[edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add AsmLfence function

Ard Biesheuvel ard.biesheuvel at linaro.org
Mon Dec 17 00:35:28 PST 2018


On Mon, 17 Dec 2018 at 09:30, Yao, Jiewen <jiewen.yao at intel.com> wrote:
>
> I reviewed the ARM white paper - file:///C:/Users/jyao1/Downloads/Cache_Speculation_Side-channels-v2.4.pdf
>
> I agree with you that LoadFence might not be the best idea.
>
> How about SpeculationBarrier() ?
>

That works for me. Or SpecFence (). As long as it does not conflate
memory ordering with controlling the side effects of speculative
execution, it is ok with me.

I'll contribute the ARM and AARCH64 implementations asap once the
generic changes are posted on the list.

Thanks,

> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-bounces at lists.01.org] On Behalf Of
> > Yao, Jiewen
> > Sent: Monday, December 17, 2018 4:25 PM
> > To: Ard Biesheuvel <ard.biesheuvel at linaro.org>; Leif Lindholm
> > <leif.lindholm at linaro.org>
> > Cc: edk2-devel at lists.01.org; Zhang, Chao B <chao.b.zhang at intel.com>;
> > Gao, Liming <liming.gao at intel.com>
> > Subject: Re: [edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add
> > AsmLfence function
> >
> > Hi Ard
> > I am OK to refine it now.
> >
> > Do you have any proposal on the naming from ARM side?
> >
> > Thank you
> > Yao Jiewen
> >
> > > -----Original Message-----
> > > From: Ard Biesheuvel [mailto:ard.biesheuvel at linaro.org]
> > > Sent: Monday, December 17, 2018 4:11 PM
> > > To: Yao, Jiewen <jiewen.yao at intel.com>; Leif Lindholm
> > > <leif.lindholm at linaro.org>
> > > Cc: Gao, Liming <liming.gao at intel.com>; Jagadeesh Ujja
> > > <jagadeesh.ujja at arm.com>; edk2-devel at lists.01.org; Zhang, Chao B
> > > <chao.b.zhang at intel.com>
> > > Subject: Re: [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add
> > > AsmLfence function
> > >
> > > On Mon, 17 Dec 2018 at 08:45, Ard Biesheuvel
> > <ard.biesheuvel at linaro.org>
> > > wrote:
> > > >
> > > > On Mon, 17 Dec 2018 at 04:29, Yao, Jiewen <jiewen.yao at intel.com>
> > > wrote:
> > > > >
> > > > > I think we have below definition.
> > > > > -- MemoryFence: Serialize load and store operations.
> > > > > -- LoadFence: Serialize load operations.
> > > > > -- StoreFence: Serialize store operations.
> > > > >
> > > > > According to IA32 SDM, Intel has MFENCE, LFENCE and SFENCE.
> > > > > If ARM only has DMB, it is possible to use DMB for MemoryFence,
> > > LoadFence or StoreFence.
> > > > >
> > > > > Maybe it is better to use LoadFence, instead of AsmLFence?
> > > > > Then we can align with MemoryFence.
> > > > >
> > > >
> > > > I think using AsmLfence() all over the code to limit speculation was a
> > > > mistake, and I am disappointed nobody from the ARM side was involved
> > > > at all when these changes were proposed.
> > > >
> > >
> > > OK, I have to apologize here. Hao did cc us on these patches, and so
> > > we did have the opportunity to respond at the time.
> > >
> > > But that doesn't change the fact that AsmLfence() should be replaced
> > > by an abstraction that describes the specific semantics of the x86
> > > Lfence implemetation beyond memory ordering that we are relying on
> > > here.
> > >
> > >
> > >
> > > > The code changes rely on specific semantics of the x86 Lfence
> > > > instructions, i.e., that beyond load serialization, they ensure that
> > > > all instructions (not just loads) complete before the lfence
> > > > completes. This is a much stronger notion than a load barrier, and so
> > > > the abstraction should have been defined as something like a
> > > > ExecFence() or pipeline barrier etc, and the x86 specific
> > > > implementation would have been mapped onto Lfence. For the ARM
> > side,
> > > > we probably need an ISB instruction here as well as some kind of other
> > > > barrier. Calling it LoadFence() makes no sense whatsoever.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: edk2-devel [mailto:edk2-devel-bounces at lists.01.org] On
> > Behalf
> > > Of
> > > > > > Gao, Liming
> > > > > > Sent: Monday, December 17, 2018 10:04 AM
> > > > > > To: Ard Biesheuvel <ard.biesheuvel at linaro.org>; Jagadeesh Ujja
> > > > > > <jagadeesh.ujja at arm.com>; Leif Lindholm
> > <leif.lindholm at linaro.org>
> > > > > > Cc: edk2-devel at lists.01.org; Zhang, Chao B
> > > <chao.b.zhang at intel.com>
> > > > > > Subject: Re: [edk2] [PATCH 05/13] MdePkg/Library/BaseLib/AArch64:
> > > Add
> > > > > > AsmLfence function
> > > > > >
> > > > > > Ard:
> > > > > >   My first comment is to suggest updating the caller code for the
> > arch
> > > > > > specific code.  But, there are two drivers that have the same usage.
> > > This
> > > > > > way will introduce the duplicated code logic. So, I suggest another
> > way
> > > to
> > > > > > extend  AsmLfence() API scope for the different ARCHs. If you think
> > it
> > > brings
> > > > > > the confuse, I just think another way to resolve this case in the caller
> > > code.
> > > > > >
> > > > > > #if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
> > > > > > AsmLfence();
> > > > > > #else
> > > > > > MemoryFence()
> > > > > > #endif
> > > > > >
> > > > > > Thanks
> > > > > > Liming
> > > > > > >-----Original Message-----
> > > > > > >From: Ard Biesheuvel [mailto:ard.biesheuvel at linaro.org]
> > > > > > >Sent: Friday, December 14, 2018 9:54 PM
> > > > > > >To: Jagadeesh Ujja <jagadeesh.ujja at arm.com>; Leif Lindholm
> > > > > > ><leif.lindholm at linaro.org>
> > > > > > >Cc: edk2-devel at lists.01.org; Gao, Liming <liming.gao at intel.com>;
> > > Zhang,
> > > > > > >Chao B <chao.b.zhang at intel.com>
> > > > > > >Subject: Re: [PATCH 05/13] MdePkg/Library/BaseLib/AArch64: Add
> > > > > > >AsmLfence function
> > > > > > >
> > > > > > >On Fri, 14 Dec 2018 at 13:13, Jagadeesh Ujja
> > > <jagadeesh.ujja at arm.com>
> > > > > > >wrote:
> > > > > > >>
> > > > > > >> Variable service driver includes a call to AsmLfence. To reuse this
> > > > > > >> driver on AArch64 based platforms, add an implementation of
> > > AsmLfence
> > > > > > >> that acts as a wrapper on the AArch64 specific MemoryFence
> > > function.
> > > > > > >>
> > > > > > >> Contributed-under: TianoCore Contribution Agreement 1.1
> > > > > > >> Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja at arm.com>
> > > > > > >> ---
> > > > > > >>  MdePkg/Include/Library/BaseLib.h             | 33
> > > +++++++++------
> > > > > > >>  MdePkg/Library/BaseLib/AArch64/AsmLfence.S   | 42
> > > > > > >++++++++++++++++++++
> > > > > > >>  MdePkg/Library/BaseLib/AArch64/AsmLfence.asm | 41
> > > > > > >+++++++++++++++++++
> > > > > > >>  MdePkg/Library/BaseLib/BaseLib.inf           |  2 +
> > > > > > >>  4 files changed, 105 insertions(+), 13 deletions(-)
> > > > > > >>
> > > > > > >> diff --git a/MdePkg/Include/Library/BaseLib.h
> > > > > > >b/MdePkg/Include/Library/BaseLib.h
> > > > > > >> index 8cc0869..ca961ee 100644
> > > > > > >> --- a/MdePkg/Include/Library/BaseLib.h
> > > > > > >> +++ b/MdePkg/Include/Library/BaseLib.h
> > > > > > >> @@ -7697,19 +7697,6 @@ AsmWriteTr (
> > > > > > >>    );
> > > > > > >>
> > > > > > >>  /**
> > > > > > >> -  Performs a serializing operation on all load-from-memory
> > > instructions
> > > > > > that
> > > > > > >> -  were issued prior the AsmLfence function.
> > > > > > >> -
> > > > > > >> -  Executes a LFENCE instruction. This function is only available
> > on
> > > IA-32
> > > > > > and
> > > > > > >x64.
> > > > > > >> -
> > > > > > >> -**/
> > > > > > >> -VOID
> > > > > > >> -EFIAPI
> > > > > > >> -AsmLfence (
> > > > > > >> -  VOID
> > > > > > >> -  );
> > > > > > >> -
> > > > > > >> -/**
> > > > > > >>    Patch the immediate operand of an IA32 or X64 instruction
> > such
> > > that
> > > > > > the
> > > > > > >byte,
> > > > > > >>    word, dword or qword operand is encoded at the end of the
> > > > > > instruction's
> > > > > > >>    binary representation.
> > > > > > >> @@ -7752,4 +7739,24 @@ PatchInstructionX86 (
> > > > > > >>    );
> > > > > > >>
> > > > > > >>  #endif // defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
> > > > > > >> +
> > > > > > >> +#if defined (MDE_CPU_IA32) || defined (MDE_CPU_X64) ||
> > > defined
> > > > > > >(MDE_CPU_AARCH64)
> > > > > > >> +
> > > > > > >> +/**
> > > > > > >> +  Performs a serializing operation on all load-from-memory
> > > instructions
> > > > > > that
> > > > > > >> +  were issued prior the AsmLfence function.
> > > > > > >> +
> > > > > > >> +  In case of IA-32 and x64, Executes a LFENCE instruction.
> > > > > > >> +
> > > > > > >> +  In case of AArch64 this acts as a wrapper on the AArch64
> > > > > > >> +  specific MemoryFence function
> > > > > > >> +
> > > > > > >> +**/
> > > > > > >> +VOID
> > > > > > >> +EFIAPI
> > > > > > >> +AsmLfence (
> > > > > > >> +  VOID
> > > > > > >> +  );
> > > > > > >> +
> > > > > > >> +#endif  // defined (MDE_CPU_IA32) || defined (MDE_CPU_X64)
> > > ||
> > > > > > >defined (MDE_CPU_AARCH64)
> > > > > > >>  #endif // !defined (__BASE_LIB__)
> > > > > > >> diff --git a/MdePkg/Library/BaseLib/AArch64/AsmLfence.S
> > > > > > >b/MdePkg/Library/BaseLib/AArch64/AsmLfence.S
> > > > > > >> new file mode 100644
> > > > > > >> index 0000000..2fd804b
> > > > > > >> --- /dev/null
> > > > > > >> +++ b/MdePkg/Library/BaseLib/AArch64/AsmLfence.S
> > > > > > >> @@ -0,0 +1,42 @@
> > > > > > >>
> > +##------------------------------------------------------------------------------
> > > > > > >> +#
> > > > > > >> +# AsmLfence() for AArch64
> > > > > > >> +#
> > > > > > >> +# Copyright (c) 2013-2018, ARM Ltd. All rights reserved.
> > > > > > >> +#
> > > > > > >> +# This program and the accompanying materials
> > > > > > >> +# are licensed and made available under the terms and conditions
> > > of the
> > > > > > >BSD License
> > > > > > >> +# which accompanies this distribution.  The full text of the
> > license
> > > may
> > > > > > be
> > > > > > >found at
> > > > > > >> +# http://opensource.org/licenses/bsd-license.php.
> > > > > > >> +#
> > > > > > >> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON
> > AN
> > > "AS
> > > > > > IS"
> > > > > > >BASIS,
> > > > > > >> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> > > EITHER
> > > > > > >EXPRESS OR IMPLIED.
> > > > > > >> +#
> > > > > > >>
> > +##------------------------------------------------------------------------------
> > > > > > >> +
> > > > > > >> +.text
> > > > > > >> +.p2align 2
> > > > > > >> +
> > > > > > >> +GCC_ASM_EXPORT(AsmLfence)
> > > > > > >> +
> > > > > > >> +# IMPORT
> > > > > > >> +GCC_ASM_IMPORT(MemoryFence)
> > > > > > >> +
> > > > > > >> +#/**
> > > > > > >> +#  Used to serialize load and store operations.
> > > > > > >> +#
> > > > > > >> +#  All loads and stores that proceed calls to this function are
> > > > > > guaranteed to
> > > > > > >be
> > > > > > >> +#  globally visible when this function returns.
> > > > > > >> +#
> > > > > > >> +#**/
> > > > > > >> +#VOID
> > > > > > >> +#EFIAPI
> > > > > > >> +#AsmLfence (
> > > > > > >> +#  VOID
> > > > > > >> +#  );
> > > > > > >> +#
> > > > > > >> +ASM_PFX(AsmLfence):
> > > > > > >> +    stp   x29, x30, [sp, #-16]!
> > > > > > >> +    bl MemoryFence
> > > > > > >> +    ldp   x29, x30, [sp], #0x10
> > > > > > >> +    ret
> > > > > > >
> > > > > > >Any reason we can't simply do
> > > > > > >
> > > > > > >b MemoryFence
> > > > > > >
> > > > > > >here?
> > > > > > >
> > > > > > >Also, why I understand the rationale, I still think it would be better
> > > > > > >to change callers of the [x86 specific] AsmLfence() than to introduce
> > > > > > >an alias of MemoryFence() for architectures where Lfence is not
> > > > > > >defined.
> > > > > > >
> > > > > > >This is not only about tidiness, but also about potentially having
> > > > > > >different semantics, which we can't provide in general on ARM, but
> > > > > > >only in particular cases [such as the code that is modified in this
> > > > > > >series]
> > > > > > >
> > > > > > >In other words, newly introduced occurrences of AsmLfence() now
> > > have
> > > > > > >to be audited for being appropriate on AArc64 if they are added to
> > > > > > >generic code.
> > > > > > >
> > > > > > >
> > > > > > >> diff --git a/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm
> > > > > > >b/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm
> > > > > > >> new file mode 100644
> > > > > > >> index 0000000..7dd5659
> > > > > > >> --- /dev/null
> > > > > > >> +++ b/MdePkg/Library/BaseLib/AArch64/AsmLfence.asm
> > > > > > >> @@ -0,0 +1,41 @@
> > > > > > >> +;------------------------------------------------------------------------------
> > > > > > >> +;
> > > > > > >> +; AsmLfence() for AArch64
> > > > > > >> +;
> > > > > > >> +; Copyright (c) 2013-2018, ARM Ltd. All rights reserved.
> > > > > > >> +;
> > > > > > >> +; This program and the accompanying materials
> > > > > > >> +; are licensed and made available under the terms and conditions
> > > of the
> > > > > > >BSD License
> > > > > > >> +; which accompanies this distribution.  The full text of the
> > license
> > > may
> > > > > > be
> > > > > > >found at
> > > > > > >> +; http://opensource.org/licenses/bsd-license.php.
> > > > > > >> +;
> > > > > > >> +; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON
> > AN
> > > "AS
> > > > > > IS"
> > > > > > >BASIS,
> > > > > > >> +; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND,
> > > EITHER
> > > > > > >EXPRESS OR IMPLIED.
> > > > > > >> +;
> > > > > > >> +;------------------------------------------------------------------------------
> > > > > > >> +
> > > > > > >> +  EXPORT AsmLfence
> > > > > > >> +  AREA BaseLib_LowLevel, CODE, READONLY
> > > > > > >> +  # IMPORT
> > > > > > >> +  GCC_ASM_IMPORT(MemoryFence)
> > > > > > >> +
> > > > > > >> +;/**
> > > > > > >> +;  Used to serialize load and store operations.
> > > > > > >> +;
> > > > > > >> +;  All loads and stores that proceed calls to this function are
> > > guaranteed
> > > > > > to
> > > > > > >be
> > > > > > >> +;  globally visible when this function returns.
> > > > > > >> +;
> > > > > > >> +;**/
> > > > > > >> +;VOID
> > > > > > >> +;EFIAPI
> > > > > > >> +;AsmLfence (
> > > > > > >> +;  VOID
> > > > > > >> +;  );
> > > > > > >> +;
> > > > > > >> +AsmLfence
> > > > > > >> +    stp   x29, x30, [sp, #-16]!
> > > > > > >> +    bl MemoryFence
> > > > > > >> +    ldp   x29, x30, [sp], #0x10
> > > > > > >> +    ret
> > > > > > >> +
> > > > > > >> +  END
> > > > > > >> diff --git a/MdePkg/Library/BaseLib/BaseLib.inf
> > > > > > >b/MdePkg/Library/BaseLib/BaseLib.inf
> > > > > > >> index b84e583..b7d7bcb 100644
> > > > > > >> --- a/MdePkg/Library/BaseLib/BaseLib.inf
> > > > > > >> +++ b/MdePkg/Library/BaseLib/BaseLib.inf
> > > > > > >> @@ -585,6 +585,7 @@
> > > > > > >>    Math64.c
> > > > > > >>
> > > > > > >>    AArch64/MemoryFence.S             | GCC
> > > > > > >> +  AArch64/AsmLfence.S               | GCC
> > > > > > >>    AArch64/SwitchStack.S             | GCC
> > > > > > >>    AArch64/EnableInterrupts.S        | GCC
> > > > > > >>    AArch64/DisableInterrupts.S       | GCC
> > > > > > >> @@ -593,6 +594,7 @@
> > > > > > >>    AArch64/CpuBreakpoint.S           | GCC
> > > > > > >>
> > > > > > >>    AArch64/MemoryFence.asm           | MSFT
> > > > > > >> +  AArch64/AsmLfence.asm             | MSFT
> > > > > > >>    AArch64/SwitchStack.asm           | MSFT
> > > > > > >>    AArch64/EnableInterrupts.asm      | MSFT
> > > > > > >>    AArch64/DisableInterrupts.asm     | MSFT
> > > > > > >> --
> > > > > > >> 2.7.4
> > > > > > >>
> > > > > > _______________________________________________
> > > > > > edk2-devel mailing list
> > > > > > edk2-devel at lists.01.org
> > > > > > https://lists.01.org/mailman/listinfo/edk2-devel
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel at lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel


More information about the edk2-devel mailing list