Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
ovmf.27284
ovmf-bsc1188371-UefiCpuPkg-CpuMpPei-Enable-pagi...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ovmf-bsc1188371-UefiCpuPkg-CpuMpPei-Enable-paging-and-set-NP-flag-to.patch of Package ovmf.27284
From d7c9de51d249ee101b4d90357a4272b36c831047 Mon Sep 17 00:00:00 2001 From: Guomin Jiang <guomin.jiang@intel.com> Date: Thu, 2 Jul 2020 13:03:34 +0800 Subject: [PATCH 7/9] UefiCpuPkg/CpuMpPei: Enable paging and set NP flag to avoid TOCTOU (CVE-2019-11098) REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 To avoid the TOCTOU, enable paging and set Not Present flag so when access any code in the flash range, it will trigger #PF exception. Cc: Eric Dong <eric.dong@intel.com> Cc: Ray Ni <ray.ni@intel.com> Cc: Laszlo Ersek <lersek@redhat.com> Cc: Rahul Kumar <rahul1.kumar@intel.com> Signed-off-by: Guomin Jiang <guomin.jiang@intel.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> --- UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 3 +++ UefiCpuPkg/CpuMpPei/CpuPaging.c | 32 +++++++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) Index: edk2-edk2-stable201911/UefiCpuPkg/CpuMpPei/CpuMpPei.inf =================================================================== --- edk2-edk2-stable201911.orig/UefiCpuPkg/CpuMpPei/CpuMpPei.inf +++ edk2-edk2-stable201911/UefiCpuPkg/CpuMpPei/CpuMpPei.inf @@ -46,6 +46,9 @@ BaseMemoryLib CpuLib +[Guids] + gEdkiiMigratedFvInfoGuid ## SOMETIMES_CONSUMES ## HOB + [Ppis] gEfiPeiMpServicesPpiGuid ## PRODUCES gEfiSecPlatformInformationPpiGuid ## SOMETIMES_CONSUMES Index: edk2-edk2-stable201911/UefiCpuPkg/CpuMpPei/CpuPaging.c =================================================================== --- edk2-edk2-stable201911.orig/UefiCpuPkg/CpuMpPei/CpuPaging.c +++ edk2-edk2-stable201911/UefiCpuPkg/CpuMpPei/CpuPaging.c @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Pa #include <Library/MemoryAllocationLib.h> #include <Library/CpuLib.h> #include <Library/BaseLib.h> +#include <Guid/MigratedFvInfo.h> #include "CpuMpPei.h" @@ -602,9 +603,11 @@ MemoryDiscoveredPpiNotifyCallback ( IN VOID *Ppi ) { - EFI_STATUS Status; - BOOLEAN InitStackGuard; - BOOLEAN InterruptState; + EFI_STATUS Status; + BOOLEAN InitStackGuard; + BOOLEAN InterruptState; + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; + EFI_PEI_HOB_POINTERS Hob; if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { InterruptState = SaveAndDisableInterrupts (); @@ -619,9 +622,14 @@ MemoryDiscoveredPpiNotifyCallback ( // the task switch (for the sake of stack switch). // InitStackGuard = FALSE; - if (IsIa32PaeSupported () && PcdGetBool (PcdCpuStackGuard)) { + Hob.Raw = NULL; + if (IsIa32PaeSupported ()) { + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + InitStackGuard = PcdGetBool (PcdCpuStackGuard); + } + + if (InitStackGuard || Hob.Raw != NULL) { EnablePaging (); - InitStackGuard = TRUE; } Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices); @@ -631,6 +639,20 @@ MemoryDiscoveredPpiNotifyCallback ( SetupStackGuardPage (); } + while (Hob.Raw != NULL) { + MigratedFvInfo = GET_GUID_HOB_DATA (Hob); + + // + // Enable #PF exception, so if the code access SPI after disable NEM, it will generate + // the exception to avoid potential vulnerability. + // + ConvertMemoryPageAttributes (MigratedFvInfo->FvOrgBase, MigratedFvInfo->FvLength, 0); + + Hob.Raw = GET_NEXT_HOB (Hob); + Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); + } + CpuFlushTlb (); + return Status; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor