From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH v3 05/23] xsplice: Add helper elf routines
	(v4)
Date: Fri, 12 Feb 2016 15:47:23 -0500
Message-ID: <20160212204723.GC20694@char.us.oracle.com>
References: <1455300361-13092-1-git-send-email-konrad.wilk@oracle.com>
	<1455300361-13092-6-git-send-email-konrad.wilk@oracle.com>
	<56BE3F79.5020607@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <konrad@char.us.oracle.com>) id 1aUKct-0004v3-Sc
	for xen-devel@lists.xenproject.org; Fri, 12 Feb 2016 20:47:39 +0000
Content-Disposition: inline
In-Reply-To: <56BE3F79.5020607@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Keir Fraser <keir@xen.org>, Ian Campbell <ian.campbell@citrix.com>, jinsong.liu@alibaba-inc.com, Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>, mpohlack@amazon.de, ross.lagerwall@citrix.com, Jan Beulich <jbeulich@suse.com>, xen-devel@lists.xenproject.org, xen-devel@lists.xen.org, sasha.levin@citrix.com
List-Id: xen-devel@lists.xenproject.org

> > +struct xsplice_elf_sec *xsplice_elf_sec_by_name(const struct xsplice_elf *elf,
> > +                                                const char *name)
> > +{
> > +    unsigned int i;
> > +
> > +    for ( i = 0; i < elf->hdr->e_shnum; i++ )
> > +    {
> > +        if ( !strcmp(name, elf->sec[i].name) )
> > +            return &elf->sec[i];
> > +    }
> > +
> > +    return NULL;
> > +}
> > +
> > +static int elf_resolve_sections(struct xsplice_elf *elf, uint8_t *data)
> > +{
> > +    struct xsplice_elf_sec *sec;
> > +    unsigned int i;
> > +
> > +    sec = xmalloc_array(struct xsplice_elf_sec, elf->hdr->e_shnum);
> 
> Presumably there will be some sanity checks done somewhere between the
> hypercall and here?

There are checks on it but not the value itself. As in the payload could
have e_shnum be some astronomical value because of many .sections in the
file (even the ones we do not use). We could combat that by having
an whitelist of sections - and:
 - If the payload has them return -EINVAL.
 - If the payload has them - ignore them and continue on but instead of
   using e_shnum use the counted value of the sections we expect?

Preferences?