Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

From: Maciej S. Szmigiero
Date: Mon Apr 30 2018 - 18:27:28 EST

Next message: Maciej S. Szmigiero: "Re: [PATCH v5 3/6] x86/microcode/AMD: Check microcode container data in the early loader"
Previous message: Shuah Khan (Samsung OSG): "[REBASED PATCH 2/2] usbip: usbip_host: run rebind from exit when module is removed"
In reply to: Borislav Petkov: "Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30.04.2018 11:04, Borislav Petkov wrote:
> On Mon, Apr 23, 2018 at 11:34:07PM +0200, Maciej S. Szmigiero wrote:
>> --- a/arch/x86/kernel/cpu/microcode/amd.c
>> +++ b/arch/x86/kernel/cpu/microcode/amd.c
>> +/*
>> + * Checks whether there is a valid, non-truncated CPU equivalence table
>> + * at the beginning of a passed buffer @buf of size @size.
>> + * If @early is set this function does not print errors which makes it
>> + * usable by the early microcode loader.
>> + */
>> +static bool verify_equivalence_table(const u8 *buf, size_t buf_size, bool early)
>> +{
>> + const u32 *hdr = (const u32 *)buf;
>> + u32 cont_type, equiv_tbl_len;
>> +
>> + cont_type = hdr[1];
>
> You need to check the size of buf so that there's enough buf passed in
> before you index into it like that.

These checking functions are supposed to be called in order:
first verify_container() verifies the basic container, then
verify_equivalence_table() verifies the equivalence table while not
repeating the checks that were already done by the former function.

>> + if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
>> + if (!early)
>> + pr_err("Wrong microcode container equivalence table type: %u.\n",
>> + cont_type);
>> +
>> + return false;
>> + }
>> +
>> + equiv_tbl_len = hdr[2];
>
> And that.

Same situation here.

>> +
>> +/*
>> + * Checks whether a microcode patch located at the beginning of a passed
>> + * buffer @buf of size @size is not too large for a particular @family
>> + * and is not truncated.
>> + * If @early is set this function does not print errors which makes it
>> + * usable by the early microcode loader.
>> + */
>> +static bool verify_patch(u8 family, const u8 *buf, size_t buf_size, bool early)
>> +{
>> + const u32 *hdr = (const u32 *)buf;
>> + u32 patch_size = hdr[1];
>
> Just like in the first comment above.
>

And a similar situation here - verify_patch() does not verify things
that were already checked by verify_container() or
verify_patch_section().

Thanks,
Maciej

Next message: Maciej S. Szmigiero: "Re: [PATCH v5 3/6] x86/microcode/AMD: Check microcode container data in the early loader"
Previous message: Shuah Khan (Samsung OSG): "[REBASED PATCH 2/2] usbip: usbip_host: run rebind from exit when module is removed"
In reply to: Borislav Petkov: "Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]