edk2.groups.io>;
 Fri, 28 Oct 2022 00:14:58 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=PKdsMiqh;
 spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1666941298; x=1698477298;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=qDmepJObFfNQj7UvO2QCHcOD6u1zWg9AGogSN1CbPVc=;
  b=PKdsMiqh5YUj2O/P+hBe84i59D9bXHQ+MqHn5Y7WXT+Fc8nfJjtU5rMC
   sNwDbVoOR2ti2wZaoC2yezKyppAk1Vf3v1L9y8XTWwpjddjReqFPw4L1A
   bfnRa8iKTFPC8t9nG6SFOknjm9HyndyjZUATObMi1zhG0YL7c7j2opJ8y
   fR7zHl3h2cWPmNJxOmsiv8prjkruCxEFGW3OkJtcnxKNLagUKSEyz7aLe
   oywvII6zeib2PkCU5aGCOqHs9dMnbeNS+OilOJXox9b8zcVbBH5p+js4T
   GsFgmwquUjz0+trkUZYim/BlJ6uRSt9bdShli1ZIzlItAVEQ6Nt4prE70
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="306040046"
X-IronPort-AV: E=Sophos;i="5.95,220,1661842800"; 
   d="scan'208";a="306040046"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2022 00:14:49 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="635206601"
X-IronPort-AV: E=Sophos;i="5.95,220,1661842800"; 
   d="scan'208";a="635206601"
Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14])
  by fmsmga007.fm.intel.com with ESMTP; 28 Oct 2022 00:14:48 -0700
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.31; Fri, 28 Oct 2022 00:14:48 -0700
Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by
 ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.31; Fri, 28 Oct 2022 00:14:48 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.31 via Frontend Transport; Fri, 28 Oct 2022 00:14:48 -0700
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.109)
 by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2375.31; Fri, 28 Oct 2022 00:14:47 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=ofhfnLDeAaB+d1MzVjSKvCrQmXAzHjrR601ZXIZIfayEgz+Nui3XMp1rbHf32qayhdE0Pl6qqA7yZQfFgsOhbJEQylIIYZqSRP7i6UnwkUJT6LFOS4uX7Uu1qidCQuImff8t7GiNNWjD0HqPpMvGgo+epiMs+sEbB/+0wSOJ5uBA30xu0KWOzEVg1LpstptRqekh/z3koG2ATd2+owT5QwOOyGoROfmjFUf9jzLcuAdxI406t9sAS6em5COMWilHPmG5Z+MVfQYIa8m7RltNxgJegv+7lXkIl4r+G6i+XmRokD8Xnw0ADEXqngHw8GCWZ/WHx6EyVy3yMs5STczBdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=LTBImO/i6KbK4RtJ+AMaoxhxClLQAnnDk+LXMxRJTWU=;
 b=HVFzH0EAbS3P3n2mJxScKEGM7c6Fl+GOtXrN74/19UELZmrytiVOnZSZ3AXKgqHQXo2/Xb9T8TbeoXVEiZFQen8mjnYxHt8Z4MLUzi3NrUGQdSCfsyNd6xfX55ufT0WI5MWXEGTYpuWKNc6lOMQXaedc6PgQnBSlQKtX2ngkaETFo70o73blZGtKZErKOZBk+k/t7mK91nuXICXNxfe7Jb9ZDcRnQJ6vOLgrYV6ANQbFEaF57CwX/EKbqYVO1EyrGjrZEkjz3ptSwOaSNKVPYlIg7FNvt8ncZsu/AK6ga6QXuDjWHdT7YLTrhRG1GCLDe3VINBomRwwS7O4Zzk7vuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by PH0PR11MB4773.namprd11.prod.outlook.com (2603:10b6:510:33::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28; Fri, 28 Oct
 2022 07:14:40 +0000
Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::8a27:e262:8996:473]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::8a27:e262:8996:473%9]) with mapi id 15.20.5723.033; Fri, 28 Oct 2022
 07:14:40 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Xu, Min M" <min.m.xu@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Aktas, Erdem" <erdemaktas@google.com>, Gerd Hoffmann <kraxel@redhat.com>,
	James Bottomley <jejb@linux.ibm.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: Re: [PATCH 1/1] OvmfPkg/VmgExitLib: HALT on #VE when access to private memory
Thread-Topic: [PATCH 1/1] OvmfPkg/VmgExitLib: HALT on #VE when access to
 private memory
Thread-Index: AQHY6ptM8A/dKfc8PUOjSl3ICe263K4jY3QQ
Date: Fri, 28 Oct 2022 07:14:40 +0000
Message-ID: <MW4PR11MB5872AE630FB3F3C736899A5C8C329@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <cover.1666940404.git.min.m.xu@intel.com>
 <ee48b2b94de88ea21c13451f1c83163b94282da2.1666940404.git.min.m.xu@intel.com>
In-Reply-To: <ee48b2b94de88ea21c13451f1c83163b94282da2.1666940404.git.min.m.xu@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-version: 11.6.500.17
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|PH0PR11MB4773:EE_
x-ms-office365-filtering-correlation-id: 8bad9e7a-9c6c-4fd2-3aaf-08dab8b41489
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: oQQSaeuALrESBlGmCtt26WFlG5GUV20NJIyd0XGVtpST0zm3vqW8DMIiuM7NSDLdoD103Ns4dew8UbZvbslB3Nz8uqgXE8oyl6SJPjAhR2J2bA/cdjP3LE9JxGGznj/4u2jnlRenaELtqZrOWG+oG36BCRiJU5nomrXovrwRZ3QDWVkNB18Y+bdWXot0hGr4+L3ho+pLrRLVBmMJUtcSlZmNPVWq+vbl23I/iGke2bUgWCvCzYnN06Kk9drvUuP/rNDDw2oYQx4AbHYloB6inAQZSTliQ3WB637jLxeTdlMYH/6nszQPmXejPbrmigXrFx/B9cFCkoYU1T8R2awQfY/9d22hBBvS6AP0/uvnS0Ey8vrZet84QTnjInMCbFk+5LqxcLGXPa/CpnAzXSTu6MTm25457TiNYBoucuj2T8534xn9rQhPbnbQ1YUkFdsQUf73wKEJTo79CewTSOk5VY7tjfyWEFrj2qN5BCWDeHs1Gc+S7xnDixd1h7pf4qaKpdc/aRqPSqC9dozJO7EMTucRP54WG7/JcUWQi1WslIvsi4zUOnYCHviOiXBfdzrVkv8aXTFfu58yreuoXi/N0iFIUQE9KjvJwMFzcy+FfY5jLHUEjRYDDN5J47Wa/iZ/JK5336HbJL926nQg7179oN9MGs1pmbYbcv1ykRcZ9OAA/A6PYfQElLE3vAByw7owUwrjpXiVBjND/vFUSzLkjJflnmBqJY47vCMsOPNu7AvL/kxlkTguH0v888I5G1J+WNkTQgqUvfRdZ10qZ4jbRSnWhVzQjyRcZlooA2MSR70=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(346002)(376002)(396003)(39860400002)(136003)(366004)(451199015)(186003)(6506007)(26005)(83380400001)(9686003)(55016003)(66946007)(8936002)(53546011)(5660300002)(2906002)(7696005)(41300700001)(4326008)(52536014)(66446008)(54906003)(71200400001)(64756008)(8676002)(966005)(110136005)(66476007)(316002)(76116006)(66556008)(478600001)(86362001)(82960400001)(122000001)(38070700005)(38100700002)(33656002);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?f5wZTb69kYlqxWvm3tkk4OMGoJqJ5L0UKYKbLyh+SX+AKIyiAwSrjGI2GtFS?=
 =?us-ascii?Q?SE8xfgwnqZwTp5+wGQIB2QfqD5i8h5A73TCcSEajariErLjpCgS7zkVkS/r2?=
 =?us-ascii?Q?z0NKlBMfkYUD/6QI4HElxRCLOIWn3JV+hYYQVr06M713RP/WRnL7U4FyEbwC?=
 =?us-ascii?Q?Wvv0RZky8hXje+8ifTRo8ae3CVHDXjnplTtn50VGW7fupqdODON09WINdQmT?=
 =?us-ascii?Q?CDH92A/ar44hg1d4f/VVdv82AdvXM6IokIzAbvUUr9BZy4y/kn5JvCpwV5a2?=
 =?us-ascii?Q?SshmDgmG3TbZFJcWdpcnkaGmmGOv9R0tFiJx8sxAWOKeMS+hNQ6cGuq86Y6Z?=
 =?us-ascii?Q?N72wBvTdwRYjs6TsbtdIh+KBTtAgwi/++j6Mo4J74pLj9P0uKVfuMDQ6j8kn?=
 =?us-ascii?Q?afsbrG0JO1nVfHog6rpspOg8fCeoGXeL2cwljKrIjDlahuvyxo168ArqQeTk?=
 =?us-ascii?Q?w6+PqQuxgm2eTctEKcwoFY68In5ATveifQ/dq2iq/2UF3en8Lo6jDjdWb7gy?=
 =?us-ascii?Q?3ThTs50X4xctvysQwTNR7O7GaUfSTvS/Dpb2EQDND/6GL0eQ4zjtgCwy7+gG?=
 =?us-ascii?Q?AvgpX7Xr2izJetC+8b5nQDco5FzLWIwHmNb+n/yVtObhNq2eqBotzZFl/xmF?=
 =?us-ascii?Q?uZ66DoPUHoPxsCUJ4hZb9k1niouh4jeYyWK7LZ6Bjmnl78zOHRs8YyABtqBR?=
 =?us-ascii?Q?zwO4J3yroB0zIJrmI6MGk2wn9DMHQbVbYQpvo+SehOeONREulYpOIgICrjty?=
 =?us-ascii?Q?chRwJDeBTjdvjrmV5WRhwhVC5wyDW3Pj6VsMftpYXSHU2GXE0TfKJVhAnDGB?=
 =?us-ascii?Q?QhAastjBbfpDAnWf2Yx+vwBaId01I7MwZfyb71xGsTbInYphfCfMIOzdR0WY?=
 =?us-ascii?Q?r0PH6P835Nb0M2qEpDB4GgnH5+WG1uZ0auNlqrbBIC2HKqANgmEtNoqDQXEf?=
 =?us-ascii?Q?n7a0iYCEs+AmWhBrGMCXIYwBh4BRGQLDd2EdlaenC8OqqfdOeD/iZHiLq+iG?=
 =?us-ascii?Q?pFkxyrAyPJqHymCo+SvchySRlvMWMaxQZafLyqqLTrTqbnWfCBfJKg9IOCUn?=
 =?us-ascii?Q?8RM1fxcn2lxtEmDC3pzuHD/Yf5NL0Uvief2VCy3nzpdY5J98Hb3gZ3Hkcivf?=
 =?us-ascii?Q?dPvwvQfCkQkxor8jJzIYe6ZfC2zJM6/TTeZaMouihtE8+RdQ/rSMho0RfmRe?=
 =?us-ascii?Q?ohp9CtJp3IpLHTn7qbaBP6g0XquYGQ316AZIFVBFJoLOBwZt6jU6OoFU3Kuq?=
 =?us-ascii?Q?0ziZG8pCQT1hHGzCFk5e2lv95x5e+yZRJkbQkR6rcJLm2iEKpYd2fjvR17Dd?=
 =?us-ascii?Q?ZWUoaoIvRtzUG6QLbrs0BaOtBxGcARWFx6gsZ547dT0jF0Vh7AiRgSLHKWSn?=
 =?us-ascii?Q?vLnu3acWiqShqcIZGmcRVkPfFArX9LS0w2ItZzLxdeCXgOd0LxCOyl5AWfE4?=
 =?us-ascii?Q?EUzdcxgRUpsBchMQzIwjGPVNN+BgGciXekpN1zyDoW3Iplgsut6z2CsdAU7M?=
 =?us-ascii?Q?B+hPBvlAl+f/Kb34adowvB3n8xLNDIa4yxNgfiIoud5iqkynnHMySep7IayF?=
 =?us-ascii?Q?lqvA9z0dKhxOOTq3F6j0T9WoIRde09ieh0sCDimN?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8bad9e7a-9c6c-4fd2-3aaf-08dab8b41489
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2022 07:14:40.4195
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FygLk+/Ai/PK0mEYNNTxqR847c65xoQTLiMblmCbq82mCEEAhjcFw1WvuEg5gJkIDx45k0Q49MLxJsg7D70qaA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4773
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Thanks for the patch.

1) I suggest to say "EPT-violation #VE on private memory is not allowed!"

2) The VMM is not trusted. We need put an unconditional CpuDeadLoop() after=
 TDVMCALL_HALT.

3) Please test both shared address and private address in EPT-violation cas=
e.

Thank you
Yao Jiewen


> +    DEBUG ((DEBUG_ERROR, "EPT-violation #VE on private memory is a bug
> or an attack."));
> +    ASSERT (FALSE);
> +    TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);

> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Friday, October 28, 2022 3:02 PM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; Gerd Hoffmann <kraxel@redhat.com>; James
> Bottomley <jejb@linux.ibm.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Tom Lendacky <thomas.lendacky@amd.com>
> Subject: [PATCH 1/1] OvmfPkg/VmgExitLib: HALT on #VE when access to
> private memory
>=20
> From: Min M Xu <min.m.xu@intel.com>
>=20
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4125
>=20
> EPT-violation #VE should be always on shared memory, which means the
> shared bit of the GuestPA should be set. But in current #VE Handler
> it is not checked. When it occurs, stop TD immediately and log out
> the error.
>=20
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
> ---
>  .../Library/VmgExitLib/VmTdExitVeHandler.c    | 40 ++++++++++++++-----
>  1 file changed, 29 insertions(+), 11 deletions(-)
>=20
> diff --git a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
> b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
> index b73e877c093b..5bc0e9b3aa74 100644
> --- a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
> +++ b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
> @@ -300,23 +300,41 @@ MmioExit (
>    IN TDCALL_VEINFO_RETURN_DATA   *Veinfo
>    )
>  {
> -  UINT64   Status;
> -  UINT32   MmioSize;
> -  UINT32   RegSize;
> -  UINT8    OpCode;
> -  BOOLEAN  SeenRex;
> -  UINT64   *Reg;
> -  UINT8    *Rip;
> -  UINT64   Val;
> -  UINT32   OpSize;
> -  MODRM    ModRm;
> -  REX      Rex;
> +  UINT64          Status;
> +  UINT32          MmioSize;
> +  UINT32          RegSize;
> +  UINT8           OpCode;
> +  BOOLEAN         SeenRex;
> +  UINT64          *Reg;
> +  UINT8           *Rip;
> +  UINT64          Val;
> +  UINT32          OpSize;
> +  MODRM           ModRm;
> +  REX             Rex;
> +  TD_RETURN_DATA  TdReturnData;
> +  UINT8           Gpaw;
> +  UINT64          TdSharedPageMask;
>=20
>    Rip     =3D (UINT8 *)Regs->Rip;
>    Val     =3D 0;
>    Rex.Val =3D 0;
>    SeenRex =3D FALSE;
>=20
> +  Status =3D TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData);
> +  if (Status =3D=3D TDX_EXIT_REASON_SUCCESS) {
> +    Gpaw             =3D (UINT8)(TdReturnData.TdInfo.Gpaw & 0x3f);
> +    TdSharedPageMask =3D 1ULL << (Gpaw - 1);
> +  } else {
> +    DEBUG ((DEBUG_ERROR, "TDCALL failed with status=3D%llx\n", Status));
> +    return Status;
> +  }
> +
> +  if ((Veinfo->GuestPA & TdSharedPageMask) =3D=3D 0) {
> +    DEBUG ((DEBUG_ERROR, "EPT-violation #VE on private memory is a bug
> or an attack."));
> +    ASSERT (FALSE);
> +    TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);
> +  }
> +
>    //
>    // Default to 32bit transfer
>    //
> --
> 2.29.2.windows.2