We should check whether the patch section currently being processed is
actually a patch section for each of them (not just the first one) in the
late loader verify_and_add_patch() function, just like the early loader
already does in parse_container() function.

Signed-off-by: Maciej S. Szmigiero <m...@maciej.szmigiero.name>
---
 arch/x86/kernel/cpu/microcode/amd.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/amd.c 
b/arch/x86/kernel/cpu/microcode/amd.c
index 0f78200f2f6c..3ad23e72c2b0 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -627,6 +627,11 @@ static int verify_and_add_patch(u8 family, u8 *fw, size_t 
leftover)
        if (leftover < SECTION_HDR_SIZE + sizeof(*mc_hdr))
                return leftover;
 
+       if (*(u32 *)fw != UCODE_UCODE_TYPE) {
+               pr_err("invalid type field in container file section header\n");
+               return -EINVAL;
+       }
+
        patch_size  = *(u32 *)(fw + 4);
        if (patch_size > PATCH_MAX_SIZE) {
                pr_err("patch size %u too large\n", patch_size);
@@ -704,12 +709,6 @@ static enum ucode_state __load_microcode_amd(u8 family, 
const u8 *data,
        fw += offset;
        leftover = size - offset;
 
-       if (*(u32 *)fw != UCODE_UCODE_TYPE) {
-               pr_err("invalid type field in container file section header\n");
-               free_equiv_cpu_table();
-               return ret;
-       }
-
        while (leftover) {
                crnt_size = verify_and_add_patch(family, fw, leftover);
                if (crnt_size < 0)

Reply via email to