diff options
| author | Hao Wu <hao.a.wu@intel.com> | 2018-11-14 10:04:14 +0800 |
|---|---|---|
| committer | Hao Wu <hao.a.wu@intel.com> | 2018-11-21 09:32:37 +0800 |
| commit | ead3d6be19857aca5e39eef4945502b02f37c5d7 (patch) | |
| tree | 41e9024288b36b9eff451d9f47d4c8c11943a868 /MdePkg/Library/BaseLib/BaseLib.inf | |
| parent | 79daf8c766a38d79bf6ed5381680ad83cf770e08 (diff) | |
| download | edk2-ead3d6be19857aca5e39eef4945502b02f37c5d7.tar.gz | |
UefiCpuPkg: [CVE-2017-5715] Stuff RSB before RSM
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1093
Return Stack Buffer (RSB) is used to predict the target of RET
instructions. When the RSB underflows, some processors may fall back to
using branch predictors. This might impact software using the retpoline
mitigation strategy on those processors.
This commit will add RSB stuffing logic before returning from SMM (the RSM
instruction) to avoid interfering with non-SMM usage of the retpoline
technique.
After the stuffing, RSB entries will contain a trap like:
SpecTrap:
pause
lfence
jmp SpecTrap
A more detailed explanation of the purpose of commit is under the
'Branch target injection mitigation' section of the below link:
https://software.intel.com/security-software-guidance/insights/host-firmware-speculative-execution-side-channel-mitigation
This commit introduces a .INC file that contains the RSB logic and it can
be included by .ASM files. This file is placed at directory
'UefiCpuPkg/Include/'.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
Diffstat (limited to 'MdePkg/Library/BaseLib/BaseLib.inf')
0 files changed, 0 insertions, 0 deletions