From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.151; helo=mga17.intel.com;
 envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 7BBCD211A2DAC
 for <edk2-devel@lists.01.org>; Thu, 20 Dec 2018 19:11:12 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
 by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 20 Dec 2018 19:11:11 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,379,1539673200"; d="scan'208";a="102333217"
Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.9])
 by orsmga006.jf.intel.com with ESMTP; 20 Dec 2018 19:11:09 -0800
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Leif Lindholm <leif.lindholm@linaro.org>,
 Liming Gao <liming.gao@intel.com>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Laszlo Ersek <lersek@redhat.com>,
 Jian J Wang <jian.j.wang@intel.com>, Star Zeng <star.zeng@intel.com>,
 Eric Dong <eric.dong@intel.com>, Ruiyu Ni <ruiyu.ni@intel.com>
Date: Fri, 21 Dec 2018 11:11:01 +0800
Message-Id: <20181221031106.12960-1-hao.a.wu@intel.com>
X-Mailer: git-send-email 2.12.0.windows.1
Subject: [PATCH v1 0/5] Ues arch-generic API SpeculationBarrier() to replace AsmLfence()
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2018 03:11:12 -0000

X86 specific BaseLib API AsmLfence() was introduced to address the Spectre
Variant 1 (CVE-2017-5753) issue. The purpose of this API is to insert
barriers to stop speculative execution. However, the API is highly
architecture (X86) specific, and thus should be avoided using across
generic code.

To address this issue, this series will add a new BaseLib API called
SpeculationBarrier(). Different architectures will have different
implementations for this API. And the series will replace the usage of
AsmLfence() in generic codes with this newly added SpeculationBarrier().

For the implementations of API SpeculationBarrier() among different
architectures, this series will:

* For IA32 and x64, SpeculationBarrier() will directly call AsmLfence().
* For ARM and EBC architectures, an empty implementation is temporarily
  added as a placeholder. We hope experts in those domains can help to
  contribute the actual implementation.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>

Hao Wu (5):
  MdePkg/BaseLib: Introduce new SpeculationBarrier API
  MdeModulePkg/FaultTolerantWrite: Update to consume SpeculationBarrier
  MdeModulePkg/SmmLockBox: Update to consume SpeculationBarrier
  MdeModulePkg/Variable: Update to consume SpeculationBarrier
  UefiCpuPkg/PiSmmCpuDxeSmm: Update to consume SpeculationBarrier

 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf                      |  2 +-
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf                             |  2 +-
 MdePkg/Library/BaseLib/BaseLib.inf                                                     |  5 +++
 MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h                      | 10 +++---
 MdePkg/Include/Library/BaseLib.h                                                       | 15 +++++++++
 MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c                   |  8 ++---
 MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c                                 | 12 ++++----
 MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceDxe.c => SpeculationBarrierDxe.c} | 12 +++++---
 MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceSmm.c => SpeculationBarrierSmm.c} | 14 +++++----
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c                                  |  6 ++--
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c                               | 24 +++++++--------
 MdePkg/Library/BaseLib/Arm/SpeculationBarrier.c                                        | 30 ++++++++++++++++++
 MdePkg/Library/BaseLib/Ebc/SpeculationBarrier.c                                        | 30 ++++++++++++++++++
 MdePkg/Library/BaseLib/X86SpeculationBarrier.c                                         | 32 ++++++++++++++++++++
 UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c                                             |  6 ++--
 15 files changed, 163 insertions(+), 45 deletions(-)
 rename MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceDxe.c => SpeculationBarrierDxe.c} (62%)
 rename MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceSmm.c => SpeculationBarrierSmm.c} (61%)
 create mode 100644 MdePkg/Library/BaseLib/Arm/SpeculationBarrier.c
 create mode 100644 MdePkg/Library/BaseLib/Ebc/SpeculationBarrier.c
 create mode 100644 MdePkg/Library/BaseLib/X86SpeculationBarrier.c

-- 
2.12.0.windows.1