From nobody Thu May 16 00:11:09 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+111110+1787277+3901457@groups.io;
	arc=fail (BodyHash is different from the expected one)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1699668965992594.2611401384281;
 Fri, 10 Nov 2023 18:16:05 -0800 (PST)
Return-Path: <bounce+27952+111110+1787277+3901457@groups.io>
DKIM-Signature: a=rsa-sha256; bh=EeyW3ACDb+UX4SnempfsDRJxn1fbuHVPuS0MNOV2Yrg=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Received-SPF:From:To:CC:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding:Content-Type;
 s=20140610; t=1699668962; v=1;
 b=nVty0m3S7ApJ7IBZv6ryfZiYwEefbAr5uafVcHJmijzW2EmkfPGTNk8HO96y51jIWNk3aBz2
 JDV/CLM8A4MwqrR1j3UpeCWldtP72DNf7ad1hFG1dVQhw45jGVx2f/IoECGB05Fmu33NcFM+LhJ
 dUi4O72imxnQRjDp3lIGMSps=
X-Received: by 127.0.0.2 with SMTP id RJ69YY1788612x9ciFtFwEL8;
 Fri, 10 Nov 2023 18:16:02 -0800
X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com
 (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.79])
 by mx.groups.io with SMTP id smtpd.web11.45692.1699668961629079518
 for <devel@edk2.groups.io>;
 Fri, 10 Nov 2023 18:16:01 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=czjyvNpDZqvzm8PkCWUAibkQDpgN7wJJsqFJS1aMX2JjrtD5txuAfPRamljvFT9fnIZbuVk01kJTpQbIMXfLcWubu4SOhvxJp9kUauUUpjsHAtF6zWS2mp2dIuJVKIOUd6iaMF7mjRy3kJeUwsrF8K7B+YhkdB0wozbUEDp8d2/C5bq0ENErJIGnfiX3s9tZO/EMvhB//Rwsqx2BxGm6gABGG2jFIZ/Sz2gtTZUGjthXeBHa7o2av+lh0BeE3TzikYylfnTtSqseSCoRpXe7vdDxJawvjNnI+EHdKEHgqkpEBeHdRU8lT2Lcauz5MSBS/hZ2N5O+IcczHsBYOlhR3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=nlhtgREVdnPF/NnHWnDVUVT+JeI7DWNqk+MK/OTV1UQ=;
 b=G4WR7d/Sp4PG7dBd1qPYXa5nUsvN1OOGPiMB+MjvK6aMNXYw6CQaPqsbuRoZs/FXoJZZR5MstZ3TMRwHwJRlz1b+jto3bLzUJBCBXjAYanO/7nGdcbBAvqlnvTwqZk11Q8G2Ot/6IVL4lypJtqTqF6m9Bfpa1uxapRLotb8XKkp+/9r1SfvJGXXD4LmaQY2Ddg9BWyFXZHRbxRcbuHmM9Qvyt6lRLgKqNRUCXHi8y067oH2z02NDbtXmKWqPwHVGwuGptsKfSzo6agCST5MH6eoGRI5Hm6MbcdMADPct9ketW0X3ralFqqcexwfUVm1oQKE3cmh0MgJylX1tRlhFLA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=amd.com;
 dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
 header.from=amd.com; dkim=none (message not signed); arc=none (0)
X-Received: from BL1PR13CA0232.namprd13.prod.outlook.com
 (2603:10b6:208:2bf::27)
 by PH7PR12MB7282.namprd12.prod.outlook.com (2603:10b6:510:209::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.28; Sat, 11 Nov
 2023 02:15:58 +0000
X-Received: from BL6PEPF0001AB50.namprd04.prod.outlook.com
 (2603:10b6:208:2bf:cafe::bb) by BL1PR13CA0232.outlook.office365.com
 (2603:10b6:208:2bf::27) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7002.10 via Frontend
 Transport; Sat, 11 Nov 2023 02:15:57 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+111110+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
X-Received: from SATLEXMB04.amd.com (165.204.84.17) by
 BL6PEPF0001AB50.mail.protection.outlook.com (10.167.242.74) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.6977.16 via Frontend Transport; Sat, 11 Nov 2023 02:15:57 +0000
X-Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Fri, 10 Nov
 2023 20:15:57 -0600
From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
To: <devel@edk2.groups.io>
CC: Gerd Hoffmann <kraxel@redhat.com>, Ray Ni <ray.ni@intel.com>, Erdem Aktas
	<erdemaktas@google.com>, Jiewen Yao <jiewen.yao@intel.com>, Min Xu
	<min.m.xu@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>
Subject: [edk2-devel] [PATCH] OvmfPkg/MemEncryptSevLib: Fix address overflow
 during PVALIDATE
Date: Fri, 10 Nov 2023 20:14:39 -0600
Message-ID: <20231111021439.554450-1-michael.roth@amd.com>
MIME-Version: 1.0
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB50:EE_|PH7PR12MB7282:EE_
X-MS-Office365-Filtering-Correlation-Id: b913d920-c20a-4f68-c5e6-08dbe25c2436
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Message-Info: 
 ztNnS079Er6+ltcyMR6Btv8g0KpLaFJMSI1vZQ8GObnXeWVC6pRBh9m2G1jYvEaNOg3ww9S6ZwPnKaiJuKvqPyABjnIgC2nyXmN31GeWIn4+IPCgKU0kwO0WDAFeCT8kkQjVeCnMy4xBCNTI9VmpQiPKIPbzXkEf331DTVzStQrpOKFXm4nr4hytCrSifvqotiiPIZSlMQkA9Dsvf48rQcxohIiyV4dz9LcCQcqnWudS9h/7C+MqxKKWKv5EH25Ops+oHhB2D4fDbC6trYXhqoTWe00wDnaiNkryCQj/Ngr3lyzEDBegz5Kud+Rwoh+I/OZPgF6pdK/qGOM48BJ612qhTGPyIJAk6smWsws4N/JiqASHSUIunXGYQ7V4Jfx01/Sn71nNdG7uUryfbY/3ThvaxiBKJeYnurQifwv2h8Q1nEaVAMWQHCmPOFBrpavEQf8xTKmlBo0JIAxZ0kxGx0iWKcuD8qAqePIFHQ4ZgXAU5InemXKN9/hX2Bq9UYup51dD1u/nO/+nF10PKMt2FnKjaHwEhubPrSJM0zVxtp1XP01kqtZ4gCKUSNFTYCeRoALUfAFxc4MFWRfyftopV/rl8itSLncawNSdboHkAKB48dhvMZHCCxVrTwM77sZyTnj8D0LTODttiPU9an3Oz3sWrS09+1mPhoejaxjBUved8AtB65FW/YEBAe0Ob8MZjdjEbVgfobM+3iPKRwzzoeNrZs7nFbGHSftNBoKATQ9j2euZtRXK1m0jyLy3ju1DJHhLx6chTghj3pfRjCc0LA==
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2023 02:15:57.5182
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 b913d920-c20a-4f68-c5e6-08dbe25c2436
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 BL6PEPF0001AB50.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7282
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,Michael.Roth@amd.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: 
 <https://edk2.groups.io/g/devel/leave/3901457/1787277/102458076/plugh>
X-Gm-Message-State: AGfemdkA0c44jxPLaBRa8ksIx1787277AA=
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1699668968203100003
Content-Type: text/plain; charset="utf-8"

The struct used for GHCB-based page-state change requests uses a 40-bit
bit-field for the GFN, which is shifted by PAGE_SHIFT to generate a
64-bit address. However, anything beyond 40-bits simply gets shifted off
when doing this, which will cause issues when dealing with 1TB+
addresses. Fix this by casting the 40-bit GFN values to 64-bit ones
prior to shifting it by PAGE_SHIFT.

Fixes: ade62c18f474 ("OvmfPkg/MemEncryptSevLib: add support to validate sys=
tem RAM")
Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 .../BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c    | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInt=
ernal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeIntern=
al.c
index 85eb41585b..d52d2940e9 100644
--- a/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
+++ b/OvmfPkg/Library/BaseMemEncryptSevLib/X64/SnpPageStateChangeInternal.c
@@ -78,13 +78,14 @@ PvalidateRange (
   IN  BOOLEAN                     Validate

   )

 {

-  UINTN  Address, RmpPageSize, Ret, i;

+  UINTN                 RmpPageSize, Ret, i;

+  EFI_PHYSICAL_ADDRESS  Address;

=20

   for ( ; StartIndex <=3D EndIndex; StartIndex++) {

     //

     // Get the address and the page size from the Info.

     //

-    Address     =3D Info->Entry[StartIndex].GuestFrameNumber << EFI_PAGE_S=
HIFT;

+    Address     =3D ((UINT64)Info->Entry[StartIndex].GuestFrameNumber) << =
EFI_PAGE_SHIFT;

     RmpPageSize =3D Info->Entry[StartIndex].PageSize;

=20

     Ret =3D AsmPvalidate (RmpPageSize, Validate, Address);

--=20
2.25.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111110): https://edk2.groups.io/g/devel/message/111110
Mute This Topic: https://groups.io/mt/102520474/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-