You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The supervisor handles syscalls to register and unregister handlers on user space's behalf by exposing a SMM_REG_HNDL and SMM_UNREG_HNDL syscall. for registration it calls MmiUserHandlerRegister() to do this work, which calls CoreMmiHandlerRegister() with IsSupervisorHandler set to FALSE. For unregistering, it calls MmiHandlerUnRegister() with a user-provided handle. It performs a handle lookup and, if found, unregisters the handler. MmiHandlerUnRegister() makes no effort to see whether the handler's IsSupervisor BOOLEAN is set or not. In order words, a user-space caller can unregister a supervisor-created handler.
The impact of unregistering supervisor handler could potentially miss some events and potentially lose capability of reporting secure policy. However, security critical events will be enforced by the time external entities fetch the policy, or the OS will indicate system guard is off.
Fix recommendation:
Added a MmiUserHandlerUnRegister() function that makes sure only handlers with their IsSupervisor field set to FALSE can be unregistered through the SMM_UNREG_HNDL syscall.
Acknowledgement:
Thanks to @iljavs for reporting this issue.
The text was updated successfully, but these errors were encountered:
The supervisor handles syscalls to register and unregister handlers on user space's behalf by exposing a SMM_REG_HNDL and SMM_UNREG_HNDL syscall. for registration it calls MmiUserHandlerRegister() to do this work, which calls CoreMmiHandlerRegister() with IsSupervisorHandler set to FALSE. For unregistering, it calls MmiHandlerUnRegister() with a user-provided handle. It performs a handle lookup and, if found, unregisters the handler. MmiHandlerUnRegister() makes no effort to see whether the handler's IsSupervisor BOOLEAN is set or not. In order words, a user-space caller can unregister a supervisor-created handler.
The impact of unregistering supervisor handler could potentially miss some events and potentially lose capability of reporting secure policy. However, security critical events will be enforced by the time external entities fetch the policy, or the OS will indicate system guard is off.
Fix recommendation:
Added a MmiUserHandlerUnRegister() function that makes sure only handlers with their IsSupervisor field set to FALSE can be unregistered through the SMM_UNREG_HNDL syscall.
Acknowledgement:
Thanks to @iljavs for reporting this issue.
The text was updated successfully, but these errors were encountered: