|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v5 08/14] hvmloader: Locate the BIOS blob
>>> On 30.06.16 at 17:04, <anthony.perard@xxxxxxxxxx> wrote:
> On Mon, Jun 27, 2016 at 01:13:43AM -0600, Jan Beulich wrote:
>> >>> On 24.06.16 at 19:02, <anthony.perard@xxxxxxxxxx> wrote:
>> > On Fri, Jun 24, 2016 at 01:33:45AM -0600, Jan Beulich wrote:
>> >> >>> On 22.06.16 at 19:15, <anthony.perard@xxxxxxxxxx> wrote:
>> >> > + for ( i = 0; i < info->nr_modules; i++ )
>> >> > + {
>> >> > + uint32_t module_name = modlist[i].cmdline_paddr;
>> >> > +
>> >> > + /* Skip if the module or its cmdline is missing. */
>> >> > + if ( !module_name || !modlist[i].paddr )
>> >> > + continue;
>> >> > +
>> >> > + /* Skip if the cmdline can not be read. */
>> >> > + if ( modlist[i].cmdline_paddr > UINT_MAX )
>> >> > + continue;
>> >>
>> >> Similarly here.
>> >
>> > Here, I don't know the size of the cmdline and I don't think calling an
>> > extra strlen() would be usefull. I think that the strcmp() below is going
>> > to
>> > be enough for the top bondary check.
>>
>> No - once you reach the 4Gb boundary, the compare would continue
>> at address zero. That's not what you want.
>> > Or I could use the size of name.
>>
>> Size of name?
>
> The function get_module_entry() takes an argument called "name", I think
> I was proposing to use that, strlen(name).
>
> So, I'm going to add this condition:
> (cmdline_paddr + strlen(name) > UINTPTR_MAX)
> name is the string we are going to compare cmdline to. I think that
> will be enough to do a full check of the module cmdline.
Makes sense.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |