diff options
| author | Zhichao Gao <zhichao.gao@intel.com> | 2019-06-26 12:51:55 +0800 |
|---|---|---|
| committer | Eric Dong <eric.dong@intel.com> | 2019-06-27 09:20:53 +0800 |
| commit | c54c85621826ace8684879fef9eb8ba7f49cfb54 (patch) | |
| tree | ca6eb4bab4d0d30d7ccc5817f90b2ddb04f86f75 /UefiCpuPkg | |
| parent | f426d8744f3f5321cd88b23cf6e93865d5d18e00 (diff) | |
| download | edk2-c54c85621826ace8684879fef9eb8ba7f49cfb54.tar.gz edk2-c54c85621826ace8684879fef9eb8ba7f49cfb54.tar.bz2 edk2-c54c85621826ace8684879fef9eb8ba7f49cfb54.zip | |
UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1934
0x0 MicrocodeBegin MicrocodeEntry MicrocodeEnd 0xffffffff
|--------------|---------------|---------------|---------------|
valid TotalSize
TotalSize is only valid between 0 and (MicrocodeEnd - MicrocodeEntry).
So add '(UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize)' before
'((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd' to make sure
((UINTN)MicrocodeEntryPoint + TotalSize) wouldn't overflow.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Diffstat (limited to 'UefiCpuPkg')
| -rw-r--r-- | UefiCpuPkg/Library/MpInitLib/Microcode.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/UefiCpuPkg/Library/MpInitLib/Microcode.c b/UefiCpuPkg/Library/MpInitLib/Microcode.c index 4763dcfebe..199b1f23ce 100644 --- a/UefiCpuPkg/Library/MpInitLib/Microcode.c +++ b/UefiCpuPkg/Library/MpInitLib/Microcode.c @@ -1,7 +1,7 @@ /** @file
Implementation of loading microcode on processors.
- Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -167,9 +167,15 @@ MicrocodeDetect ( }
///
- /// Check overflow and whether TotalSize is aligned with 4 bytes.
+ /// 0x0 MicrocodeBegin MicrocodeEntry MicrocodeEnd 0xffffffff
+ /// |--------------|---------------|---------------|---------------|
+ /// valid TotalSize
+ /// TotalSize is only valid between 0 and (MicrocodeEnd - MicrocodeEntry).
+ /// And it should be aligned with 4 bytes.
+ /// If the TotalSize is invalid, skip 1KB to check next entry.
///
- if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||
+ if ( (UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize) ||
+ ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||
(TotalSize & 0x3) != 0
) {
MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (((UINTN) MicrocodeEntryPoint) + SIZE_1KB);
|