From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jian.j.wang@intel.com) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by groups.io with SMTP; Mon, 13 May 2019 20:13:33 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 May 2019 20:13:32 -0700 X-ExtLoop1: 1 Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga007.jf.intel.com with ESMTP; 13 May 2019 20:13:32 -0700 Received: from fmsmsx125.amr.corp.intel.com (10.18.125.40) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 13 May 2019 20:13:31 -0700 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX125.amr.corp.intel.com (10.18.125.40) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 13 May 2019 20:13:32 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.7]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.70]) with mapi id 14.03.0415.000; Tue, 14 May 2019 11:13:30 +0800 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "lersek@redhat.com" CC: "Zeng, Star" , "Dong, Eric" , "Ni, Ray" Subject: Re: [edk2-devel] [PATCH] UefiCpuPkg PiSmmCpuDxeSmm: Only support IN/OUT IO save state read (CVE-2018-12182) Thread-Topic: [edk2-devel] [PATCH] UefiCpuPkg PiSmmCpuDxeSmm: Only support IN/OUT IO save state read (CVE-2018-12182) Thread-Index: AQHVCato/d9ofl9dlkOpamiFLiG4IqZp73WQ Date: Tue, 14 May 2019 03:13:30 +0000 Message-ID: References: <20190510051615.318124-1-jian.j.wang@intel.com> <09a4eb80-b18a-223e-654c-1cb0384a87e8@redhat.com> In-Reply-To: <09a4eb80-b18a-223e-654c-1cb0384a87e8@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYTIyODk4NjEtYmYyNS00NzExLWE5MDctZWEwOTk0MmQ2YWZhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoibDBFWjErZ0RMR2lIaDFTMGhhTTdOZ2lTdHc0N29mNE9wXC9QQjVMajBvR2tVWG93cDZQR1RUYnBORU9UZHJwT0IifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 TGFzemxvLA0KDQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IGRldmVsQGVk azIuZ3JvdXBzLmlvIFttYWlsdG86ZGV2ZWxAZWRrMi5ncm91cHMuaW9dIE9uIEJlaGFsZiBPZg0K PiBMYXN6bG8gRXJzZWsNCj4gU2VudDogVHVlc2RheSwgTWF5IDE0LCAyMDE5IDEyOjQ2IEFNDQo+ IFRvOiBkZXZlbEBlZGsyLmdyb3Vwcy5pbzsgV2FuZywgSmlhbiBKIDxqaWFuLmoud2FuZ0BpbnRl bC5jb20+DQo+IENjOiBaZW5nLCBTdGFyIDxzdGFyLnplbmdAaW50ZWwuY29tPjsgRG9uZywgRXJp YyA8ZXJpYy5kb25nQGludGVsLmNvbT47IE5pLA0KPiBSYXkgPHJheS5uaUBpbnRlbC5jb20+DQo+ IFN1YmplY3Q6IFJlOiBbZWRrMi1kZXZlbF0gW1BBVENIXSBVZWZpQ3B1UGtnIFBpU21tQ3B1RHhl U21tOiBPbmx5IHN1cHBvcnQNCj4gSU4vT1VUIElPIHNhdmUgc3RhdGUgcmVhZCAoQ1ZFLTIwMTgt MTIxODIpDQo+IA0KPiBPbiAwNS8xMC8xOSAwNzoxNiwgV2FuZywgSmlhbiBKIHdyb3RlOg0KPiA+ IEZyb206IFN0YXIgWmVuZyA8c3Rhci56ZW5nQGludGVsLmNvbT4NCj4gPg0KPiA+IEJaOiBodHRw czovL2J1Z3ppbGxhLnRpYW5vY29yZS5vcmcvc2hvd19idWcuY2dpP2lkPTExMzYNCj4gPiBDVkU6 IENWRS0yMDE4LTEyMTgyDQo+ID4NCj4gPiBDdXN0b21lciBtZXQgc3lzdGVtIGhhbmctdXAgZHVy aW5nIHNlcmlhbCBwb3J0IGxvb3BiYWNrIHRlc3QgaW4gT1MuDQo+ID4gSXQgaXMgYSBjb3JuZXIg Y2FzZSBoYXBwZW5lZCB3aXRoIG9uZSBDUFUgY29yZSBkb2luZyAib3V0IGR4LGFsIiBhbmQNCj4g PiBhbm90aGVyIENQVSBjb3JlKHMpIGRvaW5nICJyZXAgb3V0cyBkeCxieXRlIHB0ciBbcnNpXSIu DQo+ID4NCj4gPiBEZXRhaWxlZCBjb2RlIGZsb3cgaXMgYXMgYmVsb3cuDQo+ID4NCj4gPiAxLiBT ZXJpYWwgcG9ydCBsb29wYmFjayB0ZXN0IGluIE9TLg0KPiA+IE9uZSBDUFUgY29yZTogIm91dCBk eCxhbCIgLT4gV3JpdGluZyBCMmgsIFNNSSB3aWxsIGhhcHBlbi4NCj4gPiBBbm90aGVyIENQVSBj b3JlKHMpOiAicmVwIG91dHMgZHgsYnl0ZSBwdHIgW3JzaV0iLg0KPiA+DQo+ID4gMi4gU01JIGhh cHBlbnMgdG8gZW50ZXIgU01NLg0KPiA+ICJvdXQgZHgiIChTTU1fSU9fVFlQRV9PVVRfRFgpIGlz IHNhdmVkIGFzIEkvTyBpbnN0cnVjdGlvbiB0eXBlIGluDQo+ID4gU01SQU0gc2F2ZSBzdGF0ZSBm b3IgQ1BVIGRvaW5nICJvdXQgZHgsYWwiLg0KPiA+ICJyZXAgb3V0cyBkeCIgKFNNTV9JT19UWVBF X1JFUF9PVVRTKSBpcyBzYXZlZCBhcyBJL08gaW5zdHJ1Y3Rpb24NCj4gPiB0eXBlIGFuZCByc2kg aXMgc2F2ZSBhcyBJL08gTWVtb3J5IEFkZHJlc3MgaW4gU01SQU0gc2F2ZSBzdGF0ZSBmb3INCj4g PiBDUFUgZG9pbmcgInJlcCBvdXRzIGR4LCBieXRlIHB0ciBbcnNpXSIuDQo+ID4NCj4gPiBOT1RF OiBJL08gTWVtb3J5IEFkZHJlc3MgKHJzaSkgaXMgYSB2aXJ0dWFsIGFkZHJlc3MgbWFwcGVkIGJ5 DQo+ID4gT1MvVmlydHVhbCBNYWNoaW5lLg0KPiA+DQo+ID4gMy4gU29tZSBTTU0gY29kZSBjYWxs cyBFRklfU01NX0NQVV9QUk9UT0NPTC5SZWFkU2F2ZVN0YXRlKCkgd2l0aA0KPiA+IEVGSV9TTU1f U0FWRV9TVEFURV9SRUdJU1RFUl9JTyBhbmQgcGFyc2UgZGF0YSByZXR1cm5lZC4NCj4gPg0KPiA+ IEZvciBleGFtcGxlOg0KPiA+IGh0dHBzOi8vZ2l0aHViLmNvbS90aWFub2NvcmUvZWRrMi9ibG9i L21hc3Rlci9RdWFya1NvY1BrZy8NCj4gPg0KPiBRdWFya05vcnRoQ2x1c3Rlci9TbW0vRHhlU21t L1FuY1NtbURpc3BhdGNoZXIvUU5DL1FOQ1NtbVN3LmMjTDcNCj4gNg0KPiA+DQo+ID4gNC4gU21t UmVhZFNhdmVTdGF0ZSgpIGlzIGV4ZWN1dGVkIHRvIHJlYWQgc2F2ZSBzdGF0ZSBmb3INCj4gPiBF RklfU01NX1NBVkVfU1RBVEVfUkVHSVNURVJfSU8uDQo+ID4NCj4gPiAtIFRoZSBTbW1SZWFkU2F2 ZVN0YXRlKCkgZnVuY3Rpb24gaW4NCj4gPiAgICJVZWZpQ3B1UGtnL1BpU21tQ3B1RHhlU21tL1Bp U21tQ3B1RHhlU21tLmMiIGNhbGxzIHRoZQ0KPiA+ICAgU21tQ3B1RmVhdHVyZXNSZWFkU2F2ZVN0 YXRlUmVnaXN0ZXIoKSBmdW5jdGlvbiwgZnJvbSB0aGUgcGxhdGZvcm0ncw0KPiA+ICAgU21tQ3B1 RmVhdHVyZXNMaWIgaW5zdGFuY2UuDQo+ID4NCj4gPiAtIElmIHRoYXQgcGxhdGZvcm0tc3BlY2lm aWMgZnVuY3Rpb24gcmV0dXJucyBFRklfVU5TVVBQT1JURUQsIHRoZW4NCj4gPiAgIFBpU21tQ3B1 RHhlU21tIGZhbGxzIGJhY2sgdG8gdGhlIGNvbW1vbiBmdW5jdGlvbg0KPiA+ICAgUmVhZFNhdmVT dGF0ZVJlZ2lzdGVyKCksIGRlZmluZWQgaW4gZmlsZQ0KPiA+ICAgIlVlZmlDcHVQa2cvUGlTbW1D cHVEeGVTbW0vU21yYW1TYXZlU3RhdGUuYyIuDQo+ID4NCj4gPiBDdXJyZW50IFJlYWRTYXZlU3Rh dGVSZWdpc3RlcigpIGluDQo+ID4gVWVmaUNwdVBrZy9QaVNtbUNwdUR4ZVNtbS9TbXJhbVNhdmVT dGF0ZS5jIGlzIHRyeWluZyB0byBjb3B5IGRhdGENCj4gPiBmcm9tIEkvTyBNZW1vcnkgQWRkcmVz cyBmb3IgRUZJX1NNTV9TQVZFX1NUQVRFX0lPX1RZUEVfUkVQX1BSRUZJWCwNCj4gPiBQRiB3aWxs IGhhcHBlbiBhcyBTTU0gcGFnZSB0YWJsZSBkb2VzIG5vdCBrbm93IGFuZCBjb3ZlciB0aGlzDQo+ ID4gT1MvVmlydHVhbCBNYWNoaW5lIHZpcnR1YWwgYWRkcmVzcy4NCj4gPg0KPiA+IFNhbWUgY2Fz ZSBpcyBmb3IgU21tQ3B1RmVhdHVyZXNSZWFkU2F2ZVN0YXRlUmVnaXN0ZXIoKSBpbiBwbGF0Zm9y bS0NCj4gPiBzcGVjaWZpYyBTbW1DcHVGZWF0dXJlc0xpYiBpbnN0YW5jZSBpZiBpdCBoYXMgc2lt aWxhciBpbXBsZW1lbnRhdGlvbg0KPiA+IHRvIHJlYWQgc2F2ZSBzdGF0ZSBmb3IgRUZJX1NNTV9T QVZFX1NUQVRFX1JFR0lTVEVSX0lPIHdpdGgNCj4gPiBFRklfU01NX1NBVkVfU1RBVEVfSU9fVFlQ RV9SRVBfUFJFRklYLg0KPiA+DQo+ID4gU2FtZSBjYXNlIGlzIGZvciAiaW5zIiwgJ291dHMnIGFu ZCAncmVwIGlucycuDQo+ID4NCj4gPiBTbyB0byBmaXggdGhlIHByb2JsZW0sIHRoaXMgcGF0Y2gg dXBkYXRlcyB0aGUgY29kZSB0byBvbmx5IHN1cHBvcnQNCj4gPiBJTi9PVVQsIGJ1dCBub3QgSU5T L09VVFMvUkVQIElOUy9SRVAgT1VUUyBmb3IgU21tUmVhZFNhdmVTdGF0ZSgpLg0KPiA+DQo+ID4g Q2M6IEVyaWMgRG9uZyA8ZXJpYy5kb25nQGludGVsLmNvbT4NCj4gPiBDYzogUmF5IE5pIDxyYXku bmlAaW50ZWwuY29tPg0KPiA+IENjOiBMYXN6bG8gRXJzZWsgPGxlcnNla0ByZWRoYXQuY29tPg0K PiA+IFNpZ25lZC1vZmYtYnk6IFN0YXIgWmVuZyA8c3Rhci56ZW5nQGludGVsLmNvbT4NCj4gPiAt LS0NCj4gPiAgVWVmaUNwdVBrZy9QaVNtbUNwdUR4ZVNtbS9TbXJhbVNhdmVTdGF0ZS5jIHwgMTcg KysrKysrKysrLS0tLS0tLS0NCj4gPiAgMSBmaWxlIGNoYW5nZWQsIDkgaW5zZXJ0aW9ucygrKSwg OCBkZWxldGlvbnMoLSkNCj4gPg0KPiA+IGRpZmYgLS1naXQgYS9VZWZpQ3B1UGtnL1BpU21tQ3B1 RHhlU21tL1NtcmFtU2F2ZVN0YXRlLmMNCj4gYi9VZWZpQ3B1UGtnL1BpU21tQ3B1RHhlU21tL1Nt cmFtU2F2ZVN0YXRlLmMNCj4gPiBpbmRleCAyNmUzNjVlYWJjLi4wOGNiOWMwNWNmIDEwMDY0NA0K PiA+IC0tLSBhL1VlZmlDcHVQa2cvUGlTbW1DcHVEeGVTbW0vU21yYW1TYXZlU3RhdGUuYw0KPiA+ ICsrKyBiL1VlZmlDcHVQa2cvUGlTbW1DcHVEeGVTbW0vU21yYW1TYXZlU3RhdGUuYw0KPiA+IEBA IC0zNjAsNyArMzYwLDYgQEAgUmVhZFNhdmVTdGF0ZVJlZ2lzdGVyICgNCj4gPiAgICBVSU5UMzIg ICAgICAgICAgICAgICAgICAgICAgU21tUmV2SWQ7DQo+ID4gICAgU01SQU1fU0FWRV9TVEFURV9J T01JU0MgICAgIElvTWlzYzsNCj4gPiAgICBFRklfU01NX1NBVkVfU1RBVEVfSU9fSU5GTyAgKklv SW5mbzsNCj4gPiAtICBWT0lEICAgICAgICAgICAgICAgICAgICAgICAgKklvTWVtQWRkcjsNCj4g Pg0KPiA+ICAgIC8vDQo+ID4gICAgLy8gQ2hlY2sgZm9yIHNwZWNpYWwgRUZJX1NNTV9TQVZFX1NU QVRFX1JFR0lTVEVSX0xNQQ0KPiA+IEBAIC00MDYsNiArNDA1LDE0IEBAIFJlYWRTYXZlU3RhdGVS ZWdpc3RlciAoDQo+ID4gICAgICAgIHJldHVybiBFRklfTk9UX0ZPVU5EOw0KPiA+ICAgICAgfQ0K PiA+DQo+ID4gKyAgICAvLw0KPiA+ICsgICAgLy8gT25seSBzdXBwb3J0IElOL09VVCwgYnV0IG5v dCBJTlMvT1VUUy9SRVAgSU5TL1JFUCBPVVRTLg0KPiA+ICsgICAgLy8NCj4gPiArICAgIGlmICgo bVNtbUNwdUlvVHlwZVtJb01pc2MuQml0cy5UeXBlXSAhPQ0KPiBFRklfU01NX1NBVkVfU1RBVEVf SU9fVFlQRV9JTlBVVCkgJiYNCj4gPiArICAgICAgICAobVNtbUNwdUlvVHlwZVtJb01pc2MuQml0 cy5UeXBlXSAhPQ0KPiBFRklfU01NX1NBVkVfU1RBVEVfSU9fVFlQRV9PVVRQVVQpKSB7DQo+ID4g KyAgICAgIHJldHVybiBFRklfVU5TVVBQT1JURUQ7DQo+IA0KPiBJIHRoaW5rIHRoaXMgcmV0dXJu IHZhbHVlIChFRklfVU5TVVBQT1JURUQpIHNob3VsZCBiZSByZXBsYWNlZCB3aXRoDQo+IEVGSV9O T1RfRk9VTkQsIGhlcmUuDQo+IA0KPiBUaGUgcmV0dXJuIHZhbHVlIGZyb20gdGhpcyBmdW5jdGlv biB3aWxsIGJlIHByb3BhZ2F0ZWQgdG8gdGhlIGNhbGxlciwNCj4gdGhyb3VnaCBTbW1SZWFkU2F2 ZVN0YXRlKCkNCj4gW1VlZmlDcHVQa2cvUGlTbW1DcHVEeGVTbW0vUGlTbW1DcHVEeGVTbW0uY10u DQo+IA0KPiBUaGUgbGF0dGVyIGZ1bmN0aW9uIGltcGxlbWVudHMgRUZJX01NX0NQVV9QUk9UT0NP TC5SZWFkU2F2ZVN0YXRlKCksIGFuZA0KPiB0aGUgUEktMS43IHNwZWMgd3JpdGVzLA0KPiANCj4g ICAgIElmIHRoZSBDUFUgZG9lcyBub3Qgc3VwcG9ydCB0aGUgc3BlY2lmaWVkIHJlZ2lzdGVyIFJl Z2lzdGVyLCB0aGVuDQo+ICAgICBFRklfTk9UX0ZPVU5EIHNob3VsZCBiZSByZXR1cm5lZC4gSWYg dGhlIENQVSBkb2VzIG5vdCBzdXBwb3J0IHRoZQ0KPiAgICAgc3BlY2lmaWVkIHJlZ2lzdGVyIHdp ZHRoIFdpZHRoICwgdGhlbiBFRklfSU5WQUxJRF9QQVJBTUVURVIgaXMNCj4gICAgIHJldHVybmVk Lg0KPiANCj4gSSBkb24ndCBmZWVsIHRvbyBzdHJvbmdseSBhYm91dCB0aGlzLCBidXQgSSB0aGlu ayBpdCdzIHdvcnRoDQo+IGNvbnNpZGVyaW5nLiBJZiBvdGhlcnMgdGhpbmsgRUZJX1VOU1VQUE9S VEVEIGlzIGJldHRlciwgSSdtIE9LIHdpdGgNCj4gdGhhdCwgaW4gdGhlIGVuZC4NCj4gDQo+IEVp dGhlciB3YXksDQo+IA0KPiBSZXZpZXdlZC1ieTogTGFzemxvIEVyc2VrIDxsZXJzZWtAcmVkaGF0 LmNvbT4NCj4gDQoNCkkgYWdyZWUuIEVGSV9OT1RfRk9VTkQgaXMgYmV0dGVyIHRoYW4gRUZJX1VO U1VQUE9SVEVELiBBdCBsZWFzdCByZXR1cm5pbmcNCkVGSV9VTlNVUFBPUlRFRCB3aWxsIHNvbWV3 aGF0IGJyZWFrIHNwZWMuIFRoYW5rcyBmb3IgY2F0Y2hpbmcgdGhpcy4NCg0KUmVnYXJkcywNCkpp YW4NCg0KPiBUaGFua3MNCj4gTGFzemxvDQo+IA0KPiANCj4gDQo+ID4gKyAgICB9DQo+ID4gKw0K PiA+ICAgICAgLy8NCj4gPiAgICAgIC8vIENvbXB1dGUgaW5kZXggZm9yIHRoZSBJL08gTGVuZ3Ro IGFuZCBJL08gVHlwZSBsb29rdXAgdGFibGVzDQo+ID4gICAgICAvLw0KPiA+IEBAIC00MjUsMTMg KzQzMiw3IEBAIFJlYWRTYXZlU3RhdGVSZWdpc3RlciAoDQo+ID4gICAgICBJb0luZm8tPklvUG9y dCA9IChVSU5UMTYpSW9NaXNjLkJpdHMuUG9ydDsNCj4gPiAgICAgIElvSW5mby0+SW9XaWR0aCA9 IG1TbW1DcHVJb1dpZHRoW0lvTWlzYy5CaXRzLkxlbmd0aF0uSW9XaWR0aDsNCj4gPiAgICAgIElv SW5mby0+SW9UeXBlID0gbVNtbUNwdUlvVHlwZVtJb01pc2MuQml0cy5UeXBlXTsNCj4gPiAtICAg IGlmIChJb0luZm8tPklvVHlwZSA9PSBFRklfU01NX1NBVkVfU1RBVEVfSU9fVFlQRV9JTlBVVCB8 fCBJb0luZm8tDQo+ID5Jb1R5cGUgPT0gRUZJX1NNTV9TQVZFX1NUQVRFX0lPX1RZUEVfT1VUUFVU KSB7DQo+ID4gLSAgICAgIFJlYWRTYXZlU3RhdGVSZWdpc3RlciAoQ3B1SW5kZXgsIEVGSV9TTU1f U0FWRV9TVEFURV9SRUdJU1RFUl9SQVgsDQo+IG1TbW1DcHVJb1dpZHRoW0lvTWlzYy5CaXRzLkxl bmd0aF0uV2lkdGgsICZJb0luZm8tPklvRGF0YSk7DQo+ID4gLSAgICB9DQo+ID4gLSAgICBlbHNl IHsNCj4gPiAtICAgICAgUmVhZFNhdmVTdGF0ZVJlZ2lzdGVyQnlJbmRleChDcHVJbmRleCwNCj4g U01NX1NBVkVfU1RBVEVfUkVHSVNURVJfSU9NRU1BRERSX0lOREVYLCBzaXplb2YoSW9NZW1BZGRy KSwNCj4gJklvTWVtQWRkcik7DQo+ID4gLSAgICAgIENvcHlNZW0oJklvSW5mby0+SW9EYXRhLCBJ b01lbUFkZHIsDQo+IG1TbW1DcHVJb1dpZHRoW0lvTWlzYy5CaXRzLkxlbmd0aF0uV2lkdGgpOw0K PiA+IC0gICAgfQ0KPiA+ICsgICAgUmVhZFNhdmVTdGF0ZVJlZ2lzdGVyIChDcHVJbmRleCwgRUZJ X1NNTV9TQVZFX1NUQVRFX1JFR0lTVEVSX1JBWCwNCj4gbVNtbUNwdUlvV2lkdGhbSW9NaXNjLkJp dHMuTGVuZ3RoXS5XaWR0aCwgJklvSW5mby0+SW9EYXRhKTsNCj4gPiAgICAgIHJldHVybiBFRklf U1VDQ0VTUzsNCj4gPiAgICB9DQo+ID4NCj4gPg0KPiANCj4gDQo+IA0KDQo=