From b1ae0303ce1ae3cb7f5b4f9ded32fac424be5bcb Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Sun, 8 Dec 2013 16:30:07 -0600 Subject: [PATCH] cpu/intel: Do not rely on CBFS microcode having a terminator Up until now, a dummy terminator was required for CBFS microcode files. This was a coreboot only requirement in order to terminate the loop which searches for updates. Figure out where the microcode file ends, and exit the loop if we pass the end of the CBFS without finding any updates. Change-Id: Ib61247e83ae6b67b27fcd61bd40241d4cd7bd246 Signed-off-by: Alexandru Gagniuc Reviewed-on: http://review.coreboot.org/4505 Tested-by: build bot (Jenkins) Reviewed-by: Vladimir Serbinenko Reviewed-by: Aaron Durbin --- src/cpu/intel/microcode/microcode.c | 51 +++++++++++++++++++---------- 1 file changed, 33 insertions(+), 18 deletions(-) diff --git a/src/cpu/intel/microcode/microcode.c b/src/cpu/intel/microcode/microcode.c index a68b24d180..83a412673f 100644 --- a/src/cpu/intel/microcode/microcode.c +++ b/src/cpu/intel/microcode/microcode.c @@ -115,25 +115,27 @@ void intel_microcode_load_unlocked(const void *microcode_patch) const void *intel_microcode_find(void) { + struct cbfs_file *microcode_file; void *microcode_updates; - u32 eax; - u32 pf, rev, sig; + u32 eax, microcode_len; + u32 pf, rev, sig, update_size; unsigned int x86_model, x86_family; const struct microcode *m; - const char *c; msr_t msr; #ifdef __PRE_RAM__ - microcode_updates = walkcbfs((char *) MICROCODE_CBFS_FILE); + microcode_file = walkcbfs_head((char *) MICROCODE_CBFS_FILE); #else - microcode_updates = cbfs_get_file_content(CBFS_DEFAULT_MEDIA, - MICROCODE_CBFS_FILE, - CBFS_TYPE_MICROCODE); + microcode_file = cbfs_get_file(CBFS_DEFAULT_MEDIA, + MICROCODE_CBFS_FILE); #endif - if (!microcode_updates) + if (!microcode_file) return NULL; + microcode_updates = CBFS_SUBHEADER(microcode_file); + microcode_len = ntohl(microcode_file->len); + /* CPUID sets MSR 0x8B iff a microcode update has been loaded. */ msr.lo = 0; msr.hi = 0; @@ -158,19 +160,32 @@ const void *intel_microcode_find(void) sig, pf, rev); #endif - m = microcode_updates; - for(c = microcode_updates; m->hdrver; m = (const struct microcode *)c) { + while (microcode_len >= sizeof(*m)) { + m = microcode_updates; + /* Newer microcode updates include a size field, whereas older + * containers set it at 0 and are exactly 2048 bytes long */ + if (m->total_size) { + update_size = m->total_size; + } else { + #if !defined(__ROMCC__) + printk(BIOS_WARNING, "Microcode has no valid size field!\n"); + #endif + update_size = 2048; + } + + /* Checkpoint 1: The microcode update falls within CBFS */ + if(update_size > microcode_len) { +#if !defined(__ROMCC__) + printk(BIOS_WARNING, "Microcode header corrupted!\n"); +#endif + break; + } + if ((m->sig == sig) && (m->pf & pf)) return m; - if (m->total_size) { - c += m->total_size; - } else { -#if !defined(__ROMCC__) - printk(BIOS_WARNING, "Microcode has no valid size field!\n"); -#endif - c += 2048; - } + microcode_updates += update_size; + microcode_len -= update_size; } /* ROMCC doesn't like NULL. */