diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c
new file mode 100644
index 0000000000..0f64ee093b
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c
@@ -0,0 +1,31 @@
+/** @file
+ Serialize operation on all load-from-memory instructions (DXE version).
+
+Copyright (c) 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "Variable.h"
+
+/**
+ This service is consumed by the variable modules to perform a serializing
+ operation on all load-from-memory instructions that were issued prior to the
+ call of this function.
+
+**/
+VOID
+MemoryLoadFence (
+ VOID
+ )
+{
+ //
+ // Do nothing.
+ //
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c
new file mode 100644
index 0000000000..4b0d7e3e95
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c
@@ -0,0 +1,30 @@
+/** @file
+ Serialize operation on all load-from-memory instructions (SMM version).
+
+Copyright (c) 2018, Intel Corporation. All rights reserved.
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include
+#include "Variable.h"
+
+/**
+ This service is consumed by the variable modules to perform a serializing
+ operation on all load-from-memory instructions that were issued prior to the
+ call of this function.
+
+**/
+VOID
+MemoryLoadFence (
+ VOID
+ )
+{
+ AsmLfence ();
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index c5ca70b714..f6b4dc471f 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -3201,6 +3201,12 @@ VariableServiceSetVariable (
((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
return EFI_SECURITY_VIOLATION;
}
+ //
+ // The MemoryLoadFence() call here is to ensure the above sanity check
+ // for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed
+ // before the execution of subsequent codes.
+ //
+ MemoryLoadFence ();
PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
} else {
PayloadSize = DataSize;
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
index 55df13191b..0b2a1a8887 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.h
@@ -899,4 +899,15 @@ VariableExLibAtRuntime (
VOID
);
+/**
+ This service is consumed by the variable modules to perform a serializing
+ operation on all load-from-memory instructions that were issued prior to the
+ call of this function.
+
+**/
+VOID
+MemoryLoadFence (
+ VOID
+ );
+
#endif
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index bc24a251c8..83c2b615e5 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -45,6 +45,7 @@
TcgMorLockDxe.c
VarCheck.c
VariableExLib.c
+ LoadFenceDxe.c
[Packages]
MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index 2184634f35..1e359bde4f 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -537,6 +537,12 @@ SmmVariableHandler (
goto EXIT;
}
+ //
+ // The MemoryLoadFence() call here is to ensure the previous range/content
+ // checks for the CommBuffer have been completed before the subsequent
+ // consumption of the CommBuffer content.
+ //
+ MemoryLoadFence ();
if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
//
// Make sure VariableName is A Null-terminated string.
@@ -631,6 +637,12 @@ SmmVariableHandler (
goto EXIT;
}
+ //
+ // The MemoryLoadFence() call here is to ensure the previous range/content
+ // checks for the CommBuffer have been completed before the subsequent
+ // consumption of the CommBuffer content.
+ //
+ MemoryLoadFence ();
if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
//
// Make sure VariableName is A Null-terminated string.
@@ -765,6 +777,12 @@ SmmVariableHandler (
goto EXIT;
}
+ //
+ // The MemoryLoadFence() call here is to ensure the previous range/content
+ // checks for the CommBuffer have been completed before the subsequent
+ // consumption of the CommBuffer content.
+ //
+ MemoryLoadFence ();
if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
//
// Make sure VariableName is A Null-terminated string.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index ccfb6fc740..f3559fe49d 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -53,6 +53,7 @@
Variable.h
VariableExLib.c
TcgMorLockSmm.c
+ LoadFenceSmm.c
[Packages]
MdePkg/MdePkg.dec