From: "Gao, Liming" <liming.gao@intel.com>
To: "Wu, Hao A" <hao.a.wu@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Leif Lindholm <leif.lindholm@linaro.org>,
Laszlo Ersek <lersek@redhat.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API
Date: Sat, 29 Sep 2018 02:33:42 +0000 [thread overview]
Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E31D629@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <20180925061259.31680-2-hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
> -----Original Message-----
> From: Wu, Hao A
> Sent: Tuesday, September 25, 2018 2:13 PM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Ard Biesheuvel <ard.biesheuvel@linaro.org>; Leif Lindholm <leif.lindholm@linaro.org>; Laszlo
> Ersek <lersek@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <liming.gao@intel.com>
> Subject: [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API
>
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193
>
> This commit will add a new BaseLib API AsmLfence(). This API will perform
> a serializing operation on all load-from-memory instructions that were
> issued prior to the call of this function. Please note that this API is
> only available on IA-32 and x64.
>
> The purpose of adding this API is to mitigate of the [CVE-2017-5753]
> Bounds Check Bypass issue when untrusted data are being processed within
> SMM. More details can be referred at the 'Bounds check bypass mitigation'
> section at the below link:
>
> https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
> MdePkg/Include/Library/BaseLib.h | 13 +++++++
> MdePkg/Library/BaseLib/BaseLib.inf | 2 ++
> MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 +++++++++++++++++++
> MdePkg/Library/BaseLib/X64/Lfence.nasm | 38 ++++++++++++++++++++
> 4 files changed, 90 insertions(+)
>
> diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
> index 123ae19dc2..656b7736b1 100644
> --- a/MdePkg/Include/Library/BaseLib.h
> +++ b/MdePkg/Include/Library/BaseLib.h
> @@ -9139,6 +9139,19 @@ AsmWriteTr (
> );
>
> /**
> + Performs a serializing operation on all load-from-memory instructions that
> + were issued prior the AsmLfence function.
> +
> + Executes a LFENCE instruction. This function is only available on IA-32 and x64.
> +
> +**/
> +VOID
> +EFIAPI
> +AsmLfence (
> + VOID
> + );
> +
> +/**
> Patch the immediate operand of an IA32 or X64 instruction such that the byte,
> word, dword or qword operand is encoded at the end of the instruction's
> binary representation.
> diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
> index a1b5ec4b75..ed15c025f9 100644
> --- a/MdePkg/Library/BaseLib/BaseLib.inf
> +++ b/MdePkg/Library/BaseLib/BaseLib.inf
> @@ -68,6 +68,7 @@
>
> [Sources.Ia32]
> Ia32/WriteTr.nasm
> + Ia32/Lfence.nasm
>
> Ia32/Wbinvd.c | MSFT
> Ia32/WriteMm7.c | MSFT
> @@ -346,6 +347,7 @@
> X64/EnableCache.nasm
> X64/DisableCache.nasm
> X64/WriteTr.nasm
> + X64/Lfence.nasm
>
> X64/CpuBreakpoint.c | MSFT
> X64/WriteMsr64.c | MSFT
> diff --git a/MdePkg/Library/BaseLib/Ia32/Lfence.nasm b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
> new file mode 100644
> index 0000000000..f8b2550ef8
> --- /dev/null
> +++ b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
> @@ -0,0 +1,37 @@
> +;------------------------------------------------------------------------------ ;
> +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
> +; This program and the accompanying materials
> +; are licensed and made available under the terms and conditions of the BSD License
> +; which accompanies this distribution. The full text of the license may be found at
> +; http://opensource.org/licenses/bsd-license.php.
> +;
> +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +;
> +; Module Name:
> +;
> +; Lfence.nasm
> +;
> +; Abstract:
> +;
> +; Performs a serializing operation on all load-from-memory instructions that
> +; were issued prior to the call of this function.
> +;
> +; Notes:
> +;
> +;------------------------------------------------------------------------------
> +
> + SECTION .text
> +
> +;------------------------------------------------------------------------------
> +; VOID
> +; EFIAPI
> +; AsmLfence (
> +; VOID
> +; );
> +;------------------------------------------------------------------------------
> +global ASM_PFX(AsmLfence)
> +ASM_PFX(AsmLfence):
> + lfence
> + ret
> +
> diff --git a/MdePkg/Library/BaseLib/X64/Lfence.nasm b/MdePkg/Library/BaseLib/X64/Lfence.nasm
> new file mode 100644
> index 0000000000..e81c77964b
> --- /dev/null
> +++ b/MdePkg/Library/BaseLib/X64/Lfence.nasm
> @@ -0,0 +1,38 @@
> +;------------------------------------------------------------------------------ ;
> +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
> +; This program and the accompanying materials
> +; are licensed and made available under the terms and conditions of the BSD License
> +; which accompanies this distribution. The full text of the license may be found at
> +; http://opensource.org/licenses/bsd-license.php.
> +;
> +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +;
> +; Module Name:
> +;
> +; Lfence.nasm
> +;
> +; Abstract:
> +;
> +; Performs a serializing operation on all load-from-memory instructions that
> +; were issued prior to the call of this function.
> +;
> +; Notes:
> +;
> +;------------------------------------------------------------------------------
> +
> + DEFAULT REL
> + SECTION .text
> +
> +;------------------------------------------------------------------------------
> +; VOID
> +; EFIAPI
> +; AsmLfence (
> +; VOID
> +; );
> +;------------------------------------------------------------------------------
> +global ASM_PFX(AsmLfence)
> +ASM_PFX(AsmLfence):
> + lfence
> + ret
> +
> --
> 2.12.0.windows.1
next prev parent reply other threads:[~2018-09-29 2:34 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-25 6:12 [PATCH v2 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers Hao Wu
2018-09-25 6:12 ` [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API Hao Wu
2018-09-25 13:00 ` Laszlo Ersek
2018-09-26 1:13 ` Wu, Hao A
2018-09-29 2:33 ` Gao, Liming [this message]
2018-09-25 6:12 ` [PATCH v2 2/5] MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix bounds check bypass Hao Wu
2018-09-29 6:11 ` Zeng, Star
2018-09-29 6:21 ` Wu, Hao A
2018-09-29 6:25 ` Zeng, Star
2018-09-25 6:12 ` [PATCH v2 3/5] MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix " Hao Wu
2018-09-29 6:11 ` Zeng, Star
2018-09-25 6:12 ` [PATCH v2 4/5] MdeModulePkg/Variable: " Hao Wu
2018-09-29 6:13 ` Zeng, Star
2018-09-25 6:12 ` [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: " Hao Wu
2018-09-25 12:08 ` Laszlo Ersek
2018-09-26 1:00 ` Wu, Hao A
2018-09-26 0:46 ` Dong, Eric
2018-09-25 20:51 ` [PATCH v2 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers Laszlo Ersek
2018-09-25 20:57 ` Laszlo Ersek
2018-09-26 1:17 ` Wu, Hao A
2018-09-28 13:13 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A89E2EF3DFEDB4C8BFDE51014F606A14E31D629@SHSMSX104.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox