Module Name: src Committed By: msaitoh Date: Thu Sep 15 14:34:22 UTC 2022
Modified Files: src/sys/arch/x86/include: cpu_ucode.h src/sys/arch/x86/x86: cpu_ucode_intel.c Log Message: Verify checksum of the extended signature table. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/sys/arch/x86/include/cpu_ucode.h cvs rdiff -u -r1.19 -r1.20 src/sys/arch/x86/x86/cpu_ucode_intel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/arch/x86/include/cpu_ucode.h diff -u src/sys/arch/x86/include/cpu_ucode.h:1.4 src/sys/arch/x86/include/cpu_ucode.h:1.5 --- src/sys/arch/x86/include/cpu_ucode.h:1.4 Sat Mar 17 15:56:32 2018 +++ src/sys/arch/x86/include/cpu_ucode.h Thu Sep 15 14:34:22 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu_ucode.h,v 1.4 2018/03/17 15:56:32 christos Exp $ */ +/* $NetBSD: cpu_ucode.h,v 1.5 2022/09/15 14:34:22 msaitoh Exp $ */ /* * Copyright (c) 2012 The NetBSD Foundation, Inc. * All rights reserved. @@ -69,17 +69,16 @@ struct intel1_ucode_header { uint32_t uh_reserved[3]; }; -struct intel1_ucode_proc_signature { - uint32_t ups_signature; - uint32_t ups_proc_flags; - uint32_t ups_checksum; -}; - struct intel1_ucode_ext_table { uint32_t uet_count; uint32_t uet_checksum; uint32_t uet_reserved[3]; - struct intel1_ucode_proc_signature uet_proc_sig[1]; +}; + +struct intel1_ucode_proc_signature { + uint32_t ups_signature; + uint32_t ups_proc_flags; + uint32_t ups_checksum; }; #endif Index: src/sys/arch/x86/x86/cpu_ucode_intel.c diff -u src/sys/arch/x86/x86/cpu_ucode_intel.c:1.19 src/sys/arch/x86/x86/cpu_ucode_intel.c:1.20 --- src/sys/arch/x86/x86/cpu_ucode_intel.c:1.19 Thu Sep 15 01:30:56 2022 +++ src/sys/arch/x86/x86/cpu_ucode_intel.c Thu Sep 15 14:34:22 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cpu_ucode_intel.c,v 1.19 2022/09/15 01:30:56 msaitoh Exp $ */ +/* $NetBSD: cpu_ucode_intel.c,v 1.20 2022/09/15 14:34:22 msaitoh Exp $ */ /* * Copyright (c) 2012, 2019 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: cpu_ucode_intel.c,v 1.19 2022/09/15 01:30:56 msaitoh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: cpu_ucode_intel.c,v 1.20 2022/09/15 14:34:22 msaitoh Exp $"); #ifdef _KERNEL_OPT #include "opt_xen.h" @@ -111,8 +111,10 @@ static int cpu_ucode_intel_verify(struct cpu_ucode_softc *sc, struct intel1_ucode_header *buf) { + struct intel1_ucode_ext_table *ehdr; uint32_t data_size, total_size, payload_size, ext_size; uint32_t sum; + uint32_t *p; int i; if ((buf->uh_header_ver != 1) || (buf->uh_loader_rev != 1)) @@ -143,21 +145,32 @@ cpu_ucode_intel_verify(struct cpu_ucode_ if (payload_size > sc->sc_blobsize) return EINVAL; - /* - * Verify checksum of update data and header. Exclude extended - * signature. - */ + /* Verify checksum of update data and header(s). */ sum = 0; - for (i = 0; i < (payload_size / sizeof(uint32_t)); i++) { - sum += *((uint32_t *)buf + i); - } + p = (uint32_t *)buf; + for (i = 0; i < (payload_size / sizeof(uint32_t)); i++) + sum += p[i]; if (sum != 0) return EINVAL; - /* Extended table size. Ignored for now. */ ext_size = total_size - payload_size; - if (ext_size > 0) - printf("This image has extended signature table.\n"); + if (ext_size > 0) { + /* This image has extended signature table. */ + ehdr = (struct intel1_ucode_ext_table *) + ((uint8_t *)buf + sizeof(struct intel1_ucode_header) + + data_size); + payload_size = + sizeof(struct intel1_ucode_ext_table) + + sizeof(struct intel1_ucode_proc_signature) * + ehdr->uet_count; + + sum = 0; + p = (uint32_t *)ehdr; + for (i = 0; i < (payload_size / sizeof(uint32_t)); i++) + sum += p[i]; + if (sum != 0) + return EINVAL; + } return 0; }