From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Leif Lindholm <leif.lindholm@linaro.org>,
Laszlo Ersek <lersek@redhat.com>,
Michael D Kinney <michael.d.kinney@intel.com>
Subject: [PATCH v3 1/5] MdePkg/BaseLib: Add new AsmLfence API
Date: Sat, 29 Sep 2018 14:57:32 +0800 [thread overview]
Message-ID: <20180929065736.12796-2-hao.a.wu@intel.com> (raw)
In-Reply-To: <20180929065736.12796-1-hao.a.wu@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193
This commit will add a new BaseLib API AsmLfence(). This API will perform
a serializing operation on all load-from-memory instructions that were
issued prior to the call of this function. Please note that this API is
only available on IA-32 and x64.
The purpose of adding this API is to mitigate of the [CVE-2017-5753]
Bounds Check Bypass issue when untrusted data are being processed within
SMM. More details can be referred at the 'Bounds check bypass mitigation'
section at the below link:
https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
---
MdePkg/Include/Library/BaseLib.h | 13 +++++++
MdePkg/Library/BaseLib/BaseLib.inf | 2 ++
MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 36 +++++++++++++++++++
MdePkg/Library/BaseLib/X64/Lfence.nasm | 37 ++++++++++++++++++++
4 files changed, 88 insertions(+)
diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
index 2fae312f2f..8cc086983d 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -7697,6 +7697,19 @@ AsmWriteTr (
);
/**
+ Performs a serializing operation on all load-from-memory instructions that
+ were issued prior the AsmLfence function.
+
+ Executes a LFENCE instruction. This function is only available on IA-32 and x64.
+
+**/
+VOID
+EFIAPI
+AsmLfence (
+ VOID
+ );
+
+/**
Patch the immediate operand of an IA32 or X64 instruction such that the byte,
word, dword or qword operand is encoded at the end of the instruction's
binary representation.
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
index 64f6b05741..d971189dff 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -68,6 +68,7 @@
[Sources.Ia32]
Ia32/WriteTr.nasm
+ Ia32/Lfence.nasm
Ia32/Wbinvd.c | MSFT
Ia32/WriteMm7.c | MSFT
@@ -346,6 +347,7 @@
X64/EnableCache.nasm
X64/DisableCache.nasm
X64/WriteTr.nasm
+ X64/Lfence.nasm
X64/CpuBreakpoint.c | MSFT
X64/WriteMsr64.c | MSFT
diff --git a/MdePkg/Library/BaseLib/Ia32/Lfence.nasm b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
new file mode 100644
index 0000000000..414f7d7344
--- /dev/null
+++ b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
@@ -0,0 +1,36 @@
+;------------------------------------------------------------------------------ ;
+; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+; This program and the accompanying materials
+; are licensed and made available under the terms and conditions of the BSD License
+; which accompanies this distribution. The full text of the license may be found at
+; http://opensource.org/licenses/bsd-license.php.
+;
+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+;
+; Module Name:
+;
+; Lfence.nasm
+;
+; Abstract:
+;
+; Performs a serializing operation on all load-from-memory instructions that
+; were issued prior to the call of this function.
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+ SECTION .text
+
+;------------------------------------------------------------------------------
+; VOID
+; EFIAPI
+; AsmLfence (
+; VOID
+; );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmLfence)
+ASM_PFX(AsmLfence):
+ lfence
+ ret
diff --git a/MdePkg/Library/BaseLib/X64/Lfence.nasm b/MdePkg/Library/BaseLib/X64/Lfence.nasm
new file mode 100644
index 0000000000..9ee9b563e2
--- /dev/null
+++ b/MdePkg/Library/BaseLib/X64/Lfence.nasm
@@ -0,0 +1,37 @@
+;------------------------------------------------------------------------------ ;
+; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+; This program and the accompanying materials
+; are licensed and made available under the terms and conditions of the BSD License
+; which accompanies this distribution. The full text of the license may be found at
+; http://opensource.org/licenses/bsd-license.php.
+;
+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+;
+; Module Name:
+;
+; Lfence.nasm
+;
+; Abstract:
+;
+; Performs a serializing operation on all load-from-memory instructions that
+; were issued prior to the call of this function.
+;
+; Notes:
+;
+;------------------------------------------------------------------------------
+
+ DEFAULT REL
+ SECTION .text
+
+;------------------------------------------------------------------------------
+; VOID
+; EFIAPI
+; AsmLfence (
+; VOID
+; );
+;------------------------------------------------------------------------------
+global ASM_PFX(AsmLfence)
+ASM_PFX(AsmLfence):
+ lfence
+ ret
--
2.12.0.windows.1
next prev parent reply other threads:[~2018-09-29 6:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-29 6:57 [PATCH v3 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers Hao Wu
2018-09-29 6:57 ` Hao Wu [this message]
2018-09-29 6:57 ` [PATCH v3 2/5] MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix bounds check bypass Hao Wu
2018-09-29 6:57 ` [PATCH v3 3/5] MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix " Hao Wu
2018-09-29 6:57 ` [PATCH v3 4/5] MdeModulePkg/Variable: " Hao Wu
2018-09-29 6:57 ` [PATCH v3 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: " Hao Wu
2018-09-29 17:33 ` [PATCH v3 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers Laszlo Ersek
2018-09-30 5:20 ` Wu, Hao A
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180929065736.12796-2-hao.a.wu@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox