From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 3721B2194D3B3 for ; Sat, 29 Sep 2018 22:25:53 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Sep 2018 22:25:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,322,1534834800"; d="scan'208";a="261590746" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.19]) by orsmga005.jf.intel.com with ESMTP; 29 Sep 2018 22:25:48 -0700 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Jiewen Yao Date: Sun, 30 Sep 2018 13:25:45 +0800 Message-Id: <20180930052545.8628-1-hao.a.wu@intel.com> X-Mailer: git-send-email 2.12.0.windows.1 Subject: [PATCH v1] MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Sep 2018 05:25:53 -0000 Speculative execution is used by processor to avoid having to wait for data to arrive from memory, or for previous operations to finish, the processor may speculate as to what will be executed. If the speculation is incorrect, the speculatively executed instructions might leave hints such as which memory locations have been brought into cache. Malicious actors can use the bounds check bypass method (code gadgets with controlled external inputs) to infer data values that have been used in speculative operations to reveal secrets which should not otherwise be accessed. This commit will focus on the SMI handler(s) registered within TestPointCheckLib & TestPointLib and insert AsmLfence API to mitigate the bounds check bypass issue. A. For SMI handler TestPointSmmHandler() within TestPointCheckLib: Under "case TEST_POINT_SMM_COMMUNICATION_FUNC_ID_UEFI_GCD_MAP_INFO:", 'CommBuffer' (controlled external inputs) is passed into function TestPointSmmReadyToBootSmmPageProtectionHandler(). Within function TestPointSmmReadyToBootSmmPageProtectionHandler(), the contents in 'CommBuffer' will be copied into 'CommData'. But if the size and sanity checks for the communication buffer is speculatively bypassed, '(UINTN)CommData + CommData->UefiMemoryMapOffset)' can potentially point to cross boundary area of 'CommData'. This pointer is then passed into function TestPointCheckSmmCommunicationBuffer() as 'UefiMemoryMap'. Within function TestPointCheckSmmCommunicationBuffer(), 'MemoryMap->PhysicalStart' can be a potential cross boundary access. And its value can be inferred by function calls sequence: TestPointCheckPageTable() via 'BaseAddress' GetPageTableEntry() via 'BaseAddress'. Then one can observe which part of the content within arrays 'L4PageTable', 'L3PageTable', 'L2PageTable' or 'L1PageTable', was brought into cache to possibly reveal the value. B. For SMI handler SmmTestPointSmiHandler() within TestPointLib: Under "case SMI_HANDLER_TEST_POINT_COMMAND_GET_DATA_BY_OFFSET:", 'CommBuffer' (controlled external inputs) is passed into function SmmTestPointSmiHandlerGetDataByOffset(). Within function SmmTestPointSmiHandlerGetDataByOffset(), the contents in 'CommBuffer' will be copied into 'SmiHandlerTestPointGetDataByOffset'. But if the size and sanity checks for the communication buffer is speculatively bypassed, 'SmiHandlerTestPointGetDataByOffset.DataSize' can be a potential cross boundary access. Then in function SmiHandlerTestPointCopyData(), this value can be inferred by code: CopyMem( DataBuffer, (UINT8 *)InputData + *DataOffset, (UINTN)*DataSize ); One can observe which part of the content within 'DataBuffer' was brought into cache to possibly reveal the cross bounary access value. Hence, this commit adds AsmLfence() calls after the boundary/range checks of the communication buffer to prevent the speculative execution. A more detailed explanation of the purpose of commit is under the 'Bounds check bypass mitigation' section of the below link: https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation And the document at: https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu --- Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c | 7 +++++++ Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c index b40469b278..dc40dae6d5 100644 --- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c +++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPointCheckLib.c @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include #include +#include #include #include #include @@ -374,6 +375,12 @@ TestPointSmmReadyToBootSmmPageProtectionHandler ( } if (CommData->UefiMemoryMapSize != 0) { + // + // The AsmLfence() call here is to ensure the previous range/content checks + // for the CommBuffer (copied in to CommData) have been completed before + // calling into TestPointCheckSmmCommunicationBuffer(). + // + AsmLfence (); Result = TRUE; Status = TestPointCheckSmmCommunicationBuffer ( diff --git a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c index cce0538832..b4757da046 100644 --- a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c +++ b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCommunication.c @@ -251,7 +251,13 @@ SmmTestPointSmiHandlerGetDataByOffset ( SmiHandlerTestPointParameterGetDataByOffset->Header.ReturnStatus = (UINT64)(INT64)(INTN)Status; goto Done; } - + + // + // The AsmLfence() call here is to ensure the previous range/content checks + // for the CommBuffer have been completed before calling into + // SmiHandlerTestPointCopyData(). + // + AsmLfence (); SmiHandlerTestPointCopyData ( Data, DataSize, -- 2.12.0.windows.1