[edk2-devel] [PATCH v6 03/10] UefiCpuPkg/CpuMpPei: Add GDT migration support (CVE-2019-11098)

Wang, Jian J jian.j.wang at intel.com
Wed Jul 22 02:43:09 UTC 2020 


Reviewed-by: Jian J Wang <jian.j.wang at intel.com>

Regards,
Jian

> -----Original Message-----
> From: devel at edk2.groups.io <devel at edk2.groups.io> On Behalf Of Guomin
> Jiang
> Sent: Monday, July 20, 2020 7:30 PM
> To: devel at edk2.groups.io
> Cc: Michael Kubacki <michael.a.kubacki at intel.com>; Dong, Eric
> <eric.dong at intel.com>; Ni, Ray <ray.ni at intel.com>; Laszlo Ersek
> <lersek at redhat.com>; Kumar, Rahul1 <rahul1.kumar at intel.com>
> Subject: [edk2-devel] [PATCH v6 03/10] UefiCpuPkg/CpuMpPei: Add GDT
> migration support (CVE-2019-11098)
> 
> From: Michael Kubacki <michael.a.kubacki at intel.com>
> 
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614
> 
> Moves the GDT to permanent memory in a memory discovered
> callback. This is done to ensure the GDT authenticated in
> pre-memory is not fetched from outside a verified location
> after the permanent memory transition.
> 
> Cc: Eric Dong <eric.dong at intel.com>
> Cc: Ray Ni <ray.ni at intel.com>
> Cc: Laszlo Ersek <lersek at redhat.com>
> Cc: Rahul Kumar <rahul1.kumar at intel.com>
> Signed-off-by: Michael Kubacki <michael.a.kubacki at intel.com>
> Reviewed-by: Laszlo Ersek <lersek at redhat.com>
> ---
>  UefiCpuPkg/CpuMpPei/CpuMpPei.inf |  1 +
>  UefiCpuPkg/CpuMpPei/CpuMpPei.h   | 12 +++++++++++
>  UefiCpuPkg/CpuMpPei/CpuMpPei.c   | 37
> ++++++++++++++++++++++++++++++++
>  UefiCpuPkg/CpuMpPei/CpuPaging.c  | 12 +++++++++--
>  4 files changed, 60 insertions(+), 2 deletions(-)
> 
> diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
> b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
> index caead3ce34d4..f4d11b861f77 100644
> --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
> +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
> @@ -63,6 +63,7 @@ [Pcd]
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList              ##
> SOMETIMES_CONSUMES
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize                    ##
> SOMETIMES_CONSUMES
>    gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize                           ##
> SOMETIMES_CONSUMES
> +
> gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolum
> es  ## CONSUMES
> 
>  [Depex]
>    TRUE
> diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.h
> b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
> index 7d5c527d6006..309478cbe14c 100644
> --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.h
> +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.h
> @@ -397,6 +397,18 @@ SecPlatformInformation2 (
>       OUT EFI_SEC_PLATFORM_INFORMATION_RECORD2
> *PlatformInformationRecord2
>    );
> 
> +/**
> +  Migrates the Global Descriptor Table (GDT) to permanent memory.
> +
> +  @retval   EFI_SUCCESS           The GDT was migrated successfully.
> +  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to
> lack of available memory.
> +
> +**/
> +EFI_STATUS
> +MigrateGdt (
> +  VOID
> +  );
> +
>  /**
>    Initializes MP and exceptions handlers.
> 
> diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
> b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
> index 07ccbe7c6a91..d07540cf7471 100644
> --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
> +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
> @@ -429,6 +429,43 @@ GetGdtr (
>    AsmReadGdtr ((IA32_DESCRIPTOR *)Buffer);
>  }
> 
> +/**
> +  Migrates the Global Descriptor Table (GDT) to permanent memory.
> +
> +  @retval   EFI_SUCCESS           The GDT was migrated successfully.
> +  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to
> lack of available memory.
> +
> +**/
> +EFI_STATUS
> +MigrateGdt (
> +  VOID
> +  )
> +{
> +  EFI_STATUS          Status;
> +  UINTN               GdtBufferSize;
> +  IA32_DESCRIPTOR     Gdtr;
> +  VOID                *GdtBuffer;
> +
> +  AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);
> +  GdtBufferSize = sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1;
> +
> +  Status =  PeiServicesAllocatePool (
> +              GdtBufferSize,
> +              &GdtBuffer
> +              );
> +  ASSERT (GdtBuffer != NULL);
> +  if (EFI_ERROR (Status)) {
> +    return EFI_OUT_OF_RESOURCES;
> +  }
> +
> +  GdtBuffer = ALIGN_POINTER (GdtBuffer, sizeof
> (IA32_SEGMENT_DESCRIPTOR));
> +  CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
> +  Gdtr.Base = (UINTN) GdtBuffer;
> +  AsmWriteGdtr (&Gdtr);
> +
> +  return EFI_SUCCESS;
> +}
> +
>  /**
>    Initializes CPU exceptions handlers for the sake of stack switch requirement.
> 
> diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c
> b/UefiCpuPkg/CpuMpPei/CpuPaging.c
> index a462e7ee1e38..3bf0574b34c6 100644
> --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
> +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
> @@ -602,8 +602,16 @@ MemoryDiscoveredPpiNotifyCallback (
>    IN VOID                       *Ppi
>    )
>  {
> -  EFI_STATUS      Status;
> -  BOOLEAN         InitStackGuard;
> +  EFI_STATUS  Status;
> +  BOOLEAN     InitStackGuard;
> +  BOOLEAN     InterruptState;
> +
> +  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
> +    InterruptState = SaveAndDisableInterrupts ();
> +    Status = MigrateGdt ();
> +    ASSERT_EFI_ERROR (Status);
> +    SetInterruptState (InterruptState);
> +  }
> 
>    //
>    // Paging must be setup first. Otherwise the exception TSS setup during MP
> --
> 2.25.1.windows.1
> 
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#63051): https://edk2.groups.io/g/devel/message/63051
Mute This Topic: https://groups.io/mt/75679703/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-

More information about the edk2-devel-archive mailing list