tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MdePkg/BaseLib: Add new AsmLfence API 

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193

This commit will add a new BaseLib API AsmLfence(). This API will perform
a serializing operation on all load-from-memory instructions that were
issued prior to the call of this function. Please note that this API is
only available on IA-32 and x64.

The purpose of adding this API is to mitigate of the [CVE-2017-5753]
Bounds Check Bypass issue when untrusted data are being processed within
SMM. More details can be referred at the 'Bounds check bypass mitigation'
section at the below link:

https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Hao Wu 2018-09-13 15:11:35 +08:00
parent 8285f42e58
commit 2ecd829972
4 changed files with 88 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
MdePkg/Include/Library/BaseLib.h
View File

@ -7696,6 +7696,19 @@ AsmWriteTr (
IN UINT16 Selector IN UINT16 Selector
); );
/**
Performs a serializing operation on all load-from-memory instructions that
were issued prior the AsmLfence function.
Executes a LFENCE instruction. This function is only available on IA-32 and x64.
**/
VOID
EFIAPI
AsmLfence (
VOID
);
/** /**
Patch the immediate operand of an IA32 or X64 instruction such that the byte, Patch the immediate operand of an IA32 or X64 instruction such that the byte,
word, dword or qword operand is encoded at the end of the instruction's word, dword or qword operand is encoded at the end of the instruction's

2
MdePkg/Library/BaseLib/BaseLib.inf
View File

@ -68,6 +68,7 @@
[Sources.Ia32] [Sources.Ia32]
Ia32/WriteTr.nasm Ia32/WriteTr.nasm
Ia32/Lfence.nasm
Ia32/Wbinvd.c | MSFT Ia32/Wbinvd.c | MSFT
Ia32/WriteMm7.c | MSFT Ia32/WriteMm7.c | MSFT
@ -346,6 +347,7 @@
X64/EnableCache.nasm X64/EnableCache.nasm
X64/DisableCache.nasm X64/DisableCache.nasm
X64/WriteTr.nasm X64/WriteTr.nasm
X64/Lfence.nasm
X64/CpuBreakpoint.c | MSFT X64/CpuBreakpoint.c | MSFT
X64/WriteMsr64.c | MSFT X64/WriteMsr64.c | MSFT

36
MdePkg/Library/BaseLib/Ia32/Lfence.nasm Normal file
View File

@ -0,0 +1,36 @@
;------------------------------------------------------------------------------ ;
; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
; This program and the accompanying materials
; are licensed and made available under the terms and conditions of the BSD License
; which accompanies this distribution. The full text of the license may be found at
; http://opensource.org/licenses/bsd-license.php.
;
; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
;
; Module Name:
;
; Lfence.nasm
;
; Abstract:
;
; Performs a serializing operation on all load-from-memory instructions that
; were issued prior to the call of this function.
;
; Notes:
;
;------------------------------------------------------------------------------
SECTION .text
;------------------------------------------------------------------------------
; VOID
; EFIAPI
; AsmLfence (
; VOID
; );
;------------------------------------------------------------------------------
global ASM_PFX(AsmLfence)
ASM_PFX(AsmLfence):
lfence
ret

37
MdePkg/Library/BaseLib/X64/Lfence.nasm Normal file
View File

@ -0,0 +1,37 @@
;------------------------------------------------------------------------------ ;
; Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
; This program and the accompanying materials
; are licensed and made available under the terms and conditions of the BSD License
; which accompanies this distribution. The full text of the license may be found at
; http://opensource.org/licenses/bsd-license.php.
;
; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
;
; Module Name:
;
; Lfence.nasm
;
; Abstract:
;
; Performs a serializing operation on all load-from-memory instructions that
; were issued prior to the call of this function.
;
; Notes:
;
;------------------------------------------------------------------------------
DEFAULT REL
SECTION .text
;------------------------------------------------------------------------------
; VOID
; EFIAPI
; AsmLfence (
; VOID
; );
;------------------------------------------------------------------------------
global ASM_PFX(AsmLfence)
ASM_PFX(AsmLfence):
lfence
ret