From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.3467.1666940565221303583 for ; Fri, 28 Oct 2022 00:02:45 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=fiap/VCP; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1666940565; x=1698476565; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4Jc4i7c7/awYzki4clU8W9RasnJDOykOo/AuRy4qwFg=; b=fiap/VCPtD+7i7jLANllnhTivLHEptEwO16X4XpFTPc7DQLxAysoWRWq 7/nEEl6Y1aKYZWdjN30/rO/ar3io6C1C9eut6HzZHaRw8TU6pT0Lx1em0 jc356rw+ptZVDYBnW6AhloUhbdaqGCZZdSEy3yC6ESNcgsTXS8OiN/7C4 73SLtCoKbN9ABbtDRzUxpLmEbFfFlz3z4dPmjIx/0+RhE66U4MLkv0iPa A1TcZ8mjkgjWeiO5bYqhhIgm8ha9DAvocnBY96jXII6uQUdmYl3e6Xn5f 3hWRez1eWGO6OH/tB8GPoMFpuWpSPcDLECVEumK+hUSL4v7d9U1Ld6Axg A==; X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="306037066" X-IronPort-AV: E=Sophos;i="5.95,220,1661842800"; d="scan'208";a="306037066" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2022 00:02:44 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="757988396" X-IronPort-AV: E=Sophos;i="5.95,220,1661842800"; d="scan'208";a="757988396" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.29.97]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Oct 2022 00:02:42 -0700 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , Gerd Hoffmann , James Bottomley , Jiewen Yao , Tom Lendacky Subject: [PATCH 1/1] OvmfPkg/VmgExitLib: HALT on #VE when access to private memory Date: Fri, 28 Oct 2022 15:02:04 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4125 EPT-violation #VE should be always on shared memory, which means the shared bit of the GuestPA should be set. But in current #VE Handler it is not checked. When it occurs, stop TD immediately and log out the error. Cc: Erdem Aktas Cc: Gerd Hoffmann Cc: James Bottomley Cc: Jiewen Yao Cc: Tom Lendacky Signed-off-by: Min Xu --- .../Library/VmgExitLib/VmTdExitVeHandler.c | 40 ++++++++++++++----- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c index b73e877c093b..5bc0e9b3aa74 100644 --- a/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c +++ b/OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c @@ -300,23 +300,41 @@ MmioExit ( IN TDCALL_VEINFO_RETURN_DATA *Veinfo ) { - UINT64 Status; - UINT32 MmioSize; - UINT32 RegSize; - UINT8 OpCode; - BOOLEAN SeenRex; - UINT64 *Reg; - UINT8 *Rip; - UINT64 Val; - UINT32 OpSize; - MODRM ModRm; - REX Rex; + UINT64 Status; + UINT32 MmioSize; + UINT32 RegSize; + UINT8 OpCode; + BOOLEAN SeenRex; + UINT64 *Reg; + UINT8 *Rip; + UINT64 Val; + UINT32 OpSize; + MODRM ModRm; + REX Rex; + TD_RETURN_DATA TdReturnData; + UINT8 Gpaw; + UINT64 TdSharedPageMask; Rip = (UINT8 *)Regs->Rip; Val = 0; Rex.Val = 0; SeenRex = FALSE; + Status = TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData); + if (Status == TDX_EXIT_REASON_SUCCESS) { + Gpaw = (UINT8)(TdReturnData.TdInfo.Gpaw & 0x3f); + TdSharedPageMask = 1ULL << (Gpaw - 1); + } else { + DEBUG ((DEBUG_ERROR, "TDCALL failed with status=%llx\n", Status)); + return Status; + } + + if ((Veinfo->GuestPA & TdSharedPageMask) == 0) { + DEBUG ((DEBUG_ERROR, "EPT-violation #VE on private memory is a bug or an attack.")); + ASSERT (FALSE); + TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0); + } + // // Default to 32bit transfer // -- 2.29.2.windows.2