diff options
author | Nico Huber <nico.h@gmx.de> | 2020-02-07 17:11:40 +0100 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2021-02-22 07:34:08 +0000 |
commit | b450c8d2cbd072859340a3cda81407ad4dccd16d (patch) | |
tree | c3425f8cf45637b675180ee29b36641432359207 | |
parent | fc8a6fa93a30937414609266f3dddb80670b1589 (diff) | |
download | coreboot-b450c8d2cbd072859340a3cda81407ad4dccd16d.tar.gz coreboot-b450c8d2cbd072859340a3cda81407ad4dccd16d.tar.bz2 coreboot-b450c8d2cbd072859340a3cda81407ad4dccd16d.zip |
cpu/x86/smm: Add overflow check
Rather bail out than run into undefined behavior.
Original-Change-Id: Ife26a0abed0ce6bcafe1e7cd8f499618631c4df4
Original-Signed-off-by: Nico Huber <nico.h@gmx.de>
Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38763
Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Original-Reviewed-by: Patrick Rudolph <siro@das-labor.org>
Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Original-Reviewed-by: <cedarhouse1@comcast.net>
(cherry picked from commit 6d5f007813f6a2ffbdd6a633f31d207672eee2e1)
Signed-off-by: Marc Jones <marcjones@sysproconsulting.com>
Change-Id: I28e10d8836ab80c6fec9d3414c795c5e6ff312e8
Reviewed-on: https://review.coreboot.org/c/coreboot/+/50311
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
-rw-r--r-- | src/cpu/x86/smm/smm_module_loader.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/cpu/x86/smm/smm_module_loader.c b/src/cpu/x86/smm/smm_module_loader.c index 0940e34002e4..3ed20b70bd5c 100644 --- a/src/cpu/x86/smm/smm_module_loader.c +++ b/src/cpu/x86/smm/smm_module_loader.c @@ -203,6 +203,8 @@ static int smm_module_setup_stub(void *smbase, size_t smm_size, /* Adjust remaining size to account for save state. */ total_save_state_size = params->per_cpu_save_state_size * params->num_concurrent_save_states; + if (total_save_state_size > size) + return -1; size -= total_save_state_size; /* The save state size encroached over the first SMM entry point. */ |