From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: zhichao.gao@intel.com) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by groups.io with SMTP; Tue, 25 Jun 2019 18:17:49 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jun 2019 18:17:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,418,1557212400"; d="scan'208";a="183013760" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga001.fm.intel.com with ESMTP; 25 Jun 2019 18:17:48 -0700 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 25 Jun 2019 18:17:48 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 25 Jun 2019 18:17:48 -0700 Received: from shsmsx101.ccr.corp.intel.com ([169.254.1.87]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.246]) with mapi id 14.03.0439.000; Wed, 26 Jun 2019 09:17:46 +0800 From: "Gao, Zhichao" To: "Dong, Eric" , "devel@edk2.groups.io" CC: "Ni, Ray" , Laszlo Ersek , "Gao, Liming" Subject: Re: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid Thread-Topic: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid Thread-Index: AQHVK2jjULqZ9GU+TEaeyNUWtHhRiaatGhPggAAFQ0A= Date: Wed, 26 Jun 2019 01:17:44 +0000 Message-ID: <3CE959C139B4C44DBEA1810E3AA6F9000B7F7306@SHSMSX101.ccr.corp.intel.com> References: <20190625151541.28632-1-zhichao.gao@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: zhichao.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable HI Eric, I think of the comments as blow: Check overflow and whether TotalSize is aligned with 4 bytes. =3D=3D> Check whether (MicrocodeEntryPoint + TotalSize) is in the microcode data ra= nge and whether TotalSize is aligned with 4 bytes. This is the first check of the microcode data and TotalSize may be an inval= id value. So ensure the check range is within the microcode data range. And next check would ju= dge whether the data is microcode or not. Thanks, Zhichao > -----Original Message----- > From: Dong, Eric > Sent: Wednesday, June 26, 2019 8:48 AM > To: Gao, Zhichao ; devel@edk2.groups.io > Cc: Ni, Ray ; Laszlo Ersek ; Gao, > Liming > Subject: RE: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure > checked range is valid >=20 > Hi Zhichao, >=20 > Reviewed-by: Eric Dong >=20 > It's better to add some comments in the code to explain the change which > make the code easy to be understood. >=20 > Thanks, > Eric >=20 > > -----Original Message----- > > From: Gao, Zhichao > > Sent: Tuesday, June 25, 2019 11:16 PM > > To: devel@edk2.groups.io > > Cc: Dong, Eric ; Ni, Ray ; > > Laszlo Ersek ; Gao, Liming > > Subject: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure > > checked range is valid > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1934 > > > > V1: > > Originally, the checksum part would done before verfiy the microcode da= ta. > > Which meas the checksum would be done for a meaningless data. > > It would cause a incorrect TotalSize (the size of microcode data), > > then incorrect checksum and incorrect pointer increasing would happen. > > To fix this, move the checksum part 1 section in 'if > > (MicrocodeEntryPoint- > > >HeaderVersion =3D=3D 0x1)' section for a valid microcode data. > > > > V2: > > 'if (MicrocodeEntryPoint->HeaderVersion =3D=3D 0x1)' condition doesn't > > make sure the entry data is a valid microcode. So abandon it. Instead, > > make sure the checked data is in the microcode data range. Because the > > DataSize of non microcde data may make (MicrocodeEntryPoint + > > TotalSize) larger than 0xffffffff. For PEI driver, UINTN is 32bit and > > the result is overflow and it may be a very small value. That means > > the checksum check would be done out of the microcode range. > > > > Cc: Eric Dong > > Cc: Ray Ni > > Cc: Laszlo Ersek > > Cc: Liming Gao > > Signed-off-by: Zhichao Gao > > --- > > UefiCpuPkg/Library/MpInitLib/Microcode.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/UefiCpuPkg/Library/MpInitLib/Microcode.c > > b/UefiCpuPkg/Library/MpInitLib/Microcode.c > > index 4763dcfebe..6c0995cb0d 100644 > > --- a/UefiCpuPkg/Library/MpInitLib/Microcode.c > > +++ b/UefiCpuPkg/Library/MpInitLib/Microcode.c > > @@ -1,7 +1,7 @@ > > /** @file > > Implementation of loading microcode on processors. > > > > - Copyright (c) 2015 - 2018, Intel Corporation. All rights > > reserved.
> > + Copyright (c) 2015 - 2019, Intel Corporation. All rights > > + reserved.
> > SPDX-License-Identifier: BSD-2-Clause-Patent > > > > **/ > > @@ -170,6 +170,7 @@ MicrocodeDetect ( > > /// Check overflow and whether TotalSize is aligned with 4 bytes. > > /// > > if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd || > > + ((UINTN)MicrocodeEntryPoint + TotalSize) < (UINTN) > > + CpuMpData->MicrocodePatchAddress || > > (TotalSize & 0x3) !=3D 0 > > ) { > > MicrocodeEntryPoint =3D (CPU_MICROCODE_HEADER *) (((UINTN) > > MicrocodeEntryPoint) + SIZE_1KB); > > -- > > 2.21.0.windows.1