From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.43; helo=mga05.intel.com;
 envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 8DAAD21160A1E
 for <edk2-devel@lists.01.org>; Sun, 30 Sep 2018 03:12:10 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 30 Sep 2018 03:12:09 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,323,1534834800"; d="scan'208";a="237286586"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by orsmga004.jf.intel.com with ESMTP; 30 Sep 2018 03:12:09 -0700
Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Sun, 30 Sep 2018 03:12:09 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Sun, 30 Sep 2018 03:12:08 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.140]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.245]) with mapi id 14.03.0319.002;
 Sun, 30 Sep 2018 18:12:07 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Wu, Hao A" <hao.a.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
Thread-Topic: [PATCH v1][edk2-platforms/devel-MinPlatform]
 MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass
Thread-Index: AQHUWH6ts1yqoW7U0UW6h/6icgMDgqUImwNg
Date: Sun, 30 Sep 2018 10:12:06 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503ADA7ECC@shsmsx102.ccr.corp.intel.com>
References: <20180930052843.13840-1-hao.a.wu@intel.com>
In-Reply-To: <20180930052843.13840-1-hao.a.wu@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMmUxNWE5NzAtOTI5Ny00YzNmLWFkODEtYWUyY2Y1Y2MyY2M5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQUNPQmU4RVhMemMxakFKSzdkSWhoZzlOTTdlZjJMVTc4MlhCQ3RtWitjSUozUU1qcVwvTHNFemFyTFJXa2h2Y2EifQ==
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v1][edk2-platforms/devel-MinPlatform] MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Sep 2018 10:12:10 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: jiewen.yao@intel.com

> -----Original Message-----
> From: Wu, Hao A
> Sent: Sunday, September 30, 2018 1:29 PM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH v1][edk2-platforms/devel-MinPlatform]
> MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass
>=20
> Speculative execution is used by processor to avoid having to wait for
> data to arrive from memory, or for previous operations to finish, the
> processor may speculate as to what will be executed.
>=20
> If the speculation is incorrect, the speculatively executed instructions
> might leave hints such as which memory locations have been brought into
> cache. Malicious actors can use the bounds check bypass method (code
> gadgets with controlled external inputs) to infer data values that have
> been used in speculative operations to reveal secrets which should not
> otherwise be accessed.
>=20
> This commit will focus on the SMI handler(s) registered within
> TestPointCheckLib & TestPointLib and insert AsmLfence API to mitigate the
> bounds check bypass issue.
>=20
> A. For SMI handler TestPointSmmHandler() within TestPointCheckLib:
>=20
> Under "case
> TEST_POINT_SMM_COMMUNICATION_FUNC_ID_UEFI_GCD_MAP_INFO:",
> 'CommBuffer' (controlled external inputs) is passed into function
> TestPointSmmReadyToBootSmmPageProtectionHandler().
>=20
> Within function TestPointSmmReadyToBootSmmPageProtectionHandler(),
> the
> contents in 'CommBuffer' will be copied into 'CommData'. But if the size
> and sanity checks for the communication buffer is speculatively bypassed,
> '(UINTN)CommData + CommData->UefiMemoryMapOffset)' can potentially
> point
> to cross boundary area of 'CommData'. This pointer is then passed into
> function TestPointCheckSmmCommunicationBuffer() as 'UefiMemoryMap'.
>=20
> Within function TestPointCheckSmmCommunicationBuffer(),
> 'MemoryMap->PhysicalStart' can be a potential cross boundary access. And
> its value can be inferred by function calls sequence:
>=20
> TestPointCheckPageTable() via 'BaseAddress'
> GetPageTableEntry() via 'BaseAddress'. Then one can observe which part of
> the content within arrays 'L4PageTable', 'L3PageTable', 'L2PageTable' or
> 'L1PageTable', was brought into cache to possibly reveal the value.
>=20
> B. For SMI handler SmmTestPointSmiHandler() within TestPointLib:
>=20
> Under "case
> SMI_HANDLER_TEST_POINT_COMMAND_GET_DATA_BY_OFFSET:",
> 'CommBuffer' (controlled external inputs) is passed into function
> SmmTestPointSmiHandlerGetDataByOffset().
>=20
> Within function SmmTestPointSmiHandlerGetDataByOffset(), the contents in
> 'CommBuffer' will be copied into 'SmiHandlerTestPointGetDataByOffset'. Bu=
t
> if the size and sanity checks for the communication buffer is
> speculatively bypassed, 'SmiHandlerTestPointGetDataByOffset.DataSize' can
> be a potential cross boundary access.
>=20
> Then in function SmiHandlerTestPointCopyData(), this value can be inferre=
d
> by code:
>   CopyMem(
>     DataBuffer,
>     (UINT8 *)InputData + *DataOffset,
>     (UINTN)*DataSize
>     );
> One can observe which part of the content within 'DataBuffer' was brought
> into cache to possibly reveal the cross bounary access value.
>=20
> Hence, this commit adds AsmLfence() calls after the boundary/range checks
> of the communication buffer to prevent the speculative execution.
>=20
> A more detailed explanation of the purpose of commit is under the
> 'Bounds check bypass mitigation' section of the below link:
> https://software.intel.com/security-software-guidance/insights/host-firmw
> are-speculative-execution-side-channel-mitigation
>=20
> And the document at:
> https://software.intel.com/security-software-guidance/api-app/sites/defau=
l
> t/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pd=
f
>=20
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
>=20
> Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPoi
> ntCheckLib.c | 7 +++++++
>=20
> Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCo
> mmunication.c | 8 +++++++-
>  2 files changed, 14 insertions(+), 1 deletion(-)
>=20
> diff --git
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP
> ointCheckLib.c
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP
> ointCheckLib.c
> index b40469b278..dc40dae6d5 100644
> ---
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP
> ointCheckLib.c
> +++
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP
> ointCheckLib.c
> @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>  #include <PiSmm.h>
>  #include <Library/TestPointCheckLib.h>
>  #include <Library/TestPointLib.h>
> +#include <Library/BaseLib.h>
>  #include <Library/DebugLib.h>
>  #include <Library/BaseMemoryLib.h>
>  #include <Library/MemoryAllocationLib.h>
> @@ -374,6 +375,12 @@
> TestPointSmmReadyToBootSmmPageProtectionHandler (
>    }
>=20
>    if (CommData->UefiMemoryMapSize !=3D 0) {
> +    //
> +    // The AsmLfence() call here is to ensure the previous range/content
> checks
> +    // for the CommBuffer (copied in to CommData) have been completed
> before
> +    // calling into TestPointCheckSmmCommunicationBuffer().
> +    //
> +    AsmLfence ();
>      Result =3D TRUE;
>=20
>      Status =3D TestPointCheckSmmCommunicationBuffer (
> diff --git
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC
> ommunication.c
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC
> ommunication.c
> index cce0538832..b4757da046 100644
> ---
> a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC
> ommunication.c
> +++
> b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC
> ommunication.c
> @@ -251,7 +251,13 @@ SmmTestPointSmiHandlerGetDataByOffset (
>=20
> SmiHandlerTestPointParameterGetDataByOffset->Header.ReturnStatus =3D
> (UINT64)(INT64)(INTN)Status;
>      goto Done;
>    }
> -
> +
> +  //
> +  // The AsmLfence() call here is to ensure the previous range/content
> checks
> +  // for the CommBuffer have been completed before calling into
> +  // SmiHandlerTestPointCopyData().
> +  //
> +  AsmLfence ();
>    SmiHandlerTestPointCopyData (
>      Data,
>      DataSize,
> --
> 2.12.0.windows.1