public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
@ 2018-11-13  7:35 Ruiyu Ni
  2018-11-13  7:43 ` Ni, Ruiyu
  2018-11-13 14:13 ` Laszlo Ersek
  0 siblings, 2 replies; 5+ messages in thread
From: Ruiyu Ni @ 2018-11-13  7:35 UTC (permalink / raw)
  To: edk2-devel
  Cc: Eric Dong, Laszlo Ersek, Andrew Fish, Leif Lindholm,
	Michael D Kinney

The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b
* UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled

FEATURE_CONTROL.Lock bit is controlled by feature
CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 fixes
a bug that when the feature is disabled, the Lock bit is cleared.
But it's a security hole if the bit is cleared when booting OS.
We can argue that platform needs to make sure the value
of PcdCpuFeaturesUserConfiguration should be set properly to make
sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.

But it's better to guarantee this in the generic core code.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
---
 UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
index 631c836857..8c1eb5eb4f 100644
--- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
+++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
@@ -1,7 +1,7 @@
 /** @file
   Features in MSR_IA32_FEATURE_CONTROL register.
 
-  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
   This program and the accompanying materials
   are licensed and made available under the terms and conditions of the BSD License
   which accompanies this distribution.  The full text of the license may be found at
@@ -184,15 +184,6 @@ LockFeatureControlRegisterInitialize (
 {
   MSR_IA32_FEATURE_CONTROL_REGISTER    *MsrRegister;
 
-  //
-  // When Lock Feature Control Register feature is disabled,
-  // just skip the MSR lock bit setting.
-  // The MSR lock bit is cleared by default and write-once in a boot.
-  //
-  if (!State) {
-    return RETURN_SUCCESS;
-  }
-
   //
   // The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
   // below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
-- 
2.16.1.windows.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
  2018-11-13  7:35 [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock Ruiyu Ni
@ 2018-11-13  7:43 ` Ni, Ruiyu
  2018-11-14  0:11   ` Dong, Eric
  2018-11-13 14:13 ` Laszlo Ersek
  1 sibling, 1 reply; 5+ messages in thread
From: Ni, Ruiyu @ 2018-11-13  7:43 UTC (permalink / raw)
  To: edk2-devel@lists.01.org, 'Andrew Fish (afish@apple.com)',
	Leif Lindholm, Kinney, Michael D, Laszlo Ersek
  Cc: Dong, Eric

All Tianocore stewards,
I'd like to include the below patch (a revert patch) in this stable tag release.

It's to fix a potential security hole when platform mis-configures the
PcdCpuFeaturesUserConfiguration.

Thanks/Ray

> -----Original Message-----
> From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of Ruiyu Ni
> Sent: Tuesday, November 13, 2018 3:35 PM
> To: edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Dong, Eric <eric.dong@intel.com>
> Subject: [edk2] [PATCH] UefiCpuPkg/CommonFeature: Always set
> FEATURE_CONTROL.Lock
> 
> The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b
> * UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled
> 
> FEATURE_CONTROL.Lock bit is controlled by feature
> CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649
> fixes
> a bug that when the feature is disabled, the Lock bit is cleared.
> But it's a security hole if the bit is cleared when booting OS.
> We can argue that platform needs to make sure the value
> of PcdCpuFeaturesUserConfiguration should be set properly to make
> sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.
> 
> But it's better to guarantee this in the generic core code.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11 +--------
> --
>  1 file changed, 1 insertion(+), 10 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> index 631c836857..8c1eb5eb4f 100644
> --- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> +++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Features in MSR_IA32_FEATURE_CONTROL register.
> 
> -  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions of the BSD
> License
>    which accompanies this distribution.  The full text of the license may be
> found at
> @@ -184,15 +184,6 @@ LockFeatureControlRegisterInitialize (
>  {
>    MSR_IA32_FEATURE_CONTROL_REGISTER    *MsrRegister;
> 
> -  //
> -  // When Lock Feature Control Register feature is disabled,
> -  // just skip the MSR lock bit setting.
> -  // The MSR lock bit is cleared by default and write-once in a boot.
> -  //
> -  if (!State) {
> -    return RETURN_SUCCESS;
> -  }
> -
>    //
>    // The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
>    // below processor type, only program MSR_IA32_FEATURE_CONTROL for
> thread 0 in each
> --
> 2.16.1.windows.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
  2018-11-13  7:35 [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock Ruiyu Ni
  2018-11-13  7:43 ` Ni, Ruiyu
@ 2018-11-13 14:13 ` Laszlo Ersek
  2018-11-14  3:07   ` Ni, Ruiyu
  1 sibling, 1 reply; 5+ messages in thread
From: Laszlo Ersek @ 2018-11-13 14:13 UTC (permalink / raw)
  To: Ruiyu Ni, edk2-devel
  Cc: Eric Dong, Andrew Fish, Leif Lindholm, Michael D Kinney

