From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org, Ingo Molnar <mingo@kernel.org>
Subject: Re: AMD microcode loading broken on 32 bit
Date: Thu, 30 Jan 2014 14:41:09 -0500 [thread overview]
Message-ID: <52EAAAD5.2010301@oracle.com> (raw)
In-Reply-To: <20140130151321.GC23342@pd.tnic>
On 01/30/2014 10:13 AM, Borislav Petkov wrote:
> On Wed, Jan 29, 2014 at 12:22:19AM +0100, Borislav Petkov wrote:
>>>> Are you sure that
>>>>
>>>> container = (u8 *)(__va((u32)relocated_ramdisk) +
>>>> ((u32)container -
>>>> boot_params.hdr.ramdisk_image));
>>>>
>>>> in save_microcode_in_initrd_amd() always results in a valid
>>>> pointer? It is non-NULL but it
>>>> points to address that looks to be not mapped.
> Well, here's what I see here:
>
> * initrd *without* microcode:
>
> [ 0.000000] RAMDISK: [mem 0x7fbfc000-0x7ffeffff]
> [ 0.000000] Allocated new RAMDISK: [mem 0x3680a000-0x36bfd099]
> [ 0.000000] Move RAMDISK from [mem 0x7fbfc000-0x7ffef099] to [mem 0x3680a000-0x36bfd099]
>
> ...
>
> [ 0.710771] save_microcode_in_initrd_amd:
>
> relocated_ramdisk: 0x3680a000,
> __va(relocated_ramdisk): 0xf680a000,
> container: 0x76c0e000,
> boot_params.hdr.ramdisk_image: 0x7fbfc000
>
> ...
>
> [ 0.717080] BUG: unable to handle kernel paging request at 76c0e008
>
>
> * initrd + microcode:
>
> [ 0.000000] RAMDISK: [mem 0x7fbf7000-0x7ffeffff]
> [ 0.000000] Allocated new RAMDISK: [mem 0x36805000-0x36bfd499]
> [ 0.000000] Move RAMDISK from [mem 0x7fbf7000-0x7ffef499] to [mem 0x36805000-0x36bfd499]
>
> [ 0.781948] save_microcode_in_initrd_amd:
>
> relocated_ramdisk: 0x36805000,
> __va(relocated_ramdisk): 0xf6805000,
> container: 0xf680527c,
> boot_params.hdr.ramdisk_image: 0x7fbf7000
>
> Now guess what happens arithmetically if container is 0 (first case
> above without microcode):
>
> 0xf680a000 + 0 - 0x7fbfc000 = 0x76c0e000.
>
> So the fix of looking at ucode_cpio.data is correct.
That's not sufficient though, you'll need the other piece in
find_ucode_in_initrd() where you check the header.
>
> An equivalent fix would be this hunk below but the initial version I
> sent you aligns more with what we do on 64-bit.
>
> ---
> diff --git a/arch/x86/kernel/cpu/microcode/amd_early.c b/arch/x86/kernel/cpu/microcode/amd_early.c
> index 8384c0fa206f..7199953fdbf2 100644
> --- a/arch/x86/kernel/cpu/microcode/amd_early.c
> +++ b/arch/x86/kernel/cpu/microcode/amd_early.c
> @@ -347,6 +347,9 @@ int __init save_microcode_in_initrd_amd(void)
> if (!uci->cpu_sig.sig)
> smp_call_function_single(bsp, collect_cpu_sig_on_bsp, NULL, 1);
>
> + if (!container)
> + return -EINVAL;
> +
> /*
> * Take into account the fact that the ramdisk might get relocated
> * and therefore we need to recompute the container's position in
I like this one better. You can move this check above "#ifdef
CONFIG_X86_32" and have it as the first statement in the routine, common
between 32- and 64-bit.
-boris
next prev parent reply other threads:[~2014-01-30 19:40 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <52DE94A9.9060505@oracle.com>
2014-01-21 16:14 ` AMD microcode loading broken on 32 bit Borislav Petkov
2014-01-21 17:55 ` Boris Ostrovsky
2014-01-21 18:25 ` Borislav Petkov
2014-01-23 18:08 ` Boris Ostrovsky
2014-01-23 18:54 ` Gene Heskett
2014-01-23 19:09 ` Boris Ostrovsky
2014-01-23 19:36 ` Gene Heskett
2014-01-23 19:29 ` Borislav Petkov
2014-01-23 19:41 ` Boris Ostrovsky
2014-01-28 16:24 ` Borislav Petkov
2014-01-28 20:43 ` Boris Ostrovsky
2014-01-28 20:52 ` Borislav Petkov
2014-01-28 21:05 ` Boris Ostrovsky
2014-01-28 21:30 ` Borislav Petkov
2014-01-28 21:37 ` Boris Ostrovsky
2014-01-28 23:10 ` Boris Ostrovsky
2014-01-28 23:22 ` Borislav Petkov
2014-01-30 15:13 ` Borislav Petkov
2014-01-30 19:41 ` Boris Ostrovsky [this message]
2014-01-30 19:54 ` Borislav Petkov
2014-02-03 17:55 ` [PATCH -v2] x86, microcode, AMD: Sanity-check initrd image Borislav Petkov
2014-02-03 19:13 ` Boris Ostrovsky
2014-02-03 19:30 ` Borislav Petkov
2014-02-03 19:37 ` Boris Ostrovsky
2014-02-03 19:52 ` Borislav Petkov
2014-02-03 20:28 ` Boris Ostrovsky
2014-02-03 20:33 ` Borislav Petkov
2014-02-03 20:41 ` [PATCH] x86, microcode, AMD: Unify valid container checks Borislav Petkov
2014-02-06 19:39 ` [tip:x86/urgent] " tip-bot for Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52EAAAD5.2010301@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.