From: Andrew Cooper Date: Fri, 5 Aug 2016 13:26:21 +0000 (+0100) Subject: x86/microcode: Avoid undefined behaviour from signed integer overflow X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~575 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=e64f22df3c1a0b70031ad6e8c0fc875d27cc5c3c;p=xen.git x86/microcode: Avoid undefined behaviour from signed integer overflow The checksums should be calculated using unsigned 32bit integers, as they are intended to overflow and end at 0. Replace some other signed integers with unsigned ones, to avoid mixed-sign comparisons. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Acked-by: Kevin Tian --- diff --git a/xen/arch/x86/microcode_intel.c b/xen/arch/x86/microcode_intel.c index 6949c25c99..93d9d0f6b7 100644 --- a/xen/arch/x86/microcode_intel.c +++ b/xen/arch/x86/microcode_intel.c @@ -143,7 +143,8 @@ static int microcode_sanity_check(void *mc) struct extended_sigtable *ext_header = NULL; struct extended_signature *ext_sig; unsigned long total_size, data_size, ext_table_size; - int sum, orig_sum, ext_sigcount = 0, i; + unsigned int ext_sigcount = 0, i; + uint32_t sum, orig_sum; total_size = get_totalsize(mc_header); data_size = get_datasize(mc_header); @@ -183,8 +184,8 @@ static int microcode_sanity_check(void *mc) /* check extended table checksum */ if ( ext_table_size ) { - int ext_table_sum = 0; - int *ext_tablep = (int *)ext_header; + uint32_t ext_table_sum = 0; + uint32_t *ext_tablep = (uint32_t *)ext_header; i = ext_table_size / DWSIZE; while ( i-- ) @@ -201,7 +202,7 @@ static int microcode_sanity_check(void *mc) orig_sum = 0; i = (MC_HEADER_SIZE + data_size) / DWSIZE; while ( i-- ) - orig_sum += ((int *)mc)[i]; + orig_sum += ((uint32_t *)mc)[i]; if ( orig_sum ) { printk(KERN_ERR "microcode: aborting, bad checksum\n");