From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.115; helo=mga14.intel.com; envelope-from=michael.d.kinney@intel.com; receiver=edk2-devel@lists.01.org Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E3B2D21148DD5 for ; Thu, 20 Sep 2018 07:00:09 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Sep 2018 07:00:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,398,1531810800"; d="scan'208";a="264282255" Received: from orsmsx102.amr.corp.intel.com ([10.22.225.129]) by fmsmga005.fm.intel.com with ESMTP; 20 Sep 2018 06:59:18 -0700 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.72]) by ORSMSX102.amr.corp.intel.com ([169.254.3.148]) with mapi id 14.03.0319.002; Thu, 20 Sep 2018 06:59:17 -0700 From: "Kinney, Michael D" To: "Wu, Hao A" , "edk2-devel@lists.01.org" , "Kinney, Michael D" CC: Ard Biesheuvel , Laszlo Ersek , "Yao, Jiewen" , "Gao, Liming" , "Zeng, Star" , "Dong, Eric" Thread-Topic: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers Thread-Index: AQHUUKzqosfGhWTkz0WKed4Ms17ipqT5MWiQ Date: Thu, 20 Sep 2018 13:59:16 +0000 Message-ID: References: <20180920064103.14600-1-hao.a.wu@intel.com> In-Reply-To: <20180920064103.14600-1-hao.a.wu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.22.254.139] MIME-Version: 1.0 Subject: Re: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Sep 2018 14:00:10 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hao Wu, I see that implementations of this API are only provided for IA32 and X64. Should this be an IA32/X64 specific API in BaseLib? Also, since the API is providing a C callable function to execute a specific IA32/X64=20 instruction, should the API be prefixed with Asm to=20 match the convention of other APIs in BaseLib? Thanks, Mike > -----Original Message----- > From: Wu, Hao A > Sent: Wednesday, September 19, 2018 11:41 PM > To: edk2-devel@lists.01.org > Cc: Wu, Hao A ; Ard Biesheuvel > ; Laszlo Ersek > ; Yao, Jiewen > ; Kinney, Michael D > ; Gao, Liming > ; Zeng, Star > ; Dong, Eric > Subject: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check > Bypass issue in SMI handlers >=20 > The series aims to mitigate the Bounds Check Bypass > (CVE-2017-5753) issues > within SMI handlers. >=20 > A more detailed explanation of the purpose of the > series is under the > 'Bounds check bypass mitigation' section of the below > link: > https://software.intel.com/security-software- > guidance/insights/host-firmware-speculative-execution- > side-channel-mitigation >=20 > And the document at: > https://software.intel.com/security-software- > guidance/api-app/sites/default/files/337879-analyzing- > potential-bounds-Check-bypass-vulnerabilities.pdf >=20 > Cc: Ard Biesheuvel > Cc: Laszlo Ersek > Cc: Jiewen Yao > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Star Zeng > Cc: Eric Dong >=20 > Hao Wu (5): > MdePkg/BaseLib: Add new LoadFence API > MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix > bounds check bypass > MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds > check bypass > MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds > check bypass > UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds > check bypass >=20 >=20 > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > antWriteSmm.c | 2 ++ >=20 > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > antWriteSmm.inf | 1 + > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > | 2 ++ > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > | 1 + >=20 > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm. > c | 3 ++ > MdePkg/Include/Library/BaseLib.h > | 12 +++++++ > MdePkg/Library/BaseLib/Arm/LoadFence.c > | 26 ++++++++++++++ > MdePkg/Library/BaseLib/BaseLib.inf > | 4 +++ > MdePkg/Library/BaseLib/Ebc/CpuBreakpoint.c > | 15 +++++++- > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > | 37 +++++++++++++++++++ > MdePkg/Library/BaseLib/X64/LoadFence.nasm > | 38 ++++++++++++++++++++ > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > | 1 + > 12 files changed, 141 insertions(+), 1 deletion(-) > create mode 100644 > MdePkg/Library/BaseLib/Arm/LoadFence.c > create mode 100644 > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > create mode 100644 > MdePkg/Library/BaseLib/X64/LoadFence.nasm >=20 > -- > 2.12.0.windows.1