From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hao.a.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.151; helo=mga17.intel.com;
 envelope-from=hao.a.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 5CF8C211A2DAC
 for <edk2-devel@lists.01.org>; Thu, 20 Dec 2018 19:11:18 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga006.jf.intel.com ([10.7.209.51])
 by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 20 Dec 2018 19:11:18 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.56,379,1539673200"; d="scan'208";a="102333258"
Received: from shwdeopenpsi014.ccr.corp.intel.com ([10.239.9.9])
 by orsmga006.jf.intel.com with ESMTP; 20 Dec 2018 19:11:16 -0800
From: Hao Wu <hao.a.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Hao Wu <hao.a.wu@intel.com>, Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Jiewen Yao <jiewen.yao@intel.com>, Liming Gao <liming.gao@intel.com>,
 Jian J Wang <jian.j.wang@intel.com>, Star Zeng <star.zeng@intel.com>
Date: Fri, 21 Dec 2018 11:11:05 +0800
Message-Id: <20181221031106.12960-5-hao.a.wu@intel.com>
X-Mailer: git-send-email 2.12.0.windows.1
In-Reply-To: <20181221031106.12960-1-hao.a.wu@intel.com>
References: <20181221031106.12960-1-hao.a.wu@intel.com>
Subject: [PATCH v1 4/5] MdeModulePkg/Variable: Update to consume SpeculationBarrier
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2018 03:11:18 -0000

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1417

Since BaseLib API AsmLfence() is a x86 arch specific API and should be
avoided using in generic codes, this commit replaces the usage of
AsmLfence() with arch-generic API SpeculationBarrier().

Please note that speculation execution barriers are intended to be
asserted for SMM codes, hence, this commit still preserve an empty
implementation of the speculation execution barrier for the DXE codes.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf                      |  2 +-
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf                             |  2 +-
 MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h                      | 10 ++++----
 MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceDxe.c => SpeculationBarrierDxe.c} | 12 ++++++----
 MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceSmm.c => SpeculationBarrierSmm.c} | 14 +++++++-----
 MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c                                  |  6 ++---
 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c                               | 24 ++++++++++----------
 7 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 868981ccaf..7ef8a97f5d 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -46,7 +46,7 @@
   TcgMorLockDxe.c
   VarCheck.c
   VariableExLib.c
-  LoadFenceDxe.c
+  SpeculationBarrierDxe.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index 2fe72ff8a4..db7d220e06 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -54,7 +54,7 @@
   PrivilegePolymorphic.h
   VariableExLib.c
   TcgMorLockSmm.c
-  LoadFenceSmm.c
+  SpeculationBarrierSmm.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h
index a324ad2365..7af22a4ad6 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h
@@ -85,13 +85,15 @@ SetVariableCheckHandlerMor (
   );
 
 /**
-  This service is consumed by the variable modules to perform a serializing
-  operation on all load-from-memory instructions that were issued prior to the
-  call of this function.
+  This service is consumed by the variable modules to place a barrier to stop
+  speculative execution.
+
+  Ensures that no later instruction will execute speculatively, until all prior
+  instructions have completed.
 
 **/
 VOID
-MemoryLoadFence (
+VariableSpeculationBarrier (
   VOID
   );
 
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c
similarity index 62%
rename from MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c
rename to MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c
index 0f64ee093b..bc3f695335 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c
@@ -1,5 +1,5 @@
 /** @file
-  Serialize operation on all load-from-memory instructions (DXE version).
+  Barrier to stop speculative execution (DXE version).
 
 Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
@@ -15,13 +15,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include "Variable.h"
 
 /**
-  This service is consumed by the variable modules to perform a serializing
-  operation on all load-from-memory instructions that were issued prior to the
-  call of this function.
+  This service is consumed by the variable modules to place a barrier to stop
+  speculative execution.
+
+  Ensures that no later instruction will execute speculatively, until all prior
+  instructions have completed.
 
 **/
 VOID
-MemoryLoadFence (
+VariableSpeculationBarrier (
   VOID
   )
 {
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c
similarity index 61%
rename from MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c
rename to MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c
index 4b0d7e3e95..dbc20f6c4d 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c
@@ -1,5 +1,5 @@
 /** @file
-  Serialize operation on all load-from-memory instructions (SMM version).
+  Barrier to stop speculative execution (SMM version).
 
 Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials
@@ -16,15 +16,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include "Variable.h"
 
 /**
-  This service is consumed by the variable modules to perform a serializing
-  operation on all load-from-memory instructions that were issued prior to the
-  call of this function.
+  This service is consumed by the variable modules to place a barrier to stop
+  speculative execution.
+
+  Ensures that no later instruction will execute speculatively, until all prior
+  instructions have completed.
 
 **/
 VOID
-MemoryLoadFence (
+VariableSpeculationBarrier (
   VOID
   )
 {
-  AsmLfence ();
+  SpeculationBarrier ();
 }
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index d100b1dcc5..443cf07144 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -3201,11 +3201,11 @@ VariableServiceSetVariable (
       return EFI_SECURITY_VIOLATION;
     }
     //
-    // The MemoryLoadFence() call here is to ensure the above sanity check
-    // for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed
+    // The VariableSpeculationBarrier() call here is to ensure the above sanity
+    // check for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed
     // before the execution of subsequent codes.
     //
-    MemoryLoadFence ();
+    VariableSpeculationBarrier ();
     PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
   } else {
     PayloadSize = DataSize;
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index 6dc19c24db..8c53f84ff6 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -538,11 +538,11 @@ SmmVariableHandler (
       }
 
       //
-      // The MemoryLoadFence() call here is to ensure the previous range/content
-      // checks for the CommBuffer have been completed before the subsequent
-      // consumption of the CommBuffer content.
+      // The VariableSpeculationBarrier() call here is to ensure the previous
+      // range/content checks for the CommBuffer have been completed before the
+      // subsequent consumption of the CommBuffer content.
       //
-      MemoryLoadFence ();
+      VariableSpeculationBarrier ();
       if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
         //
         // Make sure VariableName is A Null-terminated string.
@@ -638,11 +638,11 @@ SmmVariableHandler (
       }
 
       //
-      // The MemoryLoadFence() call here is to ensure the previous range/content
-      // checks for the CommBuffer have been completed before the subsequent
-      // consumption of the CommBuffer content.
+      // The VariableSpeculationBarrier() call here is to ensure the previous
+      // range/content checks for the CommBuffer have been completed before the
+      // subsequent consumption of the CommBuffer content.
       //
-      MemoryLoadFence ();
+      VariableSpeculationBarrier ();
       if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
         //
         // Make sure VariableName is A Null-terminated string.
@@ -779,11 +779,11 @@ SmmVariableHandler (
       }
 
       //
-      // The MemoryLoadFence() call here is to ensure the previous range/content
-      // checks for the CommBuffer have been completed before the subsequent
-      // consumption of the CommBuffer content.
+      // The VariableSpeculationBarrier() call here is to ensure the previous
+      // range/content checks for the CommBuffer have been completed before the
+      // subsequent consumption of the CommBuffer content.
       //
-      MemoryLoadFence ();
+      VariableSpeculationBarrier ();
       if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
         //
         // Make sure VariableName is A Null-terminated string.
-- 
2.12.0.windows.1