lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 19 Nov 2018 02:12:56 -0800
From:   "tip-bot for Maciej S. Szmigiero" <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     bp@...e.de, x86@...nel.org, mingo@...nel.org,
        linux-kernel@...r.kernel.org, mail@...iej.szmigiero.name,
        hpa@...or.com, tglx@...utronix.de
Subject: [tip:x86/microcode] x86/microcode/AMD: Subtract SECTION_HDR_SIZE
 from file leftover length

Commit-ID:  479229d1607b6051abc4f9c2ccbb65338f030c65
Gitweb:     https://git.kernel.org/tip/479229d1607b6051abc4f9c2ccbb65338f030c65
Author:     Maciej S. Szmigiero <mail@...iej.szmigiero.name>
AuthorDate: Tue, 19 Jun 2018 20:47:31 +0200
Committer:  Borislav Petkov <bp@...e.de>
CommitDate: Mon, 19 Nov 2018 10:44:59 +0100

x86/microcode/AMD: Subtract SECTION_HDR_SIZE from file leftover length

verify_patch_size() verifies whether the remaining size of the microcode
container file is large enough to contain a patch of the indicated size.

However, the section header length is not included in this indicated
size but it is present in the leftover file length so it should be
subtracted from the leftover file length before passing this value to
verify_patch_size().

 [ bp: Split comment. ]

Signed-off-by: Maciej S. Szmigiero <mail@...iej.szmigiero.name>
Signed-off-by: Borislav Petkov <bp@...e.de>
Cc: x86-ml <x86@...nel.org>
Link: http://lkml.kernel.org/r/6df43f4f6a28186a13a66e8d7e61143c5e1a2324.1529424596.git.mail@maciej.szmigiero.name
---
 arch/x86/kernel/cpu/microcode/amd.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 07b5fc00b188..b44c9029860c 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -461,8 +461,12 @@ static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig)
 	return 0;
 }
 
-static unsigned int verify_patch_size(u8 family, u32 patch_size,
-				      unsigned int size)
+/*
+ * Check whether the passed remaining file @size is large enough to contain a
+ * patch of the indicated @patch_size (and also whether this size does not
+ * exceed the per-family maximum).
+ */
+static unsigned int verify_patch_size(u8 family, u32 patch_size, unsigned int size)
 {
 	u32 max_size;
 
@@ -621,7 +625,12 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover)
 		return crnt_size;
 	}
 
-	ret = verify_patch_size(family, patch_size, leftover);
+	/*
+	 * The section header length is not included in this indicated size
+	 * but is present in the leftover file length so we need to subtract
+	 * it before passing this value to the function below.
+	 */
+	ret = verify_patch_size(family, patch_size, leftover - SECTION_HDR_SIZE);
 	if (!ret) {
 		pr_err("Patch-ID 0x%08x: size mismatch.\n", mc_hdr->patch_id);
 		return crnt_size;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