From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga12.intel.com (mga12.intel.com [192.55.52.136])
 by mx.groups.io with SMTP id smtpd.web12.6684.1611907283501156779
 for <devel@edk2.groups.io>;
 Fri, 29 Jan 2021 00:01:23 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: guomin.jiang@intel.com)
IronPort-SDR: /EpKpgAPkNbcMVfxudQEW8fwNVieSd0I0hNzbpPnkANT3Rg0KulDlQ0PUkR0jD6l8fO3B5d7T5
 wDK6i884ja/A==
X-IronPort-AV: E=McAfee;i="6000,8403,9878"; a="159556286"
X-IronPort-AV: E=Sophos;i="5.79,384,1602572400"; 
   d="scan'208";a="159556286"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jan 2021 00:01:06 -0800
IronPort-SDR: noP6dXVdtCdl6w4rmL0XjfAVVNmC3xVF9lx2EUlW5f9Vr6YXtNow4qvKjAtAdEcE33NIqZZ86f
 mHHV9YOs2Dwg==
X-IronPort-AV: E=Sophos;i="5.79,384,1602572400"; 
   d="scan'208";a="389207103"
Received: from guominji-mobl.ccr.corp.intel.com ([10.238.14.22])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Jan 2021 00:01:04 -0800
From: "Guomin Jiang" <guomin.jiang@intel.com>
To: devel@edk2.groups.io
Cc: Eric Dong <eric.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	Rahul Kumar <rahul1.kumar@intel.com>,
	Debkumar De <debkumar.de@intel.com>,
	Harry Han <harry.han@intel.com>,
	Catharine West <catharine.west@intel.com>
Subject: [PATCH v2 1/1] UefiCpuPkg: Move MigrateGdt from DiscoverMemory to TempRamDone. (CVE-2019-11098)
Date: Fri, 29 Jan 2021 16:00:44 +0800
Message-Id: <20210129080044.1366-1-guomin.jiang@intel.com>
X-Mailer: git-send-email 2.30.0.windows.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1614
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3160

The GDT still in flash with commit 60b12e69fb1c8c7180fdda92f008248b9ec83db1
after TempRamDone

So move the action to TempRamDone event to avoid reading GDT from flash.

Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
---
 UefiCpuPkg/CpuMpPei/CpuMpPei.inf |  1 -
 UefiCpuPkg/SecCore/SecCore.inf   |  1 +
 UefiCpuPkg/CpuMpPei/CpuMpPei.c   | 37 --------------------------
 UefiCpuPkg/CpuMpPei/CpuPaging.c  |  8 ------
 UefiCpuPkg/SecCore/SecMain.c     | 45 ++++++++++++++++++++++++++++++++
 5 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
index 7e511325d8b8..fd50b55f06cb 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
@@ -66,7 +66,6 @@ [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList              ## SOMETIMES_CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize                    ## SOMETIMES_CONSUMES
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize                           ## SOMETIMES_CONSUMES
-  gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes  ## CONSUMES
 
 [Depex]
   TRUE
diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf
index 545781d6b4b3..ded83beb5272 100644
--- a/UefiCpuPkg/SecCore/SecCore.inf
+++ b/UefiCpuPkg/SecCore/SecCore.inf
@@ -77,6 +77,7 @@ [Guids]
 
 [Pcd]
   gUefiCpuPkgTokenSpaceGuid.PcdPeiTemporaryRamStackSize  ## CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes  ## CONSUMES
 
 [UserExtensions.TianoCore."ExtraFiles"]
   SecCoreExtra.uni
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
index d07540cf7471..07ccbe7c6a91 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
@@ -429,43 +429,6 @@ GetGdtr (
   AsmReadGdtr ((IA32_DESCRIPTOR *)Buffer);
 }
 
-/**
-  Migrates the Global Descriptor Table (GDT) to permanent memory.
-
-  @retval   EFI_SUCCESS           The GDT was migrated successfully.
-  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to lack of available memory.
-
-**/
-EFI_STATUS
-MigrateGdt (
-  VOID
-  )
-{
-  EFI_STATUS          Status;
-  UINTN               GdtBufferSize;
-  IA32_DESCRIPTOR     Gdtr;
-  VOID                *GdtBuffer;
-
-  AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);
-  GdtBufferSize = sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1;
-
-  Status =  PeiServicesAllocatePool (
-              GdtBufferSize,
-              &GdtBuffer
-              );
-  ASSERT (GdtBuffer != NULL);
-  if (EFI_ERROR (Status)) {
-    return EFI_OUT_OF_RESOURCES;
-  }
-
-  GdtBuffer = ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTOR));
-  CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
-  Gdtr.Base = (UINTN) GdtBuffer;
-  AsmWriteGdtr (&Gdtr);
-
-  return EFI_SUCCESS;
-}
-
 /**
   Initializes CPU exceptions handlers for the sake of stack switch requirement.
 
diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c
index 50ad4277af79..3e261d6657b3 100644
--- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
+++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
@@ -605,17 +605,9 @@ MemoryDiscoveredPpiNotifyCallback (
 {
   EFI_STATUS              Status;
   BOOLEAN                 InitStackGuard;
-  BOOLEAN                 InterruptState;
   EDKII_MIGRATED_FV_INFO  *MigratedFvInfo;
   EFI_PEI_HOB_POINTERS    Hob;
 
-  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
-    InterruptState = SaveAndDisableInterrupts ();
-    Status = MigrateGdt ();
-    ASSERT_EFI_ERROR (Status);
-    SetInterruptState (InterruptState);
-  }
-
   //
   // Paging must be setup first. Otherwise the exception TSS setup during MP
   // initialization later will not contain paging information and then fail
diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
index 155be49a6011..2416c4ce56b2 100644
--- a/UefiCpuPkg/SecCore/SecMain.c
+++ b/UefiCpuPkg/SecCore/SecMain.c
@@ -35,6 +35,43 @@ EFI_PEI_PPI_DESCRIPTOR            mPeiSecPlatformInformationPpi[] = {
   }
 };
 
+/**
+  Migrates the Global Descriptor Table (GDT) to permanent memory.
+
+  @retval   EFI_SUCCESS           The GDT was migrated successfully.
+  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to lack of available memory.
+
+**/
+EFI_STATUS
+MigrateGdt (
+  VOID
+  )
+{
+  EFI_STATUS          Status;
+  UINTN               GdtBufferSize;
+  IA32_DESCRIPTOR     Gdtr;
+  VOID                *GdtBuffer;
+
+  AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);
+  GdtBufferSize = sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1;
+
+  Status =  PeiServicesAllocatePool (
+              GdtBufferSize,
+              &GdtBuffer
+              );
+  ASSERT (GdtBuffer != NULL);
+  if (EFI_ERROR (Status)) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  GdtBuffer = ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTOR));
+  CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
+  Gdtr.Base = (UINTN) GdtBuffer;
+  AsmWriteGdtr (&Gdtr);
+
+  return EFI_SUCCESS;
+}
+
 //
 // These are IDT entries pointing to 10:FFFFFFE4h.
 //
@@ -409,6 +446,14 @@ SecTemporaryRamDone (
   //
   State = SaveAndDisableInterrupts ();
 
+  //
+  // Migrate GDT before NEM near down
+  //
+  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
+    Status = MigrateGdt ();
+    ASSERT_EFI_ERROR (Status);
+  }
+
   //
   // Disable Temporary RAM after Stack and Heap have been migrated at this point.
   //
-- 
2.25.1.windows.1