[edk2-devel] [PATCH v1 1/1] IntelSiliconPkg/ShadowMicrocodePei: Add microcode header verification.
Ni, Ray
ray.ni at intel.com
Thu Feb 4 05:44:29 UTC 2021
Reviewed-by: Ray Ni <ray.ni at intel.com>
> -----Original Message-----
> From: Fu, Siyuan <siyuan.fu at intel.com>
> Sent: Thursday, February 4, 2021 1:40 PM
> To: Li, Aaron <aaron.li at intel.com>; devel at edk2.groups.io
> Cc: Ni, Ray <ray.ni at intel.com>; Chaganty, Rangasai V
> <rangasai.v.chaganty at intel.com>
> Subject: RE: [PATCH v1 1/1] IntelSiliconPkg/ShadowMicrocodePei: Add
> microcode header verification.
>
> Reviewed-by: Siyuan Fu <siyuan.fu at intel.com>
>
> > -----Original Message-----
> > From: Li, Aaron <aaron.li at intel.com>
> > Sent: 2021年2月3日 15:06
> > To: devel at edk2.groups.io
> > Cc: Ni, Ray <ray.ni at intel.com>; Chaganty, Rangasai V
> > <rangasai.v.chaganty at intel.com>; Fu, Siyuan <siyuan.fu at intel.com>
> > Subject: [PATCH v1 1/1] IntelSiliconPkg/ShadowMicrocodePei: Add
> microcode
> > header verification.
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3196
> >
> > Microcode header should be checked before calling
> > IsMicrocodePatchNeedLoad(). This is to make sure garbage value after
> > remove microcode from FV would not cause stack overflow in
> > IsMicrocodePatchNeedLoad().
> >
> > Signed-off-by: Aaron Li <aaron.li at intel.com>
> > Cc: Ray Ni <ray.ni at intel.com>
> > Cc: Rangasai V Chaganty <rangasai.v.chaganty at intel.com>
> > Cc: Siyuan Fu <siyuan.fu at intel.com>
> > ---
> >
> >
> Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocodeP
> ei.c
> > | 30 +++++++++++++++++++-
> > 1 file changed, 29 insertions(+), 1 deletion(-)
> >
> > diff --git
> >
> a/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocod
> ePe
> > i.c
> >
> b/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocod
> ePe
> > i.c
> > index 1494397a8e36..98a7aed69757 100644
> > ---
> >
> a/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocod
> ePe
> > i.c
> > +++
> >
> b/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocod
> ePe
> > i.c
> > @@ -402,6 +402,7 @@ ShadowMicrocode (
> > UINTN MaxPatchNumber;
> >
> > CPU_MICROCODE_HEADER *MicrocodeEntryPoint;
> >
> > UINTN PatchCount;
> >
> > + UINTN DataSize;
> >
> > UINTN TotalSize;
> >
> > UINTN TotalLoadSize;
> >
> >
> >
> > @@ -446,7 +447,34 @@ ShadowMicrocode (
> > for (Index = 0; Index < EntryNum; Index++) {
> >
> > if (FitEntry[Index].Type == FIT_TYPE_01_MICROCODE) {
> >
> > MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (UINTN)
> > FitEntry[Index].Address;
> >
> > - TotalSize = (MicrocodeEntryPoint->DataSize == 0) ? 2048 :
> > MicrocodeEntryPoint->TotalSize;
> >
> > +
> >
> > + if (*(UINT32 *) MicrocodeEntryPoint == 0xFFFFFFFF) {
> >
> > + //
> >
> > + // An empty slot for reserved microcode update, skip to check next
> entry.
> >
> > + //
> >
> > + continue;
> >
> > + }
> >
> > +
> >
> > + if (MicrocodeEntryPoint->HeaderVersion != 0x1) {
> >
> > + //
> >
> > + // Not a valid microcode header, skip to check next entry.
> >
> > + //
> >
> > + continue;
> >
> > + }
> >
> > +
> >
> > + DataSize = MicrocodeEntryPoint->DataSize;
> >
> > + TotalSize = (DataSize == 0) ? 2048 : MicrocodeEntryPoint->TotalSize;
> >
> > + if ( (UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize) ||
> >
> > + (DataSize & 0x3) != 0 ||
> >
> > + (TotalSize & (SIZE_1KB - 1)) != 0 ||
> >
> > + TotalSize < DataSize
> >
> > + ) {
> >
> > + //
> >
> > + // Not a valid microcode header, skip to check next entry.
> >
> > + //
> >
> > + continue;
> >
> > + }
> >
> > +
> >
> > if (IsMicrocodePatchNeedLoad (CpuIdCount, MicrocodeCpuId,
> > MicrocodeEntryPoint)) {
> >
> > PatchInfoBuffer[PatchCount].Address = (UINTN)
> MicrocodeEntryPoint;
> >
> > PatchInfoBuffer[PatchCount].Size = TotalSize;
> >
> > --
> > 2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#71181): https://edk2.groups.io/g/devel/message/71181
Mute This Topic: https://groups.io/mt/80348273/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list