1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
From f6ec1dd34fb6b9757b5ead465ee2ea20c182b0ac Mon Sep 17 00:00:00 2001
From: Guomin Jiang <guomin.jiang@intel.com>
Date: Wed, 13 Jan 2021 18:08:09 +0800
Subject: [PATCH] UefiCpuPkg: Move MigrateGdt from DiscoverMemory to
TempRamDone. (CVE-2019-11098)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1614
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3160
The GDT still in flash with commit 60b12e69fb1c8c7180fdda92f008248b9ec83db1
after TempRamDone
So move the action to TempRamDone event to avoid reading GDT from flash.
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
---
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 37 --------------------------
UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 1 -
UefiCpuPkg/CpuMpPei/CpuPaging.c | 8 ------
UefiCpuPkg/SecCore/SecCore.inf | 1 +
UefiCpuPkg/SecCore/SecMain.c | 45 ++++++++++++++++++++++++++++++++
5 files changed, 46 insertions(+), 46 deletions(-)
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
index 40729a09b9..3c1bad6470 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
@@ -429,43 +429,6 @@ GetGdtr (
AsmReadGdtr ((IA32_DESCRIPTOR *)Buffer);
}
-/**
- Migrates the Global Descriptor Table (GDT) to permanent memory.
-
- @retval EFI_SUCCESS The GDT was migrated successfully.
- @retval EFI_OUT_OF_RESOURCES The GDT could not be migrated due to lack of available memory.
-
-**/
-EFI_STATUS
-MigrateGdt (
- VOID
- )
-{
- EFI_STATUS Status;
- UINTN GdtBufferSize;
- IA32_DESCRIPTOR Gdtr;
- VOID *GdtBuffer;
-
- AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);
- GdtBufferSize = sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1;
-
- Status = PeiServicesAllocatePool (
- GdtBufferSize,
- &GdtBuffer
- );
- ASSERT (GdtBuffer != NULL);
- if (EFI_ERROR (Status)) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- GdtBuffer = ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTOR));
- CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
- Gdtr.Base = (UINTN) GdtBuffer;
- AsmWriteGdtr (&Gdtr);
-
- return EFI_SUCCESS;
-}
-
/**
Initializes CPU exceptions handlers for the sake of stack switch requirement.
diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
index ba829d816e..7444bdb968 100644
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
@@ -67,7 +67,6 @@
gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList ## SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize ## SOMETIMES_CONSUMES
gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize ## SOMETIMES_CONSUMES
- gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes ## CONSUMES
[Depex]
TRUE
diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c
index 50ad4277af..3e261d6657 100644
--- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
+++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
@@ -605,17 +605,9 @@ MemoryDiscoveredPpiNotifyCallback (
{
EFI_STATUS Status;
BOOLEAN InitStackGuard;
- BOOLEAN InterruptState;
EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
EFI_PEI_HOB_POINTERS Hob;
- if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
- InterruptState = SaveAndDisableInterrupts ();
- Status = MigrateGdt ();
- ASSERT_EFI_ERROR (Status);
- SetInterruptState (InterruptState);
- }
-
//
// Paging must be setup first. Otherwise the exception TSS setup during MP
// initialization later will not contain paging information and then fail
diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf
index 545781d6b4..ded83beb52 100644
--- a/UefiCpuPkg/SecCore/SecCore.inf
+++ b/UefiCpuPkg/SecCore/SecCore.inf
@@ -77,6 +77,7 @@
[Pcd]
gUefiCpuPkgTokenSpaceGuid.PcdPeiTemporaryRamStackSize ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes ## CONSUMES
[UserExtensions.TianoCore."ExtraFiles"]
SecCoreExtra.uni
diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
index 155be49a60..2416c4ce56 100644
--- a/UefiCpuPkg/SecCore/SecMain.c
+++ b/UefiCpuPkg/SecCore/SecMain.c
@@ -35,6 +35,43 @@ EFI_PEI_PPI_DESCRIPTOR mPeiSecPlatformInformationPpi[] = {
}
};
+/**
+ Migrates the Global Descriptor Table (GDT) to permanent memory.
+
+ @retval EFI_SUCCESS The GDT was migrated successfully.
+ @retval EFI_OUT_OF_RESOURCES The GDT could not be migrated due to lack of available memory.
+
+**/
+EFI_STATUS
+MigrateGdt (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINTN GdtBufferSize;
+ IA32_DESCRIPTOR Gdtr;
+ VOID *GdtBuffer;
+
+ AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);
+ GdtBufferSize = sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1;
+
+ Status = PeiServicesAllocatePool (
+ GdtBufferSize,
+ &GdtBuffer
+ );
+ ASSERT (GdtBuffer != NULL);
+ if (EFI_ERROR (Status)) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ GdtBuffer = ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTOR));
+ CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);
+ Gdtr.Base = (UINTN) GdtBuffer;
+ AsmWriteGdtr (&Gdtr);
+
+ return EFI_SUCCESS;
+}
+
//
// These are IDT entries pointing to 10:FFFFFFE4h.
//
@@ -409,6 +446,14 @@ SecTemporaryRamDone (
//
State = SaveAndDisableInterrupts ();
+ //
+ // Migrate GDT before NEM near down
+ //
+ if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {
+ Status = MigrateGdt ();
+ ASSERT_EFI_ERROR (Status);
+ }
+
//
// Disable Temporary RAM after Stack and Heap have been migrated at this point.
//
--
2.27.0
|
