subject:"\[PATCH v5 2\/6\] x86\/microcode\/AMD\: Add microcode container data checking functions"

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-05-01 Thread Maciej S. Szmigiero

On 01.05.2018 10:18, Borislav Petkov wrote:
> On Tue, May 01, 2018 at 12:27:17AM +0200, Maciej S. Szmigiero wrote:
>> These checking functions are supposed to be called in order:
> 
> We don't do magical rules like that - you either verify fully and
> correctly or you don't bother at all. And since you're adamant that this
> verification needs to happen, then please do it completely.
> 

These are internal functions to this driver, declared as "static", so
there is no problem if they have additional requirements with respect
to their call order.

But it is, of course, possible to do these checks also in the later
checking functions as you wish.

Maciej

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-05-01 Thread Maciej S. Szmigiero

On 01.05.2018 10:18, Borislav Petkov wrote:
> On Tue, May 01, 2018 at 12:27:17AM +0200, Maciej S. Szmigiero wrote:
>> These checking functions are supposed to be called in order:
> 
> We don't do magical rules like that - you either verify fully and
> correctly or you don't bother at all. And since you're adamant that this
> verification needs to happen, then please do it completely.
> 

These are internal functions to this driver, declared as "static", so
there is no problem if they have additional requirements with respect
to their call order.

But it is, of course, possible to do these checks also in the later
checking functions as you wish.

Maciej

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-05-01 Thread Borislav Petkov

On Tue, May 01, 2018 at 12:27:17AM +0200, Maciej S. Szmigiero wrote:
> These checking functions are supposed to be called in order:

We don't do magical rules like that - you either verify fully and
correctly or you don't bother at all. And since you're adamant that this
verification needs to happen, then please do it completely.

-- 
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-05-01 Thread Borislav Petkov

On Tue, May 01, 2018 at 12:27:17AM +0200, Maciej S. Szmigiero wrote:
> These checking functions are supposed to be called in order:

We don't do magical rules like that - you either verify fully and
correctly or you don't bother at all. And since you're adamant that this
verification needs to happen, then please do it completely.

-- 
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-04-30 Thread Maciej S. Szmigiero

On 30.04.2018 11:04, Borislav Petkov wrote:
> On Mon, Apr 23, 2018 at 11:34:07PM +0200, Maciej S. Szmigiero wrote:
>> --- a/arch/x86/kernel/cpu/microcode/amd.c
>> +++ b/arch/x86/kernel/cpu/microcode/amd.c
>> +/*
>> + * Checks whether there is a valid, non-truncated CPU equivalence table
>> + * at the beginning of a passed buffer @buf of size @size.
>> + * If @early is set this function does not print errors which makes it
>> + * usable by the early microcode loader.
>> + */
>> +static bool verify_equivalence_table(const u8 *buf, size_t buf_size, bool 
>> early)
>> +{
>> +const u32 *hdr = (const u32 *)buf;
>> +u32 cont_type, equiv_tbl_len;
>> +
>> +cont_type = hdr[1];
> 
> You need to check the size of buf so that there's enough buf passed in
> before you index into it like that.

These checking functions are supposed to be called in order:
first verify_container() verifies the basic container, then
verify_equivalence_table() verifies the equivalence table while not
repeating the checks that were already done by the former function.

>> +if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
>> +if (!early)
>> +pr_err("Wrong microcode container equivalence table 
>> type: %u.\n",
>> +   cont_type);
>> +
>> +return false;
>> +}
>> +
>> +equiv_tbl_len = hdr[2];
> 
> And that.

Same situation here.

>> +
>> +/*
>> + * Checks whether a microcode patch located at the beginning of a passed
>> + * buffer @buf of size @size is not too large for a particular @family
>> + * and is not truncated.
>> + * If @early is set this function does not print errors which makes it
>> + * usable by the early microcode loader.
>> + */
>> +static bool verify_patch(u8 family, const u8 *buf, size_t buf_size, bool 
>> early)
>> +{
>> +const u32 *hdr = (const u32 *)buf;
>> +u32 patch_size = hdr[1];
> 
> Just like in the first comment above.
> 

And a similar situation here - verify_patch() does not verify things
that were already checked by verify_container() or
verify_patch_section().

Thanks,
Maciej

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-04-30 Thread Maciej S. Szmigiero

On 30.04.2018 11:04, Borislav Petkov wrote:
> On Mon, Apr 23, 2018 at 11:34:07PM +0200, Maciej S. Szmigiero wrote:
>> --- a/arch/x86/kernel/cpu/microcode/amd.c
>> +++ b/arch/x86/kernel/cpu/microcode/amd.c
>> +/*
>> + * Checks whether there is a valid, non-truncated CPU equivalence table
>> + * at the beginning of a passed buffer @buf of size @size.
>> + * If @early is set this function does not print errors which makes it
>> + * usable by the early microcode loader.
>> + */
>> +static bool verify_equivalence_table(const u8 *buf, size_t buf_size, bool 
>> early)
>> +{
>> +const u32 *hdr = (const u32 *)buf;
>> +u32 cont_type, equiv_tbl_len;
>> +
>> +cont_type = hdr[1];
> 
> You need to check the size of buf so that there's enough buf passed in
> before you index into it like that.

These checking functions are supposed to be called in order:
first verify_container() verifies the basic container, then
verify_equivalence_table() verifies the equivalence table while not
repeating the checks that were already done by the former function.

>> +if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
>> +if (!early)
>> +pr_err("Wrong microcode container equivalence table 
>> type: %u.\n",
>> +   cont_type);
>> +
>> +return false;
>> +}
>> +
>> +equiv_tbl_len = hdr[2];
> 
> And that.

Same situation here.

>> +
>> +/*
>> + * Checks whether a microcode patch located at the beginning of a passed
>> + * buffer @buf of size @size is not too large for a particular @family
>> + * and is not truncated.
>> + * If @early is set this function does not print errors which makes it
>> + * usable by the early microcode loader.
>> + */
>> +static bool verify_patch(u8 family, const u8 *buf, size_t buf_size, bool 
>> early)
>> +{
>> +const u32 *hdr = (const u32 *)buf;
>> +u32 patch_size = hdr[1];
> 
> Just like in the first comment above.
> 

And a similar situation here - verify_patch() does not verify things
that were already checked by verify_container() or
verify_patch_section().

Thanks,
Maciej

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-04-30 Thread Borislav Petkov

On Mon, Apr 23, 2018 at 11:34:07PM +0200, Maciej S. Szmigiero wrote:
> This commit adds verify_container(), verify_equivalence_table(),

Avoid beginning the commit message of a patch with "This patch" or "This
commit". It is tautologically useless.

> verify_patch_section() and verify_patch() functions to the AMD microcode
> update driver.
> These functions check whether a passed buffer contains the relevant
> structure, whether it isn't truncated and (for actual microcode patches)
> whether the size of a patch is not too large for a particular CPU family.
> By adding these checks as separate functions the actual microcode loading
> code won't get interspersed with a lot of checks and so will be more
> readable.
> 
> Signed-off-by: Maciej S. Szmigiero 
> ---
>  arch/x86/kernel/cpu/microcode/amd.c | 140 
> +++-
>  1 file changed, 137 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/microcode/amd.c 
> b/arch/x86/kernel/cpu/microcode/amd.c
> index dc8ea9a9d962..4fafaf0852d7 100644
> --- a/arch/x86/kernel/cpu/microcode/amd.c
> +++ b/arch/x86/kernel/cpu/microcode/amd.c
> @@ -73,6 +73,142 @@ static u16 find_equiv_id(struct equiv_cpu_entry 
> *equiv_table, u32 sig)
>   return 0;
>  }
>  
> +/*
> + * Checks whether there is a valid microcode container file at the beginning
> + * of a passed buffer @buf of size @size.
> + * If @early is set this function does not print errors which makes it
> + * usable by the early microcode loader.
> + */
> +static bool verify_container(const u8 *buf, size_t buf_size, bool early)
> +{
> + u32 cont_magic;
> +
> + if (buf_size <= CONTAINER_HDR_SZ) {
> + if (!early)
> + pr_err("Truncated microcode container header.\n");
> +
> + return false;
> + }
> +
> + cont_magic = *(const u32 *)buf;
> + if (cont_magic != UCODE_MAGIC) {
> + if (!early)
> + pr_err("Invalid magic value (0x%08x).\n", cont_magic);
> +
> + return false;
> + }
> +
> + return true;
> +}
> +
> +/*
> + * Checks whether there is a valid, non-truncated CPU equivalence table
> + * at the beginning of a passed buffer @buf of size @size.
> + * If @early is set this function does not print errors which makes it
> + * usable by the early microcode loader.
> + */
> +static bool verify_equivalence_table(const u8 *buf, size_t buf_size, bool 
> early)
> +{
> + const u32 *hdr = (const u32 *)buf;
> + u32 cont_type, equiv_tbl_len;
> +
> + cont_type = hdr[1];

You need to check the size of buf so that there's enough buf passed in
before you index into it like that.

> + if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
> + if (!early)
> + pr_err("Wrong microcode container equivalence table 
> type: %u.\n",
> +cont_type);
> +
> + return false;
> + }
> +
> + equiv_tbl_len = hdr[2];

And that.

> + if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
> + buf_size - CONTAINER_HDR_SZ < equiv_tbl_len) {
> + if (!early)
> + pr_err("Truncated equivalence table.\n");
> +
> + return false;
> + }
> +
> + return true;
> +}
> +
> +/*
> + * Checks whether there is a valid, non-truncated microcode patch section
> + * at the beginning of a passed buffer @buf of size @size.
> + * If @early is set this function does not print errors which makes it
> + * usable by the early microcode loader.
> + */
> +static bool verify_patch_section(const u8 *buf, size_t buf_size, bool early)
> +{
> + const u32 *hdr = (const u32 *)buf;
> + u32 patch_type, patch_size;
> +
> + if (buf_size < SECTION_HDR_SIZE) {
> + if (!early)
> + pr_err("Truncated patch section.\n");
> +
> + return false;
> + }
> +
> + patch_type = hdr[0];
> + patch_size = hdr[1];
> +
> + if (patch_type != UCODE_UCODE_TYPE) {
> + if (!early)
> + pr_err("Invalid type field (%u) in container file 
> section header.\n",
> + patch_type);
> +
> + return false;
> + }
> +
> + if (patch_size < sizeof(struct microcode_header_amd)) {
> + if (!early)
> + pr_err("Patch of size %u too short.\n", patch_size);
> +
> + return false;
> + }
> +
> + if (buf_size - SECTION_HDR_SIZE < patch_size) {
> + if (!early)
> + pr_err("Patch of size %u truncated.\n", patch_size);
> +
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static unsigned int verify_patch_size(u8 family, u32 patch_size,
> +   unsigned int size);

No forward declarations pls.

> +
> +/*
> + * Checks whether a microcode patch located at the beginning of a passed
> + * buffer @buf of size @size is not too large for a

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-04-30 Thread Borislav Petkov

On Mon, Apr 23, 2018 at 11:34:07PM +0200, Maciej S. Szmigiero wrote:
> This commit adds verify_container(), verify_equivalence_table(),

Avoid beginning the commit message of a patch with "This patch" or "This
commit". It is tautologically useless.

