On 08/16/18 05:14, Hao Wu wrote: > Return Stack Buffer (RSB) is used to predict the target of RET > instructions. When the RSB underflows, some processors may fall back to > using branch predictors. This might impact software using the retpoline > mitigation strategy on those processors. > > This commit will add RSB stuffing logic before returning from SMM (the RSM > instruction) to avoid interfering with non-SMM usage of the retpoline > technique. > > After the stuffing, RSB entries will contain a trap like: > > @SpecTrap: > pause > lfence > jmp @SpecTrap > > A more detailed explanation of the purpose of commit is under the > 'Branch target injection mitigation' section of the below link: > https://software.intel.com/security-software-guidance/insights/host-firmwa > re-speculative-execution-side-channel-mitigation > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Eric Dong <eric.d...@intel.com> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Michael D Kinney <michael.d.kin...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu <hao.a...@intel.com> > --- > UefiCpuPkg/Library/SmmCpuFeaturesLib/Ia32/SmiEntry.nasm | 3 ++ > UefiCpuPkg/Library/SmmCpuFeaturesLib/Ia32/SmiException.nasm | 10 ++-- > UefiCpuPkg/Library/SmmCpuFeaturesLib/Ia32/StuffRsb.inc | 55 > ++++++++++++++++++++ > UefiCpuPkg/Library/SmmCpuFeaturesLib/X64/SmiEntry.nasm | 3 ++ > UefiCpuPkg/Library/SmmCpuFeaturesLib/X64/SmiException.nasm | 8 ++- > UefiCpuPkg/Library/SmmCpuFeaturesLib/X64/StuffRsb.inc | 55 > ++++++++++++++++++++ > 6 files changed, 129 insertions(+), 5 deletions(-)
I'm going to skip patch #2 (and I defer to the other reviewers on CC) because this patch seems to affect the "SmmCpuFeaturesLibStm" instance. And, OVMF uses none of the UefiCpuPkg/Library/SmmCpuFeaturesLib instances. It uses "OvmfPkg/Library/SmmCpuFeaturesLib", which originates from the UefiCpuPkg instance that does not support STM. Thanks! Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
