From: Borislav Petkov <bp@alien8.de>
To: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 02/10] x86/microcode/AMD: Check equivalence table length in the early loader
Date: Tue, 20 Mar 2018 16:41:47 +0100 [thread overview]
Message-ID: <20180320154147.GA6815@cz.tnic> (raw)
In-Reply-To: <fe4fe465-b114-ffa5-7c2a-3ccb5b9ba38c@maciej.szmigiero.name>
On Fri, Mar 16, 2018 at 12:07:50AM +0100, Maciej S. Szmigiero wrote:
> Before loading a CPU equivalence table from a microcode container file we
> need to verify whether this file is actually large enough to contain the
> table of a size indicated in this file.
> If it is not, there is no point of continuing with loading it since
> microcode patches are located after the equivalence table anyway.
>
> This patch adds these checks to the early loader.
>
> Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
> ---
> arch/x86/kernel/cpu/microcode/amd.c | 35 +++++++++++++++++++++++------------
> 1 file changed, 23 insertions(+), 12 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
> index 6a93be0f771c..138c9fb983f2 100644
> --- a/arch/x86/kernel/cpu/microcode/amd.c
> +++ b/arch/x86/kernel/cpu/microcode/amd.c
> @@ -80,20 +80,33 @@ static u16 find_equiv_id(struct equiv_cpu_entry *equiv_table, u32 sig)
> * Returns the amount of bytes consumed while scanning. @desc contains all the
> * data we're going to use in later stages of the application.
> */
> -static ssize_t parse_container(u8 *ucode, ssize_t size, struct cont_desc *desc)
> +static size_t parse_container(u8 *ucode, size_t size, struct cont_desc *desc)
> {
> struct equiv_cpu_entry *eq;
> - ssize_t orig_size = size;
> + size_t orig_size = size;
> u32 *hdr = (u32 *)ucode;
> + unsigned int cont_magic, cont_type;
> + size_t equiv_tbl_len;
> u16 eq_id;
> u8 *buf;
>
> + if (size < CONTAINER_HDR_SZ)
> + return 0;
> +
> + cont_magic = hdr[0];
> + cont_type = hdr[1];
> + equiv_tbl_len = hdr[2];
All three are u32.
> /* Am I looking at an equivalence table header? */
> - if (hdr[0] != UCODE_MAGIC ||
> - hdr[1] != UCODE_EQUIV_CPU_TABLE_TYPE ||
> - hdr[2] == 0)
> + if (cont_magic != UCODE_MAGIC ||
> + cont_type != UCODE_EQUIV_CPU_TABLE_TYPE ||
> + equiv_tbl_len == 0)
> return CONTAINER_HDR_SZ;
>
> + if (equiv_tbl_len < sizeof(*eq) ||
If you do this, then the above == 0 check can go.
> + size - CONTAINER_HDR_SZ < equiv_tbl_len)
> + return size;
> +
> buf = ucode;
>
> eq = (struct equiv_cpu_entry *)(buf + CONTAINER_HDR_SZ);
--
Regards/Gruss,
Boris.
ECO tip #101: Trim your mails when you reply. Srsly.
next prev parent reply other threads:[~2018-03-20 15:42 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1521150415.git.mail@maciej.szmigiero.name>
2018-03-15 23:07 ` [PATCH v4 01/10] x86/microcode/AMD: Subtract SECTION_HDR_SIZE from file leftover length Maciej S. Szmigiero
2018-03-18 16:12 ` Borislav Petkov
2018-04-18 12:39 ` Maciej S. Szmigiero
2018-04-18 13:53 ` Borislav Petkov
2018-04-18 13:57 ` Maciej S. Szmigiero
2018-04-18 14:59 ` Borislav Petkov
2018-03-15 23:07 ` [PATCH v4 02/10] x86/microcode/AMD: Check equivalence table length in the early loader Maciej S. Szmigiero
2018-03-20 15:41 ` Borislav Petkov [this message]
2018-03-15 23:08 ` [PATCH v4 03/10] x86/microcode/AMD: Check equivalence table length in the late loader Maciej S. Szmigiero
2018-03-20 17:53 ` Borislav Petkov
2018-03-15 23:08 ` [PATCH v4 04/10] x86/microcode/AMD: install_equiv_cpu_table() should not return a signed int Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 05/10] x86/microcode/AMD: Add a reminder about PATCH_MAX_SIZE macro Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 06/10] x86/microcode/AMD: Check patch size in verify_and_add_patch() Maciej S. Szmigiero
2018-03-22 16:11 ` Borislav Petkov
2018-03-23 14:40 ` Maciej S. Szmigiero
2018-03-23 16:18 ` Boris Petkov
2018-03-15 23:08 ` [PATCH v4 07/10] x86/microcode/AMD: Verify patch section type for every such section Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 08/10] x86/microcode/AMD: Check microcode container file size before accessing it Maciej S. Szmigiero
2018-03-26 17:48 ` Borislav Petkov
2018-03-15 23:08 ` [PATCH v4 09/10] x86/microcode/AMD: Check the equivalence table size when scanning it Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 10/10] x86/microcode/AMD: Be more tolerant of late parse failures in late loader Maciej S. Szmigiero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180320154147.GA6815@cz.tnic \
--to=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@maciej.szmigiero.name \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.