From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Matthew Daley <mattd@bugfuzz.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Keir Fraser <keir@xen.org>, Jan Beulich <JBeulich@suse.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Xen-devel <xen-devel@lists.xen.org>
Subject: Re: [Patch v2 3/4] AMD/microcode: Avoid use-after-free for the microcode buffer
Date: Sat, 28 Dec 2013 11:24:29 +0000 [thread overview]
Message-ID: <52BEB4ED.7090605@citrix.com> (raw)
In-Reply-To: <CAD3CanedK1HfqGYtsRRjzysHhnhHDcR65TqgBgDbNhDgOpBCNw@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 2487 bytes --]
On 27/12/2013 22:43, Matthew Daley wrote:
> On Sat, Dec 28, 2013 at 4:57 AM, Andrew Cooper
> <andrew.cooper3@citrix.com <mailto:andrew.cooper3@citrix.com>> wrote:
>
> It is possible to free the mc_old buffer and then store it for use
> in the case
> of resume.
>
> This keeps the old semantics of being able to return an error even
> after a
> successful microcode application.
>
> Coverity-ID 1146953
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com
> <mailto:andrew.cooper3@citrix.com>>
> CC: Keir Fraser <keir@xen.org <mailto:keir@xen.org>>
> CC: Jan Beulich <JBeulich@suse.com <mailto:JBeulich@suse.com>>
> Acked-by: Boris Ostrovsky <boris.ostrovsky@oracle.com
> <mailto:boris.ostrovsky@oracle.com>>
> CC: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com
> <mailto:suravee.suthikulpanit@amd.com>>
>
> ---
> Changes in v2:
> * Fix commit message. No code change.
> ---
> xen/arch/x86/microcode_amd.c | 17 +++++++++--------
> 1 file changed, 9 insertions(+), 8 deletions(-)
>
> diff --git a/xen/arch/x86/microcode_amd.c
> b/xen/arch/x86/microcode_amd.c
> index a3ceef8..8ea4e63 100644
> --- a/xen/arch/x86/microcode_amd.c
> +++ b/xen/arch/x86/microcode_amd.c
> @@ -275,7 +275,7 @@ static int cpu_request_microcode(int cpu,
> const void *buf, size_t bufsize)
> struct microcode_amd *mc_amd, *mc_old;
> size_t offset = bufsize;
> size_t last_offset, applied_offset = 0;
> - int error = 0;
> + int error = 0, save_error = 1;
> struct ucode_cpu_info *uci = &per_cpu(ucode_cpu_info, cpu);
>
> /* We should bind the task to the CPU */
> @@ -338,19 +338,20 @@ static int cpu_request_microcode(int cpu,
> const void *buf, size_t bufsize)
> */
> if ( applied_offset )
> {
> - int ret = get_ucode_from_buffer_amd(mc_amd, buf, bufsize,
> - &applied_offset);
> - if ( ret == 0 )
> - xfree(mc_old);
> - else
> - error = ret;
> + save_error = get_ucode_from_buffer_amd(
> + mc_amd, buf, bufsize, &applied_offset);
> +
> + if ( save_error )
> + error = save_error
>
>
> Missing you-know-what.
>
> - Matthew
I really should learn that "trivial tweaks" are often not quite so
trivial. v3 on its way.
~Andrew
[-- Attachment #1.2: Type: text/html, Size: 5367 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2013-12-28 11:24 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-27 14:57 [PATCH 0/4] Coverity fixes relating to xmalloc()/xfree() Andrew Cooper
2013-12-27 14:57 ` [PATCH 1/4] common/sysctl: Don't leak status in SYSCTL_page_offline_op Andrew Cooper
2014-01-07 11:33 ` Jan Beulich
2014-01-07 11:34 ` Andrew Cooper
2014-01-07 11:48 ` Jan Beulich
2014-01-07 11:59 ` [Patch v2 " Andrew Cooper
2014-01-13 11:13 ` Andrew Cooper
2014-01-17 17:59 ` Keir Fraser
2013-12-27 14:57 ` [PATCH 2/4] AMD/iommu_detect: Don't leak iommu structure on error paths Andrew Cooper
2013-12-29 17:39 ` Suravee Suthikulpanit
2013-12-27 14:57 ` [PATCH 3/4] AMD/microcode: Avoid use-after-free for the microcode buffer Andrew Cooper
2013-12-27 15:30 ` Boris Ostrovsky
2013-12-27 15:36 ` Andrew Cooper
2013-12-27 15:50 ` Boris Ostrovsky
2013-12-27 15:57 ` [Patch v2 " Andrew Cooper
2013-12-27 22:43 ` Matthew Daley
2013-12-28 11:24 ` Andrew Cooper [this message]
2013-12-28 11:28 ` [Patch v3 " Andrew Cooper
2013-12-27 14:57 ` [PATCH 4/4] VTD/DMAR: free() correct pointer on error from acpi_parse_one_atsr() Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52BEB4ED.7090605@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=boris.ostrovsky@oracle.com \
--cc=keir@xen.org \
--cc=mattd@bugfuzz.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.