tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is valid 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1934

0x0       MicrocodeBegin  MicrocodeEntry  MicrocodeEnd      0xffffffff
|--------------|---------------|---------------|---------------|
                                 valid TotalSize
TotalSize is only valid between 0 and (MicrocodeEnd - MicrocodeEntry).
So add '(UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize)' before
'((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd' to make sure
((UINTN)MicrocodeEntryPoint + TotalSize) wouldn't overflow.

Cc: Eric Dong <eric.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
This commit is contained in:
Zhichao Gao 2019-06-26 12:51:55 +08:00 committed by Eric Dong
parent f426d8744f
commit c54c856218
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
UefiCpuPkg/Library/MpInitLib/Microcode.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Implementation of loading microcode on processors. Implementation of loading microcode on processors.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -167,9 +167,15 @@ MicrocodeDetect (
} }
/// ///
/// Check overflow and whether TotalSize is aligned with 4 bytes. /// 0x0 MicrocodeBegin MicrocodeEntry MicrocodeEnd 0xffffffff
/// |--------------|---------------|---------------|---------------|
/// valid TotalSize
/// TotalSize is only valid between 0 and (MicrocodeEnd - MicrocodeEntry).
/// And it should be aligned with 4 bytes.
/// If the TotalSize is invalid, skip 1KB to check next entry.
/// ///
if ( ((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd || if ( (UINTN)MicrocodeEntryPoint > (MAX_ADDRESS - TotalSize) ||
((UINTN)MicrocodeEntryPoint + TotalSize) > MicrocodeEnd ||
(TotalSize & 0x3) != 0 (TotalSize & 0x3) != 0
) { ) {
MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (((UINTN) MicrocodeEntryPoint) + SIZE_1KB); MicrocodeEntryPoint = (CPU_MICROCODE_HEADER *) (((UINTN) MicrocodeEntryPoint) + SIZE_1KB);