From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=hao.a.wu@intel.com;
 receiver=edk2-devel@lists.01.org 
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 2ACE621B02822
 for <edk2-devel@lists.01.org>; Tue, 25 Sep 2018 18:03:22 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 25 Sep 2018 18:03:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.54,304,1534834800"; d="scan'208";a="76204569"
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
 by orsmga008.jf.intel.com with ESMTP; 25 Sep 2018 18:00:49 -0700
Received: from fmsmsx101.amr.corp.intel.com (10.18.124.199) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 25 Sep 2018 18:00:49 -0700
Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by
 fmsmsx101.amr.corp.intel.com (10.18.124.199) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 25 Sep 2018 18:00:49 -0700
Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.183]) by
 SHSMSX103.ccr.corp.intel.com ([169.254.4.245]) with mapi id 14.03.0319.002;
 Wed, 26 Sep 2018 09:00:46 +0800
From: "Wu, Hao A" <hao.a.wu@intel.com>
To: Laszlo Ersek <lersek@redhat.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Kinney, Michael D" <michael.d.kinney@intel.com>, "Yao, Jiewen"
 <jiewen.yao@intel.com>, "Dong, Eric" <eric.dong@intel.com>
Thread-Topic: [edk2] [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm:
 [CVE-2017-5753] Fix bounds check bypass
Thread-Index: AQHUVJbY/OIDA0zLOEyj3sZxN6f1B6UAYbeAgAFdZmA=
Date: Wed, 26 Sep 2018 01:00:46 +0000
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A0931E5AB20@SHSMSX104.ccr.corp.intel.com>
References: <20180925061259.31680-1-hao.a.wu@intel.com>
 <20180925061259.31680-6-hao.a.wu@intel.com>
 <61e81dd1-31e9-2026-4766-d6b43b6db3e3@redhat.com>
In-Reply-To: <61e81dd1-31e9-2026-4766-d6b43b6db3e3@redhat.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds check bypass
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2018 01:03:23 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of La=
szlo
> Ersek
> Sent: Tuesday, September 25, 2018 8:09 PM
> To: Wu, Hao A; edk2-devel@lists.01.org
> Cc: Kinney, Michael D; Yao, Jiewen; Dong, Eric
> Subject: Re: [edk2] [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-
> 5753] Fix bounds check bypass
>=20
> On 09/25/18 08:12, Hao Wu wrote:
> > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1194
> >
> > Speculative execution is used by processor to avoid having to wait for
> > data to arrive from memory, or for previous operations to finish, the
> > processor may speculate as to what will be executed.
> >
> > If the speculation is incorrect, the speculatively executed instruction=
s
> > might leave hints such as which memory locations have been brought into
> > cache. Malicious actors can use the bounds check bypass method (code
> > gadgets with controlled external inputs) to infer data values that have
> > been used in speculative operations to reveal secrets which should not
> > otherwise be accessed.
> >
> > It is possible for SMI handler(s) to call EFI_SMM_CPU_PROTOCOL service
> > ReadSaveState() and use the content in the 'CommBuffer' (controlled
> > external inputs) as the 'CpuIndex'. So this commit will insert AsmLfenc=
e
> > API to mitigate the bounds check bypass issue within SmmReadSaveState()=
.
> >
> > For SmmReadSaveState():
> >
> > The 'CpuIndex' will be passed into function ReadSaveStateRegister(). An=
d
> > then in to ReadSaveStateRegisterByIndex().
> >
> > With the call:
> > ReadSaveStateRegisterByIndex (
> >   CpuIndex,
> >   SMM_SAVE_STATE_REGISTER_IOMISC_INDEX,
> >   sizeof(IoMisc.Uint32),
> >   &IoMisc.Uint32
> >   );
> >
> > The 'IoMisc' can be a cross boundary access during speculative executio=
n.
> > Later, 'IoMisc' is used as the index to access buffers 'mSmmCpuIoWidth'
> > and 'mSmmCpuIoType'. One can observe which part of the content within
> > those buffers was brought into cache to possibly reveal the value of
> > 'IoMisc'.
> >
> > Hence, this commit adds a AsmLfence() after the check of 'CpuIndex'
> > within function SmmReadSaveState() to prevent the speculative execution=
.
> >
> > A more detailed explanation of the purpose of commit is under the
> > 'Bounds check bypass mitigation' section of the below link:
> > https://software.intel.com/security-software-guidance/insights/host-
> firmware-speculative-execution-side-channel-mitigation
> >
> > And the document at:
> > https://software.intel.com/security-software-guidance/api-
> app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-
> vulnerabilities.pdf
> >
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Eric Dong <eric.dong@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> >
> > cb pismm
>=20
> Before you push this version (or when preparing a v3, if necessary),
> please remove the above stray text, from the end of the commit message.
>=20

Thanks for the spot, I will remove this dummy line from the log message.

Best Regards,
Hao Wu

> I've now looked over this series. I didn't try to verify whether the
> lfence instructions had been added at right places, or whether they had
> been added at *all* the right places. However, structurally the series
> looks OK to me.
>=20
> series
> Acked-by: Laszlo Ersek <lersek@redhat.com>
>=20
> I will follow up with regression test results.
>=20
> Thanks
> Laszlo
>=20
> > ---
> >  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> >
> > diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> > index fbf74e8d90..19979d5418 100644
> > --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> > +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> > @@ -237,6 +237,11 @@ SmmReadSaveState (
> >    if ((CpuIndex >=3D gSmst->NumberOfCpus) || (Buffer =3D=3D NULL)) {
> >      return EFI_INVALID_PARAMETER;
> >    }
> > +  //
> > +  // The AsmLfence() call here is to ensure the above check for the Cp=
uIndex
> > +  // has been completed before the execution of subsequent codes.
> > +  //
> > +  AsmLfence ();
> >
> >    //
> >    // Check for special EFI_SMM_SAVE_STATE_REGISTER_PROCESSOR_ID
> >
>=20
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel