From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: liming.gao@intel.com)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by groups.io with SMTP; Tue, 25 Jun 2019 18:35:57 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
  by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jun 2019 18:35:56 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,418,1557212400"; 
   d="scan'208";a="184682932"
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
  by fmsmga004.fm.intel.com with ESMTP; 25 Jun 2019 18:35:56 -0700
Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 25 Jun 2019 18:35:56 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 fmsmsx109.amr.corp.intel.com (10.18.116.9) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 25 Jun 2019 18:35:55 -0700
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.185]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.83]) with mapi id 14.03.0439.000;
 Wed, 26 Jun 2019 09:35:54 +0800
From: "Liming Gao" <liming.gao@intel.com>
To: "Dong, Eric" <eric.dong@intel.com>, "Gao, Zhichao"
	<zhichao.gao@intel.com>, "devel@edk2.groups.io" <devel@edk2.groups.io>
CC: "Ni, Ray" <ray.ni@intel.com>, Laszlo Ersek <lersek@redhat.com>
Subject: Re: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid
Thread-Topic: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure
 checked range is valid
Thread-Index: AQHVK2jjGwtO4CqiNkGE1+DORWYr3aaslLOAgACTBsA=
Date: Wed, 26 Jun 2019 01:35:54 +0000
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E48D584@SHSMSX104.ccr.corp.intel.com>
References: <20190625151541.28632-1-zhichao.gao@intel.com>
 <ED077930C258884BBCB450DB737E662259E74914@shsmsx102.ccr.corp.intel.com>
In-Reply-To: <ED077930C258884BBCB450DB737E662259E74914@shsmsx102.ccr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: liming.gao@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Zhichao:
  One generic comment, the commit message doesn't need to include V1, V2. I=
t is just the change description.=20

Thanks
Liming
>-----Original Message-----
>From: Dong, Eric
>Sent: Wednesday, June 26, 2019 8:48 AM
>To: Gao, Zhichao <zhichao.gao@intel.com>; devel@edk2.groups.io
>Cc: Ni, Ray <ray.ni@intel.com>; Laszlo Ersek <lersek@redhat.com>; Gao,
>Liming <liming.gao@intel.com>
>Subject: RE: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure
>checked range is valid
>
>Hi Zhichao,
>
>Reviewed-by: Eric Dong <eric.dong@intel.com>
>
>It's better to add some comments in the code to explain the change which
>make the code easy to be understood.
>
>Thanks,
>Eric
>
>> -----Original Message-----
>> From: Gao, Zhichao
>> Sent: Tuesday, June 25, 2019 11:16 PM
>> To: devel@edk2.groups.io
>> Cc: Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Laszlo
>> Ersek <lersek@redhat.com>; Gao, Liming <liming.gao@intel.com>
>> Subject: [PATCH V2] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure
>> checked range is valid
>>
>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1934
>>
>> V1:
>> Originally, the checksum part would done before verfiy the microcode dat=
a.
>> Which meas the checksum would be done for a meaningless data.
>> It would cause a incorrect TotalSize (the size of microcode data), then
>> incorrect checksum and incorrect pointer increasing would happen.
>> To fix this, move the checksum part 1 section in 'if (MicrocodeEntryPoin=
t-
>> >HeaderVersion =3D=3D 0x1)' section for a valid microcode data.
>>
>> V2:
>> 'if (MicrocodeEntryPoint->HeaderVersion =3D=3D 0x1)' condition doesn't m=
ake
>> sure the entry data is a valid microcode. So abandon it. Instead, make s=
ure
>> the checked data is in the microcode data range. Because the DataSize of
>non
>> microcde data may make (MicrocodeEntryPoint + TotalSize) larger than
>> 0xffffffff. For PEI driver, UINTN is 32bit and the result is overflow an=
d it may
>> be a very small value. That means the checksum check would be done out o=
f
>> the microcode range.
>>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
>> ---
>>  UefiCpuPkg/Library/MpInitLib/Microcode.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/UefiCpuPkg/Library/MpInitLib/Microcode.c
>> b/UefiCpuPkg/Library/MpInitLib/Microcode.c
>> index 4763dcfebe..6c0995cb0d 100644
>> --- a/UefiCpuPkg/Library/MpInitLib/Microcode.c
>> +++ b/UefiCpuPkg/Library/MpInitLib/Microcode.c
>> @@ -1,7 +1,7 @@
>>  /** @file
>>    Implementation of loading microcode on processors.
>>
>> -  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR=
>
>> +  Copyright (c) 2015 - 2019, Intel Corporation. All rights
>> + reserved.<BR>
>>    SPDX-License-Identifier: BSD-2-Clause-Patent
>>
>>  **/
>> @@ -170,6 +170,7 @@ MicrocodeDetect (
>>      /// Check overflow and whether TotalSize is aligned with 4 bytes.
>>      ///
>>      if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||
>> +         ((UINTN)MicrocodeEntryPoint + TotalSize) < (UINTN)
>> + CpuMpData->MicrocodePatchAddress ||
>>           (TotalSize & 0x3) !=3D 0
>>         ) {
>>        MicrocodeEntryPoint =3D (CPU_MICROCODE_HEADER *) (((UINTN)
>> MicrocodeEntryPoint) + SIZE_1KB);
>> --
>> 2.21.0.windows.1