On 07/08/20 10:10, Guomin Jiang wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1614 > > To avoid the TOCTOU, enable paging and set Not Present flag so when > access any code in the flash range, it will trigger #NP exception. > > Cc: Eric Dong <eric.d...@intel.com> > Cc: Ray Ni <ray...@intel.com> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Rahul Kumar <rahul1.ku...@intel.com> > Signed-off-by: Guomin Jiang <guomin.ji...@intel.com> > --- > UefiCpuPkg/CpuMpPei/CpuMpPei.inf | 3 +++ > UefiCpuPkg/CpuMpPei/CpuPaging.c | 26 ++++++++++++++++++++++++-- > 2 files changed, 27 insertions(+), 2 deletions(-) > > diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf > b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf > index f4d11b861f77..7e511325d8b8 100644 > --- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf > +++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf > @@ -46,6 +46,9 @@ [LibraryClasses] > BaseMemoryLib > CpuLib > > +[Guids] > + gEdkiiMigratedFvInfoGuid ## > SOMETIMES_CONSUMES ## HOB > + > [Ppis] > gEfiPeiMpServicesPpiGuid ## PRODUCES > gEfiSecPlatformInformationPpiGuid ## SOMETIMES_CONSUMES > diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c > index 3bf0574b34c6..04a16fb2b620 100644 > --- a/UefiCpuPkg/CpuMpPei/CpuPaging.c > +++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c > @@ -12,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include <Library/MemoryAllocationLib.h> > #include <Library/CpuLib.h> > #include <Library/BaseLib.h> > +#include <Guid/MigratedFvInfo.h> > > #include "CpuMpPei.h" > > @@ -605,6 +606,8 @@ MemoryDiscoveredPpiNotifyCallback ( > EFI_STATUS Status; > BOOLEAN InitStackGuard; > BOOLEAN InterruptState; > + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; > + EFI_PEI_HOB_POINTERS Hob; > > if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) { > InterruptState = SaveAndDisableInterrupts (); > @@ -619,9 +622,14 @@ MemoryDiscoveredPpiNotifyCallback ( > // the task switch (for the sake of stack switch). > // > InitStackGuard = FALSE; > - if (IsIa32PaeSupported () && PcdGetBool (PcdCpuStackGuard)) { > + Hob.Raw = NULL; > + if (IsIa32PaeSupported ()) { > + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); > + InitStackGuard = PcdGetBool (PcdCpuStackGuard); > + } > + > + if (InitStackGuard || Hob.Raw != NULL) { > EnablePaging (); > - InitStackGuard = TRUE; > } > > Status = InitializeCpuMpWorker ((CONST EFI_PEI_SERVICES **)PeiServices); > @@ -631,6 +639,20 @@ MemoryDiscoveredPpiNotifyCallback ( > SetupStackGuardPage (); > } > > + while (Hob.Raw != NULL) { > + MigratedFvInfo = GET_GUID_HOB_DATA (Hob); > + > + // > + // Enable #NP exception, so if the code access after disable NEM, it > will generate > + // to avoid potential vulnerability. > + // > + ConvertMemoryPageAttributes (MigratedFvInfo->FvOrgBase, > MigratedFvInfo->FvLength, 0); > + > + Hob.Raw = GET_NEXT_HOB (Hob); > + Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); > + } > + CpuFlushTlb (); > + > return Status; > } > >
Acked-by: Laszlo Ersek <ler...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#62259): https://edk2.groups.io/g/devel/message/62259 Mute This Topic: https://groups.io/mt/75372267/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
