On Tue, Feb 24, 2015 at 11:37:07AM +0100, Borislav Petkov wrote:
> @@ -159,42 +134,40 @@ static enum ucode_state
> matching_model_microcode(struct microcode_header_intel *mc_header,
> unsigned long sig)
> {
> - u8 x86, x86_model;
> - u8 x86_ucode, x86_model_ucode;
> + unsigned int fam, model;
> + unsigned int fam_ucode, model_ucode;
> struct extended_sigtable *ext_header;
> unsigned long total_size = get_totalsize(mc_header);
> unsigned long data_size = get_datasize(mc_header);
> int ext_sigcount, i;
> struct extended_signature *ext_sig;
>
> - x86 = get_x86_family(sig);
> - x86_model = get_x86_model(sig);
> + fam = __x86_family(sig);
> + model = x86_model(sig);
>
> - x86_ucode = get_x86_family(mc_header->sig);
> - x86_model_ucode = get_x86_model(mc_header->sig);
> + fam_ucode = __x86_family(mc_header->sig);
> + model_ucode = x86_model(mc_header->sig);
>
> - if (x86 == x86_ucode && x86_model == x86_model_ucode)
> + if (fam == fam_ucode && model == model_ucode)
> return UCODE_OK;
>
> /* Look for ext. headers: */
> if (total_size <= data_size + MC_HEADER_SIZE)
> return UCODE_NFOUND;
>
> - ext_header = (struct extended_sigtable *)
> - mc_header + data_size + MC_HEADER_SIZE;
> + ext_header = (struct extended_sigtable *)mc_header + data_size +
> MC_HEADER_SIZE;
> + ext_sig = (void *)ext_header + EXT_HEADER_SIZE;
I think we have another serious problem here, both in the original code and
in your patch - mc_header will first be casted to (unsigned long*) then
we'll add data_size and MC_HEADER_SIZE, potentially going way further than
intended. Same remark for ext_sig.
Quentin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
