[coreboot-gerrit] Patch set updated for coreboot: 7941008 cpu/intel: Do not rely on CBFS microcode having a terminator
Alexandru Gagniuc (mr.nuke.me@gmail.com)
gerrit at coreboot.org
Mon Dec 9 00:39:30 CET 2013
Alexandru Gagniuc (mr.nuke.me at gmail.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/4505
-gerrit
commit 79410082898ac63f162f3b1faec6f3bb07bd57dc
Author: Alexandru Gagniuc <mr.nuke.me at gmail.com>
Date: Sun Dec 8 16:30:07 2013 -0600
cpu/intel: Do not rely on CBFS microcode having a terminator
Up until now, a dummy terminator was required for CBFS microcode files.
This was a coreboot only requirement in order to terminate the loop which
searches for updates.
Figure out where the microcode file ends, and exit the loop if we pass the
end of the CBFS without finding any updates.
Change-Id: Ib61247e83ae6b67b27fcd61bd40241d4cd7bd246
Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
---
src/cpu/intel/microcode/microcode.c | 31 +++++++++++++++++++++++++------
1 file changed, 25 insertions(+), 6 deletions(-)
diff --git a/src/cpu/intel/microcode/microcode.c b/src/cpu/intel/microcode/microcode.c
index 3d6af67..fc1b2f7 100644
--- a/src/cpu/intel/microcode/microcode.c
+++ b/src/cpu/intel/microcode/microcode.c
@@ -109,8 +109,9 @@ void intel_microcode_load_unlocked(const void *microcode_patch)
const void *intel_microcode_find(void)
{
+ struct cbfs_file *microcode_file;
void *microcode_updates;
- u32 eax;
+ u32 eax, microcode_end;
u32 pf, rev, sig;
unsigned int x86_model, x86_family;
const struct microcode *m;
@@ -118,16 +119,18 @@ const void *intel_microcode_find(void)
msr_t msr;
#ifdef __PRE_RAM__
- microcode_updates = walkcbfs((char *) MICROCODE_CBFS_FILE);
+ microcode_file = walkcbfs_head((char *) MICROCODE_CBFS_FILE);
#else
- microcode_updates = cbfs_get_file_content(CBFS_DEFAULT_MEDIA,
- MICROCODE_CBFS_FILE,
- CBFS_TYPE_MICROCODE);
+ microcode_file = cbfs_get_file(CBFS_DEFAULT_MEDIA,
+ MICROCODE_CBFS_FILE);
#endif
- if (!microcode_updates)
+ if (!microcode_file)
return NULL;
+ microcode_updates = CBFS_SUBHEADER(microcode_file);
+ microcode_end = (u32)microcode_updates + ntohl(microcode_file->len);
+
/* CPUID sets MSR 0x8B iff a microcode update has been loaded. */
msr.lo = 0;
msr.hi = 0;
@@ -154,6 +157,14 @@ const void *intel_microcode_find(void)
m = microcode_updates;
for(c = microcode_updates; m->hdrver; m = (const struct microcode *)c) {
+ /* Checkpoint 1: The microcode update falls within CBFS */
+ if(m->total_size > (microcode_end - (u32)c)) {
+#if !defined(__ROMCC__)
+ printk(BIOS_WARNING, "Microcode header corrupted!\n");
+#endif
+ break;
+ }
+
if ((m->sig == sig) && (m->pf & pf))
return m;
@@ -165,6 +176,14 @@ const void *intel_microcode_find(void)
#endif
c += 2048;
}
+
+ /* Checkpoint 2: The next header falls within CBFS */
+ if ((u32)c > (microcode_end - sizeof(*m)))
+ break;
+
+ /* Checkpoint 3: c didn't overflow, it should be close to 4G */
+ if ((((u32)c) & (1L << 31)) == 0)
+ break;
}
/* ROMCC doesn't like NULL. */
More information about the coreboot-gerrit
mailing list