lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 2 Oct 2023 14:50:55 +0300 (EEST)
From:   Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To:     Jithu Joseph <jithu.joseph@...el.com>
cc:     Hans de Goede <hdegoede@...hat.com>, markgross@...nel.org,
        tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
        rostedt@...dmis.org, ashok.raj@...el.com, tony.luck@...el.com,
        LKML <linux-kernel@...r.kernel.org>,
        platform-driver-x86@...r.kernel.org, patches@...ts.linux.dev,
        ravi.v.shankar@...el.com, pengfei.xu@...el.com
Subject: Re: [PATCH v3 5/9] platform/x86/intel/ifs: Validate image size

On Mon, 2 Oct 2023, Ilpo Järvinen wrote:

> On Fri, 29 Sep 2023, Jithu Joseph wrote:
> 
> > Perform additional validation prior to loading IFS image.
> > 
> > Error out if the size of the file being loaded doesn't match the size
> > specified in the header.
> > 
> > Signed-off-by: Jithu Joseph <jithu.joseph@...el.com>
> > Reviewed-by: Tony Luck <tony.luck@...el.com>
> > Tested-by: Pengfei Xu <pengfei.xu@...el.com>
> > ---
> >  drivers/platform/x86/intel/ifs/load.c | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> > 
> > diff --git a/drivers/platform/x86/intel/ifs/load.c b/drivers/platform/x86/intel/ifs/load.c
> > index 6b827247945b..da54fd060878 100644
> > --- a/drivers/platform/x86/intel/ifs/load.c
> > +++ b/drivers/platform/x86/intel/ifs/load.c
> > @@ -375,6 +375,7 @@ int ifs_load_firmware(struct device *dev)
> >  {
> >  	const struct ifs_test_caps *test = ifs_get_test_caps(dev);
> >  	struct ifs_data *ifsd = ifs_get_data(dev);
> > +	unsigned int expected_size;
> >  	const struct firmware *fw;
> >  	char scan_path[64];
> >  	int ret = -EINVAL;
> > @@ -389,6 +390,13 @@ int ifs_load_firmware(struct device *dev)
> >  		goto done;
> >  	}
> >  
> > +	expected_size = ((struct microcode_header_intel *)fw->data)->totalsize;
> > +	if (fw->size != expected_size) {
> > +		dev_err(dev, "File size mismatch (expected %d, actual %ld). Corrupted IFS image.\n",
> > +			expected_size, fw->size);
> > +		return -EINVAL;
> > +	}
> > +
> >  	ret = image_sanity_check(dev, (struct microcode_header_intel *)fw->data);
> >  	if (ret)
> >  		goto release;
> > 
> 
> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>

Just after sending the rev-by, I realized this also has %d vs unsigned int
problem, and %ld should be using %zu as fw->size of size_t.

Feel free to add my rev-by after those two problems have been fixed.

-- 
 i.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