Attention is currently required from: Arthur Heymans. Hello build bot (Jenkins), Jonathan Zhang, Angel Pons,

I'd like you to reexamine a change. Please visit

https://review.coreboot.org/c/coreboot/+/63478

to look at the new patch set (#5).

Change subject: cpu/x86/smm_module_load: Rewrite setup_stub ......................................................................

cpu/x86/smm_module_load: Rewrite setup_stub

This code was hard to read as it did too much and had a lot of state to keep track of.

It also looks like the staggered entry points were first copied and only later the parameters of the first stub w ere filled in. This means that only the BSP stub is actually jumping to the permanent smihandler. On the APs the stub would jump to wherever c_handler happens to point to, which is likely 0. This effectively means that on APs it's likely easy to have arbitrary code execution in SMM which is a security problem.

Change-Id: I42ef9d6a30f3039f25e2cde975086a1365ca4182 Signed-off-by: Arthur Heymans arthur@aheymans.xyz --- M src/cpu/x86/smm/smm_module_loader.c 1 file changed, 21 insertions(+), 71 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/78/63478/5