From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.120])
 by mx.groups.io with SMTP id smtpd.web10.9057.1593778977994478558
 for <devel@edk2.groups.io>;
 Fri, 03 Jul 2020 05:22:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=NFWlxDpp;
 spf=pass (domain: redhat.com, ip: 205.139.110.120, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1593778977;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=FGbffY1MsL/PG1n6A1Sg9JYqjZlkR5Bc8J8kHZwcnO0=;
	b=NFWlxDppWfMKgxTymY3551r7TNoOauIRbcWMBjrced/A7bEZR/5UO7zS5kJnXnk0LnukZV
	/9IBTzkDWwOSFjIoKUddZjW008I18AZB/tPMf2OXfugkNF7QECIZThZ18pQoM/Thh9PM+C
	jzYrSIvwvA8bhXJIPINbKuOPOdNaBeE=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-400-lmFP7SFMPw-DQvpHWZgOcg-1; Fri, 03 Jul 2020 08:22:52 -0400
X-MC-Unique: lmFP7SFMPw-DQvpHWZgOcg-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7A3CB800FF1;
	Fri,  3 Jul 2020 12:22:50 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-238.ams2.redhat.com [10.36.114.238])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 638326FEFB;
	Fri,  3 Jul 2020 12:22:48 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH v2 1/9] MdeModulePkg/PeiCore: Enable T-RAM evacuation in PeiCore (CVE-2019-11098)
To: devel@edk2.groups.io, guomin.jiang@intel.com
Cc: Michael Kubacki <michael.a.kubacki@intel.com>,
 Jian J Wang <jian.j.wang@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
 Dandan Bi <dandan.bi@intel.com>, Liming Gao <liming.gao@intel.com>,
 Debkumar De <debkumar.de@intel.com>, Harry Han <harry.han@intel.com>,
 Catharine West <catharine.west@intel.com>
References: <20200702051525.1102-1-guomin.jiang@intel.com>
 <20200702051525.1102-2-guomin.jiang@intel.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <64b0271a-2058-09d4-785e-f87bc95c66bc@redhat.com>
Date: Fri, 3 Jul 2020 14:22:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Firefox/52.0 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20200702051525.1102-2-guomin.jiang@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

On 07/02/20 07:15, Guomin Jiang wrote:

> diff --git a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c
> index cca57c4c0686..802cd239e2eb 100644
> --- a/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c
> +++ b/MdeModulePkg/Core/Pei/PeiMain/PeiMain.c
> @@ -418,6 +418,22 @@ PeiCore (
>        ProcessPpiListFromSec ((CONST EFI_PEI_SERVICES **) &PrivateData.Ps, PpiList);
>      }
>    } else {
> +    if (
> +      (!(PrivateData.HobList.HandoffInformationTable->BootMode == BOOT_ON_S3_RESUME) && PcdGetBool (PcdShadowPeimOnBoot)) ||
> +      ((PrivateData.HobList.HandoffInformationTable->BootMode == BOOT_ON_S3_RESUME) && PcdGetBool (PcdShadowPeimOnS3Boot))
> +      ) {

(1) This condition is expressed very confusingly.

First, it is unhelpful to express the condition

  BootMode != BOOT_ON_S3_RESUME

as

  !(BootMode == BOOT_ON_S3_RESUME)

Second, we can simplify this a lot, by selecting the PCD explicitly,
dependent on boot mode, that controls shadowing.

Put differently, if the boot mode is *not* S3, and PcdShadowPeimOnBoot
is FALSE (and so we will not shadow the PEI core), then it makes no
sense to check the boot mode *again*, on the next line.

So I suggest:

  BOOLEAN Shadow;

  if (PrivateData.HobList.HandoffInformationTable->BootMode ==
      BOOT_ON_S3_RESUME) {
    Shadow = PcdGetBool (PcdShadowPeimOnS3Boot);
  } else {
    Shadow = PcdGetBool (PcdShadowPeimOnBoot);
  }

  if (Shadow) {
    //
    // ...
    //
  }


> +      DEBUG ((DEBUG_VERBOSE, "PPI lists before temporary RAM evacuation:\n"));
> +      DumpPpiList (&PrivateData);
> +
> +      //
> +      // Migrate installed content from Temporary RAM to Permanent RAM
> +      //
> +      EvacuateTempRam (&PrivateData, SecCoreData);
> +
> +      DEBUG ((DEBUG_VERBOSE, "PPI lists after temporary RAM evacuation:\n"));
> +      DumpPpiList (&PrivateData);
> +    }
> +
>      //
>      // Try to locate Temporary RAM Done Ppi.
>      //

Thanks
Laszlo