[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v8.1 26/27] xsplice: Prevent duplicate payloads from being loaded.

>>> Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> 04/14/16 12:03 AM >>>
>--- a/xen/common/xsplice.c
>+++ b/xen/common/xsplice.c
>@@ -517,6 +517,8 @@ static int prepare_payload(struct payload *payload,
     >sec = xsplice_elf_sec_by_name(elf, ".note.gnu.build-id");
     >if ( sec )
     >{
>+        struct payload *data;

And I guess you can guess it: const.

>@@ -528,6 +530,20 @@ static int prepare_payload(struct payload *payload,
 >
         >if ( !payload->id.len || !payload->id.p )
             >return -EINVAL;
>+
>+        /* Make sure it is not a duplicate. */
>+        list_for_each_entry ( data, &payload_list, list )
>+        {
>+            /* No way _this_ payload is on the list. */
>+            ASSERT(data != payload);
>+            if ( data->id.len &&

Checking for zero on a _loaded_ module seems pointless now that you
require build IDs. Independent of that you anyway need

data->id.len != payload->id.len ||

>+                 !memcmp(data->id.p, payload->id.p, data->id.len) )

Or else this is possibly accessing out of bounds data.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.