From: Oleksii Kurochko <oleksii.kurochko@gmail.com>
To: "Orzel, Michal" <michal.orzel@amd.com>, xen-devel@lists.xenproject.org
Cc: Baptiste Le Duc <baptiste.le-duc@vates.tech>,
Stefano Stabellini <sstabellini@kernel.org>,
Julien Grall <julien@xen.org>,
Bertrand Marquis <bertrand.marquis@arm.com>
Subject: Re: [PATCH v1 3/3] xen/libfdt: fix UBSAN null pointer in fdt_property()
Date: Tue, 19 May 2026 11:16:55 +0200 [thread overview]
Message-ID: <e943765c-45f6-4802-bef6-e2fffd49149e@gmail.com> (raw)
In-Reply-To: <ca61a607-2f55-47b6-93f2-c25079dfd88b@amd.com>
Hi Michal,
On 5/19/26 10:49 AM, Orzel, Michal wrote:
> Hi Oleksii,
>
> We treat libfdt as external library and we don't accept any edits here prior to
> first sending a fix to libfdt and then cherry-picking a patch (in fact, afacit
> we then do the libfdt version update).
Thanks for clarifying that.
Just to be sure I don't confuse something.
According to the commit ...:
commit ad9cf6bde5b90d4c1e5a79a2803e98d6344c27d7
Author: Vikram Garhwal <fnu.vikram@xilinx.com>
Date: Thu Nov 11 23:27:20 2021 -0800
Update libfdt to v1.6.1
Update libfdt to v1.6.1 of libfdt taken from
git://github.com/dgibson/dtc.
This update is done to support device tree overlays.
... I have to send this patch to git://github.com/dgibson/dtc, right?
~ Oleksii
> On 19-May-26 10:39, Oleksii Kurochko wrote:
>> fdt_property() unconditionally calls memcpy(ptr, val, len) even when
>> len is zero and val is NULL. This is a legitimate calling convention
>> for adding empty FDT properties such as "interrupt-controller", which
>> carry no payload.
>>
>> In Xen, memcpy() maps to __builtin_memcpy(). The compiler treats
>> __builtin_memcpy as nonnull on its pointer arguments, so UBSAN fires
>> before it can observe that len is zero:
>> UBSAN: Undefined behaviour in common/libfdt/fdt_sw.c:333:2
>> null pointer passed as argument 2, declared with nonnull
>> attribute
>>
>> Guard the memcpy() with a check on len so it is skipped entirely when
>> there is no payload to copy, bringing the code in line with the
>> nonnull contract.
>>
>> Fixes: f0ea06558068 ("libfdt: add version 1.3.0")
>> Signed-off-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
>> Reviewed-by: Baptiste Le Duc <baptiste.le-duc@vates.tech>
>> ---
>> xen/common/libfdt/fdt_sw.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/common/libfdt/fdt_sw.c b/xen/common/libfdt/fdt_sw.c
>> index 4c569ee7eb0d..96d4cf571319 100644
>> --- a/xen/common/libfdt/fdt_sw.c
>> +++ b/xen/common/libfdt/fdt_sw.c
>> @@ -330,7 +330,8 @@ int fdt_property(void *fdt, const char *name, const void *val, int len)
>> ret = fdt_property_placeholder(fdt, name, len, &ptr);
>> if (ret)
>> return ret;
>> - memcpy(ptr, val, len);
>> + if (len)
>> + memcpy(ptr, val, len);
>> return 0;
>> }
>>
>
next prev parent reply other threads:[~2026-05-19 9:17 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-19 8:39 [PATCH v1 0/3] UBSAN fixes Oleksii Kurochko
2026-05-19 8:39 ` [PATCH v1 1/3] xen/riscv: fix switch_stack_and_jump() Oleksii Kurochko
2026-05-19 9:28 ` Jan Beulich
2026-05-19 10:50 ` Oleksii Kurochko
2026-05-19 11:48 ` Jan Beulich
2026-05-19 11:50 ` Andrew Cooper
2026-05-19 8:39 ` [PATCH v1 2/3] xen/domain: fix UBSAN null pointer dereference in vcpu_info_reset() Oleksii Kurochko
2026-05-19 9:37 ` Jan Beulich
2026-05-19 10:55 ` Oleksii Kurochko
2026-05-19 11:22 ` Oleksii Kurochko
2026-05-19 11:32 ` Andrew Cooper
2026-05-19 11:48 ` Oleksii Kurochko
2026-05-19 11:51 ` Jan Beulich
2026-05-19 11:56 ` Andrew Cooper
2026-05-19 12:06 ` Jan Beulich
2026-05-19 13:50 ` Andrew Cooper
2026-05-19 13:52 ` Oleksii Kurochko
2026-05-19 11:53 ` Jan Beulich
2026-05-20 11:33 ` Oleksii Kurochko
2026-05-20 12:03 ` Jan Beulich
2026-05-20 13:40 ` Oleksii Kurochko
2026-05-20 14:21 ` Jan Beulich
2026-05-20 15:08 ` Oleksii Kurochko
2026-05-20 15:21 ` Oleksii Kurochko
2026-05-19 8:39 ` [PATCH v1 3/3] xen/libfdt: fix UBSAN null pointer in fdt_property() Oleksii Kurochko
2026-05-19 8:49 ` Orzel, Michal
2026-05-19 9:16 ` Oleksii Kurochko [this message]
2026-05-19 9:37 ` Orzel, Michal
2026-05-20 7:51 ` Oleksii Kurochko
2026-05-20 7:56 ` Orzel, Michal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e943765c-45f6-4802-bef6-e2fffd49149e@gmail.com \
--to=oleksii.kurochko@gmail.com \
--cc=baptiste.le-duc@vates.tech \
--cc=bertrand.marquis@arm.com \
--cc=julien@xen.org \
--cc=michal.orzel@amd.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.