On 4/18/24 07:15, Gerd Hoffmann via groups.io wrote:
On Wed, Apr 17, 2024 at 09:54:00AM -0700, Adam Dunlap via groups.io wrote:Ensure that when a #VC exception happens, the instruction at the instruction pointer matches the instruction that is expected given the error code. This is to mitigate the ahoi WeSee attack [1] that could allow hypervisors to breach integrity and confidentiality of the firmware by maliciously injecting interrupts. This change is a translated version of a linux patch e3ef461af35a ("x86/sev: Harden #VC instruction emulation somewhat")+**/ +STATIC +UINT64 +VcCheckOpcodeBytes ( + IN OUT GHCB *Ghcb, + IN OUT EFI_SYSTEM_CONTEXT_X64 *Regs, + IN OUT CC_INSTRUCTION_DATA *InstructionData, + IN UINT64 ExitCode + ) +{ + UINT8 OpCode;The linux kernel patch uses "unsigned int opcode" and apparently checks more than just the first byte for multi-byte opcodes. Why do it differently here? On the bigger picture: I'm wondering why SNP allows external #VC injections in the first place?
It does and it doesn't. It doesn't allow #VC when injected as an exception. But the case of #VC injected as an interrupt was missed (see the event injection type field). It will be fixed in hardware going forward, but for now...
Thanks, Tom
take care, Gerd
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118030): https://edk2.groups.io/g/devel/message/118030 Mute This Topic: https://groups.io/mt/105581633/21656 Mute #vc:https://edk2.groups.io/g/devel/mutehashtag/vc Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
