Mirocom/EDK2-fork
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

UefiCpuPkg/PiSmmCpuDxeSmm: Safe handling of IDT register on SMM entry

Browse Source 
Mitigates CVE-2025-3770

Do not assume that IDT.limit is loaded with a zero value upon SMM entry.
Delay enabling Machine Check Exceptions in SMM until after the SMM IDT
has been reloaded.

Signed-off-by: John Mathews <john.mathews@intel.com>
This commit is contained in:
John Mathews
2025-05-30 11:06:49 -07:00
parent 7fe3609022
commit d2d8d38ee0
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
UefiCpuPkg/PiSmmCpuDxeSmm/X64/SmiEntry.nasm
View File

@@ -113,7 +113,7 @@ ProtFlatMode:
mov eax, strict dword 0 ; source operand will be patched mov eax, strict dword 0 ; source operand will be patched
ASM_PFX(gPatchSmiCr3): ASM_PFX(gPatchSmiCr3):
mov cr3, rax mov cr3, rax
mov eax, 0x668 ; as cr4.PGE is not set here, refresh cr3 mov eax, 0x628 ; as cr4.PGE is not set here, refresh cr3
mov cl, strict byte 0 ; source operand will be patched mov cl, strict byte 0 ; source operand will be patched
ASM_PFX(gPatch5LevelPagingNeeded): ASM_PFX(gPatch5LevelPagingNeeded):
@@ -204,6 +204,10 @@ SmiHandlerIdtrAbsAddr:
mov ax, [rbx + DSC_SS] mov ax, [rbx + DSC_SS]
mov ss, eax mov ss, eax
mov rax, cr4 ; enable MCE
bts rax, 6
mov cr4, rax
mov rbx, [rsp + 0x8] ; rbx <- CpuIndex mov rbx, [rsp + 0x8] ; rbx <- CpuIndex
; enable CET if supported ; enable CET if supported