coreboot.git - my copy of coreboot

diff options

author	Arthur Heymans <arthur@aheymans.xyz>	2022-04-07 21:41:26 +0200
committer	Martin L Roth <gaumless@tutanota.com>	2022-05-28 05:07:57 +0000
commit	d7c371619a287a3a74e23fc3fcff4793a12deba6 (patch)
tree	d1ae7edbfa6e89463f22be8b5cdad6b7be1a7831 /src/include/cpu
parent	cb361da78fc53b7678b43026ae997af708246273 (diff)

cpu/x86/smm_module_load: Rewrite setup_stub

This code was hard to read as it did too much and had a lot of state to keep track of. It also looks like the staggered entry points were first copied and only later the parameters of the first stub were filled in. This means that only the BSP stub is actually jumping to the permanent smihandler. On the APs the stub would jump to wherever c_handler happens to point to, which is likely 0. This effectively means that on APs it's likely easy to have arbitrary code execution in SMM which is a security problem. Change-Id: I42ef9d6a30f3039f25e2cde975086a1365ca4182 Signed-off-by: Arthur Heymans <arthur@aheymans.xyz> Reviewed-on: https://review.coreboot.org/c/coreboot/+/63478 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin L Roth <gaumless@tutanota.com>

Diffstat (limited to 'src/include/cpu')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: