From: Ruiyu Ni <ruiyu.ni@intel.com>
To: edk2-devel@lists.01.org
Cc: Eric Dong <eric.dong@intel.com>, Laszlo Ersek <lersek@redhat.com>,
Andrew Fish <afish@apple.com>,
Leif Lindholm <leif.lindholm@linaro.org>,
Michael D Kinney <michael.d.kinney@intel.com>
Subject: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
Date: Tue, 13 Nov 2018 15:35:10 +0800 [thread overview]
Message-ID: <20181113073510.31208-1-ruiyu.ni@intel.com> (raw)
The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b
* UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled
FEATURE_CONTROL.Lock bit is controlled by feature
CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 fixes
a bug that when the feature is disabled, the Lock bit is cleared.
But it's a security hole if the bit is cleared when booting OS.
We can argue that platform needs to make sure the value
of PcdCpuFeaturesUserConfiguration should be set properly to make
sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.
But it's better to guarantee this in the generic core code.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
---
UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
index 631c836857..8c1eb5eb4f 100644
--- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
+++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
@@ -1,7 +1,7 @@
/** @file
Features in MSR_IA32_FEATURE_CONTROL register.
- Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -184,15 +184,6 @@ LockFeatureControlRegisterInitialize (
{
MSR_IA32_FEATURE_CONTROL_REGISTER *MsrRegister;
- //
- // When Lock Feature Control Register feature is disabled,
- // just skip the MSR lock bit setting.
- // The MSR lock bit is cleared by default and write-once in a boot.
- //
- if (!State) {
- return RETURN_SUCCESS;
- }
-
//
// The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
// below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
--
2.16.1.windows.1
next reply other threads:[~2018-11-13 7:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-13 7:35 Ruiyu Ni [this message]
2018-11-13 7:43 ` [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock Ni, Ruiyu
2018-11-14 0:11 ` Dong, Eric
2018-11-13 14:13 ` Laszlo Ersek
2018-11-14 3:07 ` Ni, Ruiyu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181113073510.31208-1-ruiyu.ni@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox