From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E8EC11A1ED0 for ; Thu, 13 Oct 2016 05:46:44 -0700 (PDT) Received: by mail-lf0-x231.google.com with SMTP id l131so96851158lfl.2 for ; Thu, 13 Oct 2016 05:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=S2QT2GvMHOQAM3ya4ZJaLzjsnXR+Aenv9F6OBGhd3Gs=; b=0CoyuyfS0hB0Xb19RrkqIZmPrPxi6z97dEdLzERw5HxfQXVuFJfE66U3P/eCRboEJy DSM5Fo6ukdqlPkj2k4Z++4wfVVux4D7sHVmB1nSVvASkQo/VPAEXofL7z++aFyLflMGi AN6/fEbLmHdHg1Wh6ofe48T+0Zzf2JZqarkfdKci1uSl286BVeEi2QADjG61qIzngLhB 2bsBeUfgiQQMy37y7eU5ogdCZeca2nrEXVKJ26p4Fzrxhl3NbaNQKWKZXVoWLZAIryhl Dbu1mJ0VlRWkaVBwIZNH1R6/CBJ5lPFDyM5JNPn3TmFBCSXoJtYUQYRMSL/6cXqxDotN m2bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:subject:to:references:cc:from:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=S2QT2GvMHOQAM3ya4ZJaLzjsnXR+Aenv9F6OBGhd3Gs=; b=MRX6lRexkQHjW7gDT8Koq9mLC4bjDSpAPWti20eKmqK4yVsNoybUBQW1w9QgP9doYi AR5I5dRtp0QzDuRm4ysIpXInvREyjQYECyf5f33NWp38WEEz5kTqDrhc1bmCbrghy/OQ QpiwSFXIt7hp2hG5phkr65k98yTLKLzwUVTK+cRITJhLd466GUmay7ABrWStmXqOMuXX E02ef5/fdlokCEFXaEeR3ioZlzgPO1ZG5Nf17rYQnzlICOU2nhzf5G76e7i3xB9zumug Ew7wlPCdHtyF8h9rCqt7Ryc8CISd5hyHAtOUc7i1Fv3eLxDWAsTSs75Q/BhWtSeHhX6u ouwQ== X-Gm-Message-State: AA6/9RmbcAubNu0pkeBhrNJfLBpWv6ARNnEaZ3rpQZEpedyROtqvu1t2UrfQ0V7T9VA0JQ== X-Received: by 10.25.24.39 with SMTP id o39mr9010313lfi.151.1476362801851; Thu, 13 Oct 2016 05:46:41 -0700 (PDT) Received: from [192.168.10.165] (94-39-150-81.adsl-ull.clienti.tiscali.it. [94.39.150.81]) by smtp.googlemail.com with ESMTPSA id s63sm3751403lja.14.2016.10.13.05.46.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Oct 2016 05:46:40 -0700 (PDT) Sender: Paolo Bonzini To: Laszlo Ersek , "Anbazhagan, Baraneedharan" References: Cc: "edk2-devel@lists.01.org" From: Paolo Bonzini Message-ID: <1c6dc322-d226-4146-e38b-5aa280659ce5@redhat.com> Date: Thu, 13 Oct 2016 14:46:38 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 MIME-Version: 1.0 In-Reply-To: Subject: Re: SmmCommunicationCommunicate question? X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2016 12:46:45 -0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit On 13/10/2016 11:07, Laszlo Ersek wrote: > > Instead, once the first CPU enters SMM, it brings all the other CPUs > into SMM as well, where they will be executing known, secure code -- > i.e., the first CPU to enter SMM forces the other CPUs to temporarily > abandon any (possibly malicious) code the runtime OS may have prepared. > Only *then* will the verification of the communication buffer commence. > If the malicious code managed to race the unpriv part of the service > successfully, now the privileged part will catch that, undisturbed. Even this is not strictly necessary if you can set aside some memory in SMRAM for a copy the communication buffer. Then you can do: tmp = comm buffer size if tmp > sizeof(privileged buffer) return error copy tmp bytes from comm buffer to privileged buffer and not look anymore at the buffer provided by the user. Of course, "bring all CPUs into SMM" can double as a poor man's mutex, so there may be reasons to do that anyway. Paolo