Attention is currently required from: Rocky Phagura.

View Change

1 comment:

• File src/cpu/x86/smm/smm_module_loaderv2.c:

  • Patch Set #11, Line 425:

    if (!smm_stub_place_staggered_entry_points(base, params, &smm_stub)) {
    		printk(BIOS_ERR, "%s: staggered entry points failed\n", __func__);
    		return -1;
    	}
    
    	/* Setup the parameters for the stub code. */
    	stub_params = rmodule_parameters(&smm_stub);
    	stub_params->stack_top = (uintptr_t)stacks_top;
    	stub_params->stack_size = params->per_cpu_stack_size;
    	stub_params->c_handler = (uintptr_t)params->handler;
    	stub_params->c_handler_arg = (uintptr_t)params->handler_arg;
    	stub_params->fxsave_area = (uintptr_t)fxsave_area;
    	stub_params->fxsave_area_size = FXSAVE_SIZE;
    	stub_params->runtime.smbase = (uintptr_t)smbase;
    	stub_params->runtime.smm_size = smm_size;
    	stub_params->runtime.save_state_size = params->per_cpu_save_state_size;
    	stub_params->runtime.num_cpus = params->num_concurrent_stacks;
    

    hmmmfff this is bad! this only sets the c_handler on the BSP entry. On all the APs SMIs result in jumps to whatever c_handler is, likely 0. This means the OS kernel can likely highjack SMM!

To view, visit change 43684. To unsubscribe, or for help writing mail filters, visit settings.