Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp1367239imm; Fri, 22 Jun 2018 15:35:41 -0700 (PDT) X-Google-Smtp-Source: ADUXVKJ/hiw2eb2ESgyhTrz0n9iAvzztMZPV2KWeM21jJbDpIPPwni0h3eiB3M2537MZV9Lb96lu X-Received: by 2002:a17:902:822:: with SMTP id 31-v6mr3355753plk.172.1529706941912; Fri, 22 Jun 2018 15:35:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1529706941; cv=none; d=google.com; s=arc-20160816; b=qkjBFHyNfMomqrH5jhL4v+qMpBc1IuDkY1a6oXn+08LSMlokpjCGqlLLQgzoN98US/ oWLc4+R31LiqPz4kWumuypwLTjFH7YSezEtxUKXgExwn3kQDpLplIyGQ2q4l6RCX5fzp 52hmLWHTdZ7uKUUnEZfdzNlafITczI7s2CCzsniFeYd3wgjBaV85SB3ljcMcyHy2eiru WOQw2YfzYXI5YXh+WIFMeV9W2taBGNKe2Khol93avOC3Ue/ka93jN2WKUCJ9yQYQjyxD V+LVTY69/I4MiN68iNjQBxuc7hmxalE8/xnNN12Fy8EESchiBhAMVbFEZTFG+Nj+E9rL LlUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:openpgp:references:cc:to:subject:from :arc-authentication-results; bh=bDEQg7JVp9BvHUaZWbH5jOJ0QjJKym7hS5VSFlkoETU=; b=NH4UPHhvCKeBi59MtiqkCNBH14qTP4uuGVIWFbEsvzXjLUvbwhmsMUWvj2R3ZY7VC7 7t/aG+8zDxzOiUwDV9UUXI/AU1pLxSagmY/Ub0A1d9FnpnagNUzZIuTN06RJVO1EE7MA knIpjj+5XOX7HtbNCZRlvakOBZO8aTziXPkkaDoLU2mHzbFD9nkMgDhQHwqf/W/xJcrj b7UIIsj0LxHY81YNvsPLS+bgulBlpWy670lYrwvrfxlvnP8BWWmoRg47//wCmLkd2iY7 yHHYuhSpRZ3WP1vkD7BTkGB+6JyDWmoJR71IwBB5tVF67yQd8qZo4Zd+54IAhaehoSUJ aq+A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e9-v6si6840897pgo.397.2018.06.22.15.35.27; Fri, 22 Jun 2018 15:35:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933839AbeFVWd2 (ORCPT + 99 others); Fri, 22 Jun 2018 18:33:28 -0400 Received: from vps-vb.mhejs.net ([37.28.154.113]:50348 "EHLO vps-vb.mhejs.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754530AbeFVWd1 (ORCPT ); Fri, 22 Jun 2018 18:33:27 -0400 Received: by vps-vb.mhejs.net with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.90_1) (envelope-from ) id 1fWUcO-00065I-Ul; Sat, 23 Jun 2018 00:33:24 +0200 From: "Maciej S. Szmigiero" Subject: [PATCH 2/2] x86/microcode/AMD: Check patch size for all known CPU families To: Borislav Petkov Cc: Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , x86@kernel.org, linux-kernel@vger.kernel.org References: <39d0efb50538e4a1a06da693559bb13b060ad676.1529424596.git.mail@maciej.szmigiero.name> <20180621083649.GC12742@zn.tnic> Openpgp: preference=signencrypt Autocrypt: addr=mail@maciej.szmigiero.name; prefer-encrypt=mutual; keydata= xsFNBFpGusUBEADXUMM2t7y9sHhI79+2QUnDdpauIBjZDukPZArwD+sDlx5P+jxaZ13XjUQc 6oJdk+jpvKiyzlbKqlDtw/Y2Ob24tg1g/zvkHn8AVUwX+ZWWewSZ0vcwp7u/LvA+w2nJbIL1 N0/QUUdmxfkWTHhNqgkNX5hEmYqhwUPozFR0zblfD/6+XFR7VM9yT0fZPLqYLNOmGfqAXlxY m8nWmi+lxkd/PYqQQwOq6GQwxjRFEvSc09m/YPYo9hxh7a6s8hAP88YOf2PD8oBB1r5E7KGb Fv10Qss4CU/3zaiyRTExWwOJnTQdzSbtnM3S8/ZO/sL0FY/b4VLtlZzERAraxHdnPn8GgxYk oPtAqoyf52RkCabL9dsXPWYQjkwG8WEUPScHDy8Uoo6imQujshG23A99iPuXcWc/5ld9mIo/ Ee7kN50MOXwS4vCJSv0cMkVhh77CmGUv5++E/rPcbXPLTPeRVy6SHgdDhIj7elmx2Lgo0cyh uyxyBKSuzPvb61nh5EKAGL7kPqflNw7LJkInzHqKHDNu57rVuCHEx4yxcKNB4pdE2SgyPxs9 9W7Cz0q2Hd7Yu8GOXvMfQfrBiEV4q4PzidUtV6sLqVq0RMK7LEi0RiZpthwxz0IUFwRw2KS/ 9Kgs9LmOXYimodrV0pMxpVqcyTepmDSoWzyXNP2NL1+GuQtaTQARAQABzTBNYWNpZWogUy4g U3ptaWdpZXJvIDxtYWlsQG1hY2llai5zem1pZ2llcm8ubmFtZT7CwZQEEwEIAD4WIQRyeg1N 257Z9gOb7O+Ef143kM4JdwUCWka6xQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX gAAKCRCEf143kM4Jdx4+EACwi1bXraGxNwgFj+KI8T0Xar3fYdaOF7bb7cAHllBCPQkutjnx 8SkYxqGvSNbBhGtpL1TqAYLB1Jr+ElB8qWEV6bJrffbRmsiBPORAxMfu8FF+kVqCYZs3nbku XNzmzp6R/eii40S+XySiscmpsrVQvz7I+xIIYdC0OTUu0Vl3IHf718GBYSD+TodCazEdN96k p9uD9kWNCU1vnL7FzhqClhPYLjPCkotrWM4gBNDbRiEHv1zMXb0/jVIR/wcDIUv6SLhzDIQn Lhre8LyKwid+WQxq7ZF0H+0VnPf5q56990cEBeB4xSyI+tr47uNP2K1kmW1FPd5q6XlIlvh2 WxsG6RNphbo8lIE6sd7NWSY3wXu4/R1AGdn2mnXKMp2O9039ewY6IhoeodCKN39ZR9LNld2w Dp0MU39LukPZKkVtbMEOEi0R1LXQAY0TQO//0IlAehfbkkYv6IAuNDd/exnj59GtwRfsXaVR Nw7XR/8bCvwU4svyRqI4luSuEiXvM9rwDAXbRKmu+Pk5h+1AOV+KjKPWCkBEHaASOxuApouQ aPZw6HDJ3fdFmN+m+vNcRPzST30QxGrXlS5GgY6CJ10W9gt/IJrFGoGxGxYjj4WzO97Rg6Mq WMa7wMPPNcnX5Nc/b8HW67Jhs3trj0szq6FKhqBsACktOU4g/ksV8eEtnM7AzQRaRrwiAQwA xnVmJqeP9VUTISps+WbyYFYlMFfIurl7tzK74bc67KUBp+PHuDP9p4ZcJUGC3UZJP85/GlUV dE1NairYWEJQUB7bpogTuzMI825QXIB9z842HwWfP2RW5eDtJMeujzJeFaUpmeTG9snzaYxY N3r0TDKj5dZwSIThIMQpsmhH2zylkT0jH7kBPxb8IkCQ1c6wgKITwoHFjTIO0B75U7bBNSDp XUaUDvd6T3xd1Fz57ujAvKHrZfWtaNSGwLmUYQAcFvrKDGPB5Z3ggkiTtkmW3OCQbnIxGJJw /+HefYhB5/kCcpKUQ2RYcYgCZ0/WcES1xU5dnNe4i0a5gsOFSOYCpNCfTHttVxKxZZTQ/rxj XwTuToXmTI4Nehn96t25DHZ0t9L9UEJ0yxH2y8Av4rtf75K2yAXFZa8dHnQgCkyjA/gs0ujG wD+Gs7dYQxP4i+rLhwBWD3mawJxLxY0vGwkG7k7npqanlsWlATHpOdqBMUiAR22hs02FikAo iXNgWTy7ABEBAAHCwXwEGAEIACYWIQRyeg1N257Z9gOb7O+Ef143kM4JdwUCWka8IgIbDAUJ A8JnAAAKCRCEf143kM4Jd9nXD/9jstJU6L1MLyr/ydKOnY48pSlZYgII9rSnFyLUHzNcW2c/ qw9LPMlDcK13tiVRQgKT4W+RvsET/tZCQcap2OF3Z6vd1naTur7oJvgvVM5lVhUia2O60kEZ XNlMLFwLSmGXhaAXNBySpzN2xStSLCtbK58r7Vf9QS0mR0PGU2v68Cb8fFWcYu2Yzn3RXf0Y dIVWvaQG9whxZq5MdJm5dknfTcCG+MtmbP/DnpQpjAlgVmDgMgYTBW1W9etU36YW0pTqEYuv 6cmRgSAKEDaYHhFLTR1+lLJkp5fFo3Sjm7XqmXzfSv9JGJGMKzoFOMBoLYv+VFnMoLX5UJAs 0JyFqFY2YxGyLd4J103NI/ocqQeU0TVvOZGVkENPSxIESnbxPghsEC0MWEbGsvqA8FwvU7Xf GhZPYzTRf7CndDnezEA69EhwpZXKs4CvxbXo5PDTv0OWzVaAWqq8s8aTMJWWAhvobFozJ63z afYHkuEjMo0Xps3o3uvKg7coooH521nNsv4ci+KeBq3mgMCRAy0g/Ef+Ql7mt900RCBHu4tk tOhPc3J1ep/e2WAJ4ngUqJhilzyCJnzVJ4cT79VK/uPtlfUCZdUz+jTC88TmP1p5wlucS31k Thy/CV4cqDFB8yzEujTSiRzd7neG3sH0vcxBd69uvSxLZPLGID840k0v5sftPA== Message-ID: Date: Sat, 23 Jun 2018 00:33:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <20180621083649.GC12742@zn.tnic> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Previously, the AMD microcode update driver has only checked the indicated microcode patch size for patches for the currently running CPU family. Patches for other families had their size trusted without further verification. Introduce such check for all CPU families known to the driver so if we spot a patch that is longer than expected for its family we'll carefully skip over only the expected length to make sure we don't miss good patches in case the indicated patch size was something nonsensically huge. Signed-off-by: Maciej S. Szmigiero --- This is part 2/2 of a replacement for "[PATCH v7 3/9] x86/microcode/AMD: Integrate