|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [no subject]
>From beef0e250a8453d76f9c6fb530a61b8110d4bd53 Mon Sep 17 00:00:00 2001
From: Pengpeng Hou <pengpeng@xxxxxxxxxxx>
Date: Fri, 3 Apr 2026 10:42:09 +0800
Message-ID: <20260403111502.2-dt-arm-xen-pengpeng@xxxxxxxxxxx>
To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx,
linux-kernel@xxxxxxxxxxxxxxx, pengpeng@xxxxxxxxxxx
Subject: [PATCH] ARM: xen: validate hypervisor compatible before parsing its
version
X-CM-TRANSID:rQCowACXtt3UKs9pxlS4DA--.8142S2
X-Coremail-Antispam: 1UD129KBjvJXoW7Zr4rtFWkCF4rJr1kZF1UKFg_yoW8Zw4fpF
Zakr9avFWrt3WxWa4IyFyv9Fy5GF4kXrW2qFykZ3Wjyrnrtw1rXrWIvF1SvFn3ArW8W343
ZrWjyFn5AF47X3DanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
9KBjDU0xBIdaVrnRJUUUkm14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0
rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02
1l84ACjcxK6xIIjxv20xvE14v26F1j6w1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26F4j
6r4UJwA2z4x0Y4vEx4A2jsIE14v26F4UJVW0owA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Gc
CE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E
2Ix0cI8IcVAFwI0_Jrv_JF1lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWUJV
W8JwACjcxG0xvEwIxGrwACjI8F5VA0II8E6IAqYI8I648v4I1lc7CjxVAaw2AFwI0_JF0_
Jw1l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxV
WUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMIIYrxkI
7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r
1j6r4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI
42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjfU5oGQDUUUU
X-Originating-IP: [111.196.245.197]
X-CM-SenderInfo: pshqw1xhqjqxpvfd2hldfou0/
fdt_find_hyper_node() reads the raw compatible property and then
derives hyper_node.version from a prefix match before later printing it
with %s. Flat DT properties are external boot input, and this path does
not prove that the compatible string is NUL-terminated within its
declared bounds.
Fetch the first compatible entry with fdt_stringlist_get() so malformed
unterminated properties are rejected before the version suffix is
parsed.
Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx>
---
arch/arm/xen/enlighten.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
index 4feed2c2498d..f69290a4c639 100644
--- a/arch/arm/xen/enlighten.c
+++ b/arch/arm/xen/enlighten.c
@@ -19,6 +19,7 @@
#include <asm/efi.h>
#include <linux/interrupt.h>
#include <linux/irqreturn.h>
+#include <linux/libfdt.h>
#include <linux/module.h>
#include <linux/of.h>
#include <linux/of_fdt.h>
@@ -218,8 +219,9 @@ static __initdata struct {
static int __init fdt_find_hyper_node(unsigned long node, const char *uname,
int depth, void *data)
{
- const void *s = NULL;
+ const char *s = NULL;
int len;
+ size_t prefix_len = strlen(hyper_node.prefix);
if (depth != 1 || strcmp(uname, "hypervisor") != 0)
return 0;
@@ -227,10 +229,10 @@ static int __init fdt_find_hyper_node(unsigned long node,
const char *uname,
if (of_flat_dt_is_compatible(node, hyper_node.compat))
hyper_node.found = true;
- s = of_get_flat_dt_prop(node, "compatible", &len);
- if (strlen(hyper_node.prefix) + 3 < len &&
- !strncmp(hyper_node.prefix, s, strlen(hyper_node.prefix)))
- hyper_node.version = s + strlen(hyper_node.prefix);
+ s = fdt_stringlist_get(initial_boot_params, node, "compatible", 0,
&len);
+ if (s && len > prefix_len + 2 &&
+ !strncmp(hyper_node.prefix, s, prefix_len))
+ hyper_node.version = s + prefix_len;
/*
* Check if Xen supports EFI by checking whether there is the
--
2.50.1 (Apple Git-155)
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |