Xen project Mailing List

Re: [PATCH v2] ARM: xen: validate hypervisor compatible before parsing its version

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Mon, 6 Apr 2026 10:45:54 -0700 (PDT)

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=k20201202 header.d=kernel.org header.i="@kernel.org" header.h="Date:From:To:cc:Subject:In-Reply-To:References"

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, jgross@xxxxxxxx

Delivery-date: Mon, 06 Apr 2026 17:46:18 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Sun, 5 Apr 2026, Pengpeng Hou wrote: > fdt_find_hyper_node() reads the raw compatible property and then derives > hyper_node.version from a prefix match before later printing it with %s. > Flat DT properties are external boot input, and this path does not prove > that the first compatible entry is NUL-terminated within the returned > property length. > > Keep the existing flat-DT lookup path, but verify that the first > compatible entry terminates within the returned property length before > deriving the version suffix from it. > > Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx> Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx> > --- > Changes since v1: > - keep `of_get_flat_dt_prop()` instead of switching to `fdt_stringlist_get()` > - validate the first compatible entry with bounded `strnlen()` > > arch/arm/xen/enlighten.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c > index 4feed2c2..25a0ce3b 100644 > --- a/arch/arm/xen/enlighten.c > +++ b/arch/arm/xen/enlighten.c > @@ -218,8 +218,9 @@ static __initdata struct { > static int __init fdt_find_hyper_node(unsigned long node, const char *uname, > int depth, void *data) > { > - const void *s = NULL; > + const char *s = NULL; > int len; > + size_t prefix_len = strlen(hyper_node.prefix); > > if (depth != 1 || strcmp(uname, "hypervisor") != 0) > return 0; > @@ -228,9 +229,10 @@ static int __init fdt_find_hyper_node(unsigned long > node, const char *uname, > hyper_node.found = true; > > s = of_get_flat_dt_prop(node, "compatible", &len); > - if (strlen(hyper_node.prefix) + 3 < len && > - !strncmp(hyper_node.prefix, s, strlen(hyper_node.prefix))) > - hyper_node.version = s + strlen(hyper_node.prefix); > + if (s && len > 0 && strnlen(s, len) < len && > + len > prefix_len + 3 && > + !strncmp(hyper_node.prefix, s, prefix_len)) > + hyper_node.version = s + prefix_len; > > /* > * Check if Xen supports EFI by checking whether there is the > -- > 2.50.1 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.