Re: [edk2] [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers
Hi Mike, We found that this API needs to be inserted within file: MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c which is in module: MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf This module (INF file) is consumed by the AARCH64/ARM architectures as well. That is the reason I do not make this API as IA32/X64 specific. Best Regards, Hao Wu > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Kinney, Michael D > Sent: Thursday, September 20, 2018 9:59 PM > To: Wu, Hao A; edk2-devel@lists.01.org; Kinney, Michael D > Cc: Dong, Eric; Gao, Liming; Yao, Jiewen; Laszlo Ersek; Zeng, Star > Subject: Re: [edk2] [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue > in SMI handlers > > Hao Wu, > > I see that implementations of this API are only > provided for IA32 and X64. Should this be an IA32/X64 > specific API in BaseLib? Also, since the API is providing > a C callable function to execute a specific IA32/X64 > instruction, should the API be prefixed with Asm to > match the convention of other APIs in BaseLib? > > Thanks, > > Mike > > > -Original Message- > > From: Wu, Hao A > > Sent: Wednesday, September 19, 2018 11:41 PM > > To: edk2-devel@lists.01.org > > Cc: Wu, Hao A ; Ard Biesheuvel > > ; Laszlo Ersek > > ; Yao, Jiewen > > ; Kinney, Michael D > > ; Gao, Liming > > ; Zeng, Star > > ; Dong, Eric > > Subject: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check > > Bypass issue in SMI handlers > > > > The series aims to mitigate the Bounds Check Bypass > > (CVE-2017-5753) issues > > within SMI handlers. > > > > A more detailed explanation of the purpose of the > > series is under the > > 'Bounds check bypass mitigation' section of the below > > link: > > https://software.intel.com/security-software- > > guidance/insights/host-firmware-speculative-execution- > > side-channel-mitigation > > > > And the document at: > > https://software.intel.com/security-software- > > guidance/api-app/sites/default/files/337879-analyzing- > > potential-bounds-Check-bypass-vulnerabilities.pdf > > > > Cc: Ard Biesheuvel > > Cc: Laszlo Ersek > > Cc: Jiewen Yao > > Cc: Michael D Kinney > > Cc: Liming Gao > > Cc: Star Zeng > > Cc: Eric Dong > > > > Hao Wu (5): > > MdePkg/BaseLib: Add new LoadFence API > > MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix > > bounds check bypass > > MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds > > check bypass > > MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds > > check bypass > > UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds > > check bypass > > > > > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > > antWriteSmm.c | 2 ++ > > > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > > antWriteSmm.inf | 1 + > > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > > | 2 ++ > > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > > | 1 + > > > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm. > > c | 3 ++ > > MdePkg/Include/Library/BaseLib.h > > | 12 +++ > > MdePkg/Library/BaseLib/Arm/LoadFence.c > > | 26 ++ > > MdePkg/Library/BaseLib/BaseLib.inf > > | 4 +++ > > MdePkg/Library/BaseLib/Ebc/CpuBreakpoint.c > > | 15 +++- > > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > > | 37 +++ > > MdePkg/Library/BaseLib/X64/LoadFence.nasm > > | 38 > > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > > | 1 + > > 12 files changed, 141 insertions(+), 1 deletion(-) > > create mode 100644 > > MdePkg/Library/BaseLib/Arm/LoadFence.c > > create mode 100644 > > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > > create mode 100644 > > MdePkg/Library/BaseLib/X64/LoadFence.nasm > > > > -- > > 2.12.0.windows.1 > > ___ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers
Hao Wu, I see that implementations of this API are only provided for IA32 and X64. Should this be an IA32/X64 specific API in BaseLib? Also, since the API is providing a C callable function to execute a specific IA32/X64 instruction, should the API be prefixed with Asm to match the convention of other APIs in BaseLib? Thanks, Mike > -Original Message- > From: Wu, Hao A > Sent: Wednesday, September 19, 2018 11:41 PM > To: edk2-devel@lists.01.org > Cc: Wu, Hao A ; Ard Biesheuvel > ; Laszlo Ersek > ; Yao, Jiewen > ; Kinney, Michael D > ; Gao, Liming > ; Zeng, Star > ; Dong, Eric > Subject: [PATCH v1 0/5] [CVE-2017-5753] Bounds Check > Bypass issue in SMI handlers > > The series aims to mitigate the Bounds Check Bypass > (CVE-2017-5753) issues > within SMI handlers. > > A more detailed explanation of the purpose of the > series is under the > 'Bounds check bypass mitigation' section of the below > link: > https://software.intel.com/security-software- > guidance/insights/host-firmware-speculative-execution- > side-channel-mitigation > > And the document at: > https://software.intel.com/security-software- > guidance/api-app/sites/default/files/337879-analyzing- > potential-bounds-Check-bypass-vulnerabilities.pdf > > Cc: Ard Biesheuvel > Cc: Laszlo Ersek > Cc: Jiewen Yao > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Star Zeng > Cc: Eric Dong > > Hao Wu (5): > MdePkg/BaseLib: Add new LoadFence API > MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix > bounds check bypass > MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds > check bypass > MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds > check bypass > UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds > check bypass > > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > antWriteSmm.c | 2 ++ > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultToler > antWriteSmm.inf | 1 + > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c > | 2 ++ > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c > | 1 + > > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm. > c | 3 ++ > MdePkg/Include/Library/BaseLib.h > | 12 +++ > MdePkg/Library/BaseLib/Arm/LoadFence.c > | 26 ++ > MdePkg/Library/BaseLib/BaseLib.inf > | 4 +++ > MdePkg/Library/BaseLib/Ebc/CpuBreakpoint.c > | 15 +++- > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > | 37 +++ > MdePkg/Library/BaseLib/X64/LoadFence.nasm > | 38 > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c > | 1 + > 12 files changed, 141 insertions(+), 1 deletion(-) > create mode 100644 > MdePkg/Library/BaseLib/Arm/LoadFence.c > create mode 100644 > MdePkg/Library/BaseLib/Ia32/LoadFence.nasm > create mode 100644 > MdePkg/Library/BaseLib/X64/LoadFence.nasm > > -- > 2.12.0.windows.1 ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH v1 0/5] [CVE-2017-5753] Bounds Check Bypass issue in SMI handlers
On 09/20/18 08:40, Hao Wu wrote: > The series aims to mitigate the Bounds Check Bypass (CVE-2017-5753) issues > within SMI handlers. > > A more detailed explanation of the purpose of the series is under the > 'Bounds check bypass mitigation' section of the below link: > https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation > > And the document at: > https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf > > Cc: Ard Biesheuvel > Cc: Laszlo Ersek > Cc: Jiewen Yao > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Star Zeng > Cc: Eric Dong I'd like to test this series, but before I do that, I'll wait a bit longer for other review feedback. Please ping me, should I forget. Thanks Laszlo ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel