Brainy: bug in x86/cpu_ucode_intel.c

To: tech-kern%netbsd.org@localhost
Subject: Brainy: bug in x86/cpu_ucode_intel.c
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sat, 3 Oct 2015 14:46:26 +0200

Hi,

-------------------- sys/arch/x86/x86/cpu_ucode_intel.c --------------------

129		uh = kmem_alloc(newbufsize, KM_SLEEP);
		if (uh == NULL) {
			printf("%s: memory allocation failed\n", __func__);
			return EINVAL;
		}
		uh = (struct intel1_ucode_header *)roundup2((uintptr_t)uh, 16);
		/* Copy to the new area */
		memcpy(uh, sc->sc_blob, sc->sc_blobsize);
	}

	kpreempt_disable();

	intel_getcurrentucode(&oucodeversion, &platformid);
	if (oucodeversion >= ucodetarget) {
		kpreempt_enable();
		rv = EEXIST; /* ??? */
		goto out;
	}

...

out:
	if (newbufsize != 0)
		kmem_free(uh, newbufsize);
	return rv;

----------------------------------------------------------------------------

You can see that the pointer given to kmem_free() is not the one kmem_alloc
returned. Actually, I don't understand at all what this code is supposed to
do. Found by Brainy.

Maxime

Follow-Ups:
- Re: Brainy: bug in x86/cpu_ucode_intel.c
  - From: Joerg Sonnenberger

Prev by Date: EuroBSDCon 2015 DevSummit presentation material (IIJ)
Next by Date: Re: Brainy: bug in x86/cpu_ucode_intel.c
Previous by Thread: EuroBSDCon 2015 DevSummit presentation material (IIJ)
Next by Thread: Re: Brainy: bug in x86/cpu_ucode_intel.c
Indexes:

Home | Main Index | Thread Index | Old Index