git.proxmox.com Git - mirror

OvfmPkg/VmgExitLib: Validate #VC MMIO is to un-encrypted memory

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108

When SEV-ES is active, and MMIO operation will trigger a #VC and the
VmgExitLib exception handler will process this MMIO operation.

A malicious hypervisor could try to extract information from encrypted
memory by setting a reserved bit in the guests nested page tables for
a non-MMIO area. This can result in the encrypted data being copied into
the GHCB shared buffer area and accessed by the hypervisor.

Prevent this by ensuring that the MMIO source/destination is un-encrypted
memory. For the APIC register space, access is allowed in general.

Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <0cf28470ad5e694af45f7f0b35296628f819567d.1610045305.git.thomas.lendacky@amd.com>

author	Tom Lendacky <thomas.lendacky@amd.com>
	Thu, 7 Jan 2021 18:48:25 +0000 (12:48 -0600)
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
	Thu, 7 Jan 2021 19:34:39 +0000 (19:34 +0000)
commit	85b8eac59b8c5bd9c7eb9afdb64357ce1aa2e803
tree	4309a053d2d9041c749e1dac64eaf3832160681e	tree
parent	362654246ae886e11287f44c6aaa53f17e1f2867	commit \| diff

OvmfPkg/AmdSev/AmdSevX64.dsc		diff \| blob \| blame \| history
OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf		diff \| blob \| blame \| history
OvmfPkg/Library/VmgExitLib/SecVmgExitLib.inf		diff \| blob \| blame \| history
OvmfPkg/Library/VmgExitLib/VmgExitLib.inf		diff \| blob \| blame \| history
OvmfPkg/Library/VmgExitLib/VmgExitVcHandler.c		diff \| blob \| blame \| history
OvmfPkg/OvmfPkgX64.dsc		diff \| blob \| blame \| history