[coreboot-gerrit] Change in coreboot[master]: lib/Makefile.inc: Enable UBSAN on SMM, too

29 Jul 2020


      Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/43976 )
Change subject: lib/Makefile.inc: Enable UBSAN on SMM, too
......................................................................
Patch Set 1: Code-Review-2
...
Patch Set 1:
We don't want SMM running into UB, but I'm not sure we can easily enable this here: The sanitizers usually have some extra memory somewhere to keep track of things, and while I'm not sure if that's true for UBSAN, if it is, we ought to ensure that this memory isn't somewhere in userspace (both due to the resulting attack surface against SMM and because SMM could unwittingly corrupt non-SMM data if that stuff is simply placed anywhere)
I agree, I've yet to test this on real hardware. In any case, I could make this optional (that is, add a Kconfig option for it) and explain the risks there.
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/43976
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I24f4c074ff90365cf96abf1f5bad3e2cde68547d
Gerrit-Change-Number: 43976
Gerrit-PatchSet: 1
Gerrit-Owner: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-Comment-Date: Wed, 29 Jul 2020 09:40:14 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: lib/Makefile.inc: Enable UBSAN on SMM, too