From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A067D21B02822 for ; Tue, 25 Sep 2018 06:01:01 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E82A8D2EF9; Tue, 25 Sep 2018 13:01:00 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-71.rdu2.redhat.com [10.10.120.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1CEF05E523; Tue, 25 Sep 2018 13:00:53 +0000 (UTC) To: Hao Wu , edk2-devel@lists.01.org Cc: Jiewen Yao , Liming Gao , Michael D Kinney References: <20180925061259.31680-1-hao.a.wu@intel.com> <20180925061259.31680-2-hao.a.wu@intel.com> From: Laszlo Ersek Message-ID: Date: Tue, 25 Sep 2018 15:00:45 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180925061259.31680-2-hao.a.wu@intel.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 25 Sep 2018 13:01:01 +0000 (UTC) Subject: Re: [PATCH v2 1/5] MdePkg/BaseLib: Add new AsmLfence API X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2018 13:01:01 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Hi Hao, On 09/25/18 08:12, Hao Wu wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193 > > This commit will add a new BaseLib API AsmLfence(). This API will perform > a serializing operation on all load-from-memory instructions that were > issued prior to the call of this function. Please note that this API is > only available on IA-32 and x64. > > The purpose of adding this API is to mitigate of the [CVE-2017-5753] > Bounds Check Bypass issue when untrusted data are being processed within > SMM. More details can be referred at the 'Bounds check bypass mitigation' > section at the below link: > > https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation > > Cc: Ard Biesheuvel > Cc: Leif Lindholm > Cc: Laszlo Ersek > Cc: Jiewen Yao > Cc: Michael D Kinney > Cc: Liming Gao > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu > --- > MdePkg/Include/Library/BaseLib.h | 13 +++++++ > MdePkg/Library/BaseLib/BaseLib.inf | 2 ++ > MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 +++++++++++++++++++ > MdePkg/Library/BaseLib/X64/Lfence.nasm | 38 ++++++++++++++++++++ > 4 files changed, 90 insertions(+) > > diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h > index 123ae19dc2..656b7736b1 100644 > --- a/MdePkg/Include/Library/BaseLib.h > +++ b/MdePkg/Include/Library/BaseLib.h > @@ -9139,6 +9139,19 @@ AsmWriteTr ( > ); > > /** > + Performs a serializing operation on all load-from-memory instructions that > + were issued prior the AsmLfence function. > + > + Executes a LFENCE instruction. This function is only available on IA-32 and x64. > + > +**/ > +VOID > +EFIAPI > +AsmLfence ( > + VOID > + ); > + > +/** > Patch the immediate operand of an IA32 or X64 instruction such that the byte, > word, dword or qword operand is encoded at the end of the instruction's > binary representation. > diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf > index a1b5ec4b75..ed15c025f9 100644 > --- a/MdePkg/Library/BaseLib/BaseLib.inf > +++ b/MdePkg/Library/BaseLib/BaseLib.inf > @@ -68,6 +68,7 @@ > > [Sources.Ia32] > Ia32/WriteTr.nasm > + Ia32/Lfence.nasm > > Ia32/Wbinvd.c | MSFT > Ia32/WriteMm7.c | MSFT > @@ -346,6 +347,7 @@ > X64/EnableCache.nasm > X64/DisableCache.nasm > X64/WriteTr.nasm > + X64/Lfence.nasm > > X64/CpuBreakpoint.c | MSFT > X64/WriteMsr64.c | MSFT > diff --git a/MdePkg/Library/BaseLib/Ia32/Lfence.nasm b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm > new file mode 100644 > index 0000000000..f8b2550ef8 > --- /dev/null > +++ b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm > @@ -0,0 +1,37 @@ > +;------------------------------------------------------------------------------ ; > +; Copyright (c) 2018, Intel Corporation. All rights reserved.
> +; This program and the accompanying materials > +; are licensed and made available under the terms and conditions of the BSD License > +; which accompanies this distribution. The full text of the license may be found at > +; http://opensource.org/licenses/bsd-license.php. > +; > +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +; > +; Module Name: > +; > +; Lfence.nasm > +; > +; Abstract: > +; > +; Performs a serializing operation on all load-from-memory instructions that > +; were issued prior to the call of this function. > +; > +; Notes: > +; > +;------------------------------------------------------------------------------ > + > + SECTION .text > + > +;------------------------------------------------------------------------------ > +; VOID > +; EFIAPI > +; AsmLfence ( > +; VOID > +; ); > +;------------------------------------------------------------------------------ > +global ASM_PFX(AsmLfence) > +ASM_PFX(AsmLfence): > + lfence > + ret > + > diff --git a/MdePkg/Library/BaseLib/X64/Lfence.nasm b/MdePkg/Library/BaseLib/X64/Lfence.nasm > new file mode 100644 > index 0000000000..e81c77964b > --- /dev/null > +++ b/MdePkg/Library/BaseLib/X64/Lfence.nasm > @@ -0,0 +1,38 @@ > +;------------------------------------------------------------------------------ ; > +; Copyright (c) 2018, Intel Corporation. All rights reserved.
> +; This program and the accompanying materials > +; are licensed and made available under the terms and conditions of the BSD License > +; which accompanies this distribution. The full text of the license may be found at > +; http://opensource.org/licenses/bsd-license.php. > +; > +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +; > +; Module Name: > +; > +; Lfence.nasm > +; > +; Abstract: > +; > +; Performs a serializing operation on all load-from-memory instructions that > +; were issued prior to the call of this function. > +; > +; Notes: > +; > +;------------------------------------------------------------------------------ > + > + DEFAULT REL > + SECTION .text > + > +;------------------------------------------------------------------------------ > +; VOID > +; EFIAPI > +; AsmLfence ( > +; VOID > +; ); > +;------------------------------------------------------------------------------ > +global ASM_PFX(AsmLfence) > +ASM_PFX(AsmLfence): > + lfence > + ret > + > "git-am" complained about this patch: > Applying: MdePkg/BaseLib: Add new AsmLfence API > .git/rebase-apply/patch:94: new blank line at EOF. > + > .git/rebase-apply/patch:138: new blank line at EOF. > + > warning: 2 lines add whitespace errors. The message seems to refer to the two new NASM files. (I think it's OK to strip those empty lines before pushing.) Thanks Laszlo