Hao Wu, I see that implementations of this API are only provided for IA32 and X64. Should this be an IA32/X64 specific API in BaseLib? Also, since the API is providing a C callable function to execute a specific IA32/X64 instruction, should the API be prefixed with Asm to match the convention of other APIs in BaseLib?
Thanks, Mike > -----Original Message----- > From: Wu, Hao A > Sent: Wednesday, September 19, 2018 11:41 PM > To: [email protected] > Cc: Wu, Hao A <[email protected]>; Ard Biesheuvel > <[email protected]>; Laszlo Ersek > <[email protected]>; Yao, Jiewen > <[email protected]>; Kinney, Michael D > <[email protected]>; Gao, Liming > <[email protected]>; Zeng, Star > <[email protected]>; Dong, Eric <[email protected]> > Subject: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check > Bypass issue in SMI handlers > > The series aims to mitigate the Bounds Check Bypass > (CVE-2017-5753) issues > within SMI handlers. > > A more detailed explanation of the purpose of the > series is under the > 'Bounds check bypass mitigation' section of the below > link: > https://software.intel.com/security-software- > guidance/insights/host-firmware-speculative-execution- > side-channel-mitigation > > And the document at: > https://software.intel.com/security-software- > guidance/api-app/sites/default/files/337879-analyzing- > potential-bounds-Check-bypass-vulnerabilities.pdf > > Cc: Ard Biesheuvel <[email protected]> > Cc: Laszlo Ersek <[email protected]> > Cc: Jiewen Yao <[email protected]> > Cc: Michael D Kinney <[email protected]> > Cc: Liming Gao <[email protected]> > Cc: Star Zeng <[email protected]> > Cc: Eric Dong <[email protected]> > > Hao Wu (5): > MdePkg/BaseLib: Add new LoadFence API > MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix > bounds check bypass > MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds > check bypass > MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds > check bypass > UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds > check bypass > > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > antWriteSmm.c | 2 ++ > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > antWriteSmm.inf | 1 + > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > | 2 ++ > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > | 1 + > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm. > c | 3 ++ > MdePkg/Include/Library/BaseLib.h > | 12 +++++++ > MdePkg/Library/BaseLib/Arm/LoadFence.c > | 26 ++++++++++++++ > MdePkg/Library/BaseLib/BaseLib.inf > | 4 +++ > MdePkg/Library/BaseLib/Ebc/CpuBreakpoint.c > | 15 +++++++- > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > | 37 +++++++++++++++++++ > MdePkg/Library/BaseLib/X64/LoadFence.nasm > | 38 ++++++++++++++++++++ > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > | 1 + > 12 files changed, 141 insertions(+), 1 deletion(-) > create mode 100644 > MdePkg/Library/BaseLib/Arm/LoadFence.c > create mode 100644 > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > create mode 100644 > MdePkg/Library/BaseLib/X64/LoadFence.nasm > > -- > 2.12.0.windows.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel

