Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/50311 )
Change subject: cpu/x86/smm: Add overflow check ......................................................................
cpu/x86/smm: Add overflow check
Rather bail out than run into undefined behavior.
Original-Change-Id: Ife26a0abed0ce6bcafe1e7cd8f499618631c4df4 Original-Signed-off-by: Nico Huber nico.h@gmx.de Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38763 Original-Tested-by: build bot (Jenkins) no-reply@coreboot.org Original-Reviewed-by: Patrick Rudolph siro@das-labor.org Original-Reviewed-by: Angel Pons th3fanbus@gmail.com Original-Reviewed-by: cedarhouse1@comcast.net
(cherry picked from commit 6d5f007813f6a2ffbdd6a633f31d207672eee2e1) Signed-off-by: Marc Jones marcjones@sysproconsulting.com
Change-Id: I28e10d8836ab80c6fec9d3414c795c5e6ff312e8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50311 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Stefan Reinauer stefan.reinauer@coreboot.org Reviewed-by: Jay Talbott JayTalbott@sysproconsulting.com --- M src/cpu/x86/smm/smm_module_loader.c 1 file changed, 2 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified Stefan Reinauer: Looks good to me, approved Jay Talbott: Looks good to me, but someone else must approve
diff --git a/src/cpu/x86/smm/smm_module_loader.c b/src/cpu/x86/smm/smm_module_loader.c index 0940e34..3ed20b7 100644 --- a/src/cpu/x86/smm/smm_module_loader.c +++ b/src/cpu/x86/smm/smm_module_loader.c @@ -203,6 +203,8 @@ /* Adjust remaining size to account for save state. */ total_save_state_size = params->per_cpu_save_state_size * params->num_concurrent_save_states; + if (total_save_state_size > size) + return -1; size -= total_save_state_size;
/* The save state size encroached over the first SMM entry point. */