verify_patch_size() into verify_patch()". arch/x86/kernel/cpu/microcode/amd.c | 67 ++++++++++++++++------------- 1 file changed, 37 insertions(+), 30 deletions(-) diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 53820b92aabb..04a298da4c21 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -201,43 +201,31 @@ static bool verify_patch(u8 family, const u8 *buf, size_t buf_size, hdr = (const u32 *)buf; patch_size = hdr[1]; - if (buf_size - SECTION_HDR_SIZE < patch_size) { + if (buf_size - SECTION_HDR_SIZE < sizeof(*mc_hdr)) { if (!early) - pr_err("Patch of size %u truncated.\n", patch_size); + pr_err("Truncated patch header.\n"); *crnt_size = buf_size; return false; } - /* - * Set a patch length limit of slightly less than U32_MAX to - * prevent overflowing 32-bit variables holding the whole - * patch section size. - */ - if (patch_size > U32_MAX - SECTION_HDR_SIZE) { - if (!early) - pr_err("Patch of size %u too large.\n", patch_size); - - *crnt_size = SECTION_HDR_SIZE + PATCH_MAX_SIZE; - return false; - } - - *crnt_size = SECTION_HDR_SIZE + patch_size; - mc_hdr = (const struct microcode_header_amd *)(buf + SECTION_HDR_SIZE); patch_fam = 0xf + (mc_hdr->processor_rev_id >> 12); - /* Is the patch for the proper CPU family? */ - if (family != patch_fam) - return false; - + /* + * Check whether patch_size isn't something nonsensically huge so + * we don't skip over good patches by mistake. + */ #define F1XH_MPB_MAX_SIZE 2048 #define F14H_MPB_MAX_SIZE 1824 #define F15H_MPB_MAX_SIZE 4096 #define F16H_MPB_MAX_SIZE 3458 #define F17H_MPB_MAX_SIZE 3200 - switch (family) { + switch (patch_fam) { + case 0x10 ... 0x13: + max_size = F1XH_MPB_MAX_SIZE; + break; case 0x14: max_size = F14H_MPB_MAX_SIZE; break; @@ -251,22 +239,41 @@ static bool verify_patch(u8 family, const u8 *buf, size_t buf_size, max_size = F17H_MPB_MAX_SIZE; break; default: - max_size = F1XH_MPB_MAX_SIZE; + /* + * Don't know the max size for future families... + * Set a patch length limit of slightly less than U32_MAX to + * prevent overflowing 32-bit variables holding the whole + * patch section size. + */ + max_size = U32_MAX - SECTION_HDR_SIZE; break; } - /* - * The section header length is not included in this indicated size - * but is present in the leftover file length so we need to subtract - * it from the leftover file length. - */ - if (patch_size > min_t(u32, buf_size - SECTION_HDR_SIZE, max_size)) { + if (patch_size > max_size) { + if (!early) + pr_err("Patch of size %u exceeds family %u maximum.\n", + patch_size, (unsigned int)patch_fam); + + *crnt_size = min_t(unsigned int, + SECTION_HDR_SIZE + max_size, + buf_size); + return false; + } + + if (buf_size - SECTION_HDR_SIZE < patch_size) { if (!early) - pr_err("Patch of size %u too large.\n", patch_size); + pr_err("Patch of size %u truncated.\n", patch_size); + *crnt_size = buf_size; return false; } + *crnt_size = SECTION_HDR_SIZE + patch_size; + + /* Is the patch for the proper CPU family? */ + if (family != patch_fam) + return false; + return true; } -- 2.17.0