Hi Hao, On 09/25/18 08:12, Hao Wu wrote: > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193 > > This commit will add a new BaseLib API AsmLfence(). This API will perform > a serializing operation on all load-from-memory instructions that were > issued prior to the call of this function. Please note that this API is > only available on IA-32 and x64. > > The purpose of adding this API is to mitigate of the [CVE-2017-5753] > Bounds Check Bypass issue when untrusted data are being processed within > SMM. More details can be referred at the 'Bounds check bypass mitigation' > section at the below link: > > https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation > > Cc: Ard Biesheuvel <[email protected]> > Cc: Leif Lindholm <[email protected]> > Cc: Laszlo Ersek <[email protected]> > Cc: Jiewen Yao <[email protected]> > Cc: Michael D Kinney <[email protected]> > Cc: Liming Gao <[email protected]> > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Hao Wu <[email protected]> > --- > MdePkg/Include/Library/BaseLib.h | 13 +++++++ > MdePkg/Library/BaseLib/BaseLib.inf | 2 ++ > MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 +++++++++++++++++++ > MdePkg/Library/BaseLib/X64/Lfence.nasm | 38 ++++++++++++++++++++ > 4 files changed, 90 insertions(+) > > diff --git a/MdePkg/Include/Library/BaseLib.h > b/MdePkg/Include/Library/BaseLib.h > index 123ae19dc2..656b7736b1 100644 > --- a/MdePkg/Include/Library/BaseLib.h > +++ b/MdePkg/Include/Library/BaseLib.h > @@ -9139,6 +9139,19 @@ AsmWriteTr ( > ); > > /** > + Performs a serializing operation on all load-from-memory instructions that > + were issued prior the AsmLfence function. > + > + Executes a LFENCE instruction. This function is only available on IA-32 > and x64. > + > +**/ > +VOID > +EFIAPI > +AsmLfence ( > + VOID > + ); > + > +/** > Patch the immediate operand of an IA32 or X64 instruction such that the > byte, > word, dword or qword operand is encoded at the end of the instruction's > binary representation. > diff --git a/MdePkg/Library/BaseLib/BaseLib.inf > b/MdePkg/Library/BaseLib/BaseLib.inf > index a1b5ec4b75..ed15c025f9 100644 > --- a/MdePkg/Library/BaseLib/BaseLib.inf > +++ b/MdePkg/Library/BaseLib/BaseLib.inf > @@ -68,6 +68,7 @@ > > [Sources.Ia32] > Ia32/WriteTr.nasm > + Ia32/Lfence.nasm > > Ia32/Wbinvd.c | MSFT > Ia32/WriteMm7.c | MSFT > @@ -346,6 +347,7 @@ > X64/EnableCache.nasm > X64/DisableCache.nasm > X64/WriteTr.nasm > + X64/Lfence.nasm > > X64/CpuBreakpoint.c | MSFT > X64/WriteMsr64.c | MSFT > diff --git a/MdePkg/Library/BaseLib/Ia32/Lfence.nasm > b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm > new file mode 100644 > index 0000000000..f8b2550ef8 > --- /dev/null > +++ b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm > @@ -0,0 +1,37 @@ > +;------------------------------------------------------------------------------ > ; > +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> > +; This program and the accompanying materials > +; are licensed and made available under the terms and conditions of the BSD > License > +; which accompanies this distribution. The full text of the license may be > found at > +; http://opensource.org/licenses/bsd-license.php. > +; > +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > IMPLIED. > +; > +; Module Name: > +; > +; Lfence.nasm > +; > +; Abstract: > +; > +; Performs a serializing operation on all load-from-memory instructions > that > +; were issued prior to the call of this function. > +; > +; Notes: > +; > +;------------------------------------------------------------------------------ > + > + SECTION .text > + > +;------------------------------------------------------------------------------ > +; VOID > +; EFIAPI > +; AsmLfence ( > +; VOID > +; ); > +;------------------------------------------------------------------------------ > +global ASM_PFX(AsmLfence) > +ASM_PFX(AsmLfence): > + lfence > + ret > + > diff --git a/MdePkg/Library/BaseLib/X64/Lfence.nasm > b/MdePkg/Library/BaseLib/X64/Lfence.nasm > new file mode 100644 > index 0000000000..e81c77964b > --- /dev/null > +++ b/MdePkg/Library/BaseLib/X64/Lfence.nasm > @@ -0,0 +1,38 @@ > +;------------------------------------------------------------------------------ > ; > +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> > +; This program and the accompanying materials > +; are licensed and made available under the terms and conditions of the BSD > License > +; which accompanies this distribution. The full text of the license may be > found at > +; http://opensource.org/licenses/bsd-license.php. > +; > +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR > IMPLIED. > +; > +; Module Name: > +; > +; Lfence.nasm > +; > +; Abstract: > +; > +; Performs a serializing operation on all load-from-memory instructions > that > +; were issued prior to the call of this function. > +; > +; Notes: > +; > +;------------------------------------------------------------------------------ > + > + DEFAULT REL > + SECTION .text > + > +;------------------------------------------------------------------------------ > +; VOID > +; EFIAPI > +; AsmLfence ( > +; VOID > +; ); > +;------------------------------------------------------------------------------ > +global ASM_PFX(AsmLfence) > +ASM_PFX(AsmLfence): > + lfence > + ret > + >
"git-am" complained about this patch: > Applying: MdePkg/BaseLib: Add new AsmLfence API > .git/rebase-apply/patch:94: new blank line at EOF. > + > .git/rebase-apply/patch:138: new blank line at EOF. > + > warning: 2 lines add whitespace errors. The message seems to refer to the two new NASM files. (I think it's OK to strip those empty lines before pushing.) Thanks Laszlo _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
