From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A479521962301 for ; Tue, 25 Sep 2018 05:08:46 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3A80130832DC; Tue, 25 Sep 2018 12:08:46 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-71.rdu2.redhat.com [10.10.120.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id B2F63C0685; Tue, 25 Sep 2018 12:08:44 +0000 (UTC) To: Hao Wu , edk2-devel@lists.01.org Cc: Jiewen Yao , Michael D Kinney , Eric Dong References: <20180925061259.31680-1-hao.a.wu@intel.com> <20180925061259.31680-6-hao.a.wu@intel.com> From: Laszlo Ersek Message-ID: <61e81dd1-31e9-2026-4766-d6b43b6db3e3@redhat.com> Date: Tue, 25 Sep 2018 14:08:43 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180925061259.31680-6-hao.a.wu@intel.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 25 Sep 2018 12:08:46 +0000 (UTC) Subject: Re: [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds check bypass X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2018 12:08:47 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 09/25/18 08:12, Hao Wu wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1194 > > Speculative execution is used by processor to avoid having to wait for > data to arrive from memory, or for previous operations to finish, the > processor may speculate as to what will be executed. > > If the speculation is incorrect, the speculatively executed instructions > might leave hints such as which memory locations have been brought into > cache. Malicious actors can use the bounds check bypass method (code > gadgets with controlled external inputs) to infer data values that have > been used in speculative operations to reveal secrets which should not > otherwise be accessed. > > It is possible for SMI handler(s) to call EFI_SMM_CPU_PROTOCOL service > ReadSaveState() and use the content in the 'CommBuffer' (controlled > external inputs) as the 'CpuIndex'. So this commit will insert AsmLfence > API to mitigate the bounds check bypass issue within SmmReadSaveState(). > > For SmmReadSaveState(): > > The 'CpuIndex' will be passed into function ReadSaveStateRegister(). And > then in to ReadSaveStateRegisterByIndex(). > > With the call: > ReadSaveStateRegisterByIndex ( > CpuIndex, > SMM_SAVE_STATE_REGISTER_IOMISC_INDEX, > sizeof(IoMisc.Uint32), > &IoMisc.Uint32 > ); > > The 'IoMisc' can be a cross boundary access during speculative execution. > Later, 'IoMisc' is used as the index to access buffers 'mSmmCpuIoWidth' > and 'mSmmCpuIoType'. One can observe which part of the content within > those buffers was brought into cache to possibly reveal the value of > 'IoMisc'. > > Hence, this commit adds a AsmLfence() after the check of 'CpuIndex' > within function SmmReadSaveState() to prevent the speculative execution. > > A more detailed explanation of the purpose of commit is under the > 'Bounds check bypass mitigation' section of the below link: > https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation > > And the document at: > https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf > > Cc: Laszlo Ersek > Cc: Jiewen Yao > Cc: Michael D Kinney > Cc: Eric Dong > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu > > cb pismm Before you push this version (or when preparing a v3, if necessary), please remove the above stray text, from the end of the commit message. I've now looked over this series. I didn't try to verify whether the lfence instructions had been added at right places, or whether they had been added at *all* the right places. However, structurally the series looks OK to me. series Acked-by: Laszlo Ersek I will follow up with regression test results. Thanks Laszlo > --- > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > index fbf74e8d90..19979d5418 100644 > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > @@ -237,6 +237,11 @@ SmmReadSaveState ( > if ((CpuIndex >= gSmst->NumberOfCpus) || (Buffer == NULL)) { > return EFI_INVALID_PARAMETER; > } > + // > + // The AsmLfence() call here is to ensure the above check for the CpuIndex > + // has been completed before the execution of subsequent codes. > + // > + AsmLfence (); > > // > // Check for special EFI_SMM_SAVE_STATE_REGISTER_PROCESSOR_ID >