Re: [PATCH v3 5/7] x86/microcode/hygon: Add microcode loading support for Hygon processors

Next message: Oz Tiram: "[PATCH] drm/amd/amdgpu: add firmware file fallback for APU VBIOS discovery"
Previous message: pr-tracker-bot: "Re: [GIT PULL] SCSI updates for the 7.1+ merge window"
In reply to: XIAO WU: "Re: [PATCH v3 5/7] x86/microcode/hygon: Add microcode loading support for Hygon processors"
Next in thread: Fu Hao: "Re: [PATCH v3 5/7] x86/microcode/hygon: Add microcode loading support for Hygon processors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Sun Jun 21 2026 - 13:36:59 EST

On Sun, Jun 21, 2026 at 08:13:45AM +0800, XIAO WU wrote:
> I rebuilt the kernel with CONFIG_CPU_SUP_HYGON=y and CONFIG_KASAN=y,
> and added a /proc/hygon_poc entry that calls parse_and_cache_patches()
> with a crafted firmware blob containing only an equivalence table

You do realize that being able to supply a crafted blob means, you already
have root or you've managed to craft a supply chain attack of sorts...

> Add a bounds check before reading the section header:

But yes, checks are cheap and should be done whenever possible.

> The review also notes that `kzalloc_obj` in `try_verify_and_cache_patch()`
> does not appear to be a defined kernel macro, and `hypervisor_present`
> may not be declared — these are build-time issues separate from the
> runtime OOB above.

Needless to say, all review feedback needs addressing/fixing.

So thanks.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette