On 09/25/18 08:12, Hao Wu wrote: > V2 changes: > A. Rename the newly introduced BaseLib API to 'AsmLfence', and makes it > IA32/X64 specific. > > B. Add brief comments before calls of the AsmLfence() to state the > purpose. > > C. Refine the patch for Variable/RuntimeDxe driver and make the change > focus on the SMM code. > > V1 history: > The series aims to mitigate the Bounds Check Bypass (CVE-2017-5753) issues > within SMI handlers. > > A more detailed explanation of the purpose of the series is under the > 'Bounds check bypass mitigation' section of the below link: > https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation > > And the document at: > https://software.intel.com/security-software-guidance/api-app/sites/default/files/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf > > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > Cc: Leif Lindholm <leif.lindh...@linaro.org> > Cc: Laszlo Ersek <ler...@redhat.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Michael D Kinney <michael.d.kin...@intel.com> > Cc: Liming Gao <liming....@intel.com> > Cc: Star Zeng <star.z...@intel.com> > Cc: Eric Dong <eric.d...@intel.com> > > Hao Wu (5): > MdePkg/BaseLib: Add new AsmLfence API > MdeModulePkg/FaultTolerantWrite:[CVE-2017-5753]Fix bounds check bypass > MdeModulePkg/SmmLockBox: [CVE-2017-5753] Fix bounds check bypass > MdeModulePkg/Variable: [CVE-2017-5753] Fix bounds check bypass > UefiCpuPkg/PiSmmCpuDxeSmm: [CVE-2017-5753] Fix bounds check bypass > > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.c | 7 > ++++ > MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteSmm.inf | 1 + > MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c | 10 > ++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c | 31 > ++++++++++++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c | 30 > ++++++++++++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h | 13 > ++++++- > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 6 > ++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf | 1 + > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c | 18 > ++++++++++ > MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf | 1 + > MdePkg/Include/Library/BaseLib.h | 13 > +++++++ > MdePkg/Library/BaseLib/BaseLib.inf | 2 > ++ > MdePkg/Library/BaseLib/Ia32/Lfence.nasm | 37 > +++++++++++++++++++ > MdePkg/Library/BaseLib/X64/Lfence.nasm | 38 > ++++++++++++++++++++ > UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c | 5 > +++ > 15 files changed, 212 insertions(+), 1 deletion(-) > create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c > create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c > create mode 100644 MdePkg/Library/BaseLib/Ia32/Lfence.nasm > create mode 100644 MdePkg/Library/BaseLib/X64/Lfence.nasm >
I regression-tested this series using: (1) roughly the Linux guest steps from <https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt#tests-to-perform-in-the-installed-guest-fedora-26-guest>. Those steps cover all of the SMM variable driver, the SMM FTW driver, the SMM lockbox, and PiSmmCpuDxeSmm. (2) For briefly checking the runtime (non-SMM) variable driver, I booted Fedora guests on X64 OVMF and AARCH64 ArmVirtQemu, and invoked "efibootmgr -v". series Regression-tested-by: Laszlo Ersek <ler...@redhat.com> Thanks, Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel