Hi Mike, We found that this API needs to be inserted within file: MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
which is in module: MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf This module (INF file) is consumed by the AARCH64/ARM architectures as well. That is the reason I do not make this API as IA32/X64 specific. Best Regards, Hao Wu > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Kinney, Michael D > Sent: Thursday, September 20, 2018 9:59 PM > To: Wu, Hao A; edk2-devel@lists.01.org; Kinney, Michael D > Cc: Dong, Eric; Gao, Liming; Yao, Jiewen; Laszlo Ersek; Zeng, Star > Subject: Re: [edk2] [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue > in SMI handlers > > Hao Wu, > > I see that implementations of this API are only > provided for IA32 and X64. Should this be an IA32/X64 > specific API in BaseLib? Also, since the API is providing > a C callable function to execute a specific IA32/X64 > instruction, should the API be prefixed with Asm to > match the convention of other APIs in BaseLib? > > Thanks, > > Mike > > > -----Original Message----- > > From: Wu, Hao A > > Sent: Wednesday, September 19, 2018 11:41 PM > > To: edk2-devel@lists.01.org > > Cc: Wu, Hao A <hao.a...@intel.com>; Ard Biesheuvel > > <ard.biesheu...@linaro.org>; Laszlo Ersek > > <ler...@redhat.com>; Yao, Jiewen > > <jiewen....@intel.com>; Kinney, Michael D > > <michael.d.kin...@intel.com>; Gao, Liming > > <liming....@intel.com>; Zeng, Star > > <star.z...@intel.com>; Dong, Eric <eric.d...@intel.com> > > Subject: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check > > Bypass issue in SMI handlers > > > > The series aims to mitigate the Bounds Check Bypass > > (CVE-2017-5753) issues > > within SMI handlers. > > > > A more detailed explanation of the purpose of the > > series is under the > > 'Bounds check bypass mitigation' section of the below > > link: > > https://software.intel.com/security-software- > > guidance/insights/host-firmware-speculative-execution- > > side-channel-mitigation > > > > And the document at: > > https://software.intel.com/security-software- > > guidance/api-app/sites/default/files/337879-analyzing- > > potential-bounds-Check-bypass-vulnerabilities.pdf > > > > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > > Cc: Laszlo Ersek <ler...@redhat.com> > > Cc: Jiewen Yao <jiewen....@intel.com> > > Cc: Michael D Kinney <michael.d.kin...@intel.com> > > Cc: Liming Gao <liming....@intel.com> > > Cc: Star Zeng <star.z...@intel.com> > > Cc: Eric Dong <eric.d...@intel.com> > > > > Hao Wu (5): > > MdePkg/BaseLib: Add new LoadFence API > > MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix > > bounds check bypass > > MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds > > check bypass > > MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds > > check bypass > > UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds > > check bypass > > > > > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > > antWriteSmm.c | 2 ++ > > > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > > antWriteSmm.inf | 1 + > > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > > | 2 ++ > > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > > | 1 + > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm. > > c | 3 ++ > > MdePkg/Include/Library/BaseLib.h > > | 12 +++++++ > > MdePkg/Library/BaseLib/Arm/LoadFence.c > > | 26 ++++++++++++++ > > MdePkg/Library/BaseLib/BaseLib.inf > > | 4 +++ > > MdePkg/Library/BaseLib/Ebc/CpuBreakpoint.c > > | 15 +++++++- > > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > > | 37 +++++++++++++++++++ > > MdePkg/Library/BaseLib/X64/LoadFence.nasm > > | 38 ++++++++++++++++++++ > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > > | 1 + > > 12 files changed, 141 insertions(+), 1 deletion(-) > > create mode 100644 > > MdePkg/Library/BaseLib/Arm/LoadFence.c > > create mode 100644 > > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > > create mode 100644 > > MdePkg/Library/BaseLib/X64/LoadFence.nasm > > > > -- > > 2.12.0.windows.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel