On 08/21/19 19:05, Paolo Bonzini wrote: > On 21/08/19 17:48, Kinney, Michael D wrote: >> Perhaps there is a way to avoid the 3000:8000 startup >> vector. >> >> If a CPU is added after a cold reset, it is already in a >> different state because one of the active CPUs needs to >> release it by interacting with the hot plug controller. >> >> Can the SMRR for CPUs in that state be pre-programmed to >> match the SMRR in the rest of the active CPUs? >> >> For OVMF we expect all the active CPUs to use the same >> SMRR value, so a check can be made to verify that all >> the active CPUs have the same SMRR value. If they do, >> then any CPU released through the hot plug controller >> can have its SMRR pre-programmed and the initial SMI >> will start within TSEG. >> >> We just need to decide what to do in the unexpected >> case where all the active CPUs do not have the same >> SMRR value. >> >> This should also reduce the total number of steps. > > The problem is not the SMRR but the SMBASE. If the SMBASE area is > outside TSEG, it is vulnerable to DMA attacks independent of the SMRR. > SMBASE is also different for all CPUs, so it cannot be preprogrammed.
The firmware and QEMU could agree on a formula, which would compute the CPU-specific SMBASE from a value pre-programmed by the firmware, and the initial APIC ID of the hot-added CPU. Yes, it would duplicate code -- the calculation -- between QEMU and edk2. While that's not optimal, it wouldn't be a first. Thanks Laszlo
