UefiCpuPkg: Move MigrateGdt from DiscoverMemory to TempRamDone. (CVE-2019-11098)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1614
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3160

The GDT still in flash with commit 60b12e69fb1c8c7180fdda92f008248b9ec83db1
after TempRamDone

So move the action to TempRamDone event to avoid reading GDT from flash.

Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Debkumar De <debkumar.de@intel.com>
Cc: Harry Han <harry.han@intel.com>
Cc: Catharine West <catharine.west@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>

diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.c b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
index 40729a09b9eec651c7ea2c2632ec9f0e34e4917a..3c1bad64701d43c601936b37c6b0556fd959c87f 100644 (file)
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.c
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.c
@@ -429,43 +429,6 @@ GetGdtr (
   AsmReadGdtr ((IA32_DESCRIPTOR *)Buffer);\r
 }\r
 \r
-/**\r
-  Migrates the Global Descriptor Table (GDT) to permanent memory.\r
-\r
-  @retval   EFI_SUCCESS           The GDT was migrated successfully.\r
-  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to lack of available memory.\r
-\r
-**/\r
-EFI_STATUS\r
-MigrateGdt (\r
-  VOID\r
-  )\r
-{\r
-  EFI_STATUS          Status;\r
-  UINTN               GdtBufferSize;\r
-  IA32_DESCRIPTOR     Gdtr;\r
-  VOID                *GdtBuffer;\r
-\r
-  AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);\r
-  GdtBufferSize = sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1;\r
-\r
-  Status =  PeiServicesAllocatePool (\r
-              GdtBufferSize,\r
-              &GdtBuffer\r
-              );\r
-  ASSERT (GdtBuffer != NULL);\r
-  if (EFI_ERROR (Status)) {\r
-    return EFI_OUT_OF_RESOURCES;\r
-  }\r
-\r
-  GdtBuffer = ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTOR));\r
-  CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);\r
-  Gdtr.Base = (UINTN) GdtBuffer;\r
-  AsmWriteGdtr (&Gdtr);\r
-\r
-  return EFI_SUCCESS;\r
-}\r
-\r
 /**\r
   Initializes CPU exceptions handlers for the sake of stack switch requirement.\r
 \r

diff --git a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
index ba829d816ee47c2b107f4b6ab659c41a036066b3..7444bdb9687fc8a3a318537eff3bd8991e70fd48 100644 (file)
--- a/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
+++ b/UefiCpuPkg/CpuMpPei/CpuMpPei.inf
@@ -67,7 +67,6 @@
   gUefiCpuPkgTokenSpaceGuid.PcdCpuStackSwitchExceptionList              ## SOMETIMES_CONSUMES\r
   gUefiCpuPkgTokenSpaceGuid.PcdCpuKnownGoodStackSize                    ## SOMETIMES_CONSUMES\r
   gUefiCpuPkgTokenSpaceGuid.PcdCpuApStackSize                           ## SOMETIMES_CONSUMES\r
-  gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes  ## CONSUMES\r
 \r
 [Depex]\r
   TRUE\r

diff --git a/UefiCpuPkg/CpuMpPei/CpuPaging.c b/UefiCpuPkg/CpuMpPei/CpuPaging.c
index 50ad4277af79070b9bacc983159e76403a1758e3..3e261d6657b305619534b3c9fd3df77d54e583ab 100644 (file)
--- a/UefiCpuPkg/CpuMpPei/CpuPaging.c
+++ b/UefiCpuPkg/CpuMpPei/CpuPaging.c
@@ -605,17 +605,9 @@ MemoryDiscoveredPpiNotifyCallback (
 {\r
   EFI_STATUS              Status;\r
   BOOLEAN                 InitStackGuard;\r
-  BOOLEAN                 InterruptState;\r
   EDKII_MIGRATED_FV_INFO  *MigratedFvInfo;\r
   EFI_PEI_HOB_POINTERS    Hob;\r
 \r
-  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {\r
-    InterruptState = SaveAndDisableInterrupts ();\r
-    Status = MigrateGdt ();\r
-    ASSERT_EFI_ERROR (Status);\r
-    SetInterruptState (InterruptState);\r
-  }\r
-\r
   //\r
   // Paging must be setup first. Otherwise the exception TSS setup during MP\r
   // initialization later will not contain paging information and then fail\r

diff --git a/UefiCpuPkg/SecCore/SecCore.inf b/UefiCpuPkg/SecCore/SecCore.inf
index 545781d6b4b397596d865ab3e173f8c44be48020..ded83beb527245cc6907ae394c00db1e2fda22a6 100644 (file)
--- a/UefiCpuPkg/SecCore/SecCore.inf
+++ b/UefiCpuPkg/SecCore/SecCore.inf
@@ -77,6 +77,7 @@
 \r
 [Pcd]\r
   gUefiCpuPkgTokenSpaceGuid.PcdPeiTemporaryRamStackSize  ## CONSUMES\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes  ## CONSUMES\r
 \r
 [UserExtensions.TianoCore."ExtraFiles"]\r
   SecCoreExtra.uni\r

diff --git a/UefiCpuPkg/SecCore/SecMain.c b/UefiCpuPkg/SecCore/SecMain.c
index 155be49a60117b46bdce57307232a252ed692014..2416c4ce56b281ad66626ef95d4bbc6c64d8517e 100644 (file)
--- a/UefiCpuPkg/SecCore/SecMain.c
+++ b/UefiCpuPkg/SecCore/SecMain.c
@@ -35,6 +35,43 @@ EFI_PEI_PPI_DESCRIPTOR            mPeiSecPlatformInformationPpi[] = {
   }\r
 };\r
 \r
+/**\r
+  Migrates the Global Descriptor Table (GDT) to permanent memory.\r
+\r
+  @retval   EFI_SUCCESS           The GDT was migrated successfully.\r
+  @retval   EFI_OUT_OF_RESOURCES  The GDT could not be migrated due to lack of available memory.\r
+\r
+**/\r
+EFI_STATUS\r
+MigrateGdt (\r
+  VOID\r
+  )\r
+{\r
+  EFI_STATUS          Status;\r
+  UINTN               GdtBufferSize;\r
+  IA32_DESCRIPTOR     Gdtr;\r
+  VOID                *GdtBuffer;\r
+\r
+  AsmReadGdtr ((IA32_DESCRIPTOR *) &Gdtr);\r
+  GdtBufferSize = sizeof (IA32_SEGMENT_DESCRIPTOR) -1 + Gdtr.Limit + 1;\r
+\r
+  Status =  PeiServicesAllocatePool (\r
+              GdtBufferSize,\r
+              &GdtBuffer\r
+              );\r
+  ASSERT (GdtBuffer != NULL);\r
+  if (EFI_ERROR (Status)) {\r
+    return EFI_OUT_OF_RESOURCES;\r
+  }\r
+\r
+  GdtBuffer = ALIGN_POINTER (GdtBuffer, sizeof (IA32_SEGMENT_DESCRIPTOR));\r
+  CopyMem (GdtBuffer, (VOID *) Gdtr.Base, Gdtr.Limit + 1);\r
+  Gdtr.Base = (UINTN) GdtBuffer;\r
+  AsmWriteGdtr (&Gdtr);\r
+\r
+  return EFI_SUCCESS;\r
+}\r
+\r
 //\r
 // These are IDT entries pointing to 10:FFFFFFE4h.\r
 //\r
@@ -409,6 +446,14 @@ SecTemporaryRamDone (
   //\r
   State = SaveAndDisableInterrupts ();\r
 \r
+  //\r
+  // Migrate GDT before NEM near down\r
+  //\r
+  if (PcdGetBool (PcdMigrateTemporaryRamFirmwareVolumes)) {\r
+    Status = MigrateGdt ();\r
+    ASSERT_EFI_ERROR (Status);\r
+  }\r
+\r
   //\r
   // Disable Temporary RAM after Stack and Heap have been migrated at this point.\r
   //\r