Virtualization
/
edk2
mirror of https://gitlab.com/qemu-project/edk2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

OvmfPkg/VmgExitLig: HALT on #VE when access to private memory 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4125

EPT-violation #VE should be always on shared memory, which means the
shared bit of the GuestPA should be set. But in current #VE Handler
it is not checked. When it occurs, stop TD immediately and log out
the error.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Guorui Yu <ruogui.ygr@alibaba-inc.com>
Tested-by: Guorui Yu <ruogui.ygr@alibaba-inc.com>
This commit is contained in:
Min M Xu 2022-10-28 16:24:01 +08:00 committed by mergify[bot]
parent 2695e49219
commit eff44c008d
1 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
OvmfPkg/Library/VmgExitLib/VmTdExitVeHandler.c
View File

@ -311,12 +311,30 @@ MmioExit (
UINT32 OpSize; UINT32 OpSize;
MODRM ModRm; MODRM ModRm;
REX Rex; REX Rex;
TD_RETURN_DATA TdReturnData;
UINT8 Gpaw;
UINT64 TdSharedPageMask;
Rip = (UINT8 *)Regs->Rip; Rip = (UINT8 *)Regs->Rip;
Val = 0; Val = 0;
Rex.Val = 0; Rex.Val = 0;
SeenRex = FALSE; SeenRex = FALSE;
Status = TdCall (TDCALL_TDINFO, 0, 0, 0, &TdReturnData);
if (Status == TDX_EXIT_REASON_SUCCESS) {
Gpaw = (UINT8)(TdReturnData.TdInfo.Gpaw & 0x3f);
TdSharedPageMask = 1ULL << (Gpaw - 1);
} else {
DEBUG ((DEBUG_ERROR, "TDCALL failed with status=%llx\n", Status));
return Status;
}
if ((Veinfo->GuestPA & TdSharedPageMask) == 0) {
DEBUG ((DEBUG_ERROR, "EPT-violation #VE on private memory is not allowed!"));
TdVmCall (TDVMCALL_HALT, 0, 0, 0, 0, 0);
CpuDeadLoop ();
}
// //
// Default to 32bit transfer // Default to 32bit transfer
// //