[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 12/19] xen/dt: Move bootfdt functions to xen/bootfdt.h
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Alejandro Vallejo <agarciav@xxxxxxx>
- Date: Thu, 5 Jun 2025 20:03:10 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=apertussolutions.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LQaIIJRniKD+GuB6JGARqRaiARUWmfX5G84pNUynaSI=; b=HTByM6F+Rxx9WM2ruGkk/L8L0Lj8gMwXVFF2lNWIuwErLBUpLIdp0uxiilmw9CNvWDgT2SNchznl8it7oMVaTHFvxrWd7O24RS5bm6VRXbR4kVY/DHwIq7OkyMldFt6U58M8xBDQJJz/8GN3JO4JdLFmjRZ33XvYDRpL4N75CifJqoTLbRUHBtNIS4k3xUGuTVfbQQ41WufuDytnPhK5hLBMMHBeex5ttfjZxEWgMhl0vOzlPIP7jlsNc2Xya78IIagglt3YvDaB8fS3eYocH/v32C3xF67JTpOFBmkb8O4xrf+3gKyAo24xeyFL6e2yNY4IjiE7X36QxCv5gyR7Lg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qdYdMgr++/P9ntTJ7gqyngj3T0QT3fC5a3dqpyF5VzxSjaPypChMS8+v/1VurHN1Wj7qAwUgq78psjwLYH4i4xfPlsE8y7Ni58JvLKDHOorUwHq6+LFJG2C50JFdVSH7OhSBeYfET/iK/F6njvyrWnUdRfipKhYTPnutNlgLH7yeMxAmySK96Js8Me/xqx+Yh6ImJXJtiI6V7a55rKv9owoS3iRdDfUFa7WfMmLp2wWt7i+YiXnIWTly0WmdkYjQenHPk5W+5PKC2PGoukqMVNhEhTKGnrhJ+L4EGuqibZx0p1kCW5Duz8ML0yMEmK66SVjWAZ1vPHD6wPRxJHBO8g==
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- Delivery-date: Thu, 05 Jun 2025 18:03:30 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon Jun 2, 2025 at 10:25 PM CEST, Daniel P. Smith wrote:
>> +/* Helper to read a big number; size is in cells (not bytes) */
>> +static inline u64 dt_read_number(const __be32 *cell, int size)
>> +{
>> + u64 r = 0;
>> +
>> + while ( size-- )
>> + r = (r << 32) | be32_to_cpu(*(cell++));
>> + return r;
>> +}
>
> I know you are trying to keep code changes to a minimal but let's not
> allow poorly constructed logic like this to continue to persist. This is
> an unbounded, arbitrary read function that is feed parameters via
> externally input. The DT spec declares only two number types for a
> property, u32 and u64, see Table 2.3 in Section 2.2.4. There is no
> reason to have an unbounded, arbitrary read function lying around
> waiting to be leveraged in exploitation.
Seeing how it's a big lump of code motion, I really don't want to play games
or I will myself lose track of what I changed and what I didn't.
While I agree it should probably be a switch statement (or factored away
altogether), this isn't the place for it.
Cheers,
Alejandro
|
