From: Alejandro Vallejo <agarciav@amd.com>
To: "Daniel P. Smith" <dpsmith@apertussolutions.com>,
<xen-devel@lists.xenproject.org>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
Julien Grall <julien@xen.org>,
Bertrand Marquis <bertrand.marquis@arm.com>,
Michal Orzel <michal.orzel@amd.com>,
Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
Subject: Re: [PATCH 12/19] xen/dt: Move bootfdt functions to xen/bootfdt.h
Date: Thu, 5 Jun 2025 20:03:10 +0200 [thread overview]
Message-ID: <DAESPUKPILGY.3MLDXU7XG65X1@amd.com> (raw)
In-Reply-To: <a66c11c4-cfac-4934-b1f5-e07c728db8de@apertussolutions.com>
On Mon Jun 2, 2025 at 10:25 PM CEST, Daniel P. Smith wrote:
>> +/* Helper to read a big number; size is in cells (not bytes) */
>> +static inline u64 dt_read_number(const __be32 *cell, int size)
>> +{
>> + u64 r = 0;
>> +
>> + while ( size-- )
>> + r = (r << 32) | be32_to_cpu(*(cell++));
>> + return r;
>> +}
>
> I know you are trying to keep code changes to a minimal but let's not
> allow poorly constructed logic like this to continue to persist. This is
> an unbounded, arbitrary read function that is feed parameters via
> externally input. The DT spec declares only two number types for a
> property, u32 and u64, see Table 2.3 in Section 2.2.4. There is no
> reason to have an unbounded, arbitrary read function lying around
> waiting to be leveraged in exploitation.
Seeing how it's a big lump of code motion, I really don't want to play games
or I will myself lose track of what I changed and what I didn't.
While I agree it should probably be a switch statement (or factored away
altogether), this isn't the place for it.
Cheers,
Alejandro
next prev parent reply other threads:[~2025-06-05 18:03 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-21 14:35 Hyperlaunch/dom0less code sharing Alejandro Vallejo
2025-05-21 14:42 ` Jan Beulich
2025-05-21 21:07 ` Stefano Stabellini
2025-05-21 15:31 ` Daniel P. Smith
2025-05-21 17:32 ` Daniel P. Smith
2025-05-22 12:02 ` Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 00/19] Allow x86 to unflatten DTs Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 01/19] licence: Add missing SPDX line to bootfdt.h Alejandro Vallejo
2025-05-30 12:41 ` Orzel, Michal
2025-05-30 12:02 ` [PATCH 02/19] x86: Add missing pci_dev forward declaration in asm/pci.h Alejandro Vallejo
2025-05-30 21:04 ` Jason Andryuk
2025-06-02 13:45 ` Alejandro Vallejo
2025-06-02 16:40 ` Jason Andryuk
2025-05-31 0:42 ` Stefano Stabellini
2025-06-02 7:48 ` Jan Beulich
2025-06-02 14:01 ` Alejandro Vallejo
2025-06-02 14:19 ` Jan Beulich
2025-05-30 12:02 ` [PATCH 03/19] riscv: Add missing forward declaration to intc.h Alejandro Vallejo
2025-05-31 0:43 ` Stefano Stabellini
2025-05-30 12:02 ` [PATCH 04/19] xen: Add missing forward declaration to btcpupools_get_domain_pool_id Alejandro Vallejo
2025-05-31 0:46 ` Stefano Stabellini
2025-06-02 14:05 ` Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 05/19] arm: Remove dependencies with membank(s) definitions from setup.h Alejandro Vallejo
2025-05-31 0:51 ` Stefano Stabellini
2025-06-02 14:07 ` Alejandro Vallejo
2025-06-05 13:28 ` Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 06/19] xen: Clean up asm-generic/device.h Alejandro Vallejo
2025-05-31 0:55 ` Stefano Stabellini
2025-06-02 7:51 ` Jan Beulich
2025-06-02 14:19 ` Alejandro Vallejo
2025-06-02 14:24 ` Jan Beulich
2025-06-05 14:15 ` Alejandro Vallejo
2025-06-05 14:20 ` Jan Beulich
2025-06-05 16:48 ` Alejandro Vallejo
2025-06-06 6:24 ` Jan Beulich
2025-05-30 12:02 ` [PATCH 07/19] arm/gnttab: Break cycle between asm/grant_table.h and xen/grant_table.h Alejandro Vallejo
2025-05-30 21:04 ` Jason Andryuk
2025-05-31 0:57 ` Stefano Stabellini
2025-06-02 14:20 ` Alejandro Vallejo
2025-06-02 7:53 ` Jan Beulich
2025-06-02 14:30 ` Alejandro Vallejo
2025-06-02 14:51 ` Jan Beulich
2025-06-02 16:39 ` Alejandro Vallejo
2025-06-03 7:04 ` Jan Beulich
2025-06-05 17:22 ` Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 08/19] xen/dt: Add BOOTMOD_MICROCODE Alejandro Vallejo
2025-05-31 0:59 ` Stefano Stabellini
2025-06-05 17:24 ` Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 09/19] x86: Preinitialise all modules to be of kind BOOTMOD_UNKNOWN Alejandro Vallejo
2025-05-31 1:07 ` Stefano Stabellini
2025-06-02 7:55 ` Jan Beulich
2025-06-05 17:24 ` Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 10/19] x86: Replace boot_module with bootmodule Alejandro Vallejo
2025-05-31 1:15 ` Stefano Stabellini
2025-06-02 16:31 ` Alejandro Vallejo
2025-06-02 17:00 ` Andrew Cooper
2025-06-05 17:28 ` Alejandro Vallejo
2025-06-05 17:40 ` Alejandro Vallejo
2025-06-06 6:56 ` Jan Beulich
2025-06-06 20:14 ` Stefano Stabellini
2025-05-30 12:02 ` [PATCH 11/19] x86: Replace boot_domain with kernel_info Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 12/19] xen/dt: Move bootfdt functions to xen/bootfdt.h Alejandro Vallejo
2025-05-31 0:35 ` dmkhn
2025-06-02 7:29 ` Orzel, Michal
2025-06-03 0:38 ` dmkhn
2025-06-02 16:41 ` Alejandro Vallejo
2025-06-03 0:42 ` dmkhn
2025-05-31 1:31 ` Stefano Stabellini
2025-05-31 1:40 ` Stefano Stabellini
2025-06-02 20:25 ` Daniel P. Smith
2025-06-05 18:03 ` Alejandro Vallejo [this message]
2025-06-05 23:19 ` Stefano Stabellini
2025-06-17 1:32 ` Daniel P. Smith
2025-05-30 12:02 ` [PATCH 13/19] xen/dt: Move bootinfo functions to a new bootinfo.h Alejandro Vallejo
2025-05-31 1:42 ` Stefano Stabellini
2025-06-05 18:04 ` Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 14/19] xen/dt: Rename bootfdt.c -> bootinfo-fdt.c Alejandro Vallejo
2025-05-31 1:44 ` Stefano Stabellini
2025-05-30 12:02 ` [PATCH 15/19] xen/dt: Move bootinfo-independent helpers out of bootinfo-fdt.c Alejandro Vallejo
2025-05-31 0:39 ` dmkhn
2025-06-05 18:11 ` Alejandro Vallejo
2025-05-31 1:47 ` Stefano Stabellini
2025-06-02 8:00 ` Jan Beulich
2025-05-30 12:02 ` [PATCH 16/19] xen/dt: Extract helper to map nodes to module kinds Alejandro Vallejo
2025-05-31 1:48 ` Stefano Stabellini
2025-05-30 12:02 ` [PATCH 17/19] xen/dt: ifdef out DEV_DT-related bits from device_tree.{c,h} Alejandro Vallejo
2025-05-30 12:02 ` [PATCH 18/19] xen/dt: Allow CONFIG_DOM0LESS_BOOT to include device-tree/ Alejandro Vallejo
2025-05-30 12:05 ` [PATCH 19/19] kconfig: Allow x86 to pick CONFIG_DOM0LESS_BOOT Alejandro Vallejo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DAESPUKPILGY.3MLDXU7XG65X1@amd.com \
--to=agarciav@amd.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=bertrand.marquis@arm.com \
--cc=dpsmith@apertussolutions.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.