Re: [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds check bypass

["Dong, Eric" <eric.dong@intel.com>]

Reviewed-by: Eric Dong <eric.dong@intel.com>

> -----Original Message-----
> From: Wu, Hao A
> Sent: Tuesday, September 25, 2018 2:13 PM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Laszlo Ersek <lersek@redhat.com>;
> Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Dong, Eric <eric.dong@intel.com>
> Subject: [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753]
> Fix bounds check bypass
> 
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1194
> 
> Speculative execution is used by processor to avoid having to wait for
> data to arrive from memory, or for previous operations to finish, the
> processor may speculate as to what will be executed.
> 
> If the speculation is incorrect, the speculatively executed instructions
> might leave hints such as which memory locations have been brought into
> cache. Malicious actors can use the bounds check bypass method (code
> gadgets with controlled external inputs) to infer data values that have
> been used in speculative operations to reveal secrets which should not
> otherwise be accessed.
> 
> It is possible for SMI handler(s) to call EFI_SMM_CPU_PROTOCOL service
> ReadSaveState() and use the content in the 'CommBuffer' (controlled
> external inputs) as the 'CpuIndex'. So this commit will insert AsmLfence
> API to mitigate the bounds check bypass issue within SmmReadSaveState().
> 
> For SmmReadSaveState():
> 
> The 'CpuIndex' will be passed into function ReadSaveStateRegister(). And
> then in to ReadSaveStateRegisterByIndex().
> 
> With the call:
> ReadSaveStateRegisterByIndex (
>   CpuIndex,
>   SMM_SAVE_STATE_REGISTER_IOMISC_INDEX,
>   sizeof(IoMisc.Uint32),
>   &IoMisc.Uint32
>   );
> 
> The 'IoMisc' can be a cross boundary access during speculative execution.
> Later, 'IoMisc' is used as the index to access buffers 'mSmmCpuIoWidth'
> and 'mSmmCpuIoType'. One can observe which part of the content within
> those buffers was brought into cache to possibly reveal the value of
> 'IoMisc'.
> 
> Hence, this commit adds a AsmLfence() after the check of 'CpuIndex'
> within function SmmReadSaveState() to prevent the speculative execution.
> 
> A more detailed explanation of the purpose of commit is under the
> 'Bounds check bypass mitigation' section of the below link:
> https://software.intel.com/security-software-guidance/insights/host-
> firmware-speculative-execution-side-channel-mitigation
> 
> And the document at:
> https://software.intel.com/security-software-guidance/api-
> app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-
> vulnerabilities.pdf
> 
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> 
> cb pismm
> ---
>  UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> index fbf74e8d90..19979d5418 100644
> --- a/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> +++ b/UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
> @@ -237,6 +237,11 @@ SmmReadSaveState (
>    if ((CpuIndex >= gSmst->NumberOfCpus) || (Buffer == NULL)) {
>      return EFI_INVALID_PARAMETER;
>    }
> +  //
> +  // The AsmLfence() call here is to ensure the above check for the
> CpuIndex
> +  // has been completed before the execution of subsequent codes.
> +  //
> +  AsmLfence ();
> 
>    //
>    // Check for special EFI_SMM_SAVE_STATE_REGISTER_PROCESSOR_ID
> --
> 2.12.0.windows.1