From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id DF9BB2114844E for ; Wed, 19 Sep 2018 23:41:09 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2018 23:41:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,397,1531810800"; d="scan'208";a="234436628" Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.19]) by orsmga004.jf.intel.com with ESMTP; 19 Sep 2018 23:41:07 -0700 From: Hao Wu To: edk2-devel@lists.01.org Cc: Hao Wu , Ard Biesheuvel , Laszlo Ersek , Jiewen Yao , Michael D Kinney , Liming Gao , Star Zeng , Eric Dong Date: Thu, 20 Sep 2018 14:40:58 +0800 Message-Id: <20180920064103.14600-1-hao.a.wu@intel.com> X-Mailer: git-send-email 2.12.0.windows.1 Subject: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2018 06:41:10 -0000 The series aims to mitigate the Bounds Check Bypass (CVE-2017-5753) issues within SMI handlers. A more detailed explanation of the purpose of the series is under the 'Bounds check bypass mitigation' section of the below link: https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation And the document at: https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf Cc: Ard Biesheuvel Cc: Laszlo Ersek Cc: Jiewen Yao Cc: Michael D Kinney Cc: Liming Gao Cc: Star Zeng Cc: Eric Dong Hao Wu (5): MdePkg/BaseLib: Add new LoadFence API MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix bounds check bypass MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds check bypass MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds check bypass UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds check bypass MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 2 ++ MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf | 1 + MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c | 2 ++ MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 1 + MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 3 ++ MdePkg/Include/Library/BaseLib.h | 12 +++++++ MdePkg/Library/BaseLib/Arm/LoadFence.c | 26 ++++++++++++++ MdePkg/Library/BaseLib/BaseLib.inf | 4 +++ MdePkg/Library/BaseLib/Ebc/CpuBreakpoint.c | 15 +++++++- MdePkg/Library/BaseLib/Ia32/LoadFence.nasm | 37 +++++++++++++++++++ MdePkg/Library/BaseLib/X64/LoadFence.nasm | 38 ++++++++++++++++++++ UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 1 + 12 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 MdePkg/Library/BaseLib/Arm/LoadFence.c create mode 100644 MdePkg/Library/BaseLib/Ia32/LoadFence.nasm create mode 100644 MdePkg/Library/BaseLib/X64/LoadFence.nasm -- 2.12.0.windows.1