[coreboot-gerrit] New patch to review for coreboot: smmhandler: on i945..nehalem, crash if LAPIC overlaps with ASEG
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Sat Sep 5 18:25:28 CET 2015
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/11519
-gerrit
commit 21716a5d3464e183c6fa08a215591a2aff5bc617
Author: Patrick Georgi <patrick at georgi-clan.de>
Date: Sat Sep 5 20:21:24 2015 +0200
smmhandler: on i945..nehalem, crash if LAPIC overlaps with ASEG
This mitigates the Memory Sinkhole issue (described on
https://github.com/xoreaxeaxeax/sinkhole) by checking for the issue and
crashing the system explicitly if LAPIC overlaps ASEG.
This needs to happen without a data access (only code fetches) because
data accesses could be tampered with.
Don't try to recover because, if somebody tried to do shenanigans like
these, we have to expect more.
Sandybridge is safe because it does the same test in hardware, and
crashes. Newer chipsets presumably do the same.
This needs to be extended to deal with overlapping TSEG as well.
Change-Id: I508c0b10ab88779da81d18a94b08dcfeca6f5a6f
Signed-off-by: Patrick Georgi <patrick at georgi-clan.de>
---
src/cpu/x86/smm/smmhandler.S | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/src/cpu/x86/smm/smmhandler.S b/src/cpu/x86/smm/smmhandler.S
index 7b70ce9..f2094ef 100644
--- a/src/cpu/x86/smm/smmhandler.S
+++ b/src/cpu/x86/smm/smmhandler.S
@@ -25,6 +25,10 @@
* to 64k if we can though.
*/
+#include <kconfig.h>
+#include <config.h>
+#define LAPIC_BASE_MSR 0x1b
+
/*
* +--------------------------------+ 0xaffff
* | Save State Map Node 0 |
@@ -74,8 +78,39 @@
*
* All the bad magic is not all that bad after all.
*/
+#define SMM_START 0xa0000
+#define SMM_END 0xb0000
+#if SMM_END <= SMM_START
+#error invalid SMM configuration
+#endif
.global smm_handler_start
smm_handler_start:
+#if IS_ENABLED(CONFIG_NORTHBRIDGE_INTEL_NEHALEM) || \
+ IS_ENABLED(CONFIG_NORTHBRIDGE_INTEL_GM45) || \
+ IS_ENABLED(CONFIG_NORTHBRIDGE_INTEL_I945)
+ mov $LAPIC_BASE_MSR, %ecx
+ rdmsr
+ and $(~0xfff), %eax
+ sub $(SMM_START), %eax
+ cmp $(SMM_END - SMM_START), %eax
+ ja untampered_lapic
+1:
+ // "Crash"
+ mov $(CONFIG_TTYS0_BASE), %dx
+ mov $'C', %al
+ out %al, (%dx)
+ mov $'r', %al
+ out %al, (%dx)
+ mov $'a', %al
+ out %al, (%dx)
+ mov $'s', %al
+ out %al, (%dx)
+ mov $'h', %al
+ out %al, (%dx)
+ // now crash for real
+ ud2
+untampered_lapic:
+#endif
movw $(smm_gdtptr16 - smm_handler_start + SMM_HANDLER_OFFSET), %bx
data32 lgdt %cs:(%bx)
More information about the coreboot-gerrit
mailing list