Hello Ray,

On 11/13/18 08:35, Ruiyu Ni wrote:
> The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b
> * UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled
> 
> FEATURE_CONTROL.Lock bit is controlled by feature
> CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 fixes
> a bug that when the feature is disabled, the Lock bit is cleared.
> But it's a security hole if the bit is cleared when booting OS.
> We can argue that platform needs to make sure the value
> of PcdCpuFeaturesUserConfiguration should be set properly to make
> sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.
> 
> But it's better to guarantee this in the generic core code.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11 +----------
>  1 file changed, 1 insertion(+), 10 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> index 631c836857..8c1eb5eb4f 100644
> --- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> +++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Features in MSR_IA32_FEATURE_CONTROL register.
>  
> -  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions of the BSD License
>    which accompanies this distribution.  The full text of the license may be found at
> @@ -184,15 +184,6 @@ LockFeatureControlRegisterInitialize (
>  {
>    MSR_IA32_FEATURE_CONTROL_REGISTER    *MsrRegister;
>  
> -  //
> -  // When Lock Feature Control Register feature is disabled,
> -  // just skip the MSR lock bit setting.
> -  // The MSR lock bit is cleared by default and write-once in a boot.
> -  //
> -  if (!State) {
> -    return RETURN_SUCCESS;
> -  }
> -
>    //
>    // The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
>    // below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
> 

(1) The following TianoCore BZ:

  https://bugzilla.tianocore.org/show_bug.cgi?id=1305

is in status RESOLVED|FIXED.

When you push this patch:

- please re-open BZ#1305,
- record the commit hash of this patch in BZ#1305.

(2) Please reference BZ#1305 in the commit message.

(3) Eric should provide an R-b for this revert, before you push it. My
current comments are not sufficient for that.

--*--

For the file "UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c",
there have been no further commits since 1ed6498c4a02 (with master being
at da2c81ee96eb now), so this looks like a proper revert.

And, assuming your assessment of the security impact is correct, I agree
this revert should be pushed, before we apply the edk2-stable201811 tag.

With (1) through (3) addressed:

Acked-by: Laszlo Ersek <lersek@redhat.com>

Thanks,
Laszlo


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
  2018-11-13  7:43 ` Ni, Ruiyu
@ 2018-11-14  0:11   ` Dong, Eric
  0 siblings, 0 replies; 5+ messages in thread
From: Dong, Eric @ 2018-11-14  0:11 UTC (permalink / raw)
  To: Ni, Ruiyu, edk2-devel@lists.01.org,
	'Andrew Fish (afish@apple.com)', Leif Lindholm,
	Kinney, Michael D, Laszlo Ersek

Reviewed-by: Eric Dong <eric.dong@intel.com>

> -----Original Message-----
> From: Ni, Ruiyu
> Sent: Tuesday, November 13, 2018 3:43 PM
> To: edk2-devel@lists.01.org; 'Andrew Fish (afish@apple.com)'
> <afish@apple.com>; Leif Lindholm <leif.lindholm@linaro.org>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Laszlo Ersek <lersek@redhat.com>
> Cc: Dong, Eric <eric.dong@intel.com>
> Subject: RE: [edk2] [PATCH] UefiCpuPkg/CommonFeature: Always set
> FEATURE_CONTROL.Lock
> 
> All Tianocore stewards,
> I'd like to include the below patch (a revert patch) in this stable tag release.
> 
> It's to fix a potential security hole when platform mis-configures the
> PcdCpuFeaturesUserConfiguration.
> 
> Thanks/Ray
> 
> > -----Original Message-----
> > From: edk2-devel <edk2-devel-bounces@lists.01.org> On Behalf Of Ruiyu
> > Ni
> > Sent: Tuesday, November 13, 2018 3:35 PM
> > To: edk2-devel@lists.01.org
> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Laszlo Ersek
> > <lersek@redhat.com>; Dong, Eric <eric.dong@intel.com>
> > Subject: [edk2] [PATCH] UefiCpuPkg/CommonFeature: Always set
> > FEATURE_CONTROL.Lock
> >
> > The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b
> > * UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled
> >
> > FEATURE_CONTROL.Lock bit is controlled by feature
> > CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649
> fixes a
> > bug that when the feature is disabled, the Lock bit is cleared.
> > But it's a security hole if the bit is cleared when booting OS.
> > We can argue that platform needs to make sure the value of
> > PcdCpuFeaturesUserConfiguration should be set properly to make sure
> > feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.
> >
> > But it's better to guarantee this in the generic core code.
> >
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> > Cc: Eric Dong <eric.dong@intel.com>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Andrew Fish <afish@apple.com>
> > Cc: Leif Lindholm <leif.lindholm@linaro.org>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > ---
> >  UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11
> > +--------
> > --
> >  1 file changed, 1 insertion(+), 10 deletions(-)
> >
> > diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> > b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> > index 631c836857..8c1eb5eb4f 100644
> > --- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> > +++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> > @@ -1,7 +1,7 @@
> >  /** @file
> >    Features in MSR_IA32_FEATURE_CONTROL register.
> >
> > -  Copyright (c) 2017 - 2018, Intel Corporation. All rights
> > reserved.<BR>
> > +  Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
> >    This program and the accompanying materials
> >    are licensed and made available under the terms and conditions of
> > the BSD License
> >    which accompanies this distribution.  The full text of the license
> > may be found at @@ -184,15 +184,6 @@
> > LockFeatureControlRegisterInitialize (  {
> >    MSR_IA32_FEATURE_CONTROL_REGISTER    *MsrRegister;
> >
> > -  //
> > -  // When Lock Feature Control Register feature is disabled,
> > -  // just skip the MSR lock bit setting.
> > -  // The MSR lock bit is cleared by default and write-once in a boot.
> > -  //
> > -  if (!State) {
> > -    return RETURN_SUCCESS;
> > -  }
> > -
> >    //
> >    // The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
> >    // below processor type, only program MSR_IA32_FEATURE_CONTROL
> for
> > thread 0 in each
> > --
> > 2.16.1.windows.1
> >
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
  2018-11-13 14:13 ` Laszlo Ersek
@ 2018-11-14  3:07   ` Ni, Ruiyu
  0 siblings, 0 replies; 5+ messages in thread
From: Ni, Ruiyu @ 2018-11-14  3:07 UTC (permalink / raw)
  To: Laszlo Ersek, edk2-devel
  Cc: Eric Dong, Andrew Fish, Leif Lindholm, Michael D Kinney

Laszlo,
Thanks for your understanding.

@Liming,
The patch is pushed!


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-11-14  3:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-13  7:35 [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock Ruiyu Ni
2018-11-13  7:43 ` Ni, Ruiyu
2018-11-14  0:11   ` Dong, Eric
2018-11-13 14:13 ` Laszlo Ersek
2018-11-14  3:07   ` Ni, Ruiyu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox