From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D714C432BE for ; Fri, 27 Aug 2021 02:43:12 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id BE76660FF2 for ; Fri, 27 Aug 2021 02:43:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BE76660FF2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=nongnu.org Received: from localhost ([::1]:55004 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mJRpm-000726-9a for qemu-devel@archiver.kernel.org; Thu