> verify_patch_section() and verify_patch() functions to the AMD microcode
> update driver.
> These functions check whether a passed buffer contains the relevant
> structure, whether it isn't truncated and (for actual microcode patches)
> whether the size of a patch is not too large for a particular CPU family.
> By adding these checks as separate functions the actual microcode loading
> code won't get interspersed with a lot of checks and so will be more
> readable.
> 
> Signed-off-by: Maciej S. Szmigiero 
> ---
>  arch/x86/kernel/cpu/microcode/amd.c | 140 
> +++-
>  1 file changed, 137 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/microcode/amd.c 
> b/arch/x86/kernel/cpu/microcode/amd.c
> index dc8ea9a9d962..4fafaf0852d7 100644
> --- a/arch/x86/kernel/cpu/microcode/amd.c
> +++ b/arch/x86/kernel/cpu/microcode/amd.c
> @@ -73,6 +73,142 @@ static u16 find_equiv_id(struct equiv_cpu_entry 
> *equiv_table, u32 sig)
>   return 0;
>  }
>  
> +/*
> + * Checks whether there is a valid microcode container file at the beginning
> + * of a passed buffer @buf of size @size.
> + * If @early is set this function does not print errors which makes it
> + * usable by the early microcode loader.
> + */
> +static bool verify_container(const u8 *buf, size_t buf_size, bool early)
> +{
> + u32 cont_magic;
> +
> + if (buf_size <= CONTAINER_HDR_SZ) {
> + if (!early)
> + pr_err("Truncated microcode container header.\n");
> +
> + return false;
> + }
> +
> + cont_magic = *(const u32 *)buf;
> + if (cont_magic != UCODE_MAGIC) {
> + if (!early)
> + pr_err("Invalid magic value (0x%08x).\n", cont_magic);
> +
> + return false;
> + }
> +
> + return true;
> +}
> +
> +/*
> + * Checks whether there is a valid, non-truncated CPU equivalence table
> + * at the beginning of a passed buffer @buf of size @size.
> + * If @early is set this function does not print errors which makes it
> + * usable by the early microcode loader.
> + */
> +static bool verify_equivalence_table(const u8 *buf, size_t buf_size, bool 
> early)
> +{
> + const u32 *hdr = (const u32 *)buf;
> + u32 cont_type, equiv_tbl_len;
> +
> + cont_type = hdr[1];

You need to check the size of buf so that there's enough buf passed in
before you index into it like that.

> + if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
> + if (!early)
> + pr_err("Wrong microcode container equivalence table 
> type: %u.\n",
> +cont_type);
> +
> + return false;
> + }
> +
> + equiv_tbl_len = hdr[2];

And that.

> + if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
> + buf_size - CONTAINER_HDR_SZ < equiv_tbl_len) {
> + if (!early)
> + pr_err("Truncated equivalence table.\n");
> +
> + return false;
> + }
> +
> + return true;
> +}
> +
> +/*
> + * Checks whether there is a valid, non-truncated microcode patch section
> + * at the beginning of a passed buffer @buf of size @size.
> + * If @early is set this function does not print errors which makes it
> + * usable by the early microcode loader.
> + */
> +static bool verify_patch_section(const u8 *buf, size_t buf_size, bool early)
> +{
> + const u32 *hdr = (const u32 *)buf;
> + u32 patch_type, patch_size;
> +
> + if (buf_size < SECTION_HDR_SIZE) {
> + if (!early)
> + pr_err("Truncated patch section.\n");
> +
> + return false;
> + }
> +
> + patch_type = hdr[0];
> + patch_size = hdr[1];
> +
> + if (patch_type != UCODE_UCODE_TYPE) {
> + if (!early)
> + pr_err("Invalid type field (%u) in container file 
> section header.\n",
> + patch_type);
> +
> + return false;
> + }
> +
> + if (patch_size < sizeof(struct microcode_header_amd)) {
> + if (!early)
> + pr_err("Patch of size %u too short.\n", patch_size);
> +
> + return false;
> + }
> +
> + if (buf_size - SECTION_HDR_SIZE < patch_size) {
> + if (!early)
> + pr_err("Patch of size %u truncated.\n", patch_size);
> +
> + return false;
> + }
> +
> + return true;
> +}
> +
> +static unsigned int verify_patch_size(u8 family, u32 patch_size,
> +   unsigned int size);

No forward declarations pls.

> +
> +/*
> + * Checks whether a microcode patch located at the beginning of a passed
> + * buffer @buf of size @size is not too large for a particular @family
> + * and is

[PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-04-23 Thread Maciej S. Szmigiero

This commit adds verify_container(), verify_equivalence_table(),
verify_patch_section() and verify_patch() functions to the AMD microcode
update driver.
These functions check whether a passed buffer contains the relevant
structure, whether it isn't truncated and (for actual microcode patches)
whether the size of a patch is not too large for a particular CPU family.
By adding these checks as separate functions the actual microcode loading
code won't get interspersed with a lot of checks and so will be more
readable.

