lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1406146251-8540-8-git-send-email-hmh@hmh.eng.br>
Date:	Wed, 23 Jul 2014 17:10:50 -0300
From:	Henrique de Moraes Holschuh <hmh@....eng.br>
To:	linux-kernel@...r.kernel.org
Cc:	H Peter Anvin <hpa@...or.com>
Subject: [PATCH 7/8] x86, microcode, intel: forbid some incorrect metadata

Ensure that both the microcode data_size and total_size fields are a
multiple of the dword size (4 bytes).  The Intel SDM vol 3A (order code
253668-051US, June 2014) requires this to be true, and the driver code
assumes it will be true.

Add a comment to the code stating that it is best if we continue to
refrain from ensuring that total_size is a multiple of 1024 bytes.  The
reason to never add that check is non-obvious.

Refuse a microcode with a revision of zero, we reserve that for the
factory-provided microcode.

Signed-off-by: Henrique de Moraes Holschuh <hmh@....eng.br>
---
 arch/x86/kernel/cpu/microcode/intel_lib.c |   21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/cpu/microcode/intel_lib.c b/arch/x86/kernel/cpu/microcode/intel_lib.c
index 95c2d19..050cd4f 100644
--- a/arch/x86/kernel/cpu/microcode/intel_lib.c
+++ b/arch/x86/kernel/cpu/microcode/intel_lib.c
@@ -61,12 +61,22 @@ int microcode_sanity_check(void *mc, int print_err)
 	total_size = get_totalsize(mc_header);
 	data_size = get_datasize(mc_header);
 
-	if (data_size + MC_HEADER_SIZE > total_size) {
+	if ((data_size % DWSIZE) || (total_size % DWSIZE) ||
+	    (data_size + MC_HEADER_SIZE > total_size)) {
 		if (print_err)
-			pr_err("error! Bad data size in microcode data file\n");
+			pr_err("error! Bad data size or total size in microcode data file\n");
 		return -EINVAL;
 	}
 
+	/*
+	 * DO NOT add a check for total_size to be a multiple of 1024.
+	 *
+	 * While there is a requirement that total_size be a multiple of 1024
+	 * (Intel SDM vol 3A, section 9.11.1, table 9-6, page 9-29), it clashes
+	 * with the "delete extended signature table" procedure described for
+	 * the Checksum[n] field in the same table 9-6, at page 9-30).
+	 */
+
 	ext_table_size = total_size - (MC_HEADER_SIZE + data_size);
 	if (ext_table_size) {
 		if ((ext_table_size < EXT_HEADER_SIZE)
@@ -84,6 +94,13 @@ int microcode_sanity_check(void *mc, int print_err)
 		ext_sigcount = ext_header->count;
 	}
 
+	/* check some of the metadata */
+	if (mc_header->rev == 0) { /* reserved for silicon microcode */
+		if (print_err)
+			pr_err("error! Restricted revision 0 in microcode data file\n");
+		return -EINVAL;
+	}
+
 	/* check extended table checksum */
 	if (ext_table_size) {
 		int ext_table_sum = 0;
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