From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=jian.j.wang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D2E2E21B02822 for ; Sun, 23 Dec 2018 18:59:42 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Dec 2018 18:59:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,390,1539673200"; d="scan'208";a="304599403" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga006.fm.intel.com with ESMTP; 23 Dec 2018 18:59:42 -0800 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 23 Dec 2018 18:59:41 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 23 Dec 2018 18:59:41 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.59]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.201]) with mapi id 14.03.0415.000; Mon, 24 Dec 2018 10:59:39 +0800 From: "Wang, Jian J" To: "Wu, Hao A" , "edk2-devel@lists.01.org" CC: Ard Biesheuvel , "Yao, Jiewen" , "Gao, Liming" , "Zeng, Star" Thread-Topic: [PATCH v1 4/5] MdeModulePkg/Variable: Update to consume SpeculationBarrier Thread-Index: AQHUmNrlk27CfGku/UiYSXn9y1NqfaWNN6ag Date: Mon, 24 Dec 2018 02:59:38 +0000 Message-ID: References: <20181221031106.12960-1-hao.a.wu@intel.com> <20181221031106.12960-5-hao.a.wu@intel.com> In-Reply-To: <20181221031106.12960-5-hao.a.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOGIyZmI4NjktMzZlNy00ZmUxLTgyNzgtZWE4MzM0NjY1NWY2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiZGJ4SVhvZEdJWk1jR0FsMnZZRkdxdUZ2RWxYWHNlalNBMmtGWGZZUlVHaFwvUUZUN2pHSkNPd2U3U0JrNEJyeSsifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v1 4/5] MdeModulePkg/Variable: Update to consume SpeculationBarrier X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2018 02:59:43 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang > -----Original Message----- > From: Wu, Hao A > Sent: Friday, December 21, 2018 11:11 AM > To: edk2-devel@lists.01.org > Cc: Wu, Hao A ; Ard Biesheuvel > ; Yao, Jiewen ; Gao, > Liming ; Wang, Jian J ; Zeng= , > Star > Subject: [PATCH v1 4/5] MdeModulePkg/Variable: Update to consume > SpeculationBarrier >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1417 >=20 > Since BaseLib API AsmLfence() is a x86 arch specific API and should be > avoided using in generic codes, this commit replaces the usage of > AsmLfence() with arch-generic API SpeculationBarrier(). >=20 > Please note that speculation execution barriers are intended to be > asserted for SMM codes, hence, this commit still preserve an empty > implementation of the speculation execution barrier for the DXE codes. >=20 > Cc: Ard Biesheuvel > Cc: Jiewen Yao > Cc: Liming Gao > Cc: Jian J Wang > Cc: Star Zeng > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu > --- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > | 2 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > | 2 +- > MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > | 10 ++++---- > MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceDxe.c =3D> > SpeculationBarrierDxe.c} | 12 ++++++---- > MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceSmm.c =3D> > SpeculationBarrierSmm.c} | 14 +++++++----- > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c = | > 6 ++--- > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > | 24 ++++++++++---------- > 7 files changed, 38 insertions(+), 32 deletions(-) >=20 > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > index 868981ccaf..7ef8a97f5d 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf > @@ -46,7 +46,7 @@ > TcgMorLockDxe.c > VarCheck.c > VariableExLib.c > - LoadFenceDxe.c > + SpeculationBarrierDxe.c >=20 > [Packages] > MdePkg/MdePkg.dec > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > index 2fe72ff8a4..db7d220e06 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf > @@ -54,7 +54,7 @@ > PrivilegePolymorphic.h > VariableExLib.c > TcgMorLockSmm.c > - LoadFenceSmm.c > + SpeculationBarrierSmm.c >=20 > [Packages] > MdePkg/MdePkg.dec > diff --git > a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > index a324ad2365..7af22a4ad6 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h > @@ -85,13 +85,15 @@ SetVariableCheckHandlerMor ( > ); >=20 > /** > - This service is consumed by the variable modules to perform a serializ= ing > - operation on all load-from-memory instructions that were issued prior = to the > - call of this function. > + This service is consumed by the variable modules to place a barrier to= stop > + speculative execution. > + > + Ensures that no later instruction will execute speculatively, until al= l prior > + instructions have completed. >=20 > **/ > VOID > -MemoryLoadFence ( > +VariableSpeculationBarrier ( > VOID > ); >=20 > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c > similarity index 62% > rename from MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c > rename to > MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c > index 0f64ee093b..bc3f695335 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c > @@ -1,5 +1,5 @@ > /** @file > - Serialize operation on all load-from-memory instructions (DXE version)= . > + Barrier to stop speculative execution (DXE version). >=20 > Copyright (c) 2018, Intel Corporation. All rights reserved.
> This program and the accompanying materials > @@ -15,13 +15,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > #include "Variable.h" >=20 > /** > - This service is consumed by the variable modules to perform a serializ= ing > - operation on all load-from-memory instructions that were issued prior = to the > - call of this function. > + This service is consumed by the variable modules to place a barrier to= stop > + speculative execution. > + > + Ensures that no later instruction will execute speculatively, until al= l prior > + instructions have completed. >=20 > **/ > VOID > -MemoryLoadFence ( > +VariableSpeculationBarrier ( > VOID > ) > { > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c > similarity index 61% > rename from MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c > rename to > MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c > index 4b0d7e3e95..dbc20f6c4d 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c > +++ > b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c > @@ -1,5 +1,5 @@ > /** @file > - Serialize operation on all load-from-memory instructions (SMM version)= . > + Barrier to stop speculative execution (SMM version). >=20 > Copyright (c) 2018, Intel Corporation. All rights reserved.
> This program and the accompanying materials > @@ -16,15 +16,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > #include "Variable.h" >=20 > /** > - This service is consumed by the variable modules to perform a serializ= ing > - operation on all load-from-memory instructions that were issued prior = to the > - call of this function. > + This service is consumed by the variable modules to place a barrier to= stop > + speculative execution. > + > + Ensures that no later instruction will execute speculatively, until al= l prior > + instructions have completed. >=20 > **/ > VOID > -MemoryLoadFence ( > +VariableSpeculationBarrier ( > VOID > ) > { > - AsmLfence (); > + SpeculationBarrier (); > } > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > index d100b1dcc5..443cf07144 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > @@ -3201,11 +3201,11 @@ VariableServiceSetVariable ( > return EFI_SECURITY_VIOLATION; > } > // > - // The MemoryLoadFence() call here is to ensure the above sanity che= ck > - // for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been complet= ed > + // The VariableSpeculationBarrier() call here is to ensure the above= sanity > + // check for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been > completed > // before the execution of subsequent codes. > // > - MemoryLoadFence (); > + VariableSpeculationBarrier (); > PayloadSize =3D DataSize - AUTHINFO2_SIZE (Data); > } else { > PayloadSize =3D DataSize; > diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > index 6dc19c24db..8c53f84ff6 100644 > --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c > @@ -538,11 +538,11 @@ SmmVariableHandler ( > } >=20 > // > - // The MemoryLoadFence() call here is to ensure the previous range= /content > - // checks for the CommBuffer have been completed before the subseq= uent > - // consumption of the CommBuffer content. > + // The VariableSpeculationBarrier() call here is to ensure the pre= vious > + // range/content checks for the CommBuffer have been completed bef= ore > the > + // subsequent consumption of the CommBuffer content. > // > - MemoryLoadFence (); > + VariableSpeculationBarrier (); > if (SmmVariableHeader->NameSize < sizeof (CHAR16) || > SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - > 1] !=3D L'\0') { > // > // Make sure VariableName is A Null-terminated string. > @@ -638,11 +638,11 @@ SmmVariableHandler ( > } >=20 > // > - // The MemoryLoadFence() call here is to ensure the previous range= /content > - // checks for the CommBuffer have been completed before the subseq= uent > - // consumption of the CommBuffer content. > + // The VariableSpeculationBarrier() call here is to ensure the pre= vious > + // range/content checks for the CommBuffer have been completed bef= ore > the > + // subsequent consumption of the CommBuffer content. > // > - MemoryLoadFence (); > + VariableSpeculationBarrier (); > if (SmmVariableHeader->NameSize < sizeof (CHAR16) || > SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - > 1] !=3D L'\0') { > // > // Make sure VariableName is A Null-terminated string. > @@ -779,11 +779,11 @@ SmmVariableHandler ( > } >=20 > // > - // The MemoryLoadFence() call here is to ensure the previous range= /content > - // checks for the CommBuffer have been completed before the subseq= uent > - // consumption of the CommBuffer content. > + // The VariableSpeculationBarrier() call here is to ensure the pre= vious > + // range/content checks for the CommBuffer have been completed bef= ore > the > + // subsequent consumption of the CommBuffer content. > // > - MemoryLoadFence (); > + VariableSpeculationBarrier (); > if (CommVariableProperty->NameSize < sizeof (CHAR16) || > CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof > (CHAR16) - 1] !=3D L'\0') { > // > // Make sure VariableName is A Null-terminated string. > -- > 2.12.0.windows.1