Re: [PULL 23/49] hw/core: Add Enclave Image Format (EIF) related helpers

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Maydell <peter.maydell@linaro.org>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, Dorjoy Chowdhury <dorjoychy111@gmail.com>,
	 Alexander Graf <graf@amazon.com>
Subject: Re: [PULL 23/49] hw/core: Add Enclave Image Format (EIF) related helpers
Date: Tue, 5 Nov 2024 11:43:50 +0000	[thread overview]
Message-ID: <CAFEAcA_mJtsuqSOnDfBLuX+cTuAmDHksRhGA3jq=5tUS5RKn4A@mail.gmail.com> (raw)
In-Reply-To: <20241031175214.214455-24-pbonzini@redhat.com>

On Thu, 31 Oct 2024 at 17:54, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> From: Dorjoy Chowdhury <dorjoychy111@gmail.com>
>
> An EIF (Enclave Image Format)[1] file is used to boot an AWS nitro
> enclave[2] virtual machine. The EIF file contains the necessary kernel,
> cmdline, ramdisk(s) sections to boot.
>
> Some helper functions have been introduced for extracting the necessary
> sections from an EIF file and then writing them to temporary files as
> well as computing SHA384 hashes from the section data. These will be
> used in the following commit to add support for nitro-enclave machine
> type in QEMU.
>
> The files added in this commit are not compiled yet but will be added
> to the hw/core/meson.build file in the following commit where
> CONFIG_NITRO_ENCLAVE will be introduced.
>
> [1] https://github.com/aws/aws-nitro-enclaves-image-format
> [2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
>
> Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
> Reviewed-by: Alexander Graf <graf@amazon.com>
> Link: https://lore.kernel.org/r/20241008211727.49088-4-dorjoychy111@gmail.com
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Hi; Coverity raises a couple of potential issues with the
read_eif_file() function in this commit, which are both
"Coverity assumes the file we're reading is untrusted and is
unsure that we're correctly sanitizing data from it before use".
Could somebody who understands the use case here check whether
these need addressing?

CID 1564855 "overflowed integer argument" --
basically eif_header.section_offsets[i] is from the data
file and is a uint64_t, but we pass it to fseek() in
read_eif_file. fseek() takes a signed offset, so if the
section_offset in the file header is very large it will
be unexpectedly treated as a negative number.

CID 1564859 "untrusted value as argument" --
in the "default" case for handling a section type
we call g_malloc() with the uint64_t size from the header.
If the file data is bogus we might try to allocate a
huge amount of memory, which will cause g_malloc() to
kill QEMU.

thanks
-- PMM

next prev parent reply	other threads:[~2024-11-05 11:44 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-31 17:51 [PULL 00/49] i386, qom, build changes for 2024-10-31 Paolo Bonzini
2024-10-31 17:51 ` [PULL 01/49] stubs: avoid duplicate symbols in libqemuutil.a Paolo Bonzini
2024-10-31 17:51 ` [PULL 02/49] tests: add 'rust' and 'bindgen' to CI package list Paolo Bonzini
2024-10-31 17:51 ` [PULL 03/49] ci: enable rust in the Fedora system build job Paolo Bonzini
2024-10-31 17:51 ` [PULL 04/49] target/i386: fix CPUID check for LFENCE and SFENCE Paolo Bonzini
2024-11-04 18:17   ` Michael Tokarev
2024-11-04 18:31     ` Paolo Bonzini
2024-10-31 17:51 ` [PULL 05/49] scripts: remove erroneous file that breaks git clone on Windows Paolo Bonzini
2024-10-31 17:51 ` [PULL 06/49] configure: detect 64-bit MIPS Paolo Bonzini
2024-10-31 17:51 ` [PULL 07/49] configure, meson: deprecate 32-bit MIPS Paolo Bonzini
2024-10-31 17:51 ` [PULL 08/49] MAINTAINERS: Add myself as a reviewer of x86 general architecture support Paolo Bonzini
2024-10-31 17:51 ` [PULL 09/49] accel: remove dead statement and useless assertion Paolo Bonzini
2024-10-31 17:51 ` [PULL 10/49] i386/cpu: Drop the check of phys_bits in host_cpu_realizefn() Paolo Bonzini
2024-10-31 17:51 ` [PULL 11/49] qom: remove unused function Paolo Bonzini
2024-10-31 17:51 ` [PULL 12/49] qom: use object_new_with_class when possible Paolo Bonzini
2024-10-31 17:51 ` [PULL 13/49] qom: centralize module-loading functionality Paolo Bonzini
2024-10-31 17:51 ` [PULL 14/49] qom: let object_new use a module if the type is not present Paolo Bonzini
2024-10-31 17:51 ` [PULL 15/49] qom: allow user-creatable classes to be in modules Paolo Bonzini
2024-10-31 17:51 ` [PULL 16/49] target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit Paolo Bonzini
2024-10-31 17:51 ` [PULL 17/49] target/i386: Add PerfMonV2 " Paolo Bonzini
2024-10-31 17:51 ` [PULL 18/49] target/i386: Expose bits related to SRSO vulnerability Paolo Bonzini
2024-10-31 17:51 ` [PULL 19/49] target/i386: Expose new feature bits in CPUID 8000_0021_EAX/EBX Paolo Bonzini
2024-10-31 17:51 ` [PULL 20/49] target/i386/hvf: fix handling of XSAVE-related CPUID bits Paolo Bonzini
2024-10-31 17:51 ` [PULL 21/49] tests/lcitool: Update libvirt-ci and add libcbor dependency Paolo Bonzini
2024-10-31 17:51 ` [PULL 22/49] device/virtio-nsm: Support for Nitro Secure Module device Paolo Bonzini
2024-10-31 17:51 ` [PULL 23/49] hw/core: Add Enclave Image Format (EIF) related helpers Paolo Bonzini
2024-11-05 11:43   ` Peter Maydell [this message]
2024-11-05 12:51     ` Paolo Bonzini
2024-11-05 13:56       ` Dorjoy Chowdhury
2024-11-05 15:37         ` Alexander Graf
2024-11-05 16:22           ` Dorjoy Chowdhury
2024-10-31 17:51 ` [PULL 24/49] core/machine: Make create_default_memdev machine a virtual method Paolo Bonzini
2024-10-31 17:51 ` [PULL 25/49] machine/nitro-enclave: New machine type for AWS Nitro Enclaves Paolo Bonzini
2024-10-31 17:51 ` [PULL 26/49] docs/nitro-enclave: Documentation for nitro-enclave machine type Paolo Bonzini
2024-10-31 17:51 ` [PULL 27/49] ci: always invoke meson through pyvenv Paolo Bonzini
2024-10-31 17:51 ` [PULL 28/49] target/i386: use tcg_gen_ext_tl when applicable Paolo Bonzini
2024-10-31 17:51 ` [PULL 29/49] target/i386: Tidy cc_op_str usage Paolo Bonzini
2024-10-31 17:51 ` [PULL 30/49] target/i386: remove CC_OP_CLR Paolo Bonzini
2024-10-31 17:51 ` [PULL 31/49] target/i386: Rearrange CCOp Paolo Bonzini
2024-10-31 17:51 ` [PULL 32/49] target/i386: Introduce cc_op_size Paolo Bonzini
2024-10-31 17:51 ` [PULL 33/49] target/i386: Wrap cc_op_live with a validity check Paolo Bonzini
2024-10-31 17:51 ` [PULL 34/49] target/i386: optimize computation of ZF from CC_OP_DYNAMIC Paolo Bonzini
2024-10-31 17:51 ` [PULL 35/49] target/i386: optimize TEST+Jxx sequences Paolo Bonzini
2024-10-31 17:52 ` [PULL 36/49] target/i386: add a few more trivial CCPrepare cases Paolo Bonzini
2024-10-31 17:52 ` [PULL 37/49] target/i386: add a note about gen_jcc1 Paolo Bonzini
2024-10-31 17:52 ` [PULL 38/49] target/i386: make flag variables unsigned Paolo Bonzini
2024-10-31 17:52 ` [PULL 39/49] target/i386: use compiler builtin to compute PF Paolo Bonzini
2024-10-31 17:52 ` [PULL 40/49] target/i386: use higher-precision arithmetic to compute CF Paolo Bonzini
2024-10-31 17:52 ` [PULL 41/49] target/i386: use + to put flags together Paolo Bonzini
2024-10-31 17:52 ` [PULL 42/49] target/i386: cpu: set correct supported XCR0 features for TCG Paolo Bonzini
2024-10-31 17:52 ` [PULL 43/49] target/i386: do not rely on ExtSaveArea for accelerator-supported XCR0 bits Paolo Bonzini
2024-10-31 17:52 ` [PULL 44/49] target/i386: return bool from x86_cpu_filter_features Paolo Bonzini
2024-10-31 17:52 ` [PULL 45/49] target/i386: add AVX10 feature and AVX10 version property Paolo Bonzini
2024-10-31 17:52 ` [PULL 46/49] target/i386: add CPUID.24 features for AVX10 Paolo Bonzini
2024-10-31 17:52 ` [PULL 47/49] target/i386: Add feature dependencies " Paolo Bonzini
2024-10-31 17:52 ` [PULL 48/49] target/i386: Add AVX512 state when AVX10 is supported Paolo Bonzini
2024-10-31 17:52 ` [PULL 49/49] target/i386: Introduce GraniteRapids-v2 model Paolo Bonzini
2024-11-04 10:47 ` [PULL 00/49] i386, qom, build changes for 2024-10-31 Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFEAcA_mJtsuqSOnDfBLuX+cTuAmDHksRhGA3jq=5tUS5RKn4A@mail.gmail.com' \
    --to=peter.maydell@linaro.org \
    --cc=dorjoychy111@gmail.com \
    --cc=graf@amazon.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).