From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM04-BN3-obe.outbound.protection.outlook.com (NAM04-BN3-obe.outbound.protection.outlook.com [40.107.68.87]) by mx.groups.io with SMTP id smtpd.web11.6169.1609857904450384894 for ; Tue, 05 Jan 2021 06:45:04 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=Ih57SEGv; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: amd.com, ip: 40.107.68.87, mailfrom: thomas.lendacky@amd.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZCH72boPb0DffStpSlhFkeX/jvBbVZkEkQGz2kMvtu17ePGscT/IzCSwQ9UhXs8JlL4Vopp2gWE0PV6FcJGo4gv4ShgpJzzVrf4ftzUygs5V8VSCJd01Hr2fv5i1/2uuR1rTz2S6omIymnY0cK96xsJUxOPJ48os7JAr8zBGs7SztER7NJ/8BWn/vrCi7G8xOZi3RTzZmpY28XYYL8QVaIVAP6x7tTJEax+u219qxKO4IcGcrS5QkU+ST+FXh5y5XmgNuvBbgwgrsEoikhMcp+WihAAQy3OzghN2zT0IaCKFyGBsgyDVQRUqz8tugxzRlAGSiw1oK7OuiFENaqIyxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SgyF5n/s8uCGpRLuHdNzzvojiuIdY3KmNVUf29xY3ME=; b=lGNn1OjXai6WqYBWf3mEqhmVUZH9/GXzCkup8Zav0KxZN3Y8TCF0YO5HO1Q+xlJ+EUB77BAEv58eB5k1IrrZf7Q7IZPyDWyTyKaJ96Jf6Nvqs+P9izq2fzj0NBy3e+UohoddImSWYWJEA4y1AGxo2FIypP3rPfywlJgVHDCEdvg5iKpyyXNWHLQ1Fpu55hx0dAOxu9qJlw+K6N9RQAKhQclhJUvA/M3YvkxEqijTXST2Pb5WDLQCiH9wCz7lN1Iw1TrfzdsJLlt8w51eMNjsGwIqw0x44zHwmS0eLGfWuJwd+hVy4DSXX84Lrx0Pz3H7zt8YzK3h9uW2qm6dNJryyg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SgyF5n/s8uCGpRLuHdNzzvojiuIdY3KmNVUf29xY3ME=; b=Ih57SEGvG2iGEZAOt5nL+xFdA0U+c4s8cv1w2ktRTBlpHnJssttyBn4r5eYx/cccwHUX++JoDyUmBazVVTvhBFe+FcRHkqXlOAWKOOK4VFvrzanT4kRbnFc/NzvHsVgFcioQ02CJNSHQ5UMUYbE5LHARZu7YArh1fOku7lf3eQg= Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4958.namprd12.prod.outlook.com (2603:10b6:5:20a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.21; Tue, 5 Jan 2021 14:45:03 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::d95e:b9d:1d6a:e845%12]) with mapi id 15.20.3721.024; Tue, 5 Jan 2021 14:45:03 +0000 Subject: Re: [edk2-devel] [PATCH 12/12] OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory To: Laszlo Ersek , devel@edk2.groups.io Cc: Brijesh Singh , James Bottomley , Jordan Justen , Ard Biesheuvel References: <36dee4fe5bcc0d982b25a429fd37269bce72346e.1608065471.git.thomas.lendacky@amd.com> <6490ab16-b27b-1538-7cef-e05d7065efda@redhat.com> From: "Lendacky, Thomas" Message-ID: Date: Tue, 5 Jan 2021 08:45:01 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 In-Reply-To: <6490ab16-b27b-1538-7cef-e05d7065efda@redhat.com> X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN6PR16CA0051.namprd16.prod.outlook.com (2603:10b6:805:ca::28) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) Return-Path: thomas.lendacky@amd.com MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.236.30.118] (165.204.77.1) by SN6PR16CA0051.namprd16.prod.outlook.com (2603:10b6:805:ca::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6 via Frontend Transport; Tue, 5 Jan 2021 14:45:02 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 9cd2573d-de2f-4adc-73e3-08d8b1887c3b X-MS-TrafficTypeDiagnostic: DM6PR12MB4958: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VP34qsDXeDDocwjvqInbo8Brn13srcWUlFna7qGSHkV9fQS+t5sxeVaJN3iuPg3O0cdBZBx5ZRwWiOf7YUeiqlAMg6ZlXCbJwVqMXPA5rZ9sz3kFnWFWnb9EdTZV+Ld0v6N9reAe9AhKLJealIri2RIz+DaEnL3EHdk+XJ3YdX3eiZOp1ytfwOEtmHGdKiWQo1DPCRkuzN2WyNceQJvvQOvxBe4jnosduAB03GAd1yvR6Z4lK1lcZ9flPCkGFzm5XyJlG964hVBaVbpzn0SbK2fVc5PX0WU/1uQ2uvbhdLi63FtZ4pLFKHOAuHQAfn+QS5pt5XyNC0GrvmPFV6AeLUxwjD1sJUqJvphk0HgjjE/HXleFNta4C2zaCpGZb5Lv/q4PYzLKD/eW9ey/u+9mUa2RJjm68fcxPSJeLAEpv1WPDXnI9N0RAB79FkAugwAA/PHfsB99YBwKUjkaOJW8w9QvzVRpsdKthofcZbif8wHxnasVxhTEnqjm5Nl0S26BM21HciyUY9iPI9MLd0jvmVe4VZdfMQpeWzf2q+0im5ops7wHArcNQydTC18oQPb3 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(39860400002)(376002)(136003)(346002)(66476007)(45080400002)(31696002)(45954011)(16576012)(316002)(83380400001)(478600001)(86362001)(66946007)(8676002)(66556008)(19627235002)(36756003)(5660300002)(52116002)(966005)(2616005)(15650500001)(186003)(4326008)(53546011)(6486002)(956004)(54906003)(8936002)(2906002)(31686004)(16526019)(26005)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?UW42S0xBSkc0UiszbFFjeVFwSFJwYjEwR1VmaVBOM1B3U2p4emlyeXVpeVFj?= =?utf-8?B?U09ZY0twUkVIa1h4QzJ0OUE1RUtxa056VEk0QTNSS2xwNmV6bzRqc2tVWkhR?= =?utf-8?B?T2dVSE1QZUhHZnpKNTVmL3Iza3R4enlZMmV2dDV5emtSU0cvNWEvSkdCb0ds?= =?utf-8?B?Y1JVNHY3bmY1OTh0SDdiRTFCaEx4ZGZzME90YVl2b0lIZVlHV01qeGZ3VXR6?= =?utf-8?B?amIzRWlNNEVlUmZGd2dFVVkyVUp4ZmNrRXZNZXQ4cnYrb1dCU0xuM2NnNTEv?= =?utf-8?B?MGlQMEl5UTRGdWk3L01xdnIvbi9DM0o0M2xKajdSWS9yUWQ3ZDN1cWpsa29n?= =?utf-8?B?RjdFcEdBMmJrbWUxcStTYk1XdmRNRXNOL1RZdTJOSGZRZGFtVDdzeVp2Qit4?= =?utf-8?B?d0ZPSFlJQ3AwK1dDYy8wZjk2d1Fmam1GVE8vbUJtMEpLVlkzNlB6UDJiZmNt?= =?utf-8?B?aURjQ1JjdWw2SjByR0JZWEVub1VYVkpJY2RQMFc1cHRETGhRSnRMYXhPS0Vi?= =?utf-8?B?cWFDM1grTWJJRDZzMDlIZE16VXIyR1pObFhlSEZwdUZzUE84U3R0cXgreXg1?= =?utf-8?B?S3J2d0FYcXZCY2M0NjNqaisrRnRTVTRmTS85anc3bTNaSk85anIwR0VTWHdI?= =?utf-8?B?ejJtbXFoSStENDZwWndBbWN1YjZyc000WDBnd2lVdk13YlJmKzV6SWtNZlRr?= =?utf-8?B?b2pjemozRnBjK2tSOHhIcTBxcTFxOXBxUS83SFk0amQ1YU9Gc24wbEh6eUVX?= =?utf-8?B?YjR5REljaHBtVVU5Q09IQ01sZ0RhczNYMjhLTEt3eHdERExnYnYwUVBMV001?= =?utf-8?B?UE9SR1UzNW9hUzVjOEF4Ylc0UnRETFhkdlp1UXMrUmFDY2RtUnUxQmwwczM4?= =?utf-8?B?Mit0UlNkRm15cUlQcml4THpqc2x1ZUxaczRrc0Y2WngyZHZBTnppT0kxMEVj?= =?utf-8?B?MWNwZUZiWE04YkdqQS9yUlFZanArNVlpcjNSamR6RVJickxzd21JWDlQYkhx?= =?utf-8?B?MHNtTlAzeWxuZWE0UFVld2FVTGp6NS9pMjBwZlQrREFnUXB4aHA5KzZPQ21L?= =?utf-8?B?dnJLb3AyaUdCRWlhcno2R2doM3pWandOYlR4SnhQL3UxeHIyR0hFcy9VRGl0?= =?utf-8?B?VVU2SXVxVHVaZ3RwZjlCRzJhMHZsT2xsRll2K1ZYZmtVelhLbFpGMkVsZ1pF?= =?utf-8?B?bEdpenpIZEpORTgwcEQrc2xqeVdYNElxbGRONU5BYUcvKzZ4aS8rcCs3enNy?= =?utf-8?B?ZExFTnh5V2RFQkNHUHBma0pIbXFISkZrRGExaUR5TnJ2dDhNdVJvKzBtd1Fp?= =?utf-8?Q?Pb0jBgklWsrfFbPgtJUZYoxBkLrMD7Aiww?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2021 14:45:02.9735 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-Network-Message-Id: 9cd2573d-de2f-4adc-73e3-08d8b1887c3b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Z/2o+5xNdzcQJradNG+gtzflApqvlozNa+D3cJK7SKQOV5YuAJnig4xa497yNlDxoB4Wid4iDNyT+BewvkCL7g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4958 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 1/5/21 4:28 AM, Laszlo Ersek wrote: > On 12/15/20 21:51, Lendacky, Thomas wrote: >> From: Tom Lendacky >> >> BZ: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D3108&data=04%7C01%7Cthomas.lendacky%40amd.com%7C4a5d3dd1c25d4935bd6608d8b164b73b%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637454393417282277%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vEIKCoKCg1P46pkl2X0iod8x5I7%2FGyDu9beOoR2Pfww%3D&reserved=0 >> >> When SEV-ES is active, and MMIO operation will trigger a #VC and the >> VmgExitLib exception handler will process this MMIO operation. >> >> A malicious hypervisor could try to extract information from encrypted >> memory by setting a reserved bit in the guests nested page tables for >> a non-MMIO area. This can result in the encrypted data being copied into >> the GHCB shared buffer area and accessed by the hypervisor. >> >> Prevent this by ensuring that the MMIO source/destination is un-encrypted >> memory. For the APIC register space, access is allowed in general. >> >> Cc: Jordan Justen >> Cc: Laszlo Ersek >> Cc: Ard Biesheuvel >> Cc: Brijesh Singh >> Signed-off-by: Tom Lendacky >> --- >> OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + >> OvmfPkg/OvmfPkgX64.dsc | 1 + >> .../DxeBaseMemEncryptSevLib.inf | 2 +- >> OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf | 1 + >> OvmfPkg/Library/VmgExitLib/VmgExitLib.inf | 2 + >> OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c | 81 +++++++++++++++++++ >> 6 files changed, 87 insertions(+), 1 deletion(-) >> >> diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc >> index 3e5a3f648ad5..d0e9d28fc492 100644 >> --- a/OvmfPkg/AmdSev/AmdSevX64.dsc >> +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc >> @@ -237,6 +237,7 @@ [LibraryClasses.common.SEC] >> CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf >> !endif >> VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf >> + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >> >> [LibraryClasses.common.PEI_CORE] >> HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf >> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc >> index 226b576545a9..2a230888c636 100644 >> --- a/OvmfPkg/OvmfPkgX64.dsc >> +++ b/OvmfPkg/OvmfPkgX64.dsc >> @@ -265,6 +265,7 @@ [LibraryClasses.common.SEC] >> CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf >> !endif >> VmgExitLib|OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf >> + MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecBaseMemEncryptSevLib.inf >> >> [LibraryClasses.common.PEI_CORE] >> HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf >> diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >> index 04728a5dd256..10f794759207 100644 >> --- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >> +++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeBaseMemEncryptSevLib.inf >> @@ -14,7 +14,7 @@ [Defines] >> FILE_GUID = c1594631-3888-4be4-949f-9c630dbc842b >> MODULE_TYPE = BASE >> VERSION_STRING = 1.0 >> - LIBRARY_CLASS = MemEncryptSevLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER >> + LIBRARY_CLASS = MemEncryptSevLib|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_DRIVER >> >> # >> # The following information is for reference only and not required by the build >> diff --git a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf >> index df14de3c21bc..9c8de326f3d1 100644 >> --- a/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf >> +++ b/OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf >> @@ -35,6 +35,7 @@ [LibraryClasses] >> BaseLib >> BaseMemoryLib >> DebugLib >> + MemEncryptSevLib >> PcdLib >> >> [FixedPcd] >> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf >> index b3c3e56ecff8..c66c68726cdb 100644 >> --- a/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf >> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitLib.inf >> @@ -35,4 +35,6 @@ [LibraryClasses] >> BaseLib >> BaseMemoryLib >> DebugLib >> + LocalApicLib >> + MemEncryptSevLib >> > > (1) I don't understand why LocalApicLib is added only to > "VmgExitLib.inf", and not "SecVmgExitLib.inf". The source file > "VmgExitVcHandler.c" is shared between both INF files, and that file > gets a GetLocalApicBaseAddress() call below. And, "SecVmgExitLib.inf" > doesn't list the LocalApicLib class dependency from any earlier patch. > > ... Hm, the issue is masked because "OvmfPkg/Sec/SecMain.inf" lists > LocalApicLib already, so when the SEC module is linked, the LocalApicLib > dependency is ultimately (independently) noted/satisfied. > > But, that doesn't make this omission right; please amend the > "SecVmgExitLib.inf" file. Good catch, I'm not sure how I missed that. I'll make that change. Thanks, Tom > > With that update: > > Acked-by: Laszlo Ersek > > Thanks > Laszlo > >> diff --git a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c >> index ce577e4677eb..24259060fd65 100644 >> --- a/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c >> +++ b/OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c >> @@ -9,6 +9,7 @@ >> #include >> #include >> #include >> +#include >> #include >> #include >> #include >> @@ -595,6 +596,61 @@ UnsupportedExit ( >> return Status; >> } >> >> +/** >> + Validate that the MMIO memory access is not to encrypted memory. >> + >> + Examine the pagetable entry for the memory specified. MMIO should not be >> + performed against encrypted memory. MMIO to the APIC page is always allowed. >> + >> + @param[in] Ghcb Pointer to the Guest-Hypervisor Communication Block >> + @param[in] MemoryAddress Memory address to validate >> + @param[in] MemoryLength Memory length to validate >> + >> + @retval 0 Memory is not encrypted >> + @return New exception value to propogate >> + >> +**/ >> +STATIC >> +UINT64 >> +ValidateMmioMemory ( >> + IN GHCB *Ghcb, >> + IN UINTN MemoryAddress, >> + IN UINTN MemoryLength >> + ) >> +{ >> + MEM_ENCRYPT_SEV_ADDRESS_RANGE_STATE State; >> + GHCB_EVENT_INJECTION GpEvent; >> + UINTN Address; >> + >> + // >> + // Allow APIC accesses (which will have the encryption bit set during >> + // SEC and PEI phases). >> + // >> + Address = MemoryAddress & ~(SIZE_4KB - 1); >> + if (Address == GetLocalApicBaseAddress ()) { >> + return 0; >> + } >> + >> + State = MemEncryptSevGetAddressRangeState ( >> + 0, >> + MemoryAddress, >> + MemoryLength >> + ); >> + if (State == MemEncryptSevAddressRangeUnencrypted) { >> + return 0; >> + } >> + >> + // >> + // Any state other than unencrypted is an error, issue a #GP. >> + // >> + GpEvent.Uint64 = 0; >> + GpEvent.Elements.Vector = GP_EXCEPTION; >> + GpEvent.Elements.Type = GHCB_EVENT_INJECTION_TYPE_EXCEPTION; >> + GpEvent.Elements.Valid = 1; >> + >> + return GpEvent.Uint64; >> +} >> + >> /** >> Handle an MMIO event. >> >> @@ -653,6 +709,11 @@ MmioExit ( >> return UnsupportedExit (Ghcb, Regs, InstructionData); >> } >> >> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes); >> + if (Status != 0) { >> + return Status; >> + } >> + >> ExitInfo1 = InstructionData->Ext.RmData; >> ExitInfo2 = Bytes; >> CopyMem (Ghcb->SharedBuffer, &InstructionData->Ext.RegData, Bytes); >> @@ -683,6 +744,11 @@ MmioExit ( >> InstructionData->ImmediateSize = Bytes; >> InstructionData->End += Bytes; >> >> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes); >> + if (Status != 0) { >> + return Status; >> + } >> + >> ExitInfo1 = InstructionData->Ext.RmData; >> ExitInfo2 = Bytes; >> CopyMem (Ghcb->SharedBuffer, InstructionData->Immediate, Bytes); >> @@ -717,6 +783,11 @@ MmioExit ( >> return UnsupportedExit (Ghcb, Regs, InstructionData); >> } >> >> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes); >> + if (Status != 0) { >> + return Status; >> + } >> + >> ExitInfo1 = InstructionData->Ext.RmData; >> ExitInfo2 = Bytes; >> >> @@ -748,6 +819,11 @@ MmioExit ( >> case 0xB7: >> Bytes = (Bytes != 0) ? Bytes : 2; >> >> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes); >> + if (Status != 0) { >> + return Status; >> + } >> + >> ExitInfo1 = InstructionData->Ext.RmData; >> ExitInfo2 = Bytes; >> >> @@ -774,6 +850,11 @@ MmioExit ( >> case 0xBF: >> Bytes = (Bytes != 0) ? Bytes : 2; >> >> + Status = ValidateMmioMemory (Ghcb, InstructionData->Ext.RmData, Bytes); >> + if (Status != 0) { >> + return Status; >> + } >> + >> ExitInfo1 = InstructionData->Ext.RmData; >> ExitInfo2 = Bytes; >> >> >