Signed-off-by: Maciej S. Szmigiero 
---
 arch/x86/kernel/cpu/microcode/amd.c | 140 +++-
 1 file changed, 137 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/amd.c 
b/arch/x86/kernel/cpu/microcode/amd.c
index dc8ea9a9d962..4fafaf0852d7 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -73,6 +73,142 @@ static u16 find_equiv_id(struct equiv_cpu_entry 
*equiv_table, u32 sig)
return 0;
 }
 
+/*
+ * Checks whether there is a valid microcode container file at the beginning
+ * of a passed buffer @buf of size @size.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_container(const u8 *buf, size_t buf_size, bool early)
+{
+   u32 cont_magic;
+
+   if (buf_size <= CONTAINER_HDR_SZ) {
+   if (!early)
+   pr_err("Truncated microcode container header.\n");
+
+   return false;
+   }
+
+   cont_magic = *(const u32 *)buf;
+   if (cont_magic != UCODE_MAGIC) {
+   if (!early)
+   pr_err("Invalid magic value (0x%08x).\n", cont_magic);
+
+   return false;
+   }
+
+   return true;
+}
+
+/*
+ * Checks whether there is a valid, non-truncated CPU equivalence table
+ * at the beginning of a passed buffer @buf of size @size.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_equivalence_table(const u8 *buf, size_t buf_size, bool 
early)
+{
+   const u32 *hdr = (const u32 *)buf;
+   u32 cont_type, equiv_tbl_len;
+
+   cont_type = hdr[1];
+   if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
+   if (!early)
+   pr_err("Wrong microcode container equivalence table 
type: %u.\n",
+  cont_type);
+
+   return false;
+   }
+
+   equiv_tbl_len = hdr[2];
+   if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
+   buf_size - CONTAINER_HDR_SZ < equiv_tbl_len) {
+   if (!early)
+   pr_err("Truncated equivalence table.\n");
+
+   return false;
+   }
+
+   return true;
+}
+
+/*
+ * Checks whether there is a valid, non-truncated microcode patch section
+ * at the beginning of a passed buffer @buf of size @size.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_patch_section(const u8 *buf, size_t buf_size, bool early)
+{
+   const u32 *hdr = (const u32 *)buf;
+   u32 patch_type, patch_size;
+
+   if (buf_size < SECTION_HDR_SIZE) {
+   if (!early)
+   pr_err("Truncated patch section.\n");
+
+   return false;
+   }
+
+   patch_type = hdr[0];
+   patch_size = hdr[1];
+
+   if (patch_type != UCODE_UCODE_TYPE) {
+   if (!early)
+   pr_err("Invalid type field (%u) in container file 
section header.\n",
+   patch_type);
+
+   return false;
+   }
+
+   if (patch_size < sizeof(struct microcode_header_amd)) {
+   if (!early)
+   pr_err("Patch of size %u too short.\n", patch_size);
+
+   return false;
+   }
+
+   if (buf_size - SECTION_HDR_SIZE < patch_size) {
+   if (!early)
+   pr_err("Patch of size %u truncated.\n", patch_size);
+
+   return false;
+   }
+
+   return true;
+}
+
+static unsigned int verify_patch_size(u8 family, u32 patch_size,
+ unsigned int size);
+
+/*
+ * Checks whether a microcode patch located at the beginning of a passed
+ * buffer @buf of size @size is not too large for a particular @family
+ * and is not truncated.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_patch(u8 family, const u8 *buf, size_t buf_size, bool early)
+{
+   const u32 *hdr = (const u32 *)buf;
+   u32 patch_size = hdr[1];
+
+   /*
+* The section header length is not included in this indicated size
+* but is present in the leftover file length so we need to subtract
+* it

[PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

2018-04-23 Thread Maciej S. Szmigiero

This commit adds verify_container(), verify_equivalence_table(),
verify_patch_section() and verify_patch() functions to the AMD microcode
update driver.
These functions check whether a passed buffer contains the relevant
structure, whether it isn't truncated and (for actual microcode patches)
whether the size of a patch is not too large for a particular CPU family.
By adding these checks as separate functions the actual microcode loading
code won't get interspersed with a lot of checks and so will be more
readable.

Signed-off-by: Maciej S. Szmigiero 
---
 arch/x86/kernel/cpu/microcode/amd.c | 140 +++-
 1 file changed, 137 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/amd.c 
b/arch/x86/kernel/cpu/microcode/amd.c
index dc8ea9a9d962..4fafaf0852d7 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -73,6 +73,142 @@ static u16 find_equiv_id(struct equiv_cpu_entry 
*equiv_table, u32 sig)
return 0;
 }
 
+/*
+ * Checks whether there is a valid microcode container file at the beginning
+ * of a passed buffer @buf of size @size.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_container(const u8 *buf, size_t buf_size, bool early)
+{
+   u32 cont_magic;
+
+   if (buf_size <= CONTAINER_HDR_SZ) {
+   if (!early)
+   pr_err("Truncated microcode container header.\n");
+
+   return false;
+   }
+
+   cont_magic = *(const u32 *)buf;
+   if (cont_magic != UCODE_MAGIC) {
+   if (!early)
+   pr_err("Invalid magic value (0x%08x).\n", cont_magic);
+
+   return false;
+   }
+
+   return true;
+}
+
+/*
+ * Checks whether there is a valid, non-truncated CPU equivalence table
+ * at the beginning of a passed buffer @buf of size @size.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_equivalence_table(const u8 *buf, size_t buf_size, bool 
early)
+{
+   const u32 *hdr = (const u32 *)buf;
+   u32 cont_type, equiv_tbl_len;
+
+   cont_type = hdr[1];
+   if (cont_type != UCODE_EQUIV_CPU_TABLE_TYPE) {
+   if (!early)
+   pr_err("Wrong microcode container equivalence table 
type: %u.\n",
+  cont_type);
+
+   return false;
+   }
+
+   equiv_tbl_len = hdr[2];
+   if (equiv_tbl_len < sizeof(struct equiv_cpu_entry) ||
+   buf_size - CONTAINER_HDR_SZ < equiv_tbl_len) {
+   if (!early)
+   pr_err("Truncated equivalence table.\n");
+
+   return false;
+   }
+
+   return true;
+}
+
+/*
+ * Checks whether there is a valid, non-truncated microcode patch section
+ * at the beginning of a passed buffer @buf of size @size.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_patch_section(const u8 *buf, size_t buf_size, bool early)
+{
+   const u32 *hdr = (const u32 *)buf;
+   u32 patch_type, patch_size;
+
+   if (buf_size < SECTION_HDR_SIZE) {
+   if (!early)
+   pr_err("Truncated patch section.\n");
+
+   return false;
+   }
+
+   patch_type = hdr[0];
+   patch_size = hdr[1];
+
+   if (patch_type != UCODE_UCODE_TYPE) {
+   if (!early)
+   pr_err("Invalid type field (%u) in container file 
section header.\n",
+   patch_type);
+
+   return false;
+   }
+
+   if (patch_size < sizeof(struct microcode_header_amd)) {
+   if (!early)
+   pr_err("Patch of size %u too short.\n", patch_size);
+
+   return false;
+   }
+
+   if (buf_size - SECTION_HDR_SIZE < patch_size) {
+   if (!early)
+   pr_err("Patch of size %u truncated.\n", patch_size);
+
+   return false;
+   }
+
+   return true;
+}
+
+static unsigned int verify_patch_size(u8 family, u32 patch_size,
+ unsigned int size);
+
+/*
+ * Checks whether a microcode patch located at the beginning of a passed
+ * buffer @buf of size @size is not too large for a particular @family
+ * and is not truncated.
+ * If @early is set this function does not print errors which makes it
+ * usable by the early microcode loader.
+ */
+static bool verify_patch(u8 family, const u8 *buf, size_t buf_size, bool early)
+{
+   const u32 *hdr = (const u32 *)buf;
+   u32 patch_size = hdr[1];
+
+   /*
+* The section header length is not included in this indicated size
+* but is present in the leftover file length so we need to subtract
+* it before passing this value to

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

Re: [PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

[PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

[PATCH v5 2/6] x86/microcode/AMD: Add microcode container data checking functions

10 matches

Site Navigation

Mail list logo

Footer information