Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp58756pxm; Tue, 1 Mar 2022 15:02:34 -0800 (PST) X-Google-Smtp-Source: ABdhPJyaoHwgWxFENqwscxQzaMQHW0Rcfk+PLPVumV5YDVtj2eA4wdnH4XBpdInZT9CM42NKSsKQ X-Received: by 2002:a65:5bcc:0:b0:378:4b73:4fe9 with SMTP id o12-20020a655bcc000000b003784b734fe9mr18232605pgr.533.1646175754001; Tue, 01 Mar 2022 15:02:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646175753; cv=none; d=google.com; s=arc-20160816; b=YPMjIUnHaA6JYTrBKxiuvC5Ym9lFJbB4z1tcTCKYHuqArnjFKYFn9lTcuhiJ5Yo21l 4ZLcZQiW+fbj3GREovoW59Dqas7sF0gHPpNGKahmz5DmKR0W+4hgkmapnIzM0dMn6xVR bC7w4CdoNqq9Ua7wG5PFFOChEWMpRsGAPnqwepKBRLHFRwyznXpRyfWvgVMy0n5TzV0I NvHYFBXBDkoIrq7EITGEUJLumv9hGb5CTXnNrCiTjwIiQFu4Hik5uHQ4kcBFqrS7b/pB yOUNyL2MI8Xihisiaa7locjN5pz8yrmBf+iUIzOxbF9Ret6JSCtS8NUBwlz27WRoP3hI kS0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=nlt8vY4O12m7sAd+kw5uExmfXTBXKJIDNwnA6A1eTRM=; b=rHmtmYjGWKJ9I62Y9r7o+4hM1vTvXUTpgfZHd/DwYLBN16aq6x5IJDaYMsJ4uPxivN /txitrrCDAaop/eFQDZ3VMMxpaaOvj6w2FbdloqIBQGYEGY18x058kIJQZcideqWjYUY vVgQ9ut0Ow3OfCNxbvIqcoZEdn9vznowIzydiQstH0pHtM6bD9Ytkh4P4Nzh2jfxj1dQ b/l/ji7GeaoBRzmflaBLKGfkvcC0HaKRrc0H7+ox0OW8jO3nshUxKFQzsi98/U+5T+qQ Ur4+WURmAoddmo9S0qchF3vXLGc2ibXK2AhCwzdx2OIR12MTfumDr23zP8R2/AGucp56 GthQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=IOoZOGRR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c77-20020a624e50000000b004e10286cdb4si12629141pfb.245.2022.03.01.15.02.15; Tue, 01 Mar 2022 15:02:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=IOoZOGRR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237541AbiCAT4z (ORCPT + 99 others); Tue, 1 Mar 2022 14:56:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235995AbiCAT4h (ORCPT ); Tue, 1 Mar 2022 14:56:37 -0500 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B25266CA4F; Tue, 1 Mar 2022 11:55:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646164555; x=1677700555; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=uC5rspVyubKHGiV6BlR4gnoUFKw65v33QJn3OEQqbkU=; b=IOoZOGRRikwdpzSswMurQR0EKwqWDL8VJRRQVBZmjCtGZvHeIS6JJ9li 3J8ccSQa+qQHiQ+z19v1Yli5khrRcKZFRcSUa3H8jOSxVVN55u4IaIiZs inYT3mO2y0f3wMiLcvUBstwn+I3gv3tiZQeQd1spvKJtvw8ZleDyMi5EH XII0u7Bu6wd3ui9aoWCtY3KVfRGNLzI+Jb4VAfgg8gD/oS0wVngxYo8ep ZICGZsmUtrsPP20ch2g/57T4CWWtPQM1b5d+ZbGd7ZhZ0oCXlrZjuqKq3 1UosNvEabEX2Bkn2mwEQfAGiAwMqtBo1NEzIP1U1XvvYHjmta2ky4RRww g==; X-IronPort-AV: E=McAfee;i="6200,9189,10273"; a="233194894" X-IronPort-AV: E=Sophos;i="5.90,146,1643702400"; d="scan'208";a="233194894" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2022 11:55:53 -0800 X-IronPort-AV: E=Sophos;i="5.90,146,1643702400"; d="scan'208";a="630133167" Received: from coffy.sc.intel.com ([10.3.79.166]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Mar 2022 11:55:53 -0800 From: Jithu Joseph To: hdegoede@redhat.com, markgross@kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, corbet@lwn.net, gregkh@linuxfoundation.org, andriy.shevchenko@linux.intel.com, jithu.joseph@intel.com, ashok.raj@intel.com, tony.luck@intel.com, rostedt@goodmis.org, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, platform-driver-x86@vger.kernel.org, patches@lists.linux.dev, ravi.v.shankar@intel.com Subject: [RFC 05/10] platform/x86/intel/ifs: Check IFS Image sanity Date: Tue, 1 Mar 2022 11:54:52 -0800 Message-Id: <20220301195457.21152-6-jithu.joseph@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220301195457.21152-1-jithu.joseph@intel.com> References: <20220301195457.21152-1-jithu.joseph@intel.com> X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org IFS image is designed specifically for a given family, model and stepping of the processor. Like Intel microcode header, the IFS image has the Processor Signature, Checksum and Processor Flags that must be matched with the information returned by the CPUID. Originally-by: Kyung Min Park Signed-off-by: Jithu Joseph Reviewed-by: Ashok Raj Reviewed-by: Tony Luck --- drivers/platform/x86/intel/ifs/load.c | 67 +++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c index 1a5e906c51af..b40f70258f8e 100644 --- a/drivers/platform/x86/intel/ifs/load.c +++ b/drivers/platform/x86/intel/ifs/load.c @@ -6,6 +6,7 @@ #include #include +#include #include "ifs.h" static const char *ifs_path = "intel/ifs/"; @@ -27,6 +28,67 @@ struct ifs_header { #define IFS_HEADER_SIZE (sizeof(struct ifs_header)) static struct ifs_header *ifs_header_ptr; /* pointer to the ifs image header */ static u64 ifs_hash_ptr; /* Address of ifs metadata (hash) */ +static int ifs_sanity_check(void *mc) +{ + struct microcode_header_intel *mc_header = mc; + unsigned long total_size, data_size; + u32 sum, i; + + total_size = get_totalsize(mc_header); + data_size = get_datasize(mc_header); + + if ((data_size + MC_HEADER_SIZE > total_size) || (total_size % sizeof(u32))) { + pr_err("bad ifs data file size.\n"); + return -EINVAL; + } + + if (mc_header->ldrver != 1 || mc_header->hdrver != 1) { + pr_err("invalid/unknown ifs update format.\n"); + return -EINVAL; + } + + sum = 0; + i = total_size / sizeof(u32); + while (i--) + sum += ((u32 *)mc)[i]; + + if (sum) { + pr_err("bad ifs data checksum, aborting.\n"); + return -EINVAL; + } + + return 0; +} + +static bool find_ifs_matching_signature(struct ucode_cpu_info *uci, void *mc) +{ + struct microcode_header_intel *shdr; + unsigned int mc_size; + + shdr = (struct microcode_header_intel *)mc; + mc_size = get_totalsize(shdr); + + if (!mc_size || ifs_sanity_check(shdr) < 0) { + pr_err("ifs sanity check failure\n"); + return false; + } + + if (!cpu_signatures_match(uci->cpu_sig.sig, uci->cpu_sig.pf, shdr->sig, shdr->pf)) { + pr_err("ifs signature, pf not matching\n"); + return false; + } + + return true; +} + +static bool ifs_image_sanity_check(void *data) +{ + struct ucode_cpu_info uci; + + collect_cpu_info_early(&uci); + + return find_ifs_matching_signature(&uci, data); +} static const struct firmware *load_binary(const char *path) { @@ -45,6 +107,11 @@ static const struct firmware *load_binary(const char *path) goto out; } + if (!ifs_image_sanity_check((void *)fw->data)) { + pr_err("ifs header sanity check failed\n"); + release_firmware(fw); + fw = NULL; + } out: platform_device_unregister(ifs_pdev); -- 2.17.1