From patchwork Mon Nov 7 22:53:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jithu Joseph X-Patchwork-Id: 16764 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp2345302wru; Mon, 7 Nov 2022 14:58:53 -0800 (PST) X-Google-Smtp-Source: AMsMyM5ThETR3GRsLsFTnJ6AG8xlf9nDLirHUAVZRt5asrE223/yvTBBjMWPmlgSKAO4IgkdF/Hb X-Received: by 2002:a05:6402:3546:b0:461:e63f:e870 with SMTP id f6-20020a056402354600b00461e63fe870mr50878805edd.405.1667861933637; Mon, 07 Nov 2022 14:58:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667861933; cv=none; d=google.com; s=arc-20160816; b=x8EbC7Lu8vqyVXjseqQuyAfCqWJBeJmSWDxyCMTBRuuGm7ZJrzitYtImKg3jW1Pyob pkiaLDU57qbB6GHc0zqvlX+i0YAMbw+CJSueL8hladlE75l3YslgRpBGOUUUaD9FPvaA 20cYlNf5oGe52wYbIUJ75Qm9akrgq8f1Lxw1YOXq8Tk7nPjIQK1XYeV5/yDYJFu9agHr lCKZZE3sqxnO8vJJvnjMNT7elz8MLLuJ9ow9X0bzMTRknR1h/M/M/5fU5aGFmGR0A9zY 0WyoKOJcCGLWjIQkuNaRvVEcF5XahhyuubQ+feORcSlZEd5QEktg6JQtPsnOvLgWFH0k Dr/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=NrO51LAoH3ks0+Og0l1Q7mtmwJhZ00YjJh6n9+Du71I=; b=gNijwa73jr2bYmikmC7ZSIEHYyI3CMsDUxi40X51iIlxHc1OmdaZMAzx2OQ7ePuTgQ k4X4AgRpLg+Y7FRveA2oXqeWnxImsqNPrUplzZDTvgiFEtGj4ZG1wCz5FPXdjP/WpmQo MNVy3zRDi/GM8TI0kv+zpUXP69hDrgI7r088cFF/LqRR2LWwDSToOa59IMoJIi0STzAx DdcP9oKXGqHkBU8yqTrXkabF8NxoYma3mhtb/C2LLEE0Do2X7tiPHXT3CU8CvvPZ5Rg4 mr2KB8u8uMwmNS/4SmOyVgIWkOLVxWi8+b7baekZbPLJBw4Z28N3RPi/s8LBjFQyan9c Yn7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=AgBqnE4W; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n19-20020a170906165300b007a0f4d6bf83si8302341ejd.305.2022.11.07.14.58.29; Mon, 07 Nov 2022 14:58:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=AgBqnE4W; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231659AbiKGWzU (ORCPT + 99 others); Mon, 7 Nov 2022 17:55:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232577AbiKGWys (ORCPT ); Mon, 7 Nov 2022 17:54:48 -0500 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 367A9CE0D; Mon, 7 Nov 2022 14:54:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1667861687; x=1699397687; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ar0/IOLoKpjgwdmneDbn5qh+QIaaJXDpP25wZqaQ0CU=; b=AgBqnE4Wz+MWshklAVbE93xkVOvs999vPyB7l7QRcElD3IILTY5kCgEH HvZh5mxKnu1pmo/+5PErtgLTAvQc7gNA3EOOMwK1cWhLWtcZoEV2IZr3L BpiY1xt8lvWPHyyCNWHdd2lUN5FRXGRfh1qTSiTHbktCo9Kq1b8IZOsaP 49SAQhbO/YNKBj2toG6ZFtf/GNAu5lywMG0kTiIGhCA/85gVQeOIp9DMA Iv7KPKUa2A/lS8J8BZV/y7s+FOfXmY7/pN98wYnwMzxpdwwhoJ/1e3/Lg TMKsT4OUGZpAJHX4fSpMCfM/t439xhOMfkvA9HxMUtdaTKl1WUW3sOPsq A==; X-IronPort-AV: E=McAfee;i="6500,9779,10524"; a="293911829" X-IronPort-AV: E=Sophos;i="5.96,145,1665471600"; d="scan'208";a="293911829" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2022 14:54:46 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10524"; a="811012975" X-IronPort-AV: E=Sophos;i="5.96,145,1665471600"; d="scan'208";a="811012975" Received: from jithujos.sc.intel.com ([172.25.103.66]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Nov 2022 14:54:46 -0800 From: Jithu Joseph To: hdegoede@redhat.com, markgross@kernel.org Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, gregkh@linuxfoundation.org, jithu.joseph@intel.com, ashok.raj@intel.com, tony.luck@intel.com, linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org, patches@lists.linux.dev, ravi.v.shankar@intel.com, thiago.macieira@intel.com, athenas.jimenez.gonzalez@intel.com, sohil.mehta@intel.com Subject: [PATCH v2 06/14] x86/microcode/intel: Expose microcode_sanity_check() Date: Mon, 7 Nov 2022 14:53:15 -0800 Message-Id: <20221107225323.2733518-7-jithu.joseph@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221107225323.2733518-1-jithu.joseph@intel.com> References: <20221021203413.1220137-1-jithu.joseph@intel.com> <20221107225323.2733518-1-jithu.joseph@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747331272733662935?= X-GMAIL-MSGID: =?utf-8?q?1748879995018495910?= IFS test image carries the same microcode header as regular Intel microcode blobs. Microcode blobs use header version of 1, whereas IFS test images will use header version of 2. microcode_sanity_check() can be used by IFS driver to perform sanity check of the IFS test images too. Refactor header version as a parameter, move it to cpu/intel.c and expose this function. Qualify the function name with intel. Reviewed-by: Tony Luck Reviewed-by: Ashok Raj Signed-off-by: Jithu Joseph Reviewed-by: Sohil Mehta --- arch/x86/include/asm/cpu.h | 1 + arch/x86/include/asm/microcode_intel.h | 1 + arch/x86/kernel/cpu/intel.c | 100 ++++++++++++++++++++++++ arch/x86/kernel/cpu/microcode/intel.c | 102 +------------------------ 4 files changed, 104 insertions(+), 100 deletions(-) diff --git a/arch/x86/include/asm/cpu.h b/arch/x86/include/asm/cpu.h index e853440b5c65..4aff5f263973 100644 --- a/arch/x86/include/asm/cpu.h +++ b/arch/x86/include/asm/cpu.h @@ -96,5 +96,6 @@ static inline bool intel_cpu_signatures_match(unsigned int s1, unsigned int p1, extern u64 x86_read_arch_cap_msr(void); int intel_find_matching_signature(void *mc, unsigned int csig, int cpf); +int intel_microcode_sanity_check(void *mc, bool print_err, int hdr_ver); #endif /* _ASM_X86_CPU_H */ diff --git a/arch/x86/include/asm/microcode_intel.h b/arch/x86/include/asm/microcode_intel.h index 4c92cea7e4b5..6626744c577b 100644 --- a/arch/x86/include/asm/microcode_intel.h +++ b/arch/x86/include/asm/microcode_intel.h @@ -41,6 +41,7 @@ struct extended_sigtable { #define DEFAULT_UCODE_TOTALSIZE (DEFAULT_UCODE_DATASIZE + MC_HEADER_SIZE) #define EXT_HEADER_SIZE (sizeof(struct extended_sigtable)) #define EXT_SIGNATURE_SIZE (sizeof(struct extended_signature)) +#define MICROCODE_HEADER_VER_UCODE 1 #define get_totalsize(mc) \ (((struct microcode_intel *)mc)->hdr.datasize ? \ diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index b6f9210fb31a..f8a5a25ab502 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -245,6 +245,106 @@ int intel_find_matching_signature(void *mc, unsigned int csig, int cpf) } EXPORT_SYMBOL_GPL(intel_find_matching_signature); +int intel_microcode_sanity_check(void *mc, bool print_err, int hdr_ver) +{ + unsigned long total_size, data_size, ext_table_size; + struct microcode_header_intel *mc_header = mc; + struct extended_sigtable *ext_header = NULL; + u32 sum, orig_sum, ext_sigcount = 0, i; + struct extended_signature *ext_sig; + + total_size = get_totalsize(mc_header); + data_size = get_datasize(mc_header); + + if (data_size + MC_HEADER_SIZE > total_size) { + if (print_err) + pr_err("Error: invalid/unknown microcode update format.\n"); + return -EINVAL; + } + + if (mc_header->ldrver != 1 || mc_header->hdrver != hdr_ver) { + if (print_err) + pr_err("Error: invalid/unknown microcode update format. Header version %d\n", + mc_header->hdrver); + return -EINVAL; + } + + ext_table_size = total_size - (MC_HEADER_SIZE + data_size); + if (ext_table_size) { + u32 ext_table_sum = 0; + u32 *ext_tablep; + + if (ext_table_size < EXT_HEADER_SIZE || + ((ext_table_size - EXT_HEADER_SIZE) % EXT_SIGNATURE_SIZE)) { + if (print_err) + pr_err("Error: truncated extended signature table.\n"); + return -EINVAL; + } + + ext_header = mc + MC_HEADER_SIZE + data_size; + if (ext_table_size != exttable_size(ext_header)) { + if (print_err) + pr_err("Error: extended signature table size mismatch.\n"); + return -EFAULT; + } + + ext_sigcount = ext_header->count; + + /* + * Check extended table checksum: the sum of all dwords that + * comprise a valid table must be 0. + */ + ext_tablep = (u32 *)ext_header; + + i = ext_table_size / sizeof(u32); + while (i--) + ext_table_sum += ext_tablep[i]; + + if (ext_table_sum) { + if (print_err) + pr_warn("Bad extended signature table checksum, aborting.\n"); + return -EINVAL; + } + } + + /* + * Calculate the checksum of update data and header. The checksum of + * valid update data and header including the extended signature table + * must be 0. + */ + orig_sum = 0; + i = (MC_HEADER_SIZE + data_size) / sizeof(u32); + while (i--) + orig_sum += ((u32 *)mc)[i]; + + if (orig_sum) { + if (print_err) + pr_err("Bad microcode data checksum, aborting.\n"); + return -EINVAL; + } + + if (!ext_table_size) + return 0; + + /* + * Check extended signature checksum: 0 => valid. + */ + for (i = 0; i < ext_sigcount; i++) { + ext_sig = (void *)ext_header + EXT_HEADER_SIZE + + EXT_SIGNATURE_SIZE * i; + + sum = (mc_header->sig + mc_header->pf + mc_header->cksum) - + (ext_sig->sig + ext_sig->pf + ext_sig->cksum); + if (sum) { + if (print_err) + pr_err("Bad extended signature checksum, aborting.\n"); + return -EINVAL; + } + } + return 0; +} +EXPORT_SYMBOL_GPL(intel_microcode_sanity_check); + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c index 234b163806ea..8cd6ecf7dae1 100644 --- a/arch/x86/kernel/cpu/microcode/intel.c +++ b/arch/x86/kernel/cpu/microcode/intel.c @@ -135,104 +135,6 @@ static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigne intel_ucode_patch = p->data; } -static int microcode_sanity_check(void *mc, bool print_err) -{ - unsigned long total_size, data_size, ext_table_size; - struct microcode_header_intel *mc_header = mc; - struct extended_sigtable *ext_header = NULL; - u32 sum, orig_sum, ext_sigcount = 0, i; - struct extended_signature *ext_sig; - - total_size = get_totalsize(mc_header); - data_size = get_datasize(mc_header); - - if (data_size + MC_HEADER_SIZE > total_size) { - if (print_err) - pr_err("Error: bad microcode data file size.\n"); - return -EINVAL; - } - - if (mc_header->ldrver != 1 || mc_header->hdrver != 1) { - if (print_err) - pr_err("Error: invalid/unknown microcode update format.\n"); - return -EINVAL; - } - - ext_table_size = total_size - (MC_HEADER_SIZE + data_size); - if (ext_table_size) { - u32 ext_table_sum = 0; - u32 *ext_tablep; - - if ((ext_table_size < EXT_HEADER_SIZE) - || ((ext_table_size - EXT_HEADER_SIZE) % EXT_SIGNATURE_SIZE)) { - if (print_err) - pr_err("Error: truncated extended signature table.\n"); - return -EINVAL; - } - - ext_header = mc + MC_HEADER_SIZE + data_size; - if (ext_table_size != exttable_size(ext_header)) { - if (print_err) - pr_err("Error: extended signature table size mismatch.\n"); - return -EFAULT; - } - - ext_sigcount = ext_header->count; - - /* - * Check extended table checksum: the sum of all dwords that - * comprise a valid table must be 0. - */ - ext_tablep = (u32 *)ext_header; - - i = ext_table_size / sizeof(u32); - while (i--) - ext_table_sum += ext_tablep[i]; - - if (ext_table_sum) { - if (print_err) - pr_warn("Bad extended signature table checksum, aborting.\n"); - return -EINVAL; - } - } - - /* - * Calculate the checksum of update data and header. The checksum of - * valid update data and header including the extended signature table - * must be 0. - */ - orig_sum = 0; - i = (MC_HEADER_SIZE + data_size) / sizeof(u32); - while (i--) - orig_sum += ((u32 *)mc)[i]; - - if (orig_sum) { - if (print_err) - pr_err("Bad microcode data checksum, aborting.\n"); - return -EINVAL; - } - - if (!ext_table_size) - return 0; - - /* - * Check extended signature checksum: 0 => valid. - */ - for (i = 0; i < ext_sigcount; i++) { - ext_sig = (void *)ext_header + EXT_HEADER_SIZE + - EXT_SIGNATURE_SIZE * i; - - sum = (mc_header->sig + mc_header->pf + mc_header->cksum) - - (ext_sig->sig + ext_sig->pf + ext_sig->cksum); - if (sum) { - if (print_err) - pr_err("Bad extended signature checksum, aborting.\n"); - return -EINVAL; - } - } - return 0; -} - /* * Get microcode matching with BSP's model. Only CPUs with the same model as * BSP can stay in the platform. @@ -253,7 +155,7 @@ scan_microcode(void *data, size_t size, struct ucode_cpu_info *uci, bool save) mc_size = get_totalsize(mc_header); if (!mc_size || mc_size > size || - microcode_sanity_check(data, false) < 0) + intel_microcode_sanity_check(data, false, MICROCODE_HEADER_VER_UCODE) < 0) break; size -= mc_size; @@ -792,7 +694,7 @@ static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter) memcpy(mc, &mc_header, sizeof(mc_header)); data = mc + sizeof(mc_header); if (!copy_from_iter_full(data, data_size, iter) || - microcode_sanity_check(mc, true) < 0) { + intel_microcode_sanity_check(mc, true, MICROCODE_HEADER_VER_UCODE) < 0) { break; }