Arthur Heymans has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/36977 )
Change subject: cpu/x86/smm: Drop unused CONFIG_SMM_LAPIC_REMAP_MITIGATION symbol ......................................................................
Patch Set 8:
Patch Set 8:
Patch Set 8:
Patch Set 8:
I can't seem to find this mitigation in the parallel mp path, so I guess we're open to the Memory Sinkhole issue again (just that we didn't notice because the code was still here)?
I'm pretty confused by this code. Why would the lapic base be programmed to be at or close to SMMBASE? There are a lot of ranges that SMM should not conflict with...
It's mitigation for an attack: by carefully choosing your lapic base, you can inject data into ASEG (or TSEG, but this code doesn't protect against that) on the i945-nehalem chipsets.
When knowing the SMM code flow (and the resulting data access pattern) it may be possible to put the lapic just right so that the first few accesses from within SMM hit well-known LAPIC bytes instead of the data that is supposed to be read. This can change the behavior of the code in ways favorable to an attacker. https://github.com/xoreaxeaxeax/sinkhole has a proof of concept.
Oh wow, that's bad!
Since LAPIC is indeed never supposed to be configured to overlap SMM under normal circumstances, this code is made to crash in such a situation.
Sounds like a good protection mechanism. Any reason this is only needed on i945-nehalem?