lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <599FFEB6.4070707@bfs.de>
Date:   Fri, 25 Aug 2017 12:40:54 +0200
From:   walter harms <wharms@....de>
To:     Borislav Petkov <bp@...en8.de>
CC:     x86-ml <x86@...nel.org>, Dan Carpenter <dan.carpenter@...cle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] x86/microcode/intel: Improve microcode patches saving
 flow



Am 25.08.2017 12:04, schrieb Borislav Petkov:
> From: Borislav Petkov <bp@...e.de>
> 
> Avoid potentially dereferencing a NULL pointer when saving a microcode
> patch for early loading on the application processors.
> 
> While at it, drop the IS_ERR() checking in favor of simpler, NULL-ptr
> checks which are sufficient and rename __alloc_microcode_buf() to
> memdup_patch() to more precisely denote what it does.
> 
> No functionality change.
> 
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
> Signed-off-by: Borislav Petkov <bp@...e.de>
> ---
>  arch/x86/kernel/cpu/microcode/intel.c | 27 ++++++++++++++-------------
>  1 file changed, 14 insertions(+), 13 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
> index 59edbe9d4ccb..8f7a9bbad514 100644
> --- a/arch/x86/kernel/cpu/microcode/intel.c
> +++ b/arch/x86/kernel/cpu/microcode/intel.c
> @@ -146,18 +146,18 @@ static bool microcode_matches(struct microcode_header_intel *mc_header,
>  	return false;
>  }
>  
> -static struct ucode_patch *__alloc_microcode_buf(void *data, unsigned int size)
> +static struct ucode_patch *memdup_patch(void *data, unsigned int size)
>  {
>  	struct ucode_patch *p;
>  
>  	p = kzalloc(sizeof(struct ucode_patch), GFP_KERNEL);
>  	if (!p)
> -		return ERR_PTR(-ENOMEM);
> +		return NULL;
>  
>  	p->data = kmemdup(data, size, GFP_KERNEL);
>  	if (!p->data) {
>  		kfree(p);
> -		return ERR_PTR(-ENOMEM);
> +		return NULL;
>  	}
>  
>  	return p;
> @@ -183,8 +183,8 @@ static void save_microcode_patch(void *data, unsigned int size)
>  			if (mc_hdr->rev <= mc_saved_hdr->rev)
>  				continue;
>  
> -			p = __alloc_microcode_buf(data, size);
> -			if (IS_ERR(p))
> +			p = memdup_patch(data, size);
> +			if (!p)
>  				pr_err("Error allocating buffer %p\n", data);
>  			else
>  				list_replace(&iter->plist, &p->plist);
> @@ -196,24 +196,25 @@ static void save_microcode_patch(void *data, unsigned int size)
>  	 * newly found.
>  	 */
>  	if (!prev_found) {
> -		p = __alloc_microcode_buf(data, size);
> -		if (IS_ERR(p))
> +		p = memdup_patch(data, size);
> +		if (!p)
>  			pr_err("Error allocating buffer for %p\n", data);
>  		else
>  			list_add_tail(&p->plist, &microcode_cache);
>  	}
>  
> +	if (!p)
> +		return;
> +

just a bit nitpicking,
 i would expect something like that:

     p = memdup_patch(data, size);
     if (!p) {
        pr_err("Error allocating buffer for %p\n", data);
	return;
     }
     list_add_tail(&p->plist, &microcode_cache);

... because this is a normal pattern for OOF conditions and
    everyone will ask "Why continue when there is no memory"

just my 2 cents
re,
 wh


>  	/*
>  	 * Save for early loading. On 32-bit, that needs to be a physical
>  	 * address as the APs are running from physical addresses, before
>  	 * paging has been enabled.
>  	 */
> -	if (p) {
> -		if (IS_ENABLED(CONFIG_X86_32))
> -			intel_ucode_patch = (struct microcode_intel *)__pa_nodebug(p->data);
> -		else
> -			intel_ucode_patch = p->data;
> -	}
> +	if (IS_ENABLED(CONFIG_X86_32))
> +		intel_ucode_patch = (struct microcode_intel *)__pa_nodebug(p->data);
> +	else
> +		intel_ucode_patch = p->data;
>  }
>  
>  static int microcode_sanity_check(void *mc, int print_err)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