64 lines
2.4 KiB
Diff
64 lines
2.4 KiB
Diff
From d9032189bbe791846b2c3e224ae164e106e2be1b Mon Sep 17 00:00:00 2001
|
|
From: Kees Cook <keescook@chromium.org>
|
|
Date: Wed, 21 Sep 2022 20:10:10 -0700
|
|
Subject: [PATCH 22/36] x86/microcode/AMD: Track patch allocation size
|
|
explicitly
|
|
|
|
In preparation for reducing the use of ksize(), record the actual
|
|
allocation size for later memcpy(). This avoids copying extra
|
|
(uninitialized!) bytes into the patch buffer when the requested
|
|
allocation size isn't exactly the size of a kmalloc bucket.
|
|
Additionally, fix potential future issues where runtime bounds checking
|
|
will notice that the buffer was allocated to a smaller value than
|
|
returned by ksize().
|
|
|
|
Fixes: 757885e94a22 ("x86, microcode, amd: Early microcode patch loading support for AMD")
|
|
Suggested-by: Daniel Micay <danielmicay@gmail.com>
|
|
Signed-off-by: Kees Cook <keescook@chromium.org>
|
|
Signed-off-by: Borislav Petkov <bp@suse.de>
|
|
Link: https://lore.kernel.org/lkml/CA+DvKQ+bp7Y7gmaVhacjv9uF6Ar-o4tet872h4Q8RPYPJjcJQA@mail.gmail.com/
|
|
(cherry picked from commit 712f210a457d9c32414df246a72781550bc23ef6)
|
|
Signed-off-by: Mridula Shastry <mridula.c.shastry@oracle.com>
|
|
Reviewed-by: Todd Vierling <todd.vierling@oracle.com>
|
|
---
|
|
arch/x86/include/asm/microcode.h | 1 +
|
|
arch/x86/kernel/cpu/microcode/amd.c | 3 ++-
|
|
2 files changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
|
|
index 67051a58a18b..629330986955 100644
|
|
--- a/arch/x86/include/asm/microcode.h
|
|
+++ b/arch/x86/include/asm/microcode.h
|
|
@@ -9,6 +9,7 @@
|
|
struct ucode_patch {
|
|
struct list_head plist;
|
|
void *data; /* Intel uses only this one */
|
|
+ unsigned int size;
|
|
u32 patch_id;
|
|
u16 equiv_cpu;
|
|
};
|
|
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
|
|
index 6ab27650f8a7..030f69f93c00 100644
|
|
--- a/arch/x86/kernel/cpu/microcode/amd.c
|
|
+++ b/arch/x86/kernel/cpu/microcode/amd.c
|
|
@@ -791,6 +791,7 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover,
|
|
kfree(patch);
|
|
return -EINVAL;
|
|
}
|
|
+ patch->size = *patch_size;
|
|
|
|
mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE);
|
|
proc_id = mc_hdr->processor_rev_id;
|
|
@@ -868,7 +869,7 @@ static enum ucode_state load_microcode_amd(u8 family, const u8 *data, size_t siz
|
|
}
|
|
|
|
memset(amd_ucode_patch, 0, PATCH_MAX_SIZE);
|
|
- memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE));
|
|
+ memcpy(amd_ucode_patch, p->data, min_t(u32, p->size, PATCH_MAX_SIZE));
|
|
|
|
return ret;
|
|
}
|
|
--
|
|
2.39.3
|
|
|