From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A87232118D95F
 for <edk2-devel@lists.01.org>; Tue, 13 Nov 2018 06:14:05 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 8D22488E44;
 Tue, 13 Nov 2018 14:14:04 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-87.rdu2.redhat.com
 [10.10.120.87])
 by smtp.corp.redhat.com (Postfix) with ESMTP id D783D105B1E5;
 Tue, 13 Nov 2018 14:14:01 +0000 (UTC)
To: Ruiyu Ni <ruiyu.ni@intel.com>, edk2-devel@lists.01.org
Cc: Eric Dong <eric.dong@intel.com>, Andrew Fish <afish@apple.com>,
 Leif Lindholm <leif.lindholm@linaro.org>,
 Michael D Kinney <michael.d.kinney@intel.com>
References: <20181113073510.31208-1-ruiyu.ni@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <d56a1325-45ae-d060-fc18-9514be0b1bf1@redhat.com>
Date: Tue, 13 Nov 2018 15:13:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20181113073510.31208-1-ruiyu.ni@intel.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.25]); Tue, 13 Nov 2018 14:14:04 +0000 (UTC)
Subject: Re: [PATCH] UefiCpuPkg/CommonFeature: Always set FEATURE_CONTROL.Lock
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 14:14:05 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Hello Ray,

On 11/13/18 08:35, Ruiyu Ni wrote:
> The patch reverts commit 1ed6498c4a0210204bf4b95cc0c0cd6623ad6a0b
> * UefiCpuPkg/CommonFeature: Skip locking when the feature is disabled
> 
> FEATURE_CONTROL.Lock bit is controlled by feature
> CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER. The commit 1ed649 fixes
> a bug that when the feature is disabled, the Lock bit is cleared.
> But it's a security hole if the bit is cleared when booting OS.
> We can argue that platform needs to make sure the value
> of PcdCpuFeaturesUserConfiguration should be set properly to make
> sure feature CPU_FEATURE_LOCK_FEATURE_CONTROL_REGISTER is enabled.
> 
> But it's better to guarantee this in the generic core code.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c | 11 +----------
>  1 file changed, 1 insertion(+), 10 deletions(-)
> 
> diff --git a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> index 631c836857..8c1eb5eb4f 100644
> --- a/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> +++ b/UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Features in MSR_IA32_FEATURE_CONTROL register.
>  
> -  Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved.<BR>
> +  Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
>    This program and the accompanying materials
>    are licensed and made available under the terms and conditions of the BSD License
>    which accompanies this distribution.  The full text of the license may be found at
> @@ -184,15 +184,6 @@ LockFeatureControlRegisterInitialize (
>  {
>    MSR_IA32_FEATURE_CONTROL_REGISTER    *MsrRegister;
>  
> -  //
> -  // When Lock Feature Control Register feature is disabled,
> -  // just skip the MSR lock bit setting.
> -  // The MSR lock bit is cleared by default and write-once in a boot.
> -  //
> -  if (!State) {
> -    return RETURN_SUCCESS;
> -  }
> -
>    //
>    // The scope of Lock bit in the MSR_IA32_FEATURE_CONTROL is core for
>    // below processor type, only program MSR_IA32_FEATURE_CONTROL for thread 0 in each
> 

(1) The following TianoCore BZ:

  https://bugzilla.tianocore.org/show_bug.cgi?id=1305

is in status RESOLVED|FIXED.

When you push this patch:

- please re-open BZ#1305,
- record the commit hash of this patch in BZ#1305.

(2) Please reference BZ#1305 in the commit message.

(3) Eric should provide an R-b for this revert, before you push it. My
current comments are not sufficient for that.

--*--

For the file "UefiCpuPkg/Library/CpuCommonFeaturesLib/FeatureControl.c",
there have been no further commits since 1ed6498c4a02 (with master being
at da2c81ee96eb now), so this looks like a proper revert.

And, assuming your assessment of the security impact is correct, I agree
this revert should be pushed, before we apply the edk2-stable201811 tag.

With (1) through (3) addressed:

Acked-by: Laszlo Ersek <lersek@redhat.com>

Thanks,
Laszlo