From: Borislav Petkov <bp@alien8.de>
To: X86 ML <x86@kernel.org>
Cc: "Maciej S . Szmigiero" <mail@maciej.szmigiero.name>,
Tom Lendacky <thomas.lendacky@amd.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 11/16] x86/microcode/AMD: Convert early parser to the new verification routines
Date: Wed, 7 Nov 2018 18:02:13 +0100 [thread overview]
Message-ID: <20181107170218.7596-12-bp@alien8.de> (raw)
In-Reply-To: <20181107170218.7596-1-bp@alien8.de>
From: Borislav Petkov <bp@suse.de>
Now that they have the required functionality, use them to verify the
equivalence table and each patch, thus making parse_container() more
readable.
Based on a patch by "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>.
Signed-off-by: Borislav Petkov <bp@suse.de>
---
arch/x86/kernel/cpu/microcode/amd.c | 46 +++++++++++++++--------------
1 file changed, 24 insertions(+), 22 deletions(-)
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 79216cfb9f72..5775dc996df3 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -293,17 +293,18 @@ static ssize_t parse_container(u8 *ucode, ssize_t size, struct cont_desc *desc)
u16 eq_id;
u8 *buf;
- /* Am I looking at an equivalence table header? */
- if (hdr[0] != UCODE_MAGIC ||
- hdr[1] != UCODE_EQUIV_CPU_TABLE_TYPE ||
- hdr[2] == 0)
- return CONTAINER_HDR_SZ;
+ if (!verify_equivalence_table(ucode, size, true))
+ return 0;
buf = ucode;
eq = (struct equiv_cpu_entry *)(buf + CONTAINER_HDR_SZ);
- /* Find the equivalence ID of our CPU in this table: */
+ /*
+ * Find the equivalence ID of our CPU in this table. Even if this table
+ * doesn't contain a patch for the CPU, scan through the whole container
+ * so that it can be skipped in case there are other containers appended.
+ */
eq_id = find_equiv_id(eq, desc->cpuid_1_eax);
buf += hdr[2] + CONTAINER_HDR_SZ;
@@ -316,29 +317,29 @@ static ssize_t parse_container(u8 *ucode, ssize_t size, struct cont_desc *desc)
while (size > 0) {
struct microcode_amd *mc;
u32 patch_size;
+ int ret;
- hdr = (u32 *)buf;
-
- if (hdr[0] != UCODE_UCODE_TYPE)
- break;
-
- /* Sanity-check patch size. */
- patch_size = hdr[1];
- if (patch_size > PATCH_MAX_SIZE)
- break;
-
- /* Skip patch section header: */
- buf += SECTION_HDR_SIZE;
- size -= SECTION_HDR_SIZE;
+ ret = verify_patch(x86_family(desc->cpuid_1_eax), buf, size, &patch_size, true);
+ if (ret < 0) {
+ /*
+ * Patch verification failed, skip to the next
+ * container, if there's one:
+ */
+ goto out;
+ } else if (ret > 0) {
+ goto skip;
+ }
- mc = (struct microcode_amd *)buf;
+ mc = (struct microcode_amd *)(buf + SECTION_HDR_SIZE);
if (eq_id == mc->hdr.processor_rev_id) {
desc->psize = patch_size;
desc->mc = mc;
}
- buf += patch_size;
- size -= patch_size;
+skip:
+ /* Skip patch section header too: */
+ buf += patch_size + SECTION_HDR_SIZE;
+ size -= patch_size + SECTION_HDR_SIZE;
}
/*
@@ -355,6 +356,7 @@ static ssize_t parse_container(u8 *ucode, ssize_t size, struct cont_desc *desc)
return 0;
}
+out:
return orig_size - size;
}
--
2.19.1
next prev parent reply other threads:[~2018-11-07 17:03 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-07 17:02 [PATCH 00/16] x86/microcode/AMD: Improve container verification Borislav Petkov
2018-11-07 17:02 ` [PATCH 01/16] x86/microcode/AMD: Subtract SECTION_HDR_SIZE from file leftover length Borislav Petkov
2018-11-07 17:02 ` [PATCH 02/16] x86/microcode/AMD: Add microcode container verification Borislav Petkov
2018-11-07 17:02 ` [PATCH 03/16] x86/microcode/AMD: Move verify_patch_size() up in the file Borislav Petkov
2018-11-19 10:14 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 04/16] x86/microcode/AMD: Clean up per-family patch size checks Borislav Petkov
2018-11-19 10:14 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 05/16] x86/microcode/AMD: Cleanup verify_patch_size() more Borislav Petkov
2018-11-19 10:15 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 06/16] x86/microcode/AMD: Concentrate patch verification Borislav Petkov
2018-11-19 10:15 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 07/16] x86/microcode/AMD: Simplify patch family detection Borislav Petkov
2018-11-19 10:16 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 08/16] x86/microcode/AMD: Move patch family check to verify_patch() Borislav Petkov
2018-11-19 10:16 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 09/16] x86/microcode/AMD: Move chipset-specific check into verify_patch() Borislav Petkov
2018-11-07 17:02 ` [PATCH 10/16] x86/microcode/AMD: Change verify_patch()'s return value Borislav Petkov
2018-11-19 10:18 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` Borislav Petkov [this message]
2018-11-19 10:18 ` [tip:x86/microcode] x86/microcode/AMD: Convert early parser to the new verification routines tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 12/16] x86/microcode/AMD: Fix container size's type Borislav Petkov
2018-11-10 20:59 ` kbuild test robot
2018-11-19 10:19 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-07 17:02 ` [PATCH 13/16] x86/microcode/AMD: Check microcode container data in the late loader Borislav Petkov
2018-11-19 10:19 ` [tip:x86/microcode] " tip-bot for Maciej S. Szmigiero
2018-11-07 17:02 ` [PATCH 14/16] x86/microcode/AMD: Convert CPU equivalence table variable into a struct Borislav Petkov
2018-11-19 10:20 ` [tip:x86/microcode] " tip-bot for Maciej S. Szmigiero
2018-11-07 17:02 ` [PATCH 15/16] x86/microcode/AMD: Check the equivalence table size when scanning it Borislav Petkov
2018-11-19 10:20 ` [tip:x86/microcode] " tip-bot for Maciej S. Szmigiero
2018-11-07 17:02 ` [PATCH 16/16] x86/microcode/AMD: Update copyright Borislav Petkov
2018-11-19 10:21 ` [tip:x86/microcode] " tip-bot for Borislav Petkov
2018-11-25 9:50 ` [PATCH 00/16] x86/microcode/AMD: Improve container verification Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181107170218.7596-12-bp@alien8.de \
--to=bp@alien8.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@maciej.szmigiero.name \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.