From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: ray.ni@intel.com)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by groups.io with SMTP; Tue, 25 Jun 2019 22:58:44 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Jun 2019 22:58:44 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.63,418,1557212400"; 
   d="scan'208";a="163829632"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
  by fmsmga007.fm.intel.com with ESMTP; 25 Jun 2019 22:58:43 -0700
Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 25 Jun 2019 22:58:43 -0700
Received: from shsmsx107.ccr.corp.intel.com (10.239.4.96) by
 fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 25 Jun 2019 22:58:43 -0700
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.185]) by
 SHSMSX107.ccr.corp.intel.com ([169.254.9.173]) with mapi id 14.03.0439.000;
 Wed, 26 Jun 2019 13:58:39 +0800
From: "Ni, Ray" <ray.ni@intel.com>
To: "Gao, Zhichao" <zhichao.gao@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Dong, Eric" <eric.dong@intel.com>, Laszlo Ersek <lersek@redhat.com>,
	"Gao, Liming" <liming.gao@intel.com>
Subject: Re: [PATCH v3] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid
Thread-Topic: [PATCH v3] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure
 checked range is valid
Thread-Index: AQHVK+CD0t2LIicwJEy+6195Wtd0LaatcDXw
Date: Wed, 26 Jun 2019 05:58:38 +0000
Deferred-Delivery: Wed, 26 Jun 2019 05:58:00 +0000
Message-ID: <734D49CCEBEEF84792F5B80ED585239D5C1F0EC8@SHSMSX104.ccr.corp.intel.com>
References: <20190626053158.6060-1-zhichao.gao@intel.com>
In-Reply-To: <20190626053158.6060-1-zhichao.gao@intel.com>
Accept-Language: en-US, zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Return-Path: ray.ni@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Ray Ni <ray.ni@intel.com>

> -----Original Message-----
> From: Gao, Zhichao <zhichao.gao@intel.com>
> Sent: Wednesday, June 26, 2019 1:32 PM
> To: devel@edk2.groups.io
> Cc: Dong, Eric <eric.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Laszlo
> Ersek <lersek@redhat.com>; Gao, Liming <liming.gao@intel.com>
> Subject: [PATCH v3] UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure
> checked range is valid
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1934
>=20
> 0x0       MicrocodeBegin  MicrocodeEntry  MicrocodeEnd      0xffffffff
> |--------------|---------------|---------------|---------------|
>                                  valid TotalSize TotalSize is only valid =
between 0 and
> (MicrocodeEnd - MicrocodeEntry).
> So add '(UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize)' before
> '((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd' to make sure
> ((UINTN)MicrocodeEntryPoint + TotalSize) wouldn't overflow.
>=20
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  UefiCpuPkg/Library/MpInitLib/Microcode.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
>=20
> diff --git a/UefiCpuPkg/Library/MpInitLib/Microcode.c
> b/UefiCpuPkg/Library/MpInitLib/Microcode.c
> index 4763dcfebe..c30df58e5a 100644
> --- a/UefiCpuPkg/Library/MpInitLib/Microcode.c
> +++ b/UefiCpuPkg/Library/MpInitLib/Microcode.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Implementation of loading microcode on processors.
>=20
> -  Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2015 - 2019, Intel Corporation. All rights
> + reserved.<BR>
>    SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
>  **/
> @@ -167,9 +167,15 @@ MicrocodeDetect (
>      }
>=20
>      ///
> -    /// Check overflow and whether TotalSize is aligned with 4 bytes.
> +    /// 0x0       MicrocodeBegin  MicrocodeEntry  MicrocodeEnd      0xff=
ffffff
> +    /// |--------------|---------------|---------------|---------------|
> +    ///                                 valid TotalSize
> +    /// TotalSize is only valid between 0 and (MicrocodeEnd -
> MicrocodeEntry).
> +    /// And it should be aligned with 4 bytes.
> +    /// If the TotalSize is invalid skip 1KB the check next entry.
>      ///
> -    if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||
> +    if ( (UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize) ||
> +         ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||
>           (TotalSize & 0x3) !=3D 0
>         ) {
>        MicrocodeEntryPoint =3D (CPU_MICROCODE_HEADER *) (((UINTN)
> MicrocodeEntryPoint) + SIZE_1KB);
> --
> 2.21.0.windows.1