[edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE

[edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE

[Roth, Michael via groups.io]

The struct used for GHCB-based page-state change requests uses a 40-bit
bit-field for the GFN, which is shifted by PAGE_SHIFT to generate a
64-bit address. However, anything beyond 40-bits simply gets shifted off
when doing this, which will cause issues when dealing with 1TB+
addresses. Fix this by casting the 40-bit GFN values to 64-bit ones
prior to shifting it by PAGE_SHIFT.

Fixes: ade62c18f474 ("OvmfPkg/MemEncryptSevLib: add support to validate system RAM")
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 .../BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
index 85eb41585b..d52d2940e9 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -78,13 +78,14 @@ PvalidateRange (
   IN  BOOLEAN                     Validate

   )

 {

-  UINTN  Address, RmpPageSize, Ret, i;

+  UINTN                 RmpPageSize, Ret, i;

+  EFI_PHYSICAL_ADDRESS  Address;

 

   for ( ; StartIndex <= EndIndex; StartIndex++) {

     //

     // Get the address and the page size from the Info.

     //

-    Address     = Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT;

+    Address     = ((UINT64)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;

     RmpPageSize = Info->Entry[StartIndex].PageSize;

 

     Ret = AsmPvalidate (RmpPageSize, Validate, Address);

-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111110): https://edk2.groups.io/g/devel/message/111110
Mute This Topic: https://groups.io/mt/102520474/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE

[Gerd Hoffmann]

On Fri, Nov 10, 2023 at 08:14:39PM -0600, Michael Roth wrote:
> The struct used for GHCB-based page-state change requests uses a 40-bit
> bit-field for the GFN, which is shifted by PAGE_SHIFT to generate a
> 64-bit address. However, anything beyond 40-bits simply gets shifted off
> when doing this, which will cause issues when dealing with 1TB+
> addresses. Fix this by casting the 40-bit GFN values to 64-bit ones
> prior to shifting it by PAGE_SHIFT.
> 
> Fixes: ade62c18f474 ("OvmfPkg/MemEncryptSevLib: add support to validate system RAM")
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
>  .../BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c    | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> index 85eb41585b..d52d2940e9 100644
> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> @@ -78,13 +78,14 @@ PvalidateRange (
>    IN  BOOLEAN                     Validate
>    )
>  {
> -  UINTN  Address, RmpPageSize, Ret, i;
> +  UINTN                 RmpPageSize, Ret, i;
> +  EFI_PHYSICAL_ADDRESS  Address;
>  
>    for ( ; StartIndex <= EndIndex; StartIndex++) {
>      //
>      // Get the address and the page size from the Info.
>      //
> -    Address     = Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT;
> +    Address     = ((UINT64)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;

Minor nit: why cast to UINT64 not EFI_PHYSICAL_ADDRESS?

Otherwise looks good to me.

take care,
  Gerd



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111137): https://edk2.groups.io/g/devel/message/111137
Mute This Topic: https://groups.io/mt/102520474/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow during PVALIDATE

[Roth, Michael via groups.io]

Quoting Gerd Hoffmann (2023-11-13 04:48:10)
> On Fri, Nov 10, 2023 at 08:14:39PM -0600, Michael Roth wrote:
> > The struct used for GHCB-based page-state change requests uses a 40-bit
> > bit-field for the GFN, which is shifted by PAGE_SHIFT to generate a
> > 64-bit address. However, anything beyond 40-bits simply gets shifted off
> > when doing this, which will cause issues when dealing with 1TB+
> > addresses. Fix this by casting the 40-bit GFN values to 64-bit ones
> > prior to shifting it by PAGE_SHIFT.
> > 
> > Fixes: ade62c18f474 ("OvmfPkg/MemEncryptSevLib: add support to validate system RAM")
> > Signed-off-by: Michael Roth <michael.roth@amd.com>
> > ---
> >  .../BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c    | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> > 
> > diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> > index 85eb41585b..d52d2940e9 100644
> > --- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> > +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
> > @@ -78,13 +78,14 @@ PvalidateRange (
> >    IN  BOOLEAN                     Validate
> >    )
> >  {
> > -  UINTN  Address, RmpPageSize, Ret, i;
> > +  UINTN                 RmpPageSize, Ret, i;
> > +  EFI_PHYSICAL_ADDRESS  Address;
> >  
> >    for ( ; StartIndex <= EndIndex; StartIndex++) {
> >      //
> >      // Get the address and the page size from the Info.
> >      //
> > -    Address     = Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_SHIFT;
> > +    Address     = ((UINT64)Info->Entry[StartIndex].GuestFrameNumber) << EFI_PAGE_SHIFT;
> 
> Minor nit: why cast to UINT64 not EFI_PHYSICAL_ADDRESS?

My original thinking was that we were originally shifting a 40-bit
bit-field of a UINT64, so the minimal change is to cast it to a
normal UINT64 to fix the bit-field overflow. So I thought casting
to another type might obfuscate the fix a bit.

EFI_PHYSICAL_ADDRESS seems more correct all around though, so I've
sent a v2 with the suggested change.

Thanks!

-Mike

> 
> Otherwise looks good to me.
> 
> take care,
>   Gerd
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111284): https://edk2.groups.io/g/devel/message/111284
Mute This Topic: https://groups.io/mt/102520474/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-