* [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE
@ 2023-11-11 2:14 Roth, Michael via groups.io
2023-11-13 10:48 ` Gerd Hoffmann
0 siblings, 1 reply; 3+ messages in thread
From: Roth, Michael via groups.io @ 2023-11-11 2:14 UTC (permalink / raw)
To: devel; +Cc: Gerd Hoffmann, Ray Ni, Erdem Aktas, Jiewen Yao, Min Xu,
Tom Lendacky
The struct used for GHCB-based page-state change requests uses a 40-bit
bit-field for the GFN, which is shifted by PAGE_SHIFT to generate a
64-bit address. However, anything beyond 40-bits simply gets shifted off
when doing this, which will cause issues when dealing with 1TB+
addresses. Fix this by casting the 40-bit GFN values to 64-bit ones
prior to shifting it by PAGE_SHIFT.
Fixes: ade62c18f474 ("OvmfPkg/MemEncryptSevLib: add support to validate system RAM")
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
.../BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 85eb41585b..d52d2940e9 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -78,13 +78,14 @@ PvalidateRange (
IN BOOLEAN Validate
)
{
- UINTN Address, RmpPageSize, Ret, i;
+ UINTN RmpPageSize, Ret, i;
+ EFI_PHYSICAL_ADDRESS Address;
for ( ; StartIndex <= EndIndex; StartIndex++) {
//
// Get the address and the page size from the Info.
//
- Address = Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT;
+ Address = ((UINT64)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
RmpPageSize = Info->Entry[StartIndex].PageSize;
Ret = AsmPvalidate (RmpPageSize, Validate, Address);
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111110): https://edk2.groups.io/g/devel/message/111110
Mute This Topic: https://groups.io/mt/102520474/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE
2023-11-11 2:14 [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE Roth, Michael via groups.io
@ 2023-11-13 10:48 ` Gerd Hoffmann
2023-11-15 17:49 ` Roth, Michael via groups.io
0 siblings, 1 reply; 3+ messages in thread
From: Gerd Hoffmann @ 2023-11-13 10:48 UTC (permalink / raw)
To: Michael Roth; +Cc: devel, Ray Ni, Erdem Aktas, Jiewen Yao, Min Xu, Tom Lendacky
On Fri, Nov 10, 2023 at 08:14:39PM -0600, Michael Roth wrote:
> The struct used for GHCB-based page-state change requests uses a 40-bit
> bit-field for the GFN, which is shifted by PAGE_SHIFT to generate a
> 64-bit address. However, anything beyond 40-bits simply gets shifted off
> when doing this, which will cause issues when dealing with 1TB+
> addresses. Fix this by casting the 40-bit GFN values to 64-bit ones
> prior to shifting it by PAGE_SHIFT.
>
> Fixes: ade62c18f474 ("OvmfPkg/MemEncryptSevLib: add support to validate system RAM")
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
> .../BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> index 85eb41585b..d52d2940e9 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> @@ -78,13 +78,14 @@ PvalidateRange (
> IN BOOLEAN Validate
> )
> {
> - UINTN Address, RmpPageSize, Ret, i;
> + UINTN RmpPageSize, Ret, i;
> + EFI_PHYSICAL_ADDRESS Address;
>
> for ( ; StartIndex <= EndIndex; StartIndex++) {
> //
> // Get the address and the page size from the Info.
> //
> - Address = Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT;
> + Address = ((UINT64)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
Minor nit: why cast to UINT64 not EFI_PHYSICAL_ADDRESS?
Otherwise looks good to me.
take care,
Gerd
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111137): https://edk2.groups.io/g/devel/message/111137
Mute This Topic: https://groups.io/mt/102520474/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE
2023-11-13 10:48 ` Gerd Hoffmann
@ 2023-11-15 17:49 ` Roth, Michael via groups.io
0 siblings, 0 replies; 3+ messages in thread
From: Roth, Michael via groups.io @ 2023-11-15 17:49 UTC (permalink / raw)
To: Gerd Hoffmann
Cc: devel, Ray Ni, Erdem Aktas, Jiewen Yao, Min Xu, Tom Lendacky
Quoting Gerd Hoffmann (2023-11-13 04:48:10)
> On Fri, Nov 10, 2023 at 08:14:39PM -0600, Michael Roth wrote:
> > The struct used for GHCB-based page-state change requests uses a 40-bit
> > bit-field for the GFN, which is shifted by PAGE_SHIFT to generate a
> > 64-bit address. However, anything beyond 40-bits simply gets shifted off
> > when doing this, which will cause issues when dealing with 1TB+
> > addresses. Fix this by casting the 40-bit GFN values to 64-bit ones
> > prior to shifting it by PAGE_SHIFT.
> >
> > Fixes: ade62c18f474 ("OvmfPkg/MemEncryptSevLib: add support to validate system RAM")
> > Signed-off-by: Michael Roth <michael.roth@amd.com>
> > ---
> > .../BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c | 5 +++--
> > 1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> > index 85eb41585b..d52d2940e9 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> > @@ -78,13 +78,14 @@ PvalidateRange (
> > IN BOOLEAN Validate
> > )
> > {
> > - UINTN Address, RmpPageSize, Ret, i;
> > + UINTN RmpPageSize, Ret, i;
> > + EFI_PHYSICAL_ADDRESS Address;
> >
> > for ( ; StartIndex <= EndIndex; StartIndex++) {
> > //
> > // Get the address and the page size from the Info.
> > //
> > - Address = Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT;
> > + Address = ((UINT64)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
>
> Minor nit: why cast to UINT64 not EFI_PHYSICAL_ADDRESS?
My original thinking was that we were originally shifting a 40-bit
bit-field of a UINT64, so the minimal change is to cast it to a
normal UINT64 to fix the bit-field overflow. So I thought casting
to another type might obfuscate the fix a bit.
EFI_PHYSICAL_ADDRESS seems more correct all around though, so I've
sent a v2 with the suggested change.
Thanks!
-Mike
>
> Otherwise looks good to me.
>
> take care,
> Gerd
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111284): https://edk2.groups.io/g/devel/message/111284
Mute This Topic: https://groups.io/mt/102520474/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-11-15 17:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-11 2:14 [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE Roth, Michael via groups.io
2023-11-13 10:48 ` Gerd Hoffmann
2023-11-15 17:49 ` Roth, Michael via groups.io
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox