Re: [PATCH v6 2/8] x86/microcode/AMD: Add microcode container data checking functions

From: Borislav Petkov
Date: Tue Jun 05 2018 - 04:54:10 EST


On Sun, May 20, 2018 at 12:07:16AM +0200, Maciej S. Szmigiero wrote:
> Add verify_container(), verify_equivalence_table(), verify_patch_section()
> and verify_patch() functions to the AMD microcode update driver.
>
> These functions check whether a passed buffer contains the relevant
> structure, whether it isn't truncated and (for actual microcode patches)
> whether the size of a patch is not too large for a particular CPU family.
> By adding these checks as separate functions the actual microcode loading
> code won't get interspersed with a lot of checks and so will be more
> readable.
>
> Signed-off-by: Maciej S. Szmigiero <mail@xxxxxxxxxxxxxxxxxxxxx>
> ---
> arch/x86/kernel/cpu/microcode/amd.c | 148 +++++++++++++++++++++++++++-
> 1 file changed, 145 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
> index dc8ea9a9d962..f9485ff7183c 100644
> --- a/arch/x86/kernel/cpu/microcode/amd.c
> +++ b/arch/x86/kernel/cpu/microcode/amd.c
> @@ -73,6 +73,150 @@ static u16 find_equiv_id(struct equiv_cpu_entry *equiv_table, u32 sig)
> return 0;
> }
>
> +/*
> + * Checks whether there is a valid microcode container file at the beginning

"Check whether... " imperative tone. Ditto for the rest.

> + * of a passed buffer @buf of size @size.

@buf_size

Also, fix the other comments too.

> + * If @early is set this function does not print errors which makes it
> + * usable by the early microcode loader.
> + */
> +static bool verify_container(const u8 *buf, size_t buf_size, bool early)

...

--
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.