REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193
This commit will add a new BaseLib API AsmLfence(). This API will perform a serializing operation on all load-from-memory instructions that were issued prior to the call of this function. Please note that this API is only available on IA-32 and x64. The purpose of adding this API is to mitigate of the [CVE-2017-5753] Bounds Check Bypass issue when untrusted data are being processed within SMM. More details can be referred at the 'Bounds check bypass mitigation' section at the below link: https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> Cc: Leif Lindholm <leif.lindh...@linaro.org> Cc: Laszlo Ersek <ler...@redhat.com> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Michael D Kinney <michael.d.kin...@intel.com> Cc: Liming Gao <liming....@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu <hao.a...@intel.com> --- MdePkg/Include/Library/BaseLib.h | 13 +++++++ MdePkg/Library/BaseLib/BaseLib.inf | 2 ++ MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 +++++++++++++++++++ MdePkg/Library/BaseLib/X64/Lfence.nasm | 38 ++++++++++++++++++++ 4 files changed, 90 insertions(+) diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/BaseLib.h index 123ae19dc2..656b7736b1 100644 --- a/MdePkg/Include/Library/BaseLib.h +++ b/MdePkg/Include/Library/BaseLib.h @@ -9139,6 +9139,19 @@ AsmWriteTr ( ); /** + Performs a serializing operation on all load-from-memory instructions that + were issued prior the AsmLfence function. + + Executes a LFENCE instruction. This function is only available on IA-32 and x64. + +**/ +VOID +EFIAPI +AsmLfence ( + VOID + ); + +/** Patch the immediate operand of an IA32 or X64 instruction such that the byte, word, dword or qword operand is encoded at the end of the instruction's binary representation. diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/BaseLib.inf index a1b5ec4b75..ed15c025f9 100644 --- a/MdePkg/Library/BaseLib/BaseLib.inf +++ b/MdePkg/Library/BaseLib/BaseLib.inf @@ -68,6 +68,7 @@ [Sources.Ia32] Ia32/WriteTr.nasm + Ia32/Lfence.nasm Ia32/Wbinvd.c | MSFT Ia32/WriteMm7.c | MSFT @@ -346,6 +347,7 @@ X64/EnableCache.nasm X64/DisableCache.nasm X64/WriteTr.nasm + X64/Lfence.nasm X64/CpuBreakpoint.c | MSFT X64/WriteMsr64.c | MSFT diff --git a/MdePkg/Library/BaseLib/Ia32/Lfence.nasm b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm new file mode 100644 index 0000000000..f8b2550ef8 --- /dev/null +++ b/MdePkg/Library/BaseLib/Ia32/Lfence.nasm @@ -0,0 +1,37 @@ +;------------------------------------------------------------------------------ ; +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> +; This program and the accompanying materials +; are licensed and made available under the terms and conditions of the BSD License +; which accompanies this distribution. The full text of the license may be found at +; http://opensource.org/licenses/bsd-license.php. +; +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +; +; Module Name: +; +; Lfence.nasm +; +; Abstract: +; +; Performs a serializing operation on all load-from-memory instructions that +; were issued prior to the call of this function. +; +; Notes: +; +;------------------------------------------------------------------------------ + + SECTION .text + +;------------------------------------------------------------------------------ +; VOID +; EFIAPI +; AsmLfence ( +; VOID +; ); +;------------------------------------------------------------------------------ +global ASM_PFX(AsmLfence) +ASM_PFX(AsmLfence): + lfence + ret + diff --git a/MdePkg/Library/BaseLib/X64/Lfence.nasm b/MdePkg/Library/BaseLib/X64/Lfence.nasm new file mode 100644 index 0000000000..e81c77964b --- /dev/null +++ b/MdePkg/Library/BaseLib/X64/Lfence.nasm @@ -0,0 +1,38 @@ +;------------------------------------------------------------------------------ ; +; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> +; This program and the accompanying materials +; are licensed and made available under the terms and conditions of the BSD License +; which accompanies this distribution. The full text of the license may be found at +; http://opensource.org/licenses/bsd-license.php. +; +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +; +; Module Name: +; +; Lfence.nasm +; +; Abstract: +; +; Performs a serializing operation on all load-from-memory instructions that +; were issued prior to the call of this function. +; +; Notes: +; +;------------------------------------------------------------------------------ + + DEFAULT REL + SECTION .text + +;------------------------------------------------------------------------------ +; VOID +; EFIAPI +; AsmLfence ( +; VOID +; ); +;------------------------------------------------------------------------------ +global ASM_PFX(AsmLfence) +ASM_PFX(AsmLfence): + lfence + ret + -- 2.12.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
