public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: Hao Wu <hao.a.wu@intel.com>, edk2-devel@lists.01.org
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Eric Dong <eric.dong@intel.com>
Subject: Re: [PATCH v2 0/2] UefiCpuPkg: Add RSB stuffing before RSM instruction
Date: Thu, 16 Aug 2018 22:04:59 +0200	[thread overview]
Message-ID: <e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com> (raw)
In-Reply-To: <20180816031422.15340-1-hao.a.wu@intel.com>

Hello Hao,

On 08/16/18 05:14, Hao Wu wrote:
> V2 changes:
> A. Refine commit log message to clarify the purpose of the series
> 
> B. Extract the RSB stuffing logic to INC files to avoid code duplication:
> When compiling .NASM source files, the current build rule does not support
> including files other than the .NASM file directory, this series will
> duplicate the StuffRsb.inc file together with the .NASM files at this
> moment.
> 
> Please consider this approach as the first stage, I have filed a Bugzilla
> for adding $(INC)-like support when compiling .NASM files:
> https://bugzilla.tianocore.org/show_bug.cgi?id=1085
> 
> After the above support is added, the next step will be taken to remove
> those duplicated StuffRsb.inc files and put it under a common include
> directory like:
> UefiCpuPkg/Include/
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> 
> Hao Wu (2):
>   UefiCpuPkg/PiSmmCpuDxeSmm: Add RSB stuffing before RSM instruction
>   UefiCpuPkg/SmmCpuFeaturesLib: Add RSB stuffing before RSM instruction

this looks better, much appreciated.

I've checked the reference from Jiewen, namely
<https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation>.
Related to that, I have a number of questions / requests.

The Intel publication linked above names two CVEs, CVE-2017-5753 and
CVE-2017-5715.

The patches are clearly relevant for CVE-2017-5715 (RSB stuffing before
RSM).

However, I'm unsure if the patches are also relevant for CVE-2017-5753
("LFENCE after validation of untrusted data but before use"). The
patches contain LFENCE instructions, but they don't seem to separate
data validation from data use -- they are in the middle of the SpecTrap
loops. What is their purpose? Are they meant to prevent speculation past
the JMP instructions?

(1) So, my first request is, please add the *exact* CVE number(s) to the
subject lines of the patches. (Even if this makes the subjects a bit too
long.) It is important to see the CVE numbers in a shortlog, such as
"git log --oneline".

(2) The URL of the Intel publication linked above is wrapped in both
commit messages. Please make sure they aren't wrapped. It's OK if they
end up being so long that we would normally not accept them in commit
messages. They are URLs and should be easy to click, or copy&paste.

(3) If we have (hidden) TianoCore BZs for these CVEs, they should be
opened up to the public, and they should be referenced in the commit
messages (in parallel to (1) -- that is, let's state which CVEs are
addressed by the patches, and then name the matching TianoCore BZs as well).

Other than that, the commit messages do a good job at explaining that
these firmware patches protect the retpolines in the *OS*. The article
says the same, but including those sentences in the commit messages is best.

I'll proceed to reviewing and testing the patches.

Thanks
Laszlo


  parent reply	other threads:[~2018-08-16 20:05 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-16  3:14 [PATCH v2 0/2] UefiCpuPkg: Add RSB stuffing before RSM instruction Hao Wu
2018-08-16  3:14 ` [PATCH v2 1/2] UefiCpuPkg/PiSmmCpuDxeSmm: " Hao Wu
2018-08-16 23:01   ` Laszlo Ersek
2018-08-17  1:39     ` Wu, Hao A
2018-08-16  3:14 ` [PATCH v2 2/2] UefiCpuPkg/SmmCpuFeaturesLib: " Hao Wu
2018-08-16 21:33   ` Laszlo Ersek
2018-08-16 20:04 ` Laszlo Ersek [this message]
2018-08-16 21:08   ` [PATCH v2 0/2] UefiCpuPkg: " Laszlo Ersek
2018-08-17  1:20     ` Wu, Hao A
2018-08-17  1:18   ` Wu, Hao A
2018-08-17  2:41   ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e62f7104-e341-6c7f-1af5-2130f161f111@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox