[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/6] xen/dt-overlay: check overlay size before memcmp in tracker lookup

  • To: Michal Orzel <michal.orzel@xxxxxxx>
  • From: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • Date: Wed, 15 Apr 2026 15:07:24 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 4.158.2.129) smtp.rcpttodomain=amd.com smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U9aOtsz1H8UBDHomtN3Nu4TE7/nAC3uZn18LYU+VbfA=; b=UK6GJgINEfFcOyyRz1ESfCiz0bOjshLBAFIBhdD5HOd58dc3u0RYYeZAgQiaCZwHx5b6XiT0F7a59NKYsXOK+nr1a2bUbM9x75O7ry5oTCSg+PQ8pupk/0S3Oq7lG1G9F6tTZ0HMK1Pw0ABH78DYFMCd1jGnwS9i9Zr1sZJ37pm8ae8BapWZXF/fqfTfd/LetcJKVkYAdBV3BUwREWXcgXpP4mdcpdWHSkTEidyFcEzR/+3oM6WVY/mIaKxjZGT86cxzlKFu3h/U5Wu+Dr3VM9B5YnVN7Lo74VpMh0XqqXLUxFUG1AsMZPBHsXKGvONHhEBKhGHbjrS5A6+te7E1FQ==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U9aOtsz1H8UBDHomtN3Nu4TE7/nAC3uZn18LYU+VbfA=; b=AOff8n/peNH2ZM+AVn4Th0Jfbwqpwb/dQjIf7Jq+K1nEzDBl9UfMyJBgDN2hMSYmdxtalm3blw6vpzQ/q0PLf74RK7sGKXbV3NVKCQ3qDszqpi5Je3h9gWzKjq1L6xf3AVz4rnahVP3iRU/zK3KqPDyuDWUKegexJ3fDU/34MXkrh/QkrCwWJU04Pa84tMX57lejd9ybLWPjSX/1e2rXkTG5mOaGhy/BM3FRuxZaXof0P22oSAjIg2qzUMQtqlTI/8KvQdyNnRNoWlPVK+3Sacy8uJoN48a3ap2OoNOfe7xfh40+EVh9o/dkTii4LRA+smR4cdLIftZ8JVJtqpKeJQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=locPtHOB+9iYyEBFRyZqPoCeJliiNLG7ZxaJiZEMce51ppBIlo6KGfk2zzpmGTVE/QmOvzY9p098vYdD4jfuAtRF0bQeXN2SeGwKaEu+f426W2+jTHYKM1x1WAZfBNDrzWYWgVF6+lkj/RhOT5OQawPJHYGuZFPUhI6N1PjTpOEk/T0Mc24a4ezDRCjTcH/KK1X9xojAm6DbcaCUHG1w1l4rP68cz0ZaFdOXQZZNOg4C9Y1dDcazZJ5HKJgM5SHlMRa6qdEOJRhLsOiG0XjNi/fSn/zfmXlU3px+CYQPRbcU8sQmU0r5z3h1Fk20tv907BU4k3STDffXRldkqPTKJA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QYm7x4DHlgs/g1iFjYo9woIwB7QupL0VXS0SFBrjs+G0H7dPCgvk8MjrcsHRyrhunrVI4Ax0IXQC4WxOMpPrf0VeCzi+19gmPQEIIntS57nko1h4lJYzBNFKzM2YFqWd8D6FSDC638VuxG1MjUp6Nko4xg8SxJ1BcwsBLXGOewElbWLIw/wlxvbwF97TaY/+QbebmaNM/abCUkTpuC4kQe7RTxGprPSkwzlkQ7pkT7iRc2DtlX+/bW8EchdCTecF5yuAL/k/FMV3HLlwUEVTLn1HC3eSSbDQqDdj8ybSiyHALTrVZKnao3+C19h+Ze7pFoxd/hBW+PNwf2xI807xJg==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=arm.com header.i="@arm.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"; dkim=pass header.s=selector1 header.d=arm.com header.i="@arm.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Delivery-date: Wed, 15 Apr 2026 15:08:39 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Thread-index: AQHczMxJg8ELi4EY80SLuelicY+ivrXgOWQA
  • Thread-topic: [PATCH 3/6] xen/dt-overlay: check overlay size before memcmp in tracker lookup
Hi Michal,

> On 15 Apr 2026, at 12:36, Michal Orzel <michal.orzel@xxxxxxx> wrote:
> 
> find_track_entry_from_tracker() compares overlay_fdt_size bytes of the
> stored overlay against the input without verifying that the stored
> overlay is at least that large. If the input is larger, memcmp reads
> past the stored allocation. If smaller, a prefix match could falsely
> succeed.
> 
> Compare fdt_totalsize() of the stored overlay against overlay_fdt_size
> first. Both values are validated by check_overlay_fdt() at their
> respective entry points, so no additional field in overlay_track is
> needed.
> 
> Fixes: 7e5c4a8b86f1 ("xen/arm: Implement device tree node removal 
> functionalities")
> Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
> ---

Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>

Cheers,
Luca

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.