[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Aravind Gopalakrishnan <aravind.gopalakrishnan@xxxxxxx>
Date: Fri, 25 Apr 2014 14:48:10 -0500
Cc: Thomas.Lendacky@xxxxxxx, keir@xxxxxxx, Suravee.Suthikulpanit@xxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Fri, 25 Apr 2014 19:48:29 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 4/25/2014 2:00 AM, Jan Beulich wrote:

On 24.04.14 at 21:54, <aravind.gopalakrishnan@xxxxxxx> wrote:

Each family has a stipulated max patch_size. Use this as
additional sanity check before we apply it.

And iirc there was a size limit check earlier, and it got dropped for one
reason or another - did you check history?


Yes, I believe you are referring to this commit:

commit 5663cc8258cef27509a437ebd95061b8b01b9c01
Author:     Christoph Egger <Christoph.Egger@xxxxxxx>
AuthorDate: Thu Dec 15 11:00:09 2011 +0100
Commit:     Christoph Egger <Christoph.Egger@xxxxxxx>
CommitDate: Thu Dec 15 11:00:09 2011 +0100

    x86/ucode: fix for AMD Fam15 CPUs

    Remove hardcoded maximum size a microcode patch can have. This is
    dynamic now.

    The microcode patch for family15h can be larger than 2048 bytes and
    gets silently truncated.

    Signed-off-by: Christoph Egger <Christoph.Egger@xxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Committed-by: Jan Beulich <jbeulich@xxxxxxxx>

The above patch was to make the microcode patch buffer allocation dynamic.
The hunk below simply verifies that we don't exceed the 'max_size'..

@@ -94,7 +94,40 @@ static int collect_cpu_info(int cpu, struct cpu_signature 
*csig)
      return 0;
  }

-static bool_t microcode_fits(const struct microcode_amd *mc_amd, int cpu)

+static bool_t verify_patch_size(uint32_t patch_size)
+{
+    uint8_t family;
+    uint32_t max_size;
+
+#define F1XH_MPB_MAX_SIZE 2048
+#define F14H_MPB_MAX_SIZE 1824
+#define F15H_MPB_MAX_SIZE 4096
+#define F16H_MPB_MAX_SIZE 3458
+
+    family = boot_cpu_data.x86;
+    switch (family)
+    {
+    case 0x14:
+        max_size = F14H_MPB_MAX_SIZE;
+        break;
+    case 0x15:
+        max_size = F15H_MPB_MAX_SIZE;
+        break;
+    case 0x16:
+        max_size = F16H_MPB_MAX_SIZE;
+        break;
+    default:
+        max_size = F1XH_MPB_MAX_SIZE;
+        break;
+    }
+
+    if ( patch_size > max_size )
+        return 0;
+
+    return 1;

Please simply "return patch_size <= max_size" in cases like this.


Okay.

@@ -329,6 +369,11 @@ static int cpu_request_microcode(int cpu, const void *buf, 
size_t bufsize)
last_offset = offset;+ if ( error == -EEXIST ) {

Coding style, but as Andrew already indicated this block of code isn't
correct anyway.

Yes, will fix this. But some help in understanding the microcode_initcalls would help me here..

(Pleas refer reply to Andrew's comments)

@@ -370,9 +415,11 @@ static int microcode_resume_match(int cpu, const void *mc)
      struct ucode_cpu_info *uci = &per_cpu(ucode_cpu_info, cpu);
      struct microcode_amd *mc_amd = uci->mc.mc_amd;
      const struct microcode_amd *src = mc;
+    int error;

- if ( !microcode_fits(src, cpu) )

-        return 0;
+    error = microcode_fits(src, cpu);
+    if ( error )
+        return error;

Is it really correct for this to get switched from success to error return?

Previously, microcode_fits returned '1' for Success, '0' for error. So,the condition returns '0' when return val is '0'

This mechanism is still preserved in the changes made above..

@@ -383,10 +430,11 @@ static int microcode_resume_match(int cpu, const void *mc)
              xfree(mc_amd);
          }

+ error = -ENOMEM;

          mc_amd = xmalloc(struct microcode_amd);
          uci->mc.mc_amd = mc_amd;
          if ( !mc_amd )
-            return -ENOMEM;
+            return error;

Bogus (pointless) change?

@@ -408,7 +456,7 @@ err2:
  err1:
      xfree(mc_amd);
      uci->mc.mc_amd = NULL;
-    return -ENOMEM;
+    return error;

Same here.


Hmm. Okay, Will just revert this.

Thanks,
-Aravind.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply
  - From: Aravind Gopalakrishnan
- Re: [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply
Next by Date: [Xen-devel] [PATCH 2/4] x86/boot: Early data should live in init.data
Previous by thread: Re: [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply
Next by thread: Re: [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.