On Wed, 2015-05-27 at 21:06 +0200, Borislav Petkov wrote:
> On Wed, May 27, 2015 at 10:07:34AM -0700, Joe Perches wrote:
> > This code can memmove from beyond the x86_model_id field.
>
> ... in the theoretical case where some model ID has more than 64 - 48
> preceding white spaces.
>
> I guess we want to be prepared here for insane CPU model IDs coming from
> virtualization.
>
> > Maybe:
> > char *model = strim(c->x86_model_id);
> > memmove(c->x86_model_id, model, strlen(model) + 1);
>
> Yes, and additionally limit that string length:
>
> ---
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
[]
> @@ -383,6 +383,9 @@ static const struct cpu_dev *cpu_devs[X86_VENDOR_NUM] = {};
> static void get_model_name(struct cpuinfo_x86 *c)
> {
> unsigned int *v;
> + const char *model;
> +
> +#define MODEL_ID_MAXLEN 48
>
> if (c->extended_cpuid_level < 0x80000004)
> return;
> @@ -391,13 +394,15 @@ static void get_model_name(struct cpuinfo_x86 *c)
> cpuid(0x80000002, &v[0], &v[1], &v[2], &v[3]);
> cpuid(0x80000003, &v[4], &v[5], &v[6], &v[7]);
> cpuid(0x80000004, &v[8], &v[9], &v[10], &v[11]);
> - c->x86_model_id[48] = 0;
> + c->x86_model_id[MODEL_ID_MAXLEN] = 0;
>
> /*
> * Remove leading whitespace on Intel processors and trailing
> * whitespace on AMD processors.
> */
> - memmove(c->x86_model_id, strim(c->x86_model_id), 48);
> + model = strim(c->x86_model_id);
> +
> + memmove(c->x86_model_id, model, strnlen(model, MODEL_ID_MAXLEN) + 1);
I don't see any value in the #define or strnlen over strlen as
it's guaranteed terminated by the = 0 above, but <shrug> thanks.
cheers, Joe
--
To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|