Re: [PATCH v3 5/7] x86/microcode/hygon: Add microcode loading support for Hygon processors

Next message: joakim . zhang: "[PATCH v5 0/4] Add Cix Sky1 AUDSS clock and reset support"
Previous message: Jm Liao(&#x5ED6;&#x5EFA;&#x9298;): "RE: [PATCH 0/4] i3c: mipi-i3c-hci: Add support for ASMT I3C controller"
In reply to: Borislav Petkov: "Re: [PATCH v3 5/7] x86/microcode/hygon: Add microcode loading support for Hygon processors"
Next in thread: XIAO WU: "Re: [PATCH v3 5/7] x86/microcode/hygon: Add microcode loading support for Hygon processors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Fu Hao

Date: Sun Jun 21 2026 - 22:22:59 EST

On 6/22/2026 1:36 AM, Borislav Petkov wrote:

On Sun, Jun 21, 2026 at 08:13:45AM +0800, XIAO WU wrote:

I rebuilt the kernel with CONFIG_CPU_SUP_HYGON=y and CONFIG_KASAN=y,
and added a /proc/hygon_poc entry that calls parse_and_cache_patches()
with a crafted firmware blob containing only an equivalence table

You do realize that being able to supply a crafted blob means, you already
have root or you've managed to craft a supply chain attack of sorts...

Add a bounds check before reading the section header:

But yes, checks are cheap and should be done whenever possible.

The review also notes that `kzalloc_obj` in `try_verify_and_cache_patch()`
does not appear to be a defined kernel macro, and `hypervisor_present`
may not be declared — these are build-time issues separate from the
runtime OOB above.

Needless to say, all review feedback needs addressing/fixing.

So thanks.

Hi Boris,
Thanks for your guidance. I will carefully review the feedback from
Sashiko AI code review, address the issues in v4 patch, and add more
test cases to validate the changes.

--
Regards,
Fu Hao