Xen project Mailing List

Re: [PATCH] xen/hypfs: fix writing of custom parameter

Date: Fri, 11 Sep 2020 11:31:22 +0200

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Fri, 11 Sep 2020 09:31:50 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 11.09.2020 07:30, Juergen Gross wrote: > Today the maximum allowed data length for writing a hypfs node is > tested in the generic hypfs_write() function. For custom runtime > parameters this might be wrong, as the maximum allowed size is derived > from the buffer holding the current setting, while there might be ways > to set the parameter needing more characters than the minimal > representation of that value. > > One example for this is the "ept" parameter. Its value buffer is sized > to be able to hold the string "exec-sp=0" or "exec-sp=1", while it is > allowed to use e.g. "no-exec-sp" or "exec-sp=yes" for setting it. > > Fix that by moving the length check one level down to the type > specific write function. > > In order to avoid allocation of arbitrary sized buffers use a new > MAX_PARAM_SIZE macro as an upper limit for custom writes. The value > of MAX_PARAM_SIZE is the same as the limit in parse_params() for a > single parameter. > > Fixes: 5b5ccafb0c42 ("xen: add basic hypervisor filesystem support") Perhaps rather a659d7cab9af ("xen: add runtime parameter access support to hypfs"), as that where hypfs_write_custom() got introduced? > Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Signed-off-by: Juergen Gross <jgross@xxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.