Re: [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API

[Laszlo Ersek <lersek@redhat.com>]

Hi Hao,

On 09/25/18 08:12, Hao Wu wrote:
> REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193
> 
> This commit will add a new BaseLib API AsmLfence(). This API will perform
> a serializing operation on all load-from-memory instructions that were
> issued prior to the call of this function. Please note that this API is
> only available on IA-32 and x64.
> 
> The purpose of adding this API is to mitigate of the [CVE-2017-5753]
> Bounds Check Bypass issue when untrusted data are being processed within
> SMM. More details can be referred at the 'Bounds check bypass mitigation'
> section at the below link:
> 
> https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation
> 
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
>  MdePkg/Include/Library/BaseLib.h        | 13 +++++++
>  MdePkg/Library/BaseLib/BaseLib.inf      |  2 ++
>  MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 +++++++++++++++++++
>  MdePkg/Library/BaseLib/X64/Lfence.nasm  | 38 ++++++++++++++++++++
>  4 files changed, 90 insertions(+)
> 
> diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h
> index 123ae19dc2..656b7736b1 100644
> --- a/MdePkg/Include/Library/BaseLib.h
> +++ b/MdePkg/Include/Library/BaseLib.h
> @@ -9139,6 +9139,19 @@ AsmWriteTr (
>    );
>  
>  /**
> +  Performs a serializing operation on all load-from-memory instructions that
> +  were issued prior the AsmLfence function.
> +
> +  Executes a LFENCE instruction. This function is only available on IA-32 and x64.
> +
> +**/
> +VOID
> +EFIAPI
> +AsmLfence (
> +  VOID
> +  );
> +
> +/**
>    Patch the immediate operand of an IA32 or X64 instruction such that the byte,
>    word, dword or qword operand is encoded at the end of the instruction's
>    binary representation.
> diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf
> index a1b5ec4b75..ed15c025f9 100644
> --- a/MdePkg/Library/BaseLib/BaseLib.inf
> +++ b/MdePkg/Library/BaseLib/BaseLib.inf
> @@ -68,6 +68,7 @@
>  
>  [Sources.Ia32]
>    Ia32/WriteTr.nasm
> +  Ia32/Lfence.nasm
>  
>    Ia32/Wbinvd.c | MSFT
>    Ia32/WriteMm7.c | MSFT
> @@ -346,6 +347,7 @@
>    X64/EnableCache.nasm
>    X64/DisableCache.nasm
>    X64/WriteTr.nasm
> +  X64/Lfence.nasm
>  
>    X64/CpuBreakpoint.c | MSFT
>    X64/WriteMsr64.c | MSFT
> diff --git a/MdePkg/Library/BaseLib/Ia32/Lfence.nasm b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
> new file mode 100644
> index 0000000000..f8b2550ef8
> --- /dev/null
> +++ b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm
> @@ -0,0 +1,37 @@
> +;------------------------------------------------------------------------------ ;
> +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
> +; This program and the accompanying materials
> +; are licensed and made available under the terms and conditions of the BSD License
> +; which accompanies this distribution.  The full text of the license may be found at
> +; http://opensource.org/licenses/bsd-license.php.
> +;
> +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +;
> +; Module Name:
> +;
> +;   Lfence.nasm
> +;
> +; Abstract:
> +;
> +;   Performs a serializing operation on all load-from-memory instructions that
> +;   were issued prior to the call of this function.
> +;
> +; Notes:
> +;
> +;------------------------------------------------------------------------------
> +
> +    SECTION .text
> +
> +;------------------------------------------------------------------------------
> +; VOID
> +; EFIAPI
> +; AsmLfence (
> +;   VOID
> +;   );
> +;------------------------------------------------------------------------------
> +global ASM_PFX(AsmLfence)
> +ASM_PFX(AsmLfence):
> +    lfence
> +    ret
> +
> diff --git a/MdePkg/Library/BaseLib/X64/Lfence.nasm b/MdePkg/Library/BaseLib/X64/Lfence.nasm
> new file mode 100644
> index 0000000000..e81c77964b
> --- /dev/null
> +++ b/MdePkg/Library/BaseLib/X64/Lfence.nasm
> @@ -0,0 +1,38 @@
> +;------------------------------------------------------------------------------ ;
> +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
> +; This program and the accompanying materials
> +; are licensed and made available under the terms and conditions of the BSD License
> +; which accompanies this distribution.  The full text of the license may be found at
> +; http://opensource.org/licenses/bsd-license.php.
> +;
> +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +;
> +; Module Name:
> +;
> +;   Lfence.nasm
> +;
> +; Abstract:
> +;
> +;   Performs a serializing operation on all load-from-memory instructions that
> +;   were issued prior to the call of this function.
> +;
> +; Notes:
> +;
> +;------------------------------------------------------------------------------
> +
> +    DEFAULT REL
> +    SECTION .text
> +
> +;------------------------------------------------------------------------------
> +; VOID
> +; EFIAPI
> +; AsmLfence (
> +;   VOID
> +;   );
> +;------------------------------------------------------------------------------
> +global ASM_PFX(AsmLfence)
> +ASM_PFX(AsmLfence):
> +    lfence
> +    ret
> +
> 

"git-am" complained about this patch:

> Applying: MdePkg/BaseLib: Add new AsmLfence API
> .git/rebase-apply/patch:94: new blank line at EOF.
> +
> .git/rebase-apply/patch:138: new blank line at EOF.
> +
> warning: 2 lines add whitespace errors.

The message seems to refer to the two new NASM files.

(I think it's OK to strip those empty lines before pushing.)

Thanks
Laszlo