From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 2BBE7941A5A for ; Fri, 19 Apr 2024 14:56:09 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=43I0VP64X3xCx//XmKvYaf63ndLmi4bvuURyjIh7u1g=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:User-Agent:Subject:To:Cc:References:From:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713538568; v=1; b=Acx9996fVbL9ED5m9UsKbWL9IWHhK70Tppu+xJa93afxqsa10pGEoRpV0UueRWAEGLYmqRnI A+o0iju0srk28uAZgrUXhCIoZozWVE/YtEVC0iAmOwYyJhEfEobpL6n4QtfM0ifYLicmw6+ZdMS KR6KrPXPu4GmQvvbAdS5mhqA53tvpF1iyy5Y6lRorbGCKubPwBxLKFjsLmT/ztDPGryuXQT2opG NoRZZB76N3tMLzF9P/gf4sulUMVlo4AZ3BKjjtSHMN0vd+NG0tXGE1UgP5uOLku2BYRiZgIt+cA 0ZMJEBMfiu4oQcBS8lVQkANctuvycfHn9LOFdtOadCFHA== X-Received: by 127.0.0.2 with SMTP id nAaFYY7687511xpLbWJflUzX; Fri, 19 Apr 2024 07:56:08 -0700 X-Received: from NAM12-BN8-obe.outbound.protection.outlook.com (NAM12-BN8-obe.outbound.protection.outlook.com [40.107.237.84]) by mx.groups.io with SMTP id smtpd.web11.23331.1713538567788700774 for ; Fri, 19 Apr 2024 07:56:08 -0700 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) by CH2PR12MB4039.namprd12.prod.outlook.com (2603:10b6:610:a8::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.41; Fri, 19 Apr 2024 14:56:03 +0000 X-Received: from BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52]) by BL1PR12MB5732.namprd12.prod.outlook.com ([fe80::bf0:d462:345b:dc52%7]) with mapi id 15.20.7472.042; Fri, 19 Apr 2024 14:56:03 +0000 Message-ID: Date: Fri, 19 Apr 2024 09:56:01 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [edk2-devel] [PATCH] OvmfPkg: Harden #VC instruction emulation somewhat (CVE-2024-25742) To: devel@edk2.groups.io, kraxel@redhat.com, acdunlap@google.com Cc: Borislav Petkov , Peter Gonda References: <20240417165400.3615824-1-acdunlap@google.com> From: "Lendacky, Thomas via groups.io" In-Reply-To: X-ClientProxiedBy: SA9PR13CA0119.namprd13.prod.outlook.com (2603:10b6:806:24::34) To BL1PR12MB5732.namprd12.prod.outlook.com (2603:10b6:208:387::17) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL1PR12MB5732:EE_|CH2PR12MB4039:EE_ X-MS-Office365-Filtering-Correlation-Id: 1e46cd44-d747-4986-b5ff-08dc6080d58f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: =?utf-8?B?Z3VrbTA4VDducHhpa1VXeWk3ZmhuODFwQkdFZEFpRzgzR1grSHcwK0hnWFJ0?= =?utf-8?B?RUNRVmdBZGN3cE9meHdKNXFyUUxvSUc2Vk5adCtwWFlwT09IQ0ZKU2VSWkZ6?= =?utf-8?B?SkI3c1RaOUQrZmlhQUdUdnpqQVgzVTFDY3JKVllYdWNZM0MyR0hFQkw4SW13?= =?utf-8?B?V1JXTVhQQ0dOTUZlZy9UZlZNKy9hU0N0RXJCaUJOaTFyNlpLZ3l6Mm5tU3l0?= =?utf-8?B?SUxwWnA5OVpKZlhXcXRwb29YWjJVaDY2aGdadDE3RTFTRC9RMlI3bmVaUFZo?= =?utf-8?B?a01sWnBmRWxUTTIyLzl0NVBIMUt0UXRmOXByY2Vzc1NmUUlCdHZZZDVFa1lS?= =?utf-8?B?ellTQXNUMUoyWDFScEIwWWZLTlQxSjRCSXEwSVlRVHE3UlRhWDZtekdQQStu?= =?utf-8?B?TFZ3aVpFSlN3OVBhRHlOdldKNjN5ZlgwdzRIc3M4Y21OdXlHU2pnOFlmR0lu?= =?utf-8?B?eWNEakROMG9jQ0t5M29GWW5IWlk2cHRSQWU0MTllazZLdjZBeTVGTmJBam9F?= =?utf-8?B?OVJQaXdEcmRuN3UvQ0xWSkVJWFFXTjVlbXJsK2RhUVpCc29ZWkZsOVlQWW5Z?= =?utf-8?B?QWxFeE9TV1JFZEkvTk5oSGdsemptTi9oaVhRS2xSb2pUdGtJa0NJYURhYTdM?= =?utf-8?B?ZXU2VnhYbDZoQ211Rnd5aU9XV21YSW1sclV5Z0lOeTRTMEYwQU45N1gvVGhO?= =?utf-8?B?ZTd1aGp1UkJKblhnVHVBblFXRjhvWW1JemFNUkhLTTlDcSs0YkI5aFM3aEpi?= =?utf-8?B?RXZyNldoMmNBaFZFTmhXcG9XaFlFSWJoRURReEE4eWVYVjdKUWttcmk0Tkdx?= =?utf-8?B?NmZ5a0RJVW90UlhINnh5bGo5YnJHOWJzV2VLWm9hY091NDNZVGhZNmdnQnRO?= =?utf-8?B?Y3dLQVArcXpDQ3grYkZQY1RQT1ZqOHdKUmJ5alZ6WG1XMDhRaUI1UWxNbWdz?= =?utf-8?B?eml3NHBnay93WGRscmpweGRWSXFHNE1GMkJKOVNUOTFFNzBKZGVXMVNZcXlq?= =?utf-8?B?LzFzdTNwZTRXekJWZDRDVnZkQ2RFLzZKVjhFTEZRN1IyeFV5Q1ZwQkRCNzZr?= =?utf-8?B?KzRFNjcrYnF1eVdKMkpGUFAxT0RLNExXWGZ0YkllOG1FMzQxWWZPUWNpbUtT?= =?utf-8?B?NDAyYVRDZWsvY3U0WWp6cEdvWFFsS1FiK1ZPdExFUVdBMjhzVitxc1Q1bzVZ?= =?utf-8?B?VWVzOFZ1YUY2b3pBa2NJMjB5aS9iTCtjQ3IyU1luWXJDN0VsYmU0eVlIeGls?= =?utf-8?B?WHFiSituMWRZeWxhNk5RVTNkclQ0RnB5NHdnOUVXOGhKREw3WDNVOFdCUUl6?= =?utf-8?B?eFVtK1Vjc1Q4NTlUeE02ZkVJOXZHdEZCMzdWdHVzSlZoYUVHSUtLU0I0UnZu?= =?utf-8?B?em9HdDk5L1RVUE5xRnErVDg4NnI4aFJlMzRHL0xsWDg4bytIeFA4QXQ3ZDNl?= =?utf-8?B?ZlA5NlBUb3ZoY281ZzV3VDFVSUloNWxHREErLzh2ZnVMMC90WVI2V1VpQmJY?= =?utf-8?B?c3pNMnQ4OS9QejF6RTJLdXNLSkhsNnBmc2VqWkUrM3E4c1NGUzBhN2JCVWhG?= =?utf-8?B?SFNBSTRGdm9xVldWTERsRkVXKzgySWtRS1JqUGswenVmckJDYlpqbFBETzli?= =?utf-8?B?MGpkZm53SzkvVkpFTkM2LzdidUVoaXh5ckN6REFLdFhRQXBsZURuY3VQaW1i?= =?utf-8?B?S2JpVWVHS1dVNHJsZ21xYk41UjB2WEJXSndIMnJiSk5GbUx6Wm8zTGtRPT0=?= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?SFJHZ3hybkhiQ2Z3emJkeU90NXJIRkRmQnU2cW9laWEvelJpNVZzMmgyalpk?= =?utf-8?B?V0NMazQ0ZHpGZ3BCZ0Jrc2pRbmtSazE5UlZ6YzZia0sxZ1ZnK0paWmUvVnUr?= =?utf-8?B?YUhzSDV1KzVaWU1jc0srL1BXaFRvdGRRc215YjllZDlzQldWRWRDMWxmTXM2?= =?utf-8?B?a3ROeTRpbUdaQVF4d2lFYkxrQm84cDNxeVJBYjhOdml5cnFFWVdaRTZnMGkx?= =?utf-8?B?SVJpWWxMWmNQT24zZUx1Wmk5SllyalFQYU9EL3dEVG4xZHFvRXEvb0hvMi9Z?= =?utf-8?B?OUtZUHpkVFgveFNaa0R1M1VKZDVTVWEwdkNNTXUzRlBuckxlTHZvT04rbXVl?= =?utf-8?B?RFpDMHZRdXFHL0tCcTMrNU9ETG5KQlRXVjgxTVNVeU5oZnZwQXJGQU4zZHA5?= =?utf-8?B?bWhIZUloeWJUV0F6STd2T29VcCsvZkdka1kyeUYzenBkRG9vSUVaaXcraHhP?= =?utf-8?B?MGJtV0JJdWhmTC95Q2JPMVF5RkJoTmRaZmRBaEhOenk2elFTcXV5SWFXMGxM?= =?utf-8?B?MkpuamZtaGdhNVljVy9XK1dVN0JRbHBCNnRnaWVTQVJuNDRWRTBGbGtUb0tW?= =?utf-8?B?eGc0K2RzK3RML2FEaStPc0txdnJQUGpTcStHRGRUbmhQRGJHc25qWFVrcDZP?= =?utf-8?B?a3ZycndjbHRIUms0S1VYWDlrUlduWkcyUHMwbGdReFRJTEVUYmtUUE1VaEw4?= =?utf-8?B?WGp0L2Q2NzNmVDM0amE4Q0lQNFY5WjgvR1c4Sko5OWl3Zk1NS01FUG1VY2Fw?= =?utf-8?B?TU80bStqbUgyVkxrR2ZtdjZ5eHNGOFNaNWN0THorSnRzMFlCc0htMHhSZXBH?= =?utf-8?B?bGMybElXZmlucWtHNWVjM2k0ZVI3elIwS0UxWnBFL0pXUVp0VmF0blNJeHJo?= =?utf-8?B?MHpYbzNKNW8rOThqSW43WUdYNy9FYXVzM0dQdXlDRlI2bEZFSnhPeHFMZnV5?= =?utf-8?B?UzF2ZEtScjllYjRtSFpNcXIyWHlUalBtdElBRG8rZWRIWUlaaFBBcTEvTDdF?= =?utf-8?B?T01qWVRNaVI0bWM0ODR2ajFkMi9ndXRMMitsTitPZ2hGTDUzb1IwVTNlTCtU?= =?utf-8?B?MVQzK1Q2RXVvTG9ZMDZjcFZXZmhod2ovajN0dFRVZ29sOWVqbDdSTjdLYk9W?= =?utf-8?B?eEVvRlBZNjcyWWdlMUNWZnNldloyczBJckYzTWtRREVndTVYZi83UjlrT21z?= =?utf-8?B?c256SDY3amdrYTBVMnlqRHc3bzUyT2RnZ0VBZ0hEd1lHNlU3aVFyU3puVDU3?= =?utf-8?B?RXZRTlo2UEI1Ykh1MVJ1QTAxdGdoM3duNVRFTVErQWUzQXhocW5RSXBSbTNR?= =?utf-8?B?emMySkJadjZoU3orV3VWSFhrV0lZLzNVZmI5VUJOakdhMWF2REE0L09raDJt?= =?utf-8?B?S25jNkZjNGFabktzQUdRWE0wcE1kUitLVlROZmxIMFVGdUc5VTkvYk8wRGlV?= =?utf-8?B?VG03QnVwWmt5M21Ud3Q2eFpwQUI4SjVjMnkxWWs5Y24wL2E0ODVobGRxTFFR?= =?utf-8?B?Zk9LbytmeWY4dFJBZ2tkSjRhT0lVSklzZjFCcm1DWmdkcEw4MTFDbFBkSTNr?= =?utf-8?B?UlQxTEJhYjdvK2I0dytYaWMxc1liNmNHVGNwY1Z0cUR0TUU5WG5DckRQeTV6?= =?utf-8?B?VGZ1TTQvSERGRjNWdmZ3MWRBVTkyOE5sak9IVEFiZWptajdsdkh6ajJRQVBI?= =?utf-8?B?Qm0zMkJEYmRNZXYwcDZIVlBmRmFqSXhmZ05hYUdQenB0a09FU3JjUDcyQm9L?= =?utf-8?B?bHRFamE0MGV5Z1FKRWg4R3NVNXNZZWZIZUlrTnhVUHJKWEJVOXlWNEJpWk15?= =?utf-8?B?ZVhLS2gyT1pyd0ovQWg3T2ZrR0t6bHE2WUhZVDdTNmM1TUpIVmhkeHFIeEhT?= =?utf-8?B?dHA0Wi9WSmxzSTlndzVjNFJKZlNQY0tmRmVGbHhpbmNqblVDc09YZzQwNVZ0?= =?utf-8?B?UEhRRHUrR1NEOTY2bHJSV0RyNGFpZng1VGo2WE5qc3NuOGZrWkQ5WHFvbUd3?= =?utf-8?B?d0Z0SHFMN1h3RkF4U211MEpyZWt1L1U4SHR2SWd4RnFna2hVU0Vtb1NTNzZG?= =?utf-8?B?WWorU0ZWWCsyQVZLM0JEZlh5QldsVUd1bU5sNUJMczFsdVlqTG1XaFpnUWpI?= =?utf-8?Q?j2AzcUZHCzcqi2Q6KYhGs2s+M?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1e46cd44-d747-4986-b5ff-08dc6080d58f X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Apr 2024 14:56:03.7020 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SDywJ+KuJrwgoxhvWVWI+JMfDJV733ufnQUZsaSMf3Lj0zK3UJM3MBrOAFjWO4eIX/kr8mHHmV0wprQiHVXx6g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4039 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 19 Apr 2024 07:56:08 -0700 Resent-From: thomas.lendacky@amd.com Reply-To: devel@edk2.groups.io,thomas.lendacky@amd.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: HZWLwQ89uKvvXbhbOTuOjRelx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Acx9996f; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On 4/18/24 07:15, Gerd Hoffmann via groups.io wrote: > On Wed, Apr 17, 2024 at 09:54:00AM -0700, Adam Dunlap via groups.io wrote= : >> Ensure that when a #VC exception happens, the instruction at the >> instruction pointer matches the instruction that is expected given the >> error code. This is to mitigate the ahoi WeSee attack [1] that could >> allow hypervisors to breach integrity and confidentiality of the >> firmware by maliciously injecting interrupts. This change is a >> translated version of a linux patch e3ef461af35a ("x86/sev: Harden #VC >> instruction emulation somewhat") >=20 >> +**/ >> +STATIC >> +UINT64 >> +VcCheckOpcodeBytes ( >> + IN OUT GHCB *Ghcb, >> + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, >> + IN OUT CC_INSTRUCTION_DATA *InstructionData, >> + IN UINT64 ExitCode >> + ) >> +{ >> + UINT8 OpCode; >=20 > The linux kernel patch uses "unsigned int opcode" and apparently > checks more than just the first byte for multi-byte opcodes. Why > do it differently here? >=20 > On the bigger picture: I'm wondering why SNP allows external #VC > injections in the first place? It does and it doesn't. It doesn't allow #VC when injected as an=20 exception. But the case of #VC injected as an interrupt was missed (see=20 the event injection type field). It will be fixed in hardware going=20 forward, but for now... Thanks, Tom >=20 > take care, > Gerd >=20 >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118030): https://edk2.groups.io/g/devel/message/118030 Mute This Topic: https://groups.io/mt/105581633/7686176 Mute #vc:https://edk2.groups.io/g/devel/mutehashtag/vc Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-