From: Ian Campbell <ian.campbell@citrix.com>
To: Julien Grall <julien.grall@linaro.org>
Cc: Oleksandr Tyshchenko <oleksandr.tyshchenko@globallogic.com>,
stefano.stabellini@eu.citrix.com, tim@xen.org,
xen-devel@lists.xen.org
Subject: Re: [PATCH v2] xen/tools: Introduce QNX IFS loader
Date: Thu, 18 Sep 2014 02:50:21 +0100 [thread overview]
Message-ID: <1411005021.1920.9.camel@citrix.com> (raw)
In-Reply-To: <5419CBE5.2030205@linaro.org>
On Wed, 2014-09-17 at 10:59 -0700, Julien Grall wrote:
> > +static int xc_dom_probe_qnx_ifs(struct xc_dom_image *dom)
> > +{
> > + struct startup_header *startup_hdr;
> > + uint32_t start_addr, end_addr;
> > +
> > + if ( dom->kernel_blob == NULL )
> > + {
> > + xc_dom_panic(dom->xch, XC_INTERNAL_ERROR,
> > + "%s: no QNX IFS loaded", __FUNCTION__);
> > + return -EINVAL;
> > + }
> > +
> > + /* Scan 4KB boundaries for the valid OS signature */
Is this correct? You appear to be scanning at 4 byte boundaries over a
range of 4K.
> > + start_addr = *(uint32_t *)&dom->kernel_blob;
> > + end_addr = start_addr + 0x1000;
>
> I took me a couple of minutes to understand where does the "0x1000"
> comes from. I would use "4 << 10" here.
That's definitely not an improvement.
PAGE_SIZE might be.
The code also needs to take more care not to run off the end of the
kernel image, e.g. a maliciously short one, or one with a malicious
start_addr.
It also needs to not trust any of the values read from the header and
range check them all etc. The patches from XSA-95 have some examples of
the sorts of checks which are needed for this sort of thing, plus the
zImage loader generally ought to serve as an example.
Ian.
next prev parent reply other threads:[~2014-09-18 1:50 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-17 16:34 [PATCH v2] xen/tools: Introduce QNX IFS loader Oleksandr Tyshchenko
2014-09-17 16:34 ` Oleksandr Tyshchenko
2014-09-17 17:59 ` Julien Grall
2014-09-18 1:50 ` Ian Campbell [this message]
2014-09-18 13:16 ` Oleksandr Tyshchenko
2014-09-18 17:39 ` Ian Campbell
2014-09-19 15:45 ` Oleksandr Tyshchenko
2014-09-22 13:09 ` Ian Campbell
2014-09-22 14:23 ` Oleksandr Tyshchenko
2014-09-22 15:09 ` Oleksandr Tyshchenko
2014-09-22 15:13 ` Ian Campbell
2014-09-18 10:55 ` Oleksandr Tyshchenko
2014-09-18 19:11 ` Julien Grall
2014-09-19 16:45 ` Oleksandr Tyshchenko
2014-09-22 13:03 ` Ian Campbell
2014-09-22 15:08 ` Oleksandr Tyshchenko
2014-09-17 17:36 ` Julien Grall
2014-09-18 10:11 ` Oleksandr Tyshchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1411005021.1920.9.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=julien.grall@linaro.org \
--cc=oleksandr.tyshchenko@globallogic.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).