Perform additional validation prior to loading IFS image.
Error out if the size of the file being loaded doesn't match the size
specified in the header.
Signed-off-by: Jithu Joseph <[email protected]>
Reviewed-by: Tony Luck <[email protected]>
Tested-by: Pengfei Xu <[email protected]>
---
drivers/platform/x86/intel/ifs/load.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
index 6b827247945b..da54fd060878 100644
--- a/drivers/platform/x86/intel/ifs/load.c
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -375,6 +375,7 @@ int ifs_load_firmware(struct device *dev)
{
const struct ifs_test_caps *test = ifs_get_test_caps(dev);
struct ifs_data *ifsd = ifs_get_data(dev);
+ unsigned int expected_size;
const struct firmware *fw;
char scan_path[64];
int ret = -EINVAL;
@@ -389,6 +390,13 @@ int ifs_load_firmware(struct device *dev)
goto done;
}
+ expected_size = ((struct microcode_header_intel *)fw->data)->totalsize;
+ if (fw->size != expected_size) {
+ dev_err(dev, "File size mismatch (expected %d, actual %ld). Corrupted IFS image.\n",
+ expected_size, fw->size);
+ return -EINVAL;
+ }
+
ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data);
if (ret)
goto release;
--
2.25.1
On Mon, 2 Oct 2023, Ilpo J?rvinen wrote:
> On Fri, 29 Sep 2023, Jithu Joseph wrote:
>
> > Perform additional validation prior to loading IFS image.
> >
> > Error out if the size of the file being loaded doesn't match the size
> > specified in the header.
> >
> > Signed-off-by: Jithu Joseph <[email protected]>
> > Reviewed-by: Tony Luck <[email protected]>
> > Tested-by: Pengfei Xu <[email protected]>
> > ---
> > drivers/platform/x86/intel/ifs/load.c | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
> > index 6b827247945b..da54fd060878 100644
> > --- a/drivers/platform/x86/intel/ifs/load.c
> > +++ b/drivers/platform/x86/intel/ifs/load.c
> > @@ -375,6 +375,7 @@ int ifs_load_firmware(struct device *dev)
> > {
> > const struct ifs_test_caps *test = ifs_get_test_caps(dev);
> > struct ifs_data *ifsd = ifs_get_data(dev);
> > + unsigned int expected_size;
> > const struct firmware *fw;
> > char scan_path[64];
> > int ret = -EINVAL;
> > @@ -389,6 +390,13 @@ int ifs_load_firmware(struct device *dev)
> > goto done;
> > }
> >
> > + expected_size = ((struct microcode_header_intel *)fw->data)->totalsize;
> > + if (fw->size != expected_size) {
> > + dev_err(dev, "File size mismatch (expected %d, actual %ld). Corrupted IFS image.\n",
> > + expected_size, fw->size);
> > + return -EINVAL;
> > + }
> > +
> > ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data);
> > if (ret)
> > goto release;
> >
>
> Reviewed-by: Ilpo J?rvinen <[email protected]>
Just after sending the rev-by, I realized this also has %d vs unsigned int
problem, and %ld should be using %zu as fw->size of size_t.
Feel free to add my rev-by after those two problems have been fixed.
--
i.
On Fri, 29 Sep 2023, Jithu Joseph wrote:
> Perform additional validation prior to loading IFS image.
>
> Error out if the size of the file being loaded doesn't match the size
> specified in the header.
>
> Signed-off-by: Jithu Joseph <[email protected]>
> Reviewed-by: Tony Luck <[email protected]>
> Tested-by: Pengfei Xu <[email protected]>
> ---
> drivers/platform/x86/intel/ifs/load.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
> index 6b827247945b..da54fd060878 100644
> --- a/drivers/platform/x86/intel/ifs/load.c
> +++ b/drivers/platform/x86/intel/ifs/load.c
> @@ -375,6 +375,7 @@ int ifs_load_firmware(struct device *dev)
> {
> const struct ifs_test_caps *test = ifs_get_test_caps(dev);
> struct ifs_data *ifsd = ifs_get_data(dev);
> + unsigned int expected_size;
> const struct firmware *fw;
> char scan_path[64];
> int ret = -EINVAL;
> @@ -389,6 +390,13 @@ int ifs_load_firmware(struct device *dev)
> goto done;
> }
>
> + expected_size = ((struct microcode_header_intel *)fw->data)->totalsize;
> + if (fw->size != expected_size) {
> + dev_err(dev, "File size mismatch (expected %d, actual %ld). Corrupted IFS image.\n",
> + expected_size, fw->size);
> + return -EINVAL;
> + }
> +
> ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data);
> if (ret)
> goto release;
>
Reviewed-by: Ilpo J?rvinen <[email protected]>
--
i.
On 10/2/2023 4:50 AM, Ilpo Järvinen wrote:
> On Mon, 2 Oct 2023, Ilpo Järvinen wrote:
>> Reviewed-by: Ilpo Järvinen <[email protected]>
>
> Just after sending the rev-by, I realized this also has %d vs unsigned int
> problem, and %ld should be using %zu as fw->size of size_t.
>
> Feel free to add my rev-by after those two problems have been fixed.
>
Thanks for the review. I will make this change
Jithu
Perform additional validation prior to loading IFS image.
Error out if the size of the file being loaded doesn't match the size
specified in the header.
Signed-off-by: Jithu Joseph <[email protected]>
Reviewed-by: Tony Luck <[email protected]>
Reviewed-by: Ilpo Järvinen <[email protected]>
Tested-by: Pengfei Xu <[email protected]>
---
- changed the dev_err printk format specifiers (Ilpo Järvinen)
drivers/platform/x86/intel/ifs/load.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
index 6b827247945b..582f1801aaaa 100644
--- a/drivers/platform/x86/intel/ifs/load.c
+++ b/drivers/platform/x86/intel/ifs/load.c
@@ -375,6 +375,7 @@ int ifs_load_firmware(struct device *dev)
{
const struct ifs_test_caps *test = ifs_get_test_caps(dev);
struct ifs_data *ifsd = ifs_get_data(dev);
+ unsigned int expected_size;
const struct firmware *fw;
char scan_path[64];
int ret = -EINVAL;
@@ -389,6 +390,13 @@ int ifs_load_firmware(struct device *dev)
goto done;
}
+ expected_size = ((struct microcode_header_intel *)fw->data)->totalsize;
+ if (fw->size != expected_size) {
+ dev_err(dev, "File size mismatch (expected %u, actual %zu). Corrupted IFS image.\n",
+ expected_size, fw->size);
+ return -EINVAL;
+ }
+
ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data);
if (ret)
goto release;
--
2.25.1