From: Henrique de Moraes Holschuh Date: Wed, 23 Jul 2014 20:10:49 +0000 (-0300) Subject: x86, microcode, intel: Fix total_size computation X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=ebc14ddcc9454c02439b67f6536628289faaa26e;p=openwrt%2Fstaging%2Fblogic.git x86, microcode, intel: Fix total_size computation According to the Intel SDM vol 3A (order code 253668-051US, June 2014), on section 9.11.1, page 9-28: "For microcode updates with a data size field equal to 00000000H, the size of the microcode update is 2048 bytes. The first 48 bytes contain the microcode update header. The remaining 2000 bytes contain encrypted data." "For microcode updates with a data size not equal to 00000000H, the total size field specifies the size of the microcode update." Up to 2002/2003, Intel used an "old format" for the microcode update containers that was always 2048 bytes in size. That old format did not have Data Size and Total Size fields, the quadwords at those positions in the microcode container header were "reserved". The microcode header of the "old format" microcode container has a hrdver of 0x01. You can hunt down an old copy of the Intel SDM to validate this through its order number (#243192). I found one from 1999 through a Google search. Sometime in 2002/2003 (AFAICT, for the Prescott processors), Intel documented a new format for the microcode containers and contributed in 2003 some code to the Linux kernel microcode driver implementing support for the new format. This new format has Data Size and Total Size fields, as well as the optional extended signature table. However, it reuses the same hrdver as the old format (0x01), and it can only be told apart from the old format by a non-zero Data Size field. In fact, the only reason we can even trust a Data Size of zero to mean that the microcode container is in the old format, is because Intel reatroatively promised that the old format would always have a zero there when they wrote the documentation for the _new_ format. This is a very old bug, dating back to 2003. It has been dormant ever since, as Intel seems to set all reserved fields to zero on the microcode updates they distribute: I could not find a public microcode update that would trigger this bug. Signed-off-by: Henrique de Moraes Holschuh Link: http://lkml.kernel.org/r/1406146251-8540-1-git-send-email-hmh@hmh.eng.br Signed-off-by: Borislav Petkov --- diff --git a/arch/x86/include/asm/microcode_intel.h b/arch/x86/include/asm/microcode_intel.h index 9067166409bf..bbe296e0bce1 100644 --- a/arch/x86/include/asm/microcode_intel.h +++ b/arch/x86/include/asm/microcode_intel.h @@ -43,7 +43,7 @@ struct extended_sigtable { #define DWSIZE (sizeof(u32)) #define get_totalsize(mc) \ - (((struct microcode_intel *)mc)->hdr.totalsize ? \ + (((struct microcode_intel *)mc)->hdr.datasize ? \ ((struct microcode_intel *)mc)->hdr.totalsize : \ DEFAULT_UCODE_TOTALSIZE)