-
Notifications
You must be signed in to change notification settings - Fork 574
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SMI enumeration mode to the smm_ptr module #2141
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Carles Pey <carles.pey@nccgroup.com>
chipsec/modules/tools/smm/smm_ptr.py
Outdated
if scan and scan.skip(): | ||
break | ||
if scan_mode: | ||
msg = scan.log_smi_result(self.logger) |
Check notice
Code scanning / CodeQL
Unused local variable Note
self.hist_smi_num = 0 | ||
self.outliers_hist = 0 | ||
|
||
def find_address_in_regs(self, gprs): |
Check notice
Code scanning / CodeQL
Explicit returns mixed with implicit (fall through) returns Note
chipsec/modules/tools/smm/smm_ptr.py
Outdated
self.data = data | ||
|
||
def get_info(self): | ||
if self.code == None: |
Check notice
Code scanning / CodeQL
Testing equality to None Note
except BadSMIDetected as msg: | ||
bad_ptr_cnt = 1 | ||
self.logger.log_important("Potentially bad SMI detected! Stopped fuzing (see FUZZ_BAIL_ON_1ST_DETECT option)") | ||
|
||
if scan_mode: | ||
self.logger.log_good(f'<<< Done: found {scan.get_total_outliers()} long-running SMIs') |
Check failure
Code scanning / CodeQL
Potentially uninitialized local variable Error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At first glance this looks good. We'll need to take some time to test it out.
Eventually we'll need to handle the case when this is attempted to be run in other environments.
49eebf8
to
081890f
Compare
Hi @npmitche, is there any progress on this? |
Signed-off-by: Carles Pey <carles.pey@nccgroup.com>
The following pull request extends the
smm_ptr
module by adding an additionalmode called
scan
.The goal of the
scan
mode is to identify SMIs that trigger time-consumingcode paths by measuring their execution time. This new mode operates similarly
to the fuzz mode and uses a new syscall that returns the SMI execution time.
With the intention to minimize system crashes, its operation bails out from the
currently scanned SMI code when an SMI taking considerably longer is
encountered or memory changes have been detected.
A time-consuming SMI is referred to as 'outlier' in the implementation, and
determined by the configuration option
OUTLIER_THRESHOLD
.When an 'outlier' is identified, a message similar to the one shown below is
added to the output log.
The message informs about the average CPU counts for that SMI code, the number
of SMIs executed for that code (scanning for data and rcx values) until the
first outlier is found or a memory change detected (in
checked
), followed byinformation about the outlier.
When no outlier is found, the log message does not include the 'outlier'
information.
At the end of the report, it lists the number of long-running SMIs found,
followed by the remaining smm_ptr results.