On Thu, Apr 18, 2024 at 9:39 AM Adam Dunlap <acdun...@google.com> wrote:
>
> On Thu, Apr 18, 2024 at 5:15 AM Gerd Hoffmann <kra...@redhat.com> wrote:
> >
> > On Wed, Apr 17, 2024 at 09:54:00AM -0700, Adam Dunlap via groups.io wrote:
> > > + UINT8 OpCode;
> >
> > The linux kernel patch uses "unsigned int opcode" and apparently
> > checks more than just the first byte for multi-byte opcodes. Why
> > do it differently here?
>
> Good question. This patch does check for two-byte opcodes with this snippet:
>
> + OpCode = *(InstructionData->OpCodes);
> + if (OpCode == TWO_BYTE_OPCODE_ESCAPE) {
> + OpCode = *(InstructionData->OpCodes + 1);
> + }
>
> This works because the first byte of two-byte opcodes is always 0x0f in the
> cases that we're checking for. I was wary about blindly dereferencing two
> bytes since that could cause a page fault if it was actually a 1 byte opcode
> that was at the very end of an allocated region. This is also what is done in
> the MmioExit function in this file. The linux kernel instruction decoder is
> much
> more extensive than what is done here and I didn't want to duplicate the
> whole thing.
>
> > On the bigger picture: I'm wondering why SNP allows external #VC
> > injections in the first place?
>
> Yup, I think it'd be better if it didn't.
I think this is a small mitigation until linux + edk2 guest's support
restricted or alternate interrupt injection. I suggested Adam send
this just to have parity between edk2 and linux.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117996): https://edk2.groups.io/g/devel/message/117996
Mute This Topic: https://groups.io/mt/105581633/21656
Mute #vc:https://edk2.groups.io/g/devel/mutehashtag/vc
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
