From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.43; helo=mga05.intel.com; envelope-from=liming.gao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 81A6E2194D387 for ; Sun, 23 Dec 2018 19:15:46 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Dec 2018 19:15:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,390,1539673200"; d="scan'208";a="306227740" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by fmsmga005.fm.intel.com with ESMTP; 23 Dec 2018 19:15:46 -0800 Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 23 Dec 2018 19:15:46 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 23 Dec 2018 19:15:46 -0800 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.203]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.222]) with mapi id 14.03.0415.000; Mon, 24 Dec 2018 11:15:44 +0800 From: "Gao, Liming" To: "Wu, Hao A" , "edk2-devel@lists.01.org" CC: Ard Biesheuvel , Leif Lindholm , "Kinney, Michael D" , "Yao, Jiewen" , Laszlo Ersek Thread-Topic: [PATCH v1 1/5] MdePkg/BaseLib: Introduce new SpeculationBarrier API Thread-Index: AQHUmNribLTtuR4vGUqZ2EGys9lqFKWNOivg Date: Mon, 24 Dec 2018 03:15:42 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E390A39@SHSMSX104.ccr.corp.intel.com> References: <20181221031106.12960-1-hao.a.wu@intel.com> <20181221031106.12960-2-hao.a.wu@intel.com> In-Reply-To: <20181221031106.12960-2-hao.a.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNjFjYzU0MjUtNzU0Mi00MzNlLWI2NmYtODNkMGM0ZmJjN2ViIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoickJcL2tZd0RpdzZwZjR5RThkVU5lRDlKU0R0ejdIcjl1UmRyRTdxekl4THk3RFhwWXFBeVFUZUhFSll1ZWlJb0oifQ== dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v1 1/5] MdePkg/BaseLib: Introduce new SpeculationBarrier API X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2018 03:15:47 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Liming Gao > -----Original Message----- > From: Wu, Hao A > Sent: Friday, December 21, 2018 11:11 AM > To: edk2-devel@lists.01.org > Cc: Wu, Hao A ; Ard Biesheuvel ; Leif Lindholm ; Gao, > Liming ; Kinney, Michael D ; Yao, Jiewen ; Laszlo Ersek > > Subject: [PATCH v1 1/5] MdePkg/BaseLib: Introduce new SpeculationBarrier = API >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1417 >=20 > X86 specific BaseLib API AsmLfence() was introduced to address the Spectr= e > Variant 1 (CVE-2017-5753) issue. The purpose of this API is to insert > barriers to stop speculative execution. However, the API is highly > architecture (X86) specific, and thus should be avoided using across > generic code. >=20 > To address this issue, this patch will add a new BaseLib API called > SpeculationBarrier(). Different architectures will have different > implementations for this API. >=20 > For IA32 and x64, the implementation of SpeculationBarrier() will > directly call AsmLfence(). >=20 > For ARM and AARCH64, this patch will add a temporary empty implementation > as a placeholder. We hope experts in ARM can help to contribute the actua= l > implementation. >=20 > For EBC, similar to the ARM and AARCH64 cases, a temporary empty > implementation is added. >=20 > Cc: Ard Biesheuvel > Cc: Leif Lindholm > Cc: Liming Gao > Cc: Michael D Kinney > Cc: Jiewen Yao > Cc: Laszlo Ersek > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu > --- > MdePkg/Library/BaseLib/BaseLib.inf | 5 +++ > MdePkg/Include/Library/BaseLib.h | 15 +++++++++ > MdePkg/Library/BaseLib/Arm/SpeculationBarrier.c | 30 ++++++++++++++++++ > MdePkg/Library/BaseLib/Ebc/SpeculationBarrier.c | 30 ++++++++++++++++++ > MdePkg/Library/BaseLib/X86SpeculationBarrier.c | 32 +++++++++++++++++++= + > 5 files changed, 112 insertions(+) >=20 > diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/= BaseLib.inf > index b84e58324c..d195c5417b 100644 > --- a/MdePkg/Library/BaseLib/BaseLib.inf > +++ b/MdePkg/Library/BaseLib/BaseLib.inf > @@ -336,6 +336,7 @@ > X86DisablePaging32.c > X86RdRand.c > X86PatchInstruction.c > + X86SpeculationBarrier.c >=20 > [Sources.X64] > X64/Thunk16.nasm > @@ -515,6 +516,7 @@ > X86DisablePaging32.c > X86RdRand.c > X86PatchInstruction.c > + X86SpeculationBarrier.c > X64/GccInline.c | GCC > X64/Thunk16.S | XCODE > X64/SwitchStack.nasm| GCC > @@ -543,12 +545,14 @@ > Ebc/CpuBreakpoint.c > Ebc/SetJumpLongJump.c > Ebc/SwitchStack.c > + Ebc/SpeculationBarrier.c > Unaligned.c > Math64.c >=20 > [Sources.ARM] > Arm/InternalSwitchStack.c > Arm/Unaligned.c > + Arm/SpeculationBarrier.c > Math64.c | RVCT > Math64.c | MSFT >=20 > @@ -582,6 +586,7 @@ > [Sources.AARCH64] > Arm/InternalSwitchStack.c > Arm/Unaligned.c > + Arm/SpeculationBarrier.c > Math64.c >=20 > AArch64/MemoryFence.S | GCC > diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Ba= seLib.h > index 8cc086983d..1eb842384e 100644 > --- a/MdePkg/Include/Library/BaseLib.h > +++ b/MdePkg/Include/Library/BaseLib.h > @@ -5111,6 +5111,21 @@ CpuDeadLoop ( > VOID > ); >=20 > + > +/** > + Uses as a barrier to stop speculative execution. > + > + Ensures that no later instruction will execute speculatively, until al= l prior > + instructions have completed. > + > +**/ > +VOID > +EFIAPI > +SpeculationBarrier ( > + VOID > + ); > + > + > #if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) > /// > /// IA32 and x64 Specific Functions. > diff --git a/MdePkg/Library/BaseLib/Arm/SpeculationBarrier.c b/MdePkg/Lib= rary/BaseLib/Arm/SpeculationBarrier.c > new file mode 100644 > index 0000000000..8a6165a102 > --- /dev/null > +++ b/MdePkg/Library/BaseLib/Arm/SpeculationBarrier.c > @@ -0,0 +1,30 @@ > +/** @file > + SpeculationBarrier() function for ARM. > + > + Copyright (C) 2018, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials are licensed and made avai= lable > + under the terms and conditions of the BSD License which accompanies th= is > + distribution. The full text of the license may be found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = WITHOUT > + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > + > +**/ > + > + > +/** > + Uses as a barrier to stop speculative execution. > + > + Ensures that no later instruction will execute speculatively, until al= l prior > + instructions have completed. > + > +**/ > +VOID > +EFIAPI > +SpeculationBarrier ( > + VOID > + ) > +{ > +} > diff --git a/MdePkg/Library/BaseLib/Ebc/SpeculationBarrier.c b/MdePkg/Lib= rary/BaseLib/Ebc/SpeculationBarrier.c > new file mode 100644 > index 0000000000..8fa4c204f8 > --- /dev/null > +++ b/MdePkg/Library/BaseLib/Ebc/SpeculationBarrier.c > @@ -0,0 +1,30 @@ > +/** @file > + SpeculationBarrier() function for EBC. > + > + Copyright (C) 2018, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials are licensed and made avai= lable > + under the terms and conditions of the BSD License which accompanies th= is > + distribution. The full text of the license may be found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = WITHOUT > + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > + > +**/ > + > + > +/** > + Uses as a barrier to stop speculative execution. > + > + Ensures that no later instruction will execute speculatively, until al= l prior > + instructions have completed. > + > +**/ > +VOID > +EFIAPI > +SpeculationBarrier ( > + VOID > + ) > +{ > +} > diff --git a/MdePkg/Library/BaseLib/X86SpeculationBarrier.c b/MdePkg/Libr= ary/BaseLib/X86SpeculationBarrier.c > new file mode 100644 > index 0000000000..03deca8489 > --- /dev/null > +++ b/MdePkg/Library/BaseLib/X86SpeculationBarrier.c > @@ -0,0 +1,32 @@ > +/** @file > + SpeculationBarrier() function for IA32 and x64. > + > + Copyright (C) 2018, Intel Corporation. All rights reserved.
> + > + This program and the accompanying materials are licensed and made avai= lable > + under the terms and conditions of the BSD License which accompanies th= is > + distribution. The full text of the license may be found at > + http://opensource.org/licenses/bsd-license.php. > + > + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, = WITHOUT > + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > + > +**/ > + > +#include > + > +/** > + Uses as a barrier to stop speculative execution. > + > + Ensures that no later instruction will execute speculatively, until al= l prior > + instructions have completed. > + > +**/ > +VOID > +EFIAPI > +SpeculationBarrier ( > + VOID > + ) > +{ > + AsmLfence (); > +} > -- > 2.12.0.windows.1