[coreboot-gerrit] Change in coreboot[master]: SMM: Validate more user-provided pointers

14 Jul 2020


      Tim Wawrzynczak has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/41086 )
Change subject: SMM: Validate more user-provided pointers
......................................................................
Patch Set 15: Code-Review-1
(2 comments)
https://review.coreboot.org/c/coreboot/+/41086/12/src/soc/intel/baytrail/smi... 
File src/soc/intel/baytrail/smihandler.c:
https://review.coreboot.org/c/coreboot/+/41086/12/src/soc/intel/baytrail/smi... 
PS12, Line 337: break
...
Not returning when the pointer is invalid is asking for security troubles, AFAIK. […]
It should definitely return. That was the point the authors were making in their presentation; we should detect if addresses (that are overwritable by another agent) are attempting to trick the SMI handler in to overwriting an arbitrary address.
https://review.coreboot.org/c/coreboot/+/41086/12/src/southbridge/intel/bd82... 
File src/southbridge/intel/bd82x6x/smihandler.c:
https://review.coreboot.org/c/coreboot/+/41086/12/src/southbridge/intel/bd82... 
PS12, Line 113: 		if (!smm_points_to_smram((void *)(uintptr_t)xhci_bar,
I think it may be safer to do this check at the top of the case statement. If the xhci bar has been overwritten to point to smram, then something is very wrong and it should just return.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/41086
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I8a347ccdd20816924bf1bceb3b24bf7b22309312
Gerrit-Change-Number: 41086
Gerrit-PatchSet: 15
Gerrit-Owner: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Aaron Durbin adurbin@chromium.org
Gerrit-Reviewer: Alexander Couzens lynxis@fe80.eu
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz
Gerrit-Reviewer: Christian Walter christian.walter@9elements.com
Gerrit-Reviewer: Duncan Laurie dlaurie@chromium.org
Gerrit-Reviewer: Frans Hendriks fhendriks@eltan.com
Gerrit-Reviewer: Furquan Shaikh furquan.m.shaikh@gmail.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Kyösti Mälkki kyosti.malkki@gmail.com
Gerrit-Reviewer: Michał Żygowski michal.zygowski@3mdeb.com
Gerrit-Reviewer: Patrick Rudolph siro@das-labor.org
Gerrit-Reviewer: Philipp Deppenwiese zaolin.daisuki@gmail.com
Gerrit-Reviewer: Piotr Kleinschmidt piotr.kleinschmidt@3mdeb.com
Gerrit-Reviewer: Stefan Reinauer reinauer@chromium.org
Gerrit-Reviewer: Tim Wawrzynczak twawrzynczak@chromium.org
Gerrit-Reviewer: Wim Vervoorn wvervoorn@eltan.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Patrick Georgi pgeorgi@google.com
Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Tue, 14 Jul 2020 02:47:53 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Comment-In-Reply-To: Tim Wawrzynczak twawrzynczak@chromium.org
Comment-In-Reply-To: Angel Pons th3fanbus@gmail.com
Comment-In-Reply-To: Kyösti Mälkki kyosti.malkki@gmail.com
Gerrit-MessageType: comment

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: SMM: Validate more user-provided pointers