Commit 7e94a7b6 authored by Jann Horn's avatar Jann Horn Committed by Borislav Petkov
Browse files

x86/microcode/intel: Refactor Intel microcode blob loading 



Change generic_load_microcode() to use the iov_iter API instead of a
clumsy open-coded version which has to pay attention to __user data
or kernel data, depending on the loading method. This allows to avoid
explicit casting between user and kernel pointers.

Because the iov_iter API makes it hard to read the same location twice,
as a side effect, also fix a double-read of the microcode header (which
could e.g. lead to out-of-bounds reads in microcode_sanity_check()).

Not that it matters much, only root is allowed to load microcode
anyway...

 [ bp: Massage a bit, sort function-local variables. ]

Signed-off-by: default avatarJann Horn <jannh@google.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190404111128.131157-1-jannh@google.com
parent 79a3aaa7

arch/x86/kernel/cpu/microcode/intel.c

+36 −35
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ 
#include <linux/kernel.h>

#include <linux/slab.h>

#include <linux/cpu.h>

#include <linux/uio.h>

#include <linux/mm.h>



#include <asm/microcode_intel.h>
@@ -861,32 +862,33 @@ out: 
	return ret;

}



static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,

				int (*get_ucode_data)(void *, const void *, size_t))

static enum ucode_state generic_load_microcode(int cpu, struct iov_iter *iter)

{

	struct ucode_cpu_info *uci = ucode_cpu_info + cpu;

	u8 *ucode_ptr = data, *new_mc = NULL, *mc = NULL;

	int new_rev = uci->cpu_sig.rev;

	unsigned int leftover = size;

	unsigned int curr_mc_size = 0, new_mc_size = 0;

	unsigned int csig, cpf;

	enum ucode_state ret = UCODE_OK;

	int new_rev = uci->cpu_sig.rev;

	u8 *new_mc = NULL, *mc = NULL;

	unsigned int csig, cpf;



	while (leftover) {

	while (iov_iter_count(iter)) {

		struct microcode_header_intel mc_header;

		unsigned int mc_size;

		unsigned int mc_size, data_size;

		u8 *data;



		if (leftover < sizeof(mc_header)) {

			pr_err("error! Truncated header in microcode data file\n");

		if (!copy_from_iter_full(&mc_header, sizeof(mc_header), iter)) {

			pr_err("error! Truncated or inaccessible header in microcode data file\n");

			break;

		}



		if (get_ucode_data(&mc_header, ucode_ptr, sizeof(mc_header)))

			break;



		mc_size = get_totalsize(&mc_header);

		if (!mc_size || mc_size > leftover) {

			pr_err("error! Bad data in microcode data file\n");

		if (mc_size < sizeof(mc_header)) {

			pr_err("error! Bad data in microcode data file (totalsize too small)\n");

			break;

		}

		data_size = mc_size - sizeof(mc_header);

		if (data_size > iov_iter_count(iter)) {

			pr_err("error! Bad data in microcode data file (truncated file?)\n");

			break;

		}
@@ -899,7 +901,9 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, 
			curr_mc_size = mc_size;

		}



		if (get_ucode_data(mc, ucode_ptr, mc_size) ||

		memcpy(mc, &mc_header, sizeof(mc_header));

		data = mc + sizeof(mc_header);

		if (!copy_from_iter_full(data, data_size, iter) ||

		    microcode_sanity_check(mc, 1) < 0) {

			break;

		}
@@ -914,14 +918,11 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, 
			mc = NULL;	/* trigger new vmalloc */

			ret = UCODE_NEW;

		}



		ucode_ptr += mc_size;

		leftover  -= mc_size;

	}



	vfree(mc);



	if (leftover) {

	if (iov_iter_count(iter)) {

		vfree(new_mc);

		return UCODE_ERROR;

	}
@@ -945,12 +946,6 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size, 
	return ret;

}



static int get_ucode_fw(void *to, const void *from, size_t n)

{

	memcpy(to, from, n);

	return 0;

}



static bool is_blacklisted(unsigned int cpu)

{

	struct cpuinfo_x86 *c = &cpu_data(cpu);
@@ -977,10 +972,12 @@ static bool is_blacklisted(unsigned int cpu) 
static enum ucode_state request_microcode_fw(int cpu, struct device *device,

					     bool refresh_fw)

{

	char name[30];

	struct cpuinfo_x86 *c = &cpu_data(cpu);

	const struct firmware *firmware;

	struct iov_iter iter;

	enum ucode_state ret;

	struct kvec kvec;

	char name[30];



	if (is_blacklisted(cpu))

		return UCODE_NFOUND;
@@ -993,26 +990,30 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, 
		return UCODE_NFOUND;

	}



	ret = generic_load_microcode(cpu, (void *)firmware->data,

				     firmware->size, &get_ucode_fw);

	kvec.iov_base = (void *)firmware->data;

	kvec.iov_len = firmware->size;

	iov_iter_kvec(&iter, WRITE, &kvec, 1, firmware->size);

	ret = generic_load_microcode(cpu, &iter);



	release_firmware(firmware);



	return ret;

}



static int get_ucode_user(void *to, const void *from, size_t n)

{

	return copy_from_user(to, from, n);

}



static enum ucode_state

request_microcode_user(int cpu, const void __user *buf, size_t size)

{

	struct iov_iter iter;

	struct iovec iov;



	if (is_blacklisted(cpu))

		return UCODE_NFOUND;



	return generic_load_microcode(cpu, (void *)buf, size, &get_ucode_user);

	iov.iov_base = (void __user *)buf;

	iov.iov_len = size;

	iov_iter_init(&iter, WRITE, &iov, 1, size);



	return generic_load_microcode(cpu, &iter);

}



static struct microcode_ops microcode_intel_ops = {

CRA Git | Maintained and supported by SUSTech CRA and CCSE