On 09/25/18 22:51, Laszlo Ersek wrote: > On 09/25/18 08:12, Hao Wu wrote: >> V2 changes: >> A. Rename the newly introduced BaseLib API to 'AsmLfence', and makes it >> IA32/X64 specific. >> >> B. Add brief comments before calls of the AsmLfence() to state the >> purpose. >> >> C. Refine the patch for Variable/RuntimeDxe driver and make the change >> focus on the SMM code. >> >> V1 history: >> The series aims to mitigate the Bounds Check Bypass (CVE-2017-5753) issues >> within SMI handlers. >> >> A more detailed explanation of the purpose of the series is under the >> 'Bounds check bypass mitigation' section of the below link: >> https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation >> >> And the document at: >> https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf >> >> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> >> Cc: Leif Lindholm <leif.lindh...@linaro.org> >> Cc: Laszlo Ersek <ler...@redhat.com> >> Cc: Jiewen Yao <jiewen....@intel.com> >> Cc: Michael D Kinney <michael.d.kin...@intel.com> >> Cc: Liming Gao <liming....@intel.com> >> Cc: Star Zeng <star.z...@intel.com> >> Cc: Eric Dong <eric.d...@intel.com> >> >> Hao Wu (5): >> MdePkg/BaseLib: Add new AsmLfence API >> MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix bounds check bypass >> MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds check bypass >> MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds check bypass >> UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds check bypass >> >> MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 7 >> ++++ >> MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf | 1 >> + >> MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c | 10 >> ++++++ >> MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c | 31 >> ++++++++++++++++ >> MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c | 30 >> ++++++++++++++++ >> MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h | 13 >> ++++++- >> MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 6 >> ++++ >> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 1 >> + >> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 18 >> ++++++++++ >> MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 1 >> + >> MdePkg/Include/Library/BaseLib.h | 13 >> +++++++ >> MdePkg/Library/BaseLib/BaseLib.inf | 2 >> ++ >> MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 >> +++++++++++++++++++ >> MdePkg/Library/BaseLib/X64/Lfence.nasm | 38 >> ++++++++++++++++++++ >> UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 5 >> +++ >> 15 files changed, 212 insertions(+), 1 deletion(-) >> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c >> create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c >> create mode 100644 MdePkg/Library/BaseLib/Ia32/Lfence.nasm >> create mode 100644 MdePkg/Library/BaseLib/X64/Lfence.nasm >> > > I regression-tested this series using: > > (1) roughly the Linux guest steps from > <https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt#tests-to-perform-in-the-installed-guest-fedora-26-guest>. > > > Those steps cover all of the SMM variable driver, the SMM FTW driver, > the SMM lockbox, and PiSmmCpuDxeSmm. > > (2) For briefly checking the runtime (non-SMM) variable driver, I booted > Fedora guests on X64 OVMF and AARCH64 ArmVirtQemu, and invoked > "efibootmgr -v". > > series > Regression-tested-by: Laszlo Ersek <ler...@redhat.com>
It's been a long day. I meant to describe another detail of the test environment: Because of the regression reported at <https://bugzilla.tianocore.org/show_bug.cgi?id=1207>, OVMF is currently unbootable. Therefore I first applied my fix from <https://bugzilla.tianocore.org/show_bug.cgi?id=1207#c2> on top of current master (3cb0a311cb7e). I applied this series of yours for regression testing on top of my fix. Thanks Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
