From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8DAAD21160A1E for ; Sun, 30 Sep 2018 03:12:10 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Sep 2018 03:12:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,323,1534834800"; d="scan'208";a="237286586" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga004.jf.intel.com with ESMTP; 30 Sep 2018 03:12:09 -0700 Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 30 Sep 2018 03:12:09 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 30 Sep 2018 03:12:08 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.140]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.245]) with mapi id 14.03.0319.002; Sun, 30 Sep 2018 18:12:07 +0800 From: "Yao, Jiewen" To: "Wu, Hao A" , "edk2-devel@lists.01.org" Thread-Topic: [PATCH v1][edk2-platforms/devel-MinPlatform] MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass Thread-Index: AQHUWH6ts1yqoW7U0UW6h/6icgMDgqUImwNg Date: Sun, 30 Sep 2018 10:12:06 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503ADA7ECC@shsmsx102.ccr.corp.intel.com> References: <20180930052843.13840-1-hao.a.wu@intel.com> In-Reply-To: <20180930052843.13840-1-hao.a.wu@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMmUxNWE5NzAtOTI5Ny00YzNmLWFkODEtYWUyY2Y1Y2MyY2M5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQUNPQmU4RVhMemMxakFKSzdkSWhoZzlOTTdlZjJMVTc4MlhCQ3RtWitjSUozUU1qcVwvTHNFemFyTFJXa2h2Y2EifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v1][edk2-platforms/devel-MinPlatform] MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Sep 2018 10:12:10 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: jiewen.yao@intel.com > -----Original Message----- > From: Wu, Hao A > Sent: Sunday, September 30, 2018 1:29 PM > To: edk2-devel@lists.01.org > Cc: Wu, Hao A ; Yao, Jiewen > Subject: [PATCH v1][edk2-platforms/devel-MinPlatform] > MinPlatformPkg/Test: [CVE-2017-5753] Fix bounds check bypass >=20 > Speculative execution is used by processor to avoid having to wait for > data to arrive from memory, or for previous operations to finish, the > processor may speculate as to what will be executed. >=20 > If the speculation is incorrect, the speculatively executed instructions > might leave hints such as which memory locations have been brought into > cache. Malicious actors can use the bounds check bypass method (code > gadgets with controlled external inputs) to infer data values that have > been used in speculative operations to reveal secrets which should not > otherwise be accessed. >=20 > This commit will focus on the SMI handler(s) registered within > TestPointCheckLib & TestPointLib and insert AsmLfence API to mitigate the > bounds check bypass issue. >=20 > A. For SMI handler TestPointSmmHandler() within TestPointCheckLib: >=20 > Under "case > TEST_POINT_SMM_COMMUNICATION_FUNC_ID_UEFI_GCD_MAP_INFO:", > 'CommBuffer' (controlled external inputs) is passed into function > TestPointSmmReadyToBootSmmPageProtectionHandler(). >=20 > Within function TestPointSmmReadyToBootSmmPageProtectionHandler(), > the > contents in 'CommBuffer' will be copied into 'CommData'. But if the size > and sanity checks for the communication buffer is speculatively bypassed, > '(UINTN)CommData + CommData->UefiMemoryMapOffset)' can potentially > point > to cross boundary area of 'CommData'. This pointer is then passed into > function TestPointCheckSmmCommunicationBuffer() as 'UefiMemoryMap'. >=20 > Within function TestPointCheckSmmCommunicationBuffer(), > 'MemoryMap->PhysicalStart' can be a potential cross boundary access. And > its value can be inferred by function calls sequence: >=20 > TestPointCheckPageTable() via 'BaseAddress' > GetPageTableEntry() via 'BaseAddress'. Then one can observe which part of > the content within arrays 'L4PageTable', 'L3PageTable', 'L2PageTable' or > 'L1PageTable', was brought into cache to possibly reveal the value. >=20 > B. For SMI handler SmmTestPointSmiHandler() within TestPointLib: >=20 > Under "case > SMI_HANDLER_TEST_POINT_COMMAND_GET_DATA_BY_OFFSET:", > 'CommBuffer' (controlled external inputs) is passed into function > SmmTestPointSmiHandlerGetDataByOffset(). >=20 > Within function SmmTestPointSmiHandlerGetDataByOffset(), the contents in > 'CommBuffer' will be copied into 'SmiHandlerTestPointGetDataByOffset'. Bu= t > if the size and sanity checks for the communication buffer is > speculatively bypassed, 'SmiHandlerTestPointGetDataByOffset.DataSize' can > be a potential cross boundary access. >=20 > Then in function SmiHandlerTestPointCopyData(), this value can be inferre= d > by code: > CopyMem( > DataBuffer, > (UINT8 *)InputData + *DataOffset, > (UINTN)*DataSize > ); > One can observe which part of the content within 'DataBuffer' was brought > into cache to possibly reveal the cross bounary access value. >=20 > Hence, this commit adds AsmLfence() calls after the boundary/range checks > of the communication buffer to prevent the speculative execution. >=20 > A more detailed explanation of the purpose of commit is under the > 'Bounds check bypass mitigation' section of the below link: > https://software.intel.com/security-software-guidance/insights/host-firmw > are-speculative-execution-side-channel-mitigation >=20 > And the document at: > https://software.intel.com/security-software-guidance/api-app/sites/defau= l > t/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pd= f >=20 > Cc: Jiewen Yao > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu > --- >=20 > Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestPoi > ntCheckLib.c | 7 +++++++ >=20 > Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointCo > mmunication.c | 8 +++++++- > 2 files changed, 14 insertions(+), 1 deletion(-) >=20 > diff --git > a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP > ointCheckLib.c > b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP > ointCheckLib.c > index b40469b278..dc40dae6d5 100644 > --- > a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP > ointCheckLib.c > +++ > b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointCheckLib/SmmTestP > ointCheckLib.c > @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #include > #include > #include > +#include > #include > #include > #include > @@ -374,6 +375,12 @@ > TestPointSmmReadyToBootSmmPageProtectionHandler ( > } >=20 > if (CommData->UefiMemoryMapSize !=3D 0) { > + // > + // The AsmLfence() call here is to ensure the previous range/content > checks > + // for the CommBuffer (copied in to CommData) have been completed > before > + // calling into TestPointCheckSmmCommunicationBuffer(). > + // > + AsmLfence (); > Result =3D TRUE; >=20 > Status =3D TestPointCheckSmmCommunicationBuffer ( > diff --git > a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC > ommunication.c > b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC > ommunication.c > index cce0538832..b4757da046 100644 > --- > a/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC > ommunication.c > +++ > b/Platform/Intel/MinPlatformPkg/Test/Library/TestPointLib/SmmTestPointC > ommunication.c > @@ -251,7 +251,13 @@ SmmTestPointSmiHandlerGetDataByOffset ( >=20 > SmiHandlerTestPointParameterGetDataByOffset->Header.ReturnStatus =3D > (UINT64)(INT64)(INTN)Status; > goto Done; > } > - > + > + // > + // The AsmLfence() call here is to ensure the previous range/content > checks > + // for the CommBuffer have been completed before calling into > + // SmiHandlerTestPointCopyData(). > + // > + AsmLfence (); > SmiHandlerTestPointCopyData ( > Data, > DataSize, > -- > 2.12.0.windows.1