[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86, amd_ucode: Verify max allowed patch size before apply



On 4/25/2014 2:00 AM, Jan Beulich wrote:
On 24.04.14 at 21:54, <aravind.gopalakrishnan@xxxxxxx> wrote:
Each family has a stipulated max patch_size. Use this as
additional sanity check before we apply it.
And iirc there was a size limit check earlier, and it got dropped for one
reason or another - did you check history?

Yes, I believe you are referring to this commit:

commit 5663cc8258cef27509a437ebd95061b8b01b9c01
Author:     Christoph Egger <Christoph.Egger@xxxxxxx>
AuthorDate: Thu Dec 15 11:00:09 2011 +0100
Commit:     Christoph Egger <Christoph.Egger@xxxxxxx>
CommitDate: Thu Dec 15 11:00:09 2011 +0100

    x86/ucode: fix for AMD Fam15 CPUs

    Remove hardcoded maximum size a microcode patch can have. This is
    dynamic now.

    The microcode patch for family15h can be larger than 2048 bytes and
    gets silently truncated.

    Signed-off-by: Christoph Egger <Christoph.Egger@xxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Committed-by: Jan Beulich <jbeulich@xxxxxxxx>

The above patch was to make the microcode patch buffer allocation dynamic.
The hunk below simply verifies that we don't exceed the 'max_size'..
@@ -94,7 +94,40 @@ static int collect_cpu_info(int cpu, struct cpu_signature 
*csig)
      return 0;
  }
-static bool_t microcode_fits(const struct microcode_amd *mc_amd, int cpu)
+static bool_t verify_patch_size(uint32_t patch_size)
+{
+    uint8_t family;
+    uint32_t max_size;
+
+#define F1XH_MPB_MAX_SIZE 2048
+#define F14H_MPB_MAX_SIZE 1824
+#define F15H_MPB_MAX_SIZE 4096
+#define F16H_MPB_MAX_SIZE 3458
+
+    family = boot_cpu_data.x86;
+    switch (family)
+    {
+    case 0x14:
+        max_size = F14H_MPB_MAX_SIZE;
+        break;
+    case 0x15:
+        max_size = F15H_MPB_MAX_SIZE;
+        break;
+    case 0x16:
+        max_size = F16H_MPB_MAX_SIZE;
+        break;
+    default:
+        max_size = F1XH_MPB_MAX_SIZE;
+        break;
+    }
+
+    if ( patch_size > max_size )
+        return 0;
+
+    return 1;
Please simply "return patch_size <= max_size" in cases like this.

Okay.

@@ -329,6 +369,11 @@ static int cpu_request_microcode(int cpu, const void *buf, 
size_t bufsize)
last_offset = offset; + if ( error == -EEXIST ) {
Coding style, but as Andrew already indicated this block of code isn't
correct anyway.

Yes, will fix this. But some help in understanding the microcode_init calls would help me here..
(Pleas refer reply to Andrew's comments)
@@ -370,9 +415,11 @@ static int microcode_resume_match(int cpu, const void *mc)
      struct ucode_cpu_info *uci = &per_cpu(ucode_cpu_info, cpu);
      struct microcode_amd *mc_amd = uci->mc.mc_amd;
      const struct microcode_amd *src = mc;
+    int error;
- if ( !microcode_fits(src, cpu) )
-        return 0;
+    error = microcode_fits(src, cpu);
+    if ( error )
+        return error;
Is it really correct for this to get switched from success to error return?

Previously, microcode_fits returned '1' for Success, '0' for error. So, the condition returns '0' when return val is '0'
This mechanism is still preserved in the changes made above..

@@ -383,10 +430,11 @@ static int microcode_resume_match(int cpu, const void *mc)
              xfree(mc_amd);
          }
+ error = -ENOMEM;
          mc_amd = xmalloc(struct microcode_amd);
          uci->mc.mc_amd = mc_amd;
          if ( !mc_amd )
-            return -ENOMEM;
+            return error;
Bogus (pointless) change?

@@ -408,7 +456,7 @@ err2:
  err1:
      xfree(mc_amd);
      uci->mc.mc_amd = NULL;
-    return -ENOMEM;
+    return error;
Same here.


Hmm. Okay, Will just revert this.

Thanks,
-Aravind.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.