In commit b6d11d7c4678 ("MdePkg: BaseIoLibIntrinsic (IoLib class)
library", 2017-04-12), the MOV instructions in the write loops were
probably copied from the read loops. However, the operand order was not
adjusted.
As a result, the IoWriteFifoXX() routines, when invoked in SEV guests, now
overwrite the source buffer with value 0x01 / 0x0001 / 0x00000001 -- the
SevNoRepIo() function returns value 1 in EAX, in SEV guests --, and write
the same value to the target IO port.
Fix this by putting the target operand (AL / AX / EAX) first, and the
source operand (BYTE / WORD / DWORD [ESI/RSI]) second.
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Fixes: b6d11d7c467810ea7f2e2eda46ef0bdc57bf1475
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm | 6 +++---
MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm b/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm
index 3e80c17d04a3..4b2af807cff8 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm
+++ b/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm
@@ -212,7 +212,7 @@ ASM_PFX(IoWriteFifo8):
jecxz @IoWriteFifo8_Done
@IoWriteFifo8_Loop:
- mov byte [esi], al
+ mov al, byte [esi]
out dx, al
inc esi
loop @IoWriteFifo8_Loop
@@ -250,7 +250,7 @@ ASM_PFX(IoWriteFifo16):
jecxz @IoWriteFifo16_Done
@IoWriteFifo16_Loop:
- mov word [esi], ax
+ mov ax, word [esi]
out dx, ax
add esi, 2
loop @IoWriteFifo16_Loop
@@ -288,7 +288,7 @@ ASM_PFX(IoWriteFifo32):
jecxz @IoWriteFifo32_Done
@IoWriteFifo32_Loop:
- mov dword [esi], eax
+ mov eax, dword [esi]
out dx, eax
add esi, 4
loop @IoWriteFifo32_Loop
diff --git a/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm b/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm
index 26e016625b72..4d86a6cd5330 100644
--- a/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm
+++ b/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm
@@ -205,7 +205,7 @@ ASM_PFX(IoWriteFifo8):
jrcxz @IoWriteFifo8_Done
@IoWriteFifo8_Loop:
- mov byte [rsi], al
+ mov al, byte [rsi]
out dx, al
inc rsi
loop @IoWriteFifo8_Loop
@@ -241,7 +241,7 @@ ASM_PFX(IoWriteFifo16):
jrcxz @IoWriteFifo16_Done
@IoWriteFifo16_Loop:
- mov word [rsi], ax
+ mov ax, word [rsi]
out dx, ax
add rsi, 2
loop @IoWriteFifo16_Loop
@@ -277,7 +277,7 @@ ASM_PFX(IoWriteFifo32):
jrcxz @IoWriteFifo32_Done
@IoWriteFifo32_Loop:
- mov dword [rsi], eax
+ mov eax, dword [rsi]
out dx, eax
add rsi, 4
loop @IoWriteFifo32_Loop
--
2.14.1.3.gb7cf6e02401b
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Reviewed-by: Liming Gao <liming.gao@intel.com>
>-----Original Message-----
>From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
>Laszlo Ersek
>Sent: Monday, September 04, 2017 11:57 PM
>To: edk2-devel-01 <edk2-devel@lists.01.org>
>Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Justen, Jordan L
><jordan.l.justen@intel.com>; Gao, Liming <liming.gao@intel.com>
>Subject: [edk2] [PATCH 1/2] MdePkg/BaseIoLibIntrinsic: fix SEV (=unrolled)
>variants of IoWriteFifoXX()
>
>In commit b6d11d7c4678 ("MdePkg: BaseIoLibIntrinsic (IoLib class)
>library", 2017-04-12), the MOV instructions in the write loops were
>probably copied from the read loops. However, the operand order was not
>adjusted.
>
>As a result, the IoWriteFifoXX() routines, when invoked in SEV guests, now
>overwrite the source buffer with value 0x01 / 0x0001 / 0x00000001 -- the
>SevNoRepIo() function returns value 1 in EAX, in SEV guests --, and write
>the same value to the target IO port.
>
>Fix this by putting the target operand (AL / AX / EAX) first, and the
>source operand (BYTE / WORD / DWORD [ESI/RSI]) second.
>
>Cc: Brijesh Singh <brijesh.singh@amd.com>
>Cc: Jordan Justen <jordan.l.justen@intel.com>
>Cc: Liming Gao <liming.gao@intel.com>
>Cc: Michael D Kinney <michael.d.kinney@intel.com>
>Fixes: b6d11d7c467810ea7f2e2eda46ef0bdc57bf1475
>Contributed-under: TianoCore Contribution Agreement 1.1
>Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>---
> MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm | 6 +++---
> MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm | 6 +++---
> 2 files changed, 6 insertions(+), 6 deletions(-)
>
>diff --git a/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm
>b/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm
>index 3e80c17d04a3..4b2af807cff8 100644
>--- a/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm
>+++ b/MdePkg/Library/BaseIoLibIntrinsic/Ia32/IoFifoSev.nasm
>@@ -212,7 +212,7 @@ ASM_PFX(IoWriteFifo8):
> jecxz @IoWriteFifo8_Done
>
> @IoWriteFifo8_Loop:
>- mov byte [esi], al
>+ mov al, byte [esi]
> out dx, al
> inc esi
> loop @IoWriteFifo8_Loop
>@@ -250,7 +250,7 @@ ASM_PFX(IoWriteFifo16):
> jecxz @IoWriteFifo16_Done
>
> @IoWriteFifo16_Loop:
>- mov word [esi], ax
>+ mov ax, word [esi]
> out dx, ax
> add esi, 2
> loop @IoWriteFifo16_Loop
>@@ -288,7 +288,7 @@ ASM_PFX(IoWriteFifo32):
> jecxz @IoWriteFifo32_Done
>
> @IoWriteFifo32_Loop:
>- mov dword [esi], eax
>+ mov eax, dword [esi]
> out dx, eax
> add esi, 4
> loop @IoWriteFifo32_Loop
>diff --git a/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm
>b/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm
>index 26e016625b72..4d86a6cd5330 100644
>--- a/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm
>+++ b/MdePkg/Library/BaseIoLibIntrinsic/X64/IoFifoSev.nasm
>@@ -205,7 +205,7 @@ ASM_PFX(IoWriteFifo8):
> jrcxz @IoWriteFifo8_Done
>
> @IoWriteFifo8_Loop:
>- mov byte [rsi], al
>+ mov al, byte [rsi]
> out dx, al
> inc rsi
> loop @IoWriteFifo8_Loop
>@@ -241,7 +241,7 @@ ASM_PFX(IoWriteFifo16):
> jrcxz @IoWriteFifo16_Done
>
> @IoWriteFifo16_Loop:
>- mov word [rsi], ax
>+ mov ax, word [rsi]
> out dx, ax
> add rsi, 2
> loop @IoWriteFifo16_Loop
>@@ -277,7 +277,7 @@ ASM_PFX(IoWriteFifo32):
> jrcxz @IoWriteFifo32_Done
>
> @IoWriteFifo32_Loop:
>- mov dword [rsi], eax
>+ mov eax, dword [rsi]
> out dx, eax
> add rsi, 4
> loop @IoWriteFifo32_Loop
>--
>2.14.1.3.gb7cf6e02401b
>
>
>_______________________________________________
>edk2-devel mailing list
>edk2-devel@lists.01.org
>https://lists.01.org/mailman/listinfo/edk2-devel
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
On 09/04/2017 10:57 AM, Laszlo Ersek wrote:
> In commit b6d11d7c4678 ("MdePkg: BaseIoLibIntrinsic (IoLib class)
> library", 2017-04-12), the MOV instructions in the write loops were
> probably copied from the read loops. However, the operand order was not
> adjusted.
>
> As a result, the IoWriteFifoXX() routines, when invoked in SEV guests, now
> overwrite the source buffer with value 0x01 / 0x0001 / 0x00000001 -- the
> SevNoRepIo() function returns value 1 in EAX, in SEV guests --, and write
> the same value to the target IO port.
>
> Fix this by putting the target operand (AL / AX / EAX) first, and the
> source operand (BYTE / WORD / DWORD [ESI/RSI]) second.
>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Fixes: b6d11d7c467810ea7f2e2eda46ef0bdc57bf1475
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.