git.proxmox.com Git - mirror

author	Hao Wu <hao.a.wu@intel.com>
	Thu, 13 Sep 2018 07:11:35 +0000 (15:11 +0800)
committer	Hao Wu <hao.a.wu@intel.com>
	Sun, 30 Sep 2018 05:06:42 +0000 (13:06 +0800)
commit	2ecd829972f8553de83fbf943c5b89863999d7c8
tree	b19b006b15a544e36068b59dba13673d9f171f63	tree
parent	8285f42e5808cfd0571db215059a4d136fe4a1eb	commit \| diff

MdePkg/BaseLib: Add new AsmLfence API

REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1193

This commit will add a new BaseLib API AsmLfence(). This API will perform
a serializing operation on all load-from-memory instructions that were
issued prior to the call of this function. Please note that this API is
only available on IA-32 and x64.

The purpose of adding this API is to mitigate of the [CVE-2017-5753]
Bounds Check Bypass issue when untrusted data are being processed within
SMM. More details can be referred at the 'Bounds check bypass mitigation'
section at the below link:

https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>

MdePkg/Include/Library/BaseLib.h		diff \| blob \| blame \| history
MdePkg/Library/BaseLib/BaseLib.inf		diff \| blob \| blame \| history
MdePkg/Library/BaseLib/Ia32/Lfence.nasm	[new file with mode: 0644]	blob
MdePkg/Library/BaseLib/X64/Lfence.nasm	[new file with mode: 0644]	blob