[S] Change in coreboot[main]: cpu/x86/smm: Pass full SMRAM region info to SMM runtime - coreboot-gerrit

17 Mar 2024


      Attention is currently required from: Angel Pons, Arthur Heymans, Christian Walter, Felix Held, Fred Reitberger, Jason Glenesk, Jeff Daly, Johnny Lin, Lean Sheng Tan, Matt DeVillier, Shuo Liu, Tim Chu, Vanessa Eusebio.
Shuo Liu has uploaded a new patch set (#5) to the change originally created by Benjamin Doron. ( https://review.coreboot.org/c/coreboot/+/80703?usp=email )
Change subject: cpu/x86/smm: Pass full SMRAM region info to SMM runtime
......................................................................
cpu/x86/smm: Pass full SMRAM region info to SMM runtime
This data is used by smm_region_overlaps_handler(). Callers use this
helper to determine if it's safe to read/write to memory buffers taken
from untrusted input.
coreboot SMI handlers must not be confused into writing over any SMRAM
subregion, which includes the TSEG_STAGE_CACHE and chipset-specific area
(sometimes, IED), not just the handlers.
If stage cache writes were permitted, this could compromise the
integrity of the S3 resume path.
The consequences to overwriting the chipset-specific area are undefined.
Change-Id: Ibd9ed34fcfd77a4236b5cf122747a6718ce9c91f
Signed-off-by: Benjamin Doron benjamin.doron@9elements.com
---
M src/cpu/x86/smm/smm_module_loader.c
1 file changed, 8 insertions(+), 5 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/03/80703/5
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/80703?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: main
Gerrit-Change-Id: Ibd9ed34fcfd77a4236b5cf122747a6718ce9c91f
Gerrit-Change-Number: 80703
Gerrit-PatchSet: 5
Gerrit-Owner: Benjamin Doron benjamin.doron00@gmail.com
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Arthur Heymans arthur@aheymans.xyz
Gerrit-Reviewer: Christian Walter christian.walter@9elements.com
Gerrit-Reviewer: Felix Held felix-coreboot@felixheld.de
Gerrit-Reviewer: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Reviewer: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Reviewer: Jeff Daly jeffd@silicom-usa.com
Gerrit-Reviewer: Johnny Lin Johnny_Lin@wiwynn.com
Gerrit-Reviewer: Jérémy Compostella jeremy.compostella@intel.com
Gerrit-Reviewer: Lean Sheng Tan sheng.tan@9elements.com
Gerrit-Reviewer: Matt DeVillier matt.devillier@amd.corp-partner.google.com
Gerrit-Reviewer: Patrick Rudolph patrick.rudolph@9elements.com
Gerrit-Reviewer: Shuo Liu shuo.liu@intel.com
Gerrit-Reviewer: Tim Chu Tim.Chu@quantatw.com
Gerrit-Reviewer: Vanessa Eusebio vanessa.f.eusebio@intel.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-Attention: Jeff Daly jeffd@silicom-usa.com
Gerrit-Attention: Matt DeVillier matt.devillier@amd.corp-partner.google.com
Gerrit-Attention: Angel Pons th3fanbus@gmail.com
Gerrit-Attention: Arthur Heymans arthur@aheymans.xyz
Gerrit-Attention: Jason Glenesk jason.glenesk@gmail.com
Gerrit-Attention: Johnny Lin Johnny_Lin@wiwynn.com
Gerrit-Attention: Christian Walter christian.walter@9elements.com
Gerrit-Attention: Vanessa Eusebio vanessa.f.eusebio@intel.com
Gerrit-Attention: Shuo Liu shuo.liu@intel.com
Gerrit-Attention: Lean Sheng Tan sheng.tan@9elements.com
Gerrit-Attention: Fred Reitberger reitbergerfred@gmail.com
Gerrit-Attention: Felix Held felix-coreboot@felixheld.de
Gerrit-Attention: Tim Chu Tim.Chu@quantatw.com
Gerrit-MessageType: newpatchset