Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753337AbbBXQV6 (ORCPT <rfc822;w@1wt.eu>);
	Tue, 24 Feb 2015 11:21:58 -0500
Received: from aserp1040.oracle.com ([141.146.126.69]:21603 "EHLO
	aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752229AbbBXQV5 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 24 Feb 2015 11:21:57 -0500
Date: Tue, 24 Feb 2015 17:23:44 +0100
From: Quentin Casasnovas <quentin.casasnovas@oracle.com>
To: Borislav Petkov <bp@alien8.de>
Cc: X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>,
        Quentin Casasnovas <quentin.casasnovas@oracle.com>
Subject: Re: [PATCH 08/13] x86/microcode: Consolidate family,model, ... code
Message-ID: <20150224162343.GH4565@chrystal.uk.oracle.com>
References: <1424774232-5981-1-git-send-email-bp@alien8.de>
 <1424774232-5981-9-git-send-email-bp@alien8.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1424774232-5981-9-git-send-email-bp@alien8.de>
User-Agent: Mutt/1.5.22 (2013-10-16)
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1893
Lines: 49

On Tue, Feb 24, 2015 at 11:37:07AM +0100, Borislav Petkov wrote:
> @@ -159,42 +134,40 @@ static enum ucode_state
>  matching_model_microcode(struct microcode_header_intel *mc_header,
>  			unsigned long sig)
>  {
> -	u8 x86, x86_model;
> -	u8 x86_ucode, x86_model_ucode;
> +	unsigned int fam, model;
> +	unsigned int fam_ucode, model_ucode;
>  	struct extended_sigtable *ext_header;
>  	unsigned long total_size = get_totalsize(mc_header);
>  	unsigned long data_size = get_datasize(mc_header);
>  	int ext_sigcount, i;
>  	struct extended_signature *ext_sig;
>  
> -	x86 = get_x86_family(sig);
> -	x86_model = get_x86_model(sig);
> +	fam   = __x86_family(sig);
> +	model = x86_model(sig);
>  
> -	x86_ucode = get_x86_family(mc_header->sig);
> -	x86_model_ucode = get_x86_model(mc_header->sig);
> +	fam_ucode   = __x86_family(mc_header->sig);
> +	model_ucode = x86_model(mc_header->sig);
>  
> -	if (x86 == x86_ucode && x86_model == x86_model_ucode)
> +	if (fam == fam_ucode && model == model_ucode)
>  		return UCODE_OK;
>  
>  	/* Look for ext. headers: */
>  	if (total_size <= data_size + MC_HEADER_SIZE)
>  		return UCODE_NFOUND;
>  
> -	ext_header = (struct extended_sigtable *)
> -		     mc_header + data_size + MC_HEADER_SIZE;
> +	ext_header   = (struct extended_sigtable *)mc_header + data_size + MC_HEADER_SIZE;
> +	ext_sig      = (void *)ext_header + EXT_HEADER_SIZE;

I think we have another serious problem here, both in the original code and
in your patch - mc_header will first be casted to (unsigned long*) then
we'll add data_size and MC_HEADER_SIZE, potentially going way further than
intended.  Same remark for ext_sig.

Quentin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/