[PATCH 1/1] OvmfPkg/MemEncryptSevLib: Check the guest type before EsWorkarea access


Brijesh Singh
 

The commit 80e67af9afca added support for a generic workarea concept.
The workarea header contains the information of the guest type. The
header is populated by ResetVector code during the guest detection.

Currently, the InternalMemEncryptSevStatus() reads the EsWorkArea to
determine the C-bit position. The EsWorkArea PCD is valid only for the
SEV guest type. Add a check of the guest type before accessing the
EsWorkArea PCD.

Fixes: 80e67af9afca ("OvmfPkg: introduce a common work area")
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Qi Zhou <atmgnd@outlook.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
.../DxeMemEncryptSevLib.inf | 2 +
.../PeiMemEncryptSevLib.inf | 2 +
.../SecMemEncryptSevLib.inf | 2 +
.../PeiMemEncryptSevLibInternal.c | 50 +++++++++++++++-
.../SecMemEncryptSevLibInternal.c | 58 ++++++++++++++++++-
5 files changed, 110 insertions(+), 4 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
index f2e162d68076..03b66b986f1f 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
@@ -54,4 +54,6 @@ [FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire

[Pcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
index 03a78c32df28..16dd4d9d8b77 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLib.inf
@@ -54,4 +54,6 @@ [FeaturePcd]
gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire

[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
index 279c38bfbc2c..a933cb33a9cb 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
@@ -48,4 +48,6 @@ [LibraryClasses]
PcdLib

[FixedPcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
gUefiCpuPkgTokenSpaceGuid.PcdSevEsWorkAreaBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfConfidentialComputingWorkAreaHeader
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
index e2fd109d120f..db4249ec0d7d 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLibInternal.c
@@ -24,6 +24,52 @@ STATIC BOOLEAN mSevStatusChecked = FALSE;
STATIC UINT64 mSevEncryptionMask = 0;
STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;

+/**
+ Determine if the SEV is active.
+
+ During the early booting, GuestType is set in the work area. Verify that it
+ is an SEV guest.
+
+ @retval TRUE SEV is enabled
+ @retval FALSE SEV is not enabled
+
+ **/
+STATIC
+BOOLEAN
+IsSevGuest (
+ VOID
+ )
+{
+ OVMF_WORK_AREA *WorkArea;
+
+ //
+ // Ensure that the size of the Confidential Computing work area header
+ // is same as what is provided through a fixed PCD.
+ //
+ ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) ==
+ sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER));
+
+ WorkArea = (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
+
+ return ((WorkArea != NULL) && (WorkArea->Header.GuestType == GUEST_TYPE_AMD_SEV));
+}
+
+STATIC
+SEC_SEV_ES_WORK_AREA *
+GetSevEsWorkArea (
+ VOID
+ )
+{
+ //
+ // Before accessing the Es workarea lets verify that its SEV guest
+ //
+ if (!IsSevGuest()) {
+ return NULL;
+ }
+
+ return (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+}
+
/**
Reads and sets the status of SEV features.

@@ -43,7 +89,7 @@ InternalMemEncryptSevStatus (

ReadSevMsr = FALSE;

- SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+ SevEsWorkArea = GetSevEsWorkArea ();
if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
//
// The MSR has been read before, so it is safe to read it again and avoid
@@ -139,7 +185,7 @@ MemEncryptSevGetEncryptionMask (
if (!mSevEncryptionMaskSaved) {
SEC_SEV_ES_WORK_AREA *SevEsWorkArea;

- SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+ SevEsWorkArea = GetSevEsWorkArea ();
if (SevEsWorkArea != NULL) {
mSevEncryptionMask = SevEsWorkArea->EncryptionMask;
} else {
diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
index 56d8f3f3183f..d7aff1fa40ba 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLibInternal.c
@@ -17,6 +17,52 @@
#include <Register/Cpuid.h>
#include <Uefi/UefiBaseType.h>

+/**
+ Determine if the SEV is active.
+
+ During the early booting, GuestType is set in the work area. Verify that it
+ is an SEV guest.
+
+ @retval TRUE SEV is enabled
+ @retval FALSE SEV is not enabled
+
+ **/
+STATIC
+BOOLEAN
+IsSevGuest (
+ VOID
+ )
+{
+ OVMF_WORK_AREA *WorkArea;
+
+ //
+ // Ensure that the size of the Confidential Computing work area header
+ // is same as what is provided through a fixed PCD.
+ //
+ ASSERT ((UINTN) FixedPcdGet32 (PcdOvmfConfidentialComputingWorkAreaHeader) ==
+ sizeof(CONFIDENTIAL_COMPUTING_WORK_AREA_HEADER));
+
+ WorkArea = (OVMF_WORK_AREA *) FixedPcdGet32 (PcdOvmfWorkAreaBase);
+
+ return ((WorkArea != NULL) && (WorkArea->Header.GuestType == GUEST_TYPE_AMD_SEV));
+}
+
+STATIC
+SEC_SEV_ES_WORK_AREA *
+GetSevEsWorkArea (
+ VOID
+ )
+{
+ //
+ // Before accessing the Es workarea lets verify that its SEV guest
+ //
+ if (!IsSevGuest()) {
+ return NULL;
+ }
+
+ return (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+}
+
/**
Reads and sets the status of SEV features.

@@ -35,7 +81,8 @@ InternalMemEncryptSevStatus (

ReadSevMsr = FALSE;

- SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+
+ SevEsWorkArea = GetSevEsWorkArea ();
if (SevEsWorkArea != NULL && SevEsWorkArea->EncryptionMask != 0) {
//
// The MSR has been read before, so it is safe to read it again and avoid
@@ -115,7 +162,14 @@ MemEncryptSevGetEncryptionMask (
SEC_SEV_ES_WORK_AREA *SevEsWorkArea;
UINT64 EncryptionMask;

- SevEsWorkArea = (SEC_SEV_ES_WORK_AREA *) FixedPcdGet32 (PcdSevEsWorkAreaBase);
+ //
+ // Before accessing the Es workarea lets verify that its SEV guest
+ //
+ if (!IsSevGuest()) {
+ return 0;
+ }
+
+ SevEsWorkArea = GetSevEsWorkArea ();
if (SevEsWorkArea != NULL) {
EncryptionMask = SevEsWorkArea->EncryptionMask;
} else {
--
2.25.1