Re: [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Wu, Hao A" <hao.a.wu@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
	"Gao, Liming" <liming.gao@intel.com>,
	"Kinney, Michael D" <michael.d.kinney@intel.com>
Subject: Re: [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API
Date: Wed, 26 Sep 2018 01:13:49 +0000	[thread overview]
Message-ID: <B80AF82E9BFB8E4FBD8C89DA810C6A0931E5AB47@SHSMSX104.ccr.corp.intel.com> (raw)
In-Reply-To: <b150dc08-4097-d629-a651-4b8a106a2f20@redhat.com>

> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Tuesday, September 25, 2018 9:01 PM
> To: Wu, Hao A; edk2-devel@lists.01.org
> Cc: Yao, Jiewen; Gao, Liming; Kinney, Michael D
> Subject: Re: [edk2] [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API
> 
> Hi Hao,
> 
> On 09/25/18 08:12, Hao Wu wrote:
> > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193
> >
> > This commit will add a new BaseLib API AsmLfence(). This API will perform
> > a serializing operation on all load-from-memory instructions that were
> > issued prior to the call of this function. Please note that this API is
> > only available on IA-32 and x64.
> >
> > The purpose of adding this API is to mitigate of the [CVE-2017-5753]
> > Bounds Check Bypass issue when untrusted data are being processed within
> > SMM. More details can be referred at the 'Bounds check bypass mitigation'
> > section at the below link:
> >
> > https://software.intel.com/security-software-guidance/insights/host-
> firmware-speculative-execution-side-channel-mitigation
> >
> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > Cc: Leif Lindholm <leif.lindholm@linaro.org>
> > Cc: Laszlo Ersek <lersek@redhat.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Michael D Kinney <michael.d.kinney@intel.com>
> > Cc: Liming Gao <liming.gao@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> > ---
> >  MdePkg/Include/Library/BaseLib.h        | 13 +++++++
> >  MdePkg/Library/BaseLib/BaseLib.inf      |  2 ++
> >  MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 +++++++++++++++++++
> >  MdePkg/Library/BaseLib/X64/Lfence.nasm  | 38 ++++++++++++++++++++
> >  4 files changed, 90 insertions(+)
> >
> > diff --git a/MdePkg/Include/Library/BaseLib.h
> b/MdePkg/Include/Library/BaseLib.h
> > index 123ae19dc2..656b7736b1 100644
> > --- a/MdePkg/Include/Library/BaseLib.h
> > +++ b/MdePkg/Include/Library/BaseLib.h
> > @@ -9139,6 +9139,19 @@ AsmWriteTr (
> >    );
> >
> >  /**
> > +  Performs a serializing operation on all load-from-memory instructions that
> > +  were issued prior the AsmLfence function.
> > +
> > +  Executes a LFENCE instruction. This function is only available on IA-32 and
> x64.
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +AsmLfence (
> > +  VOID
> > +  );
> > +
> > +/**
> >    Patch the immediate operand of an IA32 or X64 instruction such that the
> byte,
> >    word, dword or qword operand is encoded at the end of the instruction's
> >    binary representation.
> > diff --git a/MdePkg/Library/BaseLib/BaseLib.inf
> b/MdePkg/Library/BaseLib/BaseLib.inf
> > index a1b5ec4b75..ed15c025f9 100644
> > --- a/MdePkg/Library/BaseLib/BaseLib.inf
> > +++ b/MdePkg/Library/BaseLib/BaseLib.inf
> > @@ -68,6 +68,7 @@
> >
> >  [Sources.Ia32]
> >    Ia32/WriteTr.nasm
> > +  Ia32/Lfence.nasm
> >
> >    Ia32/Wbinvd.c | MSFT
> >    Ia32/WriteMm7.c | MSFT
> > @@ -346,6 +347,7 @@
> >    X64/EnableCache.nasm
> >    X64/DisableCache.nasm
> >    X64/WriteTr.nasm
> > +  X64/Lfence.nasm
> >
> >    X64/CpuBreakpoint.c | MSFT
> >    X64/WriteMsr64.c | MSFT
> > diff --git a/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
> b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
> > new file mode 100644
> > index 0000000000..f8b2550ef8
> > --- /dev/null
> > +++ b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
> > @@ -0,0 +1,37 @@
> > +;------------------------------------------------------------------------------ ;
> > +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
> > +; This program and the accompanying materials
> > +; are licensed and made available under the terms and conditions of the BSD
> License
> > +; which accompanies this distribution.  The full text of the license may be
> found at
> > +; http://opensource.org/licenses/bsd-license.php.
> > +;
> > +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> > +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> > +;
> > +; Module Name:
> > +;
> > +;   Lfence.nasm
> > +;
> > +; Abstract:
> > +;
> > +;   Performs a serializing operation on all load-from-memory instructions
> that
> > +;   were issued prior to the call of this function.
> > +;
> > +; Notes:
> > +;
> > +;------------------------------------------------------------------------------
> > +
> > +    SECTION .text
> > +
> > +;------------------------------------------------------------------------------
> > +; VOID
> > +; EFIAPI
> > +; AsmLfence (
> > +;   VOID
> > +;   );
> > +;------------------------------------------------------------------------------
> > +global ASM_PFX(AsmLfence)
> > +ASM_PFX(AsmLfence):
> > +    lfence
> > +    ret
> > +
> > diff --git a/MdePkg/Library/BaseLib/X64/Lfence.nasm
> b/MdePkg/Library/BaseLib/X64/Lfence.nasm
> > new file mode 100644
> > index 0000000000..e81c77964b
> > --- /dev/null
> > +++ b/MdePkg/Library/BaseLib/X64/Lfence.nasm
> > @@ -0,0 +1,38 @@
> > +;------------------------------------------------------------------------------ ;
> > +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
> > +; This program and the accompanying materials
> > +; are licensed and made available under the terms and conditions of the BSD
> License
> > +; which accompanies this distribution.  The full text of the license may be
> found at
> > +; http://opensource.org/licenses/bsd-license.php.
> > +;
> > +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> > +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> > +;
> > +; Module Name:
> > +;
> > +;   Lfence.nasm
> > +;
> > +; Abstract:
> > +;
> > +;   Performs a serializing operation on all load-from-memory instructions
> that
> > +;   were issued prior to the call of this function.
> > +;
> > +; Notes:
> > +;
> > +;------------------------------------------------------------------------------
> > +
> > +    DEFAULT REL
> > +    SECTION .text
> > +
> > +;------------------------------------------------------------------------------
> > +; VOID
> > +; EFIAPI
> > +; AsmLfence (
> > +;   VOID
> > +;   );
> > +;------------------------------------------------------------------------------
> > +global ASM_PFX(AsmLfence)
> > +ASM_PFX(AsmLfence):
> > +    lfence
> > +    ret
> > +
> >
> 
> "git-am" complained about this patch:
> 
> > Applying: MdePkg/BaseLib: Add new AsmLfence API
> > .git/rebase-apply/patch:94: new blank line at EOF.
> > +
> > .git/rebase-apply/patch:138: new blank line at EOF.
> > +
> > warning: 2 lines add whitespace errors.
> 
> The message seems to refer to the two new NASM files.
> 
> (I think it's OK to strip those empty lines before pushing.)

Hi Laszlo,

After some quick checks, I found that both the newly introduced NASM files
have an extra empty line before the EOF.

I will remove them and just keep one empty line before EOF for those 2 
NASM files.

Thanks for spotting the issue.

Best Regards,
Hao Wu

> 
> Thanks
> Laszlo

next prev parent reply	other threads:[~2018-09-26  1:14 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-25  6:12 [PATCH v2 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers Hao Wu
2018-09-25  6:12 ` [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API Hao Wu
2018-09-25 13:00   ` Laszlo Ersek
2018-09-26  1:13     ` Wu, Hao A [this message]
2018-09-29  2:33   ` Gao, Liming
2018-09-25  6:12 ` [PATCH v2 2/5] MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix bounds check bypass Hao Wu
2018-09-29  6:11   ` Zeng, Star
2018-09-29  6:21     ` Wu, Hao A
2018-09-29  6:25       ` Zeng, Star
2018-09-25  6:12 ` [PATCH v2 3/5] MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix " Hao Wu
2018-09-29  6:11   ` Zeng, Star
2018-09-25  6:12 ` [PATCH v2 4/5] MdeModulePkg/Variable: " Hao Wu
2018-09-29  6:13   ` Zeng, Star
2018-09-25  6:12 ` [PATCH v2 5/5] UefiCpuPkg/PiSmmCpuDxeSmm: " Hao Wu
2018-09-25 12:08   ` Laszlo Ersek
2018-09-26  1:00     ` Wu, Hao A
2018-09-26  0:46   ` Dong, Eric
2018-09-25 20:51 ` [PATCH v2 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers Laszlo Ersek
2018-09-25 20:57   ` Laszlo Ersek
2018-09-26  1:17     ` Wu, Hao A
2018-09-28 13:13 ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=B80AF82E9BFB8E4FBD8C89DA810C6A0931E5AB47@SHSMSX104.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox