From patchwork Mon Oct 24 11:28:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 9659 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp534437wru; Mon, 24 Oct 2022 09:11:06 -0700 (PDT) X-Google-Smtp-Source: AMsMyM51qKZkM4O9wafcoYsf9Omib/uIoxsQZKqtTN8/XSYoRfYxy9i+Bf4WzIT8pt0xyPXONG7N X-Received: by 2002:a17:906:30c5:b0:782:707:9e2d with SMTP id b5-20020a17090630c500b0078207079e2dmr27598873ejb.286.1666627866549; Mon, 24 Oct 2022 09:11:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666627866; cv=none; d=google.com; s=arc-20160816; b=X59wycO+SjraYROJyPtOy1FY4wS2dUGS3fOZxHnQqCogkYX7IKUxlV28c14uSDUZQ2 PnZAN8HOaMjsKysVLHPS3FBT6V9Dq8yhlisbvkjpi+TVm4NQHHhcgrmR901Ng2QCMTl3 XKj24pbCpOff42mYHp6NBxVr/qwsTlWmEMejk5btHzlmbuNsZHBM3na0w+R69lIhuxNI EYQ3wD40VcCEiXnFT2UCQkczXodu3L8Vwho1ILFXPyElxOSClWq3mrq58GQ4hE95bLXF NKrZkwwvAnRUF1SyQKplX9nPWVZNVv+C1Nazxpu9krH8tOyh9/PwXgk0vHL5k8Foo9C9 yt+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=LSIm+40aYsZUulT/6hzXEsQ5x8LY4F4PDCUhIjjilnw=; b=hrvZYn53og8GDvbxe+vt4f82bw0y1hUSOSUWl3vnec77x7piJQrd0lqCank9zN2CjP zvSrNIgqNhsjKj+uouoPiHasypRbxoAKDSdiMyEq6imKYO4My+epHJZfdF3KOyhNUpRt MPpIA5AlIw+mc7qbjiZw9W2FgB/2luqfCUxJfYbT0qW7EjF/pV0R1kiCAFgI8hLDY2gY iZ5yNF8HagS00XCGOUFux24foyWudzQXTwYiSrbk7N4CYol3r8pfXAZjOqYjQx0JxU4D LaAvDoL0RlCQjBgUEHDX8+Jdvw2/2J3D5PB+E0BvlY7D/WJPAqi9P0oS7AOg2Il/xD8G 8OuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ia73eklo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ne10-20020a1709077b8a00b007418a1e877dsi139670ejc.580.2022.10.24.09.10.42; Mon, 24 Oct 2022 09:11:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ia73eklo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233543AbiJXQI7 (ORCPT + 99 others); Mon, 24 Oct 2022 12:08:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233614AbiJXQEu (ORCPT ); Mon, 24 Oct 2022 12:04:50 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C2A311878C; Mon, 24 Oct 2022 07:57:20 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7B16EB81668; Mon, 24 Oct 2022 12:22:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D1618C433C1; Mon, 24 Oct 2022 12:22:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666614153; bh=1hCw6cxNbX3YN2yD9VtMsbWe/TAy/Ij432ySJrqy94M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ia73eklo2J+eqZNCED9xxoEEWC6kvd6jIRYZpWLp8miraenbr2vie7+Xnc0T0UwwA meV8gzrI0i40Vvw/XBsZcnx4hV3UWih//I4PygnazYacFwi2khOnBUDxcxs5cmkwsl eOM9wI3ZUY479gAIV7yUhXXcpfLOsEh2ZgpVE3N0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Micay , Kees Cook , Borislav Petkov , Sasha Levin Subject: [PATCH 5.10 122/390] x86/microcode/AMD: Track patch allocation size explicitly Date: Mon, 24 Oct 2022 13:28:39 +0200 Message-Id: <20221024113027.862630256@linuxfoundation.org> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221024113022.510008560@linuxfoundation.org> References: <20221024113022.510008560@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747585981748097281?= X-GMAIL-MSGID: =?utf-8?q?1747585981748097281?= From: Kees Cook [ Upstream commit 712f210a457d9c32414df246a72781550bc23ef6 ] In preparation for reducing the use of ksize(), record the actual allocation size for later memcpy(). This avoids copying extra (uninitialized!) bytes into the patch buffer when the requested allocation size isn't exactly the size of a kmalloc bucket. Additionally, fix potential future issues where runtime bounds checking will notice that the buffer was allocated to a smaller value than returned by ksize(). Fixes: 757885e94a22 ("x86, microcode, amd: Early microcode patch loading support for AMD") Suggested-by: Daniel Micay Signed-off-by: Kees Cook Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/lkml/CA+DvKQ+bp7Y7gmaVhacjv9uF6Ar-o4tet872h4Q8RPYPJjcJQA@mail.gmail.com/ Signed-off-by: Sasha Levin --- arch/x86/include/asm/microcode.h | 1 + arch/x86/kernel/cpu/microcode/amd.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h index 91a06cef50c1..f73327397b89 100644 --- a/arch/x86/include/asm/microcode.h +++ b/arch/x86/include/asm/microcode.h @@ -9,6 +9,7 @@ struct ucode_patch { struct list_head plist; void *data; /* Intel uses only this one */ + unsigned int size; u32 patch_id; u16 equiv_cpu; }; diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c index 3f6b137ef4e6..c87936441339 100644 --- a/arch/x86/kernel/cpu/microcode/amd.c +++ b/arch/x86/kernel/cpu/microcode/amd.c @@ -783,6 +783,7 @@ static int verify_and_add_patch(u8 family, u8 *fw, unsigned int leftover, kfree(patch); return -EINVAL; } + patch->size = *patch_size; mc_hdr = (struct microcode_header_amd *)(fw + SECTION_HDR_SIZE); proc_id = mc_hdr->processor_rev_id; @@ -864,7 +865,7 @@ load_microcode_amd(bool save, u8 family, const u8 *data, size_t size) return ret; memset(amd_ucode_patch, 0, PATCH_MAX_SIZE); - memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE)); + memcpy(amd_ucode_patch, p->data, min_t(u32, p->size, PATCH_MAX_SIZE)); return ret; }