From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.5863.1612335960341924648 for ; Tue, 02 Feb 2021 23:06:00 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: aaron.li@intel.com) IronPort-SDR: EfTN0d5qWzbHlFbFu8IyluDOYoNAVxTDUIAH1Qwkx1lDghwmpiTWwnPa/64nJycg/KZRbEnqVx 4jrWg/RXn74g== X-IronPort-AV: E=McAfee;i="6000,8403,9883"; a="245073423" X-IronPort-AV: E=Sophos;i="5.79,397,1602572400"; d="scan'208";a="245073423" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Feb 2021 23:05:58 -0800 IronPort-SDR: 0DPagZnzM9IV8RLDC9+Xglggns0uuOLkg9O3INJtwxWhNq+l2nyKt3+3Bx+/29Zz6k0FTmYvbJ O4UQTzgjKTFw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.79,397,1602572400"; d="scan'208";a="392299331" Received: from sh1gapp1015.ccr.corp.intel.com ([10.239.189.85]) by orsmga008.jf.intel.com with ESMTP; 02 Feb 2021 23:05:57 -0800 From: "Aaron Li" To: devel@edk2.groups.io Cc: Ray Ni , Rangasai V Chaganty , Siyuan Fu Subject: [PATCH v1 1/1] IntelSiliconPkg/ShadowMicrocodePei: Add microcode header verification. Date: Wed, 3 Feb 2021 15:05:54 +0800 Message-Id: <20210203070554.1981-1-aaron.li@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3196 Microcode header should be checked before calling IsMicrocodePatchNeedLoad(). This is to make sure garbage value after remove microcode from FV would not cause stack overflow in IsMicrocodePatchNeedLoad(). Signed-off-by: Aaron Li Cc: Ray Ni Cc: Rangasai V Chaganty Cc: Siyuan Fu --- Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocodePei.c= | 30 +++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMi= crocodePei.c b/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/Shadow= MicrocodePei.c index 1494397a8e36..98a7aed69757 100644 --- a/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocode= Pei.c +++ b/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocode= Pei.c @@ -402,6 +402,7 @@ ShadowMicrocode ( UINTN MaxPatchNumber;=0D CPU_MICROCODE_HEADER *MicrocodeEntryPoint;=0D UINTN PatchCount;=0D + UINTN DataSize;=0D UINTN TotalSize;=0D UINTN TotalLoadSize;=0D =0D @@ -446,7 +447,34 @@ ShadowMicrocode ( for (Index =3D 0; Index < EntryNum; Index++) {=0D if (FitEntry[Index].Type =3D=3D FIT_TYPE_01_MICROCODE) {=0D MicrocodeEntryPoint =3D (CPU_MICROCODE_HEADER *) (UINTN) FitEntry[In= dex].Address;=0D - TotalSize =3D (MicrocodeEntryPoint->DataSize =3D=3D 0) ? 2048 : Micr= ocodeEntryPoint->TotalSize;=0D +=0D + if (*(UINT32 *) MicrocodeEntryPoint =3D=3D 0xFFFFFFFF) {=0D + //=0D + // An empty slot for reserved microcode update, skip to check next= entry.=0D + //=0D + continue;=0D + }=0D +=0D + if (MicrocodeEntryPoint->HeaderVersion !=3D 0x1) {=0D + //=0D + // Not a valid microcode header, skip to check next entry.=0D + //=0D + continue;=0D + }=0D +=0D + DataSize =3D MicrocodeEntryPoint->DataSize;=0D + TotalSize =3D (DataSize =3D=3D 0) ? 2048 : MicrocodeEntryPoint->Tota= lSize;=0D + if ( (UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize) ||=0D + (DataSize & 0x3) !=3D 0 ||=0D + (TotalSize & (SIZE_1KB - 1)) !=3D 0 ||=0D + TotalSize < DataSize=0D + ) {=0D + //=0D + // Not a valid microcode header, skip to check next entry.=0D + //=0D + continue;=0D + }=0D +=0D if (IsMicrocodePatchNeedLoad (CpuIdCount, MicrocodeCpuId, MicrocodeE= ntryPoint)) {=0D PatchInfoBuffer[PatchCount].Address =3D (UINTN) MicrocodeEntry= Point;=0D PatchInfoBuffer[PatchCount].Size =3D TotalSize;=0D --=20 2.29.2.windows.2