Hello Aaron Durbin, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/37289
to look at the new patch set (#2).
Change subject: cpu/x86/smm: Add sinkhole mitigation to relocatable smmstub ......................................................................
cpu/x86/smm: Add sinkhole mitigation to relocatable smmstub
This adds a check for LAPIC base twice. There is a very early check when the CPU is still executing in real mode checks if the LAPIC base is inside the region [smmbase,smmbase + SMM_DEFAULT_SIZE). The CPU cannot use anything but a hardcoded size since even accessing the relocatable parameters is impossible in the state of the CPU.
The actual SMI handler is located above smmbase + SMM_DEFAULT_SIZE and before jumping to it the LAPIC base is checked against the whole SMM region. Given that we have a working stack at this point, this is done in C code.
UNTESTED.
Change-Id: I49927c4f4218552b732bac8aae551d845ad7f079 Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/cpu/x86/smm/Makefile.inc A src/cpu/x86/smm/sinkhole.c M src/cpu/x86/smm/smm_stub.S M src/include/cpu/x86/smm.h 4 files changed, 84 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/89/37289/2