From 0cf6a4d70275f19116ab69d53c9fc9e656fb47b7 Mon Sep 17 00:00:00 2001
From: Jeremy Compostella <jeremy.compostella@intel.com>
Date: Fri, 17 Jan 2025 12:45:00 -0800
Subject: [PATCH] cpu/x86/smm: Fix smm_get_save_state() returning invalid
 pointer

The smm_get_save_state() function returns an invalid pointer (negative
pointer) when the cpu variable is equal to the number of CPUs. This
leads to a hang when the pointer is used to access the save state.

TEST=No unexpected hangs in System Management Mode (SMM) were detected
     on fatcat.

Change-Id: I09f969105190a004372c43cb1542f5b716da1eda
Signed-off-by: Jeremy Compostella <jeremy.compostella@intel.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/86038
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
Reviewed-by: Jamie Ryu <jamie.m.ryu@intel.com>
---
 src/cpu/x86/smm/smm_module_handler.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cpu/x86/smm/smm_module_handler.c b/src/cpu/x86/smm/smm_module_handler.c
index 899ee2f675..d25b5f47cf 100644
--- a/src/cpu/x86/smm/smm_module_handler.c
+++ b/src/cpu/x86/smm/smm_module_handler.c
@@ -106,7 +106,7 @@ struct global_nvs *gnvs;
 
 void *smm_get_save_state(int cpu)
 {
-	if (cpu > smm_runtime.num_cpus)
+	if (cpu >= smm_runtime.num_cpus)
 		return NULL;
 
 	return (void *)(smm_runtime.save_state_top[cpu] -