From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
To: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org, Ingo Molnar <mingo@kernel.org>
Subject: Re: [PATCH -v2] x86, microcode, AMD: Sanity-check initrd image
Date: Mon, 03 Feb 2014 14:37:34 -0500 [thread overview]
Message-ID: <52EFEFFE.6010608@oracle.com> (raw)
In-Reply-To: <20140203193000.GD4281@pd.tnic>
On 02/03/2014 02:30 PM, Borislav Petkov wrote:
> On Mon, Feb 03, 2014 at 02:13:27PM -0500, Boris Ostrovsky wrote:
>> I thought that it may be sufficient to check for !container in
>> save_microcode_in_initrd_amd() before performing relocation. If the
>> signature was wrong, we would have found out about it in
>> load_ucode_bsp() -> apply_ucode_in_initrd() and returned right away,
> Your original test case which exploded had exactly that scenario - it
> was pointing to Intel ucode so container wasn't NULL. Thus we need to
> check the sig in find_ucode_in_initrd().
>
It exploded when 'if (!container)' check was done *after* relocation,
which made container non-zero. If you do the check *before* then I think
you will catch the fact that container is empty.
load_ucode_bsp() -> apply_ucode_in_initrd() path does not include
save_microcode_in_initrd_amd() and (if I understand the code correctly)
we already verify signature in apply_ucode_in_initrd().
I am pretty sure I tested this scenario but I can verify it again.
-boris
next prev parent reply other threads:[~2014-02-03 19:36 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <52DE94A9.9060505@oracle.com>
2014-01-21 16:14 ` AMD microcode loading broken on 32 bit Borislav Petkov
2014-01-21 17:55 ` Boris Ostrovsky
2014-01-21 18:25 ` Borislav Petkov
2014-01-23 18:08 ` Boris Ostrovsky
2014-01-23 18:54 ` Gene Heskett
2014-01-23 19:09 ` Boris Ostrovsky
2014-01-23 19:36 ` Gene Heskett
2014-01-23 19:29 ` Borislav Petkov
2014-01-23 19:41 ` Boris Ostrovsky
2014-01-28 16:24 ` Borislav Petkov
2014-01-28 20:43 ` Boris Ostrovsky
2014-01-28 20:52 ` Borislav Petkov
2014-01-28 21:05 ` Boris Ostrovsky
2014-01-28 21:30 ` Borislav Petkov
2014-01-28 21:37 ` Boris Ostrovsky
2014-01-28 23:10 ` Boris Ostrovsky
2014-01-28 23:22 ` Borislav Petkov
2014-01-30 15:13 ` Borislav Petkov
2014-01-30 19:41 ` Boris Ostrovsky
2014-01-30 19:54 ` Borislav Petkov
2014-02-03 17:55 ` [PATCH -v2] x86, microcode, AMD: Sanity-check initrd image Borislav Petkov
2014-02-03 19:13 ` Boris Ostrovsky
2014-02-03 19:30 ` Borislav Petkov
2014-02-03 19:37 ` Boris Ostrovsky [this message]
2014-02-03 19:52 ` Borislav Petkov
2014-02-03 20:28 ` Boris Ostrovsky
2014-02-03 20:33 ` Borislav Petkov
2014-02-03 20:41 ` [PATCH] x86, microcode, AMD: Unify valid container checks Borislav Petkov
2014-02-06 19:39 ` [tip:x86/urgent] " tip-bot for Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52EFEFFE.6010608@oracle.com \
--to=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.