| From 1a371e67dc77125736cc56d3a0893f06b75855b6 Mon Sep 17 00:00:00 2001 |
| From: Chen Yu <yu.c.chen@intel.com> |
| Date: Fri, 13 Nov 2020 09:59:23 +0800 |
| Subject: x86/microcode/intel: Check patch signature before saving microcode for early loading |
| |
| From: Chen Yu <yu.c.chen@intel.com> |
| |
| commit 1a371e67dc77125736cc56d3a0893f06b75855b6 upstream. |
| |
| Currently, scan_microcode() leverages microcode_matches() to check |
| if the microcode matches the CPU by comparing the family and model. |
| However, the processor stepping and flags of the microcode signature |
| should also be considered when saving a microcode patch for early |
| update. |
| |
| Use find_matching_signature() in scan_microcode() and get rid of the |
| now-unused microcode_matches() which is a good cleanup in itself. |
| |
| Complete the verification of the patch being saved for early loading in |
| save_microcode_patch() directly. This needs to be done there too because |
| save_mc_for_early() will call save_microcode_patch() too. |
| |
| The second reason why this needs to be done is because the loader still |
| tries to support, at least hypothetically, mixed-steppings systems and |
| thus adds all patches to the cache that belong to the same CPU model |
| albeit with different steppings. |
| |
| For example: |
| |
| microcode: CPU: sig=0x906ec, pf=0x2, rev=0xd6 |
| microcode: mc_saved[0]: sig=0x906e9, pf=0x2a, rev=0xd6, total size=0x19400, date = 2020-04-23 |
| microcode: mc_saved[1]: sig=0x906ea, pf=0x22, rev=0xd6, total size=0x19000, date = 2020-04-27 |
| microcode: mc_saved[2]: sig=0x906eb, pf=0x2, rev=0xd6, total size=0x19400, date = 2020-04-23 |
| microcode: mc_saved[3]: sig=0x906ec, pf=0x22, rev=0xd6, total size=0x19000, date = 2020-04-27 |
| microcode: mc_saved[4]: sig=0x906ed, pf=0x22, rev=0xd6, total size=0x19400, date = 2020-04-23 |
| |
| The patch which is being saved for early loading, however, can only be |
| the one which fits the CPU this runs on so do the signature verification |
| before saving. |
| |
| [ bp: Do signature verification in save_microcode_patch() |
| and rewrite commit message. ] |
| |
| Fixes: ec400ddeff20 ("x86/microcode_intel_early.c: Early update ucode on Intel's CPU") |
| Signed-off-by: Chen Yu <yu.c.chen@intel.com> |
| Signed-off-by: Borislav Petkov <bp@suse.de> |
| Cc: stable@vger.kernel.org |
| Link: https://bugzilla.kernel.org/show_bug.cgi?id=208535 |
| Link: https://lkml.kernel.org/r/20201113015923.13960-1-yu.c.chen@intel.com |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/x86/kernel/cpu/microcode/intel.c | 63 +++++----------------------------- |
| 1 file changed, 10 insertions(+), 53 deletions(-) |
| |
| --- a/arch/x86/kernel/cpu/microcode/intel.c |
| +++ b/arch/x86/kernel/cpu/microcode/intel.c |
| @@ -103,53 +103,6 @@ static int has_newer_microcode(void *mc, |
| return find_matching_signature(mc, csig, cpf); |
| } |
| |
| -/* |
| - * Given CPU signature and a microcode patch, this function finds if the |
| - * microcode patch has matching family and model with the CPU. |
| - * |
| - * %true - if there's a match |
| - * %false - otherwise |
| - */ |
| -static bool microcode_matches(struct microcode_header_intel *mc_header, |
| - unsigned long sig) |
| -{ |
| - unsigned long total_size = get_totalsize(mc_header); |
| - unsigned long data_size = get_datasize(mc_header); |
| - struct extended_sigtable *ext_header; |
| - unsigned int fam_ucode, model_ucode; |
| - struct extended_signature *ext_sig; |
| - unsigned int fam, model; |
| - int ext_sigcount, i; |
| - |
| - fam = x86_family(sig); |
| - model = x86_model(sig); |
| - |
| - fam_ucode = x86_family(mc_header->sig); |
| - model_ucode = x86_model(mc_header->sig); |
| - |
| - if (fam == fam_ucode && model == model_ucode) |
| - return true; |
| - |
| - /* Look for ext. headers: */ |
| - if (total_size <= data_size + MC_HEADER_SIZE) |
| - return false; |
| - |
| - ext_header = (void *) mc_header + data_size + MC_HEADER_SIZE; |
| - ext_sig = (void *)ext_header + EXT_HEADER_SIZE; |
| - ext_sigcount = ext_header->count; |
| - |
| - for (i = 0; i < ext_sigcount; i++) { |
| - fam_ucode = x86_family(ext_sig->sig); |
| - model_ucode = x86_model(ext_sig->sig); |
| - |
| - if (fam == fam_ucode && model == model_ucode) |
| - return true; |
| - |
| - ext_sig++; |
| - } |
| - return false; |
| -} |
| - |
| static struct ucode_patch *memdup_patch(void *data, unsigned int size) |
| { |
| struct ucode_patch *p; |
| @@ -167,7 +120,7 @@ static struct ucode_patch *memdup_patch( |
| return p; |
| } |
| |
| -static void save_microcode_patch(void *data, unsigned int size) |
| +static void save_microcode_patch(struct ucode_cpu_info *uci, void *data, unsigned int size) |
| { |
| struct microcode_header_intel *mc_hdr, *mc_saved_hdr; |
| struct ucode_patch *iter, *tmp, *p = NULL; |
| @@ -213,6 +166,9 @@ static void save_microcode_patch(void *d |
| if (!p) |
| return; |
| |
| + if (!find_matching_signature(p->data, uci->cpu_sig.sig, uci->cpu_sig.pf)) |
| + return; |
| + |
| /* |
| * Save for early loading. On 32-bit, that needs to be a physical |
| * address as the APs are running from physical addresses, before |
| @@ -347,13 +303,14 @@ scan_microcode(void *data, size_t size, |
| |
| size -= mc_size; |
| |
| - if (!microcode_matches(mc_header, uci->cpu_sig.sig)) { |
| + if (!find_matching_signature(data, uci->cpu_sig.sig, |
| + uci->cpu_sig.pf)) { |
| data += mc_size; |
| continue; |
| } |
| |
| if (save) { |
| - save_microcode_patch(data, mc_size); |
| + save_microcode_patch(uci, data, mc_size); |
| goto next; |
| } |
| |
| @@ -486,14 +443,14 @@ static void show_saved_mc(void) |
| * Save this microcode patch. It will be loaded early when a CPU is |
| * hot-added or resumes. |
| */ |
| -static void save_mc_for_early(u8 *mc, unsigned int size) |
| +static void save_mc_for_early(struct ucode_cpu_info *uci, u8 *mc, unsigned int size) |
| { |
| /* Synchronization during CPU hotplug. */ |
| static DEFINE_MUTEX(x86_cpu_microcode_mutex); |
| |
| mutex_lock(&x86_cpu_microcode_mutex); |
| |
| - save_microcode_patch(mc, size); |
| + save_microcode_patch(uci, mc, size); |
| show_saved_mc(); |
| |
| mutex_unlock(&x86_cpu_microcode_mutex); |
| @@ -937,7 +894,7 @@ static enum ucode_state generic_load_mic |
| * permanent memory. So it will be loaded early when a CPU is hot added |
| * or resumes. |
| */ |
| - save_mc_for_early(new_mc, new_mc_size); |
| + save_mc_for_early(uci, new_mc, new_mc_size); |
| |
| pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n", |
| cpu, new_rev, uci->cpu_sig.rev); |