public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>
Subject: [PATCH v1] MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass
Date: Sun, 30 Sep 2018 13:25:45 +0800	[thread overview]
Message-ID: <20180930052545.8628-1-hao.a.wu@intel.com> (raw)

Speculative execution is used by processor to avoid having to wait for
data to arrive from memory, or for previous operations to finish, the
processor may speculate as to what will be executed.

If the speculation is incorrect, the speculatively executed instructions
might leave hints such as which memory locations have been brought into
cache. Malicious actors can use the bounds check bypass method (code
gadgets with controlled external inputs) to infer data values that have
been used in speculative operations to reveal secrets which should not
otherwise be accessed.

This commit will focus on the SMI handler(s) registered within
TestPointCheckLib & TestPointLib and insert AsmLfence API to mitigate the
bounds check bypass issue.

A. For SMI handler TestPointSmmHandler() within TestPointCheckLib:

Under "case TEST_POINT_SMM_COMMUNICATION_FUNC_ID_UEFI_GCD_MAP_INFO:",
'CommBuffer' (controlled external inputs) is passed into function
TestPointSmmReadyToBootSmmPageProtectionHandler().

Within function TestPointSmmReadyToBootSmmPageProtectionHandler(), the
contents in 'CommBuffer' will be copied into 'CommData'. But if the size
and sanity checks for the communication buffer is speculatively bypassed,
'(UINTN)CommData + CommData->UefiMemoryMapOffset)' can potentially point
to cross boundary area of 'CommData'. This pointer is then passed into
function TestPointCheckSmmCommunicationBuffer() as 'UefiMemoryMap'.

Within function TestPointCheckSmmCommunicationBuffer(),
'MemoryMap->PhysicalStart' can be a potential cross boundary access. And
its value can be inferred by function calls sequence:

TestPointCheckPageTable() via 'BaseAddress'
GetPageTableEntry() via 'BaseAddress'. Then one can observe which part of
the content within arrays 'L4PageTable', 'L3PageTable', 'L2PageTable' or
'L1PageTable', was brought into cache to possibly reveal the value.

B. For SMI handler SmmTestPointSmiHandler() within TestPointLib:

Under "case SMI_HANDLER_TEST_POINT_COMMAND_GET_DATA_BY_OFFSET:",
'CommBuffer' (controlled external inputs) is passed into function
SmmTestPointSmiHandlerGetDataByOffset().

Within function SmmTestPointSmiHandlerGetDataByOffset(), the contents in
'CommBuffer' will be copied into 'SmiHandlerTestPointGetDataByOffset'. But
if the size and sanity checks for the communication buffer is
speculatively bypassed, 'SmiHandlerTestPointGetDataByOffset.DataSize' can
be a potential cross boundary access.

Then in function SmiHandlerTestPointCopyData(), this value can be inferred
by code:
  CopyMem(
    DataBuffer,
    (UINT8 *)InputData + *DataOffset,
    (UINTN)*DataSize
    );
One can observe which part of the content within 'DataBuffer' was brought
into cache to possibly reveal the cross bounary access value.

Hence, this commit adds AsmLfence() calls after the boundary/range checks
of the communication buffer to prevent the speculative execution.

A more detailed explanation of the purpose of commit is under the
'Bounds check bypass mitigation' section of the below link:
https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation

And the document at:
https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf

Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c | 7 +++++++
 Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c | 8 +++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c
index b40469b278..dc40dae6d5 100644
--- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c
+++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c
@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <PiSmm.h>
 #include <Library/TestPointCheckLib.h>
 #include <Library/TestPointLib.h>
+#include <Library/BaseLib.h>
 #include <Library/DebugLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/MemoryAllocationLib.h>
@@ -374,6 +375,12 @@ TestPointSmmReadyToBootSmmPageProtectionHandler (
   }
 
   if (CommData->UefiMemoryMapSize != 0) {
+    //
+    // The AsmLfence() call here is to ensure the previous range/content checks
+    // for the CommBuffer (copied in to CommData) have been completed before
+    // calling into TestPointCheckSmmCommunicationBuffer().
+    //
+    AsmLfence ();
     Result = TRUE;
 
     Status = TestPointCheckSmmCommunicationBuffer (
diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c
index cce0538832..b4757da046 100644
--- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c
+++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c
@@ -251,7 +251,13 @@ SmmTestPointSmiHandlerGetDataByOffset (
     SmiHandlerTestPointParameterGetDataByOffset->Header.ReturnStatus = (UINT64)(INT64)(INTN)Status;
     goto Done;
   }
-  
+
+  //
+  // The AsmLfence() call here is to ensure the previous range/content checks
+  // for the CommBuffer have been completed before calling into
+  // SmiHandlerTestPointCopyData().
+  //
+  AsmLfence ();
   SmiHandlerTestPointCopyData (
     Data,
     DataSize,
-- 
2.12.0.windows.1



             reply	other threads:[~2018-09-30  5:25 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-30  5:25 Hao Wu [this message]
2018-09-30  5:33 ` [PATCH v1] MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass Wu, Hao A

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180930052545.8628-1-hao.a.wu@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox