[edk2-devel] [PATCH v1 1/1] IntelSiliconPkg/ShadowMicrocodePei: Add microcode header verification.

Tue, 02 Feb 2021 23:06:09 -0800 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3196

Microcode header should be checked before calling
IsMicrocodePatchNeedLoad(). This is to make sure garbage value after
remove microcode from FV would not cause stack overflow in
IsMicrocodePatchNeedLoad().

Signed-off-by: Aaron Li <aaron...@intel.com>
Cc: Ray Ni <ray...@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaga...@intel.com>
Cc: Siyuan Fu <siyuan...@intel.com>
---
 Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocodePei.c | 
30 +++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git 
a/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocodePei.c 
b/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocodePei.c
index 1494397a8e36..98a7aed69757 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocodePei.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/ShadowMicrocode/ShadowMicrocodePei.c
@@ -402,6 +402,7 @@ ShadowMicrocode (
   UINTN                             MaxPatchNumber;
   CPU_MICROCODE_HEADER              *MicrocodeEntryPoint;
   UINTN                             PatchCount;
+  UINTN                             DataSize;
   UINTN                             TotalSize;
   UINTN                             TotalLoadSize;
 
@@ -446,7 +447,34 @@ ShadowMicrocode (
   for (Index = 0; Index < EntryNum; Index++) {
     if (FitEntry[Index].Type == FIT_TYPE_01_MICROCODE) {
       MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (UINTN) 
FitEntry[Index].Address;
-      TotalSize = (MicrocodeEntryPoint->DataSize == 0) ? 2048 : 
MicrocodeEntryPoint->TotalSize;
+
+      if (*(UINT32 *) MicrocodeEntryPoint == 0xFFFFFFFF) {
+        //
+        // An empty slot for reserved microcode update, skip to check next 
entry.
+        //
+        continue;
+      }
+
+      if (MicrocodeEntryPoint->HeaderVersion != 0x1) {
+        //
+        // Not a valid microcode header, skip to check next entry.
+        //
+        continue;
+      }
+
+      DataSize  = MicrocodeEntryPoint->DataSize;
+      TotalSize = (DataSize == 0) ? 2048 : MicrocodeEntryPoint->TotalSize;
+      if ( (UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize) ||
+           (DataSize & 0x3) != 0 ||
+           (TotalSize & (SIZE_1KB - 1)) != 0 ||
+           TotalSize < DataSize
+        ) {
+        //
+        // Not a valid microcode header, skip to check next entry.
+        //
+        continue;
+      }
+
       if (IsMicrocodePatchNeedLoad (CpuIdCount, MicrocodeCpuId, 
MicrocodeEntryPoint)) {
         PatchInfoBuffer[PatchCount].Address     = (UINTN) MicrocodeEntryPoint;
         PatchInfoBuffer[PatchCount].Size        = TotalSize;
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#71096): https://edk2.groups.io/g/devel/message/71096
Mute This Topic: https://groups.io/mt/80348273/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to