LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
To: Borislav Petkov <bp@alien8.de>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v4 03/10] x86/microcode/AMD: Check equivalence table length in the late loader
Date: Fri, 16 Mar 2018 00:08:04 +0100 [thread overview]
Message-ID: <1f29f9f9-0a9e-11e2-8e61-ba7c171e2bd9@maciej.szmigiero.name> (raw)
In-Reply-To: <cover.1521150415.git.mail@maciej.szmigiero.name>
Before loading a CPU equivalence table from a microcode container file we
need to verify whether this file is actually large enough to contain the
table of a size indicated in this file.
If it is not, there is no point of continuing with loading it since
microcode patches are located after the equivalence table anyway.
This patch adds these checks to the late loader.
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
---
arch/x86/kernel/cpu/microcode/amd.c | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 138c9fb983f2..ed24200cf936 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -551,28 +551,40 @@ static enum ucode_state apply_microcode_amd(int cpu)
return UCODE_UPDATED;
}
-static int install_equiv_cpu_table(const u8 *buf)
+static int install_equiv_cpu_table(const u8 *buf, size_t buf_size)
{
unsigned int *ibuf = (unsigned int *)buf;
- unsigned int type = ibuf[1];
- unsigned int size = ibuf[2];
+ unsigned int type, equiv_tbl_len;
- if (type != UCODE_EQUIV_CPU_TABLE_TYPE || !size) {
- pr_err("empty section/"
- "invalid type field in container file section header\n");
+ if (buf_size <= CONTAINER_HDR_SZ) {
+ pr_err("Truncated microcode container header.\n");
return -EINVAL;
}
- equiv_cpu_table = vmalloc(size);
+ type = ibuf[1];
+ if (type != UCODE_EQUIV_CPU_TABLE_TYPE) {
+ pr_err("Wrong microcode container equivalence table type: %u.\n",
+ type);
+ return -EINVAL;
+ }
+
+ equiv_tbl_len = ibuf[2];
+ if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
+ buf_size - CONTAINER_HDR_SZ < equiv_tbl_len) {
+ pr_err("Truncated equivalence table.\n");
+ return -EINVAL;
+ }
+
+ equiv_cpu_table = vmalloc(equiv_tbl_len);
if (!equiv_cpu_table) {
pr_err("failed to allocate equivalent CPU table\n");
return -ENOMEM;
}
- memcpy(equiv_cpu_table, buf + CONTAINER_HDR_SZ, size);
+ memcpy(equiv_cpu_table, buf + CONTAINER_HDR_SZ, equiv_tbl_len);
/* add header length */
- return size + CONTAINER_HDR_SZ;
+ return equiv_tbl_len + CONTAINER_HDR_SZ;
}
static void free_equiv_cpu_table(void)
@@ -674,7 +686,7 @@ static enum ucode_state __load_microcode_amd(u8 family, const u8 *data,
int crnt_size = 0;
int offset;
- offset = install_equiv_cpu_table(data);
+ offset = install_equiv_cpu_table(data, size);
if (offset < 0) {
pr_err("failed to create equivalent cpu table\n");
return ret;
next prev parent reply other threads:[~2018-03-15 23:08 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1521150415.git.mail@maciej.szmigiero.name>
2018-03-15 23:07 ` [PATCH v4 01/10] x86/microcode/AMD: Subtract SECTION_HDR_SIZE from file leftover length Maciej S. Szmigiero
2018-03-18 16:12 ` Borislav Petkov
2018-04-18 12:39 ` Maciej S. Szmigiero
2018-04-18 13:53 ` Borislav Petkov
2018-04-18 13:57 ` Maciej S. Szmigiero
2018-04-18 14:59 ` Borislav Petkov
2018-03-15 23:07 ` [PATCH v4 02/10] x86/microcode/AMD: Check equivalence table length in the early loader Maciej S. Szmigiero
2018-03-20 15:41 ` Borislav Petkov
2018-03-15 23:08 ` Maciej S. Szmigiero [this message]
2018-03-20 17:53 ` [PATCH v4 03/10] x86/microcode/AMD: Check equivalence table length in the late loader Borislav Petkov
2018-03-15 23:08 ` [PATCH v4 04/10] x86/microcode/AMD: install_equiv_cpu_table() should not return a signed int Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 05/10] x86/microcode/AMD: Add a reminder about PATCH_MAX_SIZE macro Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 06/10] x86/microcode/AMD: Check patch size in verify_and_add_patch() Maciej S. Szmigiero
2018-03-22 16:11 ` Borislav Petkov
2018-03-23 14:40 ` Maciej S. Szmigiero
2018-03-23 16:18 ` Boris Petkov
2018-03-15 23:08 ` [PATCH v4 07/10] x86/microcode/AMD: Verify patch section type for every such section Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 08/10] x86/microcode/AMD: Check microcode container file size before accessing it Maciej S. Szmigiero
2018-03-26 17:48 ` Borislav Petkov
2018-03-15 23:08 ` [PATCH v4 09/10] x86/microcode/AMD: Check the equivalence table size when scanning it Maciej S. Szmigiero
2018-03-15 23:08 ` [PATCH v4 10/10] x86/microcode/AMD: Be more tolerant of late parse failures in late loader Maciej S. Szmigiero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1f29f9f9-0a9e-11e2-8e61-ba7c171e2bd9@maciej.szmigiero.name \
--to=mail@maciej.szmigiero.name \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--subject='Re: [PATCH v4 03/10] x86/microcode/AMD: Check equivalence table length in the late loader' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).