From 49395ea0bc69c30f753f93877e6cc82b8ed0212b Mon Sep 17 00:00:00 2001 From: Hao Wu Date: Fri, 21 Dec 2018 10:30:22 +0800 Subject: [PATCH] MdeModulePkg/Variable: Update to consume SpeculationBarrier REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1417 Since BaseLib API AsmLfence() is a x86 arch specific API and should be avoided using in generic codes, this commit replaces the usage of AsmLfence() with arch-generic API SpeculationBarrier(). Please note that speculation execution barriers are intended to be asserted for SMM codes, hence, this commit still preserve an empty implementation of the speculation execution barrier for the DXE codes. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Liming Gao Cc: Star Zeng Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Hao Wu Reviewed-by: Jian J Wang --- .../RuntimeDxe/PrivilegePolymorphic.h | 10 ++++---- ...LoadFenceDxe.c => SpeculationBarrierDxe.c} | 12 ++++++---- ...LoadFenceSmm.c => SpeculationBarrierSmm.c} | 14 ++++++----- .../Universal/Variable/RuntimeDxe/Variable.c | 6 ++--- .../RuntimeDxe/VariableRuntimeDxe.inf | 2 +- .../Variable/RuntimeDxe/VariableSmm.c | 24 +++++++++---------- .../Variable/RuntimeDxe/VariableSmm.inf | 2 +- 7 files changed, 38 insertions(+), 32 deletions(-) rename MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceDxe.c => SpeculationBarrierDxe.c} (62%) rename MdeModulePkg/Universal/Variable/RuntimeDxe/{LoadFenceSmm.c => SpeculationBarrierSmm.c} (61%) diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h index a324ad2365..7af22a4ad6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h @@ -85,13 +85,15 @@ SetVariableCheckHandlerMor ( ); /** - This service is consumed by the variable modules to perform a serializing - operation on all load-from-memory instructions that were issued prior to the - call of this function. + This service is consumed by the variable modules to place a barrier to stop + speculative execution. + + Ensures that no later instruction will execute speculatively, until all prior + instructions have completed. **/ VOID -MemoryLoadFence ( +VariableSpeculationBarrier ( VOID ); diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c similarity index 62% rename from MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c rename to MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c index 0f64ee093b..bc3f695335 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierDxe.c @@ -1,5 +1,5 @@ /** @file - Serialize operation on all load-from-memory instructions (DXE version). + Barrier to stop speculative execution (DXE version). Copyright (c) 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials @@ -15,13 +15,15 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "Variable.h" /** - This service is consumed by the variable modules to perform a serializing - operation on all load-from-memory instructions that were issued prior to the - call of this function. + This service is consumed by the variable modules to place a barrier to stop + speculative execution. + + Ensures that no later instruction will execute speculatively, until all prior + instructions have completed. **/ VOID -MemoryLoadFence ( +VariableSpeculationBarrier ( VOID ) { diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c similarity index 61% rename from MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c rename to MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c index 4b0d7e3e95..dbc20f6c4d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/SpeculationBarrierSmm.c @@ -1,5 +1,5 @@ /** @file - Serialize operation on all load-from-memory instructions (SMM version). + Barrier to stop speculative execution (SMM version). Copyright (c) 2018, Intel Corporation. All rights reserved.
This program and the accompanying materials @@ -16,15 +16,17 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "Variable.h" /** - This service is consumed by the variable modules to perform a serializing - operation on all load-from-memory instructions that were issued prior to the - call of this function. + This service is consumed by the variable modules to place a barrier to stop + speculative execution. + + Ensures that no later instruction will execute speculatively, until all prior + instructions have completed. **/ VOID -MemoryLoadFence ( +VariableSpeculationBarrier ( VOID ) { - AsmLfence (); + SpeculationBarrier (); } diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c index d100b1dcc5..443cf07144 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c @@ -3201,11 +3201,11 @@ VariableServiceSetVariable ( return EFI_SECURITY_VIOLATION; } // - // The MemoryLoadFence() call here is to ensure the above sanity check - // for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed + // The VariableSpeculationBarrier() call here is to ensure the above sanity + // check for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed // before the execution of subsequent codes. // - MemoryLoadFence (); + VariableSpeculationBarrier (); PayloadSize = DataSize - AUTHINFO2_SIZE (Data); } else { PayloadSize = DataSize; diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf index 868981ccaf..7ef8a97f5d 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -46,7 +46,7 @@ TcgMorLockDxe.c VarCheck.c VariableExLib.c - LoadFenceDxe.c + SpeculationBarrierDxe.c [Packages] MdePkg/MdePkg.dec diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c index 6dc19c24db..8c53f84ff6 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c @@ -538,11 +538,11 @@ SmmVariableHandler ( } // - // The MemoryLoadFence() call here is to ensure the previous range/content - // checks for the CommBuffer have been completed before the subsequent - // consumption of the CommBuffer content. + // The VariableSpeculationBarrier() call here is to ensure the previous + // range/content checks for the CommBuffer have been completed before the + // subsequent consumption of the CommBuffer content. // - MemoryLoadFence (); + VariableSpeculationBarrier (); if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') { // // Make sure VariableName is A Null-terminated string. @@ -638,11 +638,11 @@ SmmVariableHandler ( } // - // The MemoryLoadFence() call here is to ensure the previous range/content - // checks for the CommBuffer have been completed before the subsequent - // consumption of the CommBuffer content. + // The VariableSpeculationBarrier() call here is to ensure the previous + // range/content checks for the CommBuffer have been completed before the + // subsequent consumption of the CommBuffer content. // - MemoryLoadFence (); + VariableSpeculationBarrier (); if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') { // // Make sure VariableName is A Null-terminated string. @@ -779,11 +779,11 @@ SmmVariableHandler ( } // - // The MemoryLoadFence() call here is to ensure the previous range/content - // checks for the CommBuffer have been completed before the subsequent - // consumption of the CommBuffer content. + // The VariableSpeculationBarrier() call here is to ensure the previous + // range/content checks for the CommBuffer have been completed before the + // subsequent consumption of the CommBuffer content. // - MemoryLoadFence (); + VariableSpeculationBarrier (); if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') { // // Make sure VariableName is A Null-terminated string. diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf index 2fe72ff8a4..db7d220e06 100644 --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf @@ -54,7 +54,7 @@ PrivilegePolymorphic.h VariableExLib.c TcgMorLockSmm.c - LoadFenceSmm.c + SpeculationBarrierSmm.c [Packages] MdePkg/MdePkg.dec -- 2.39.2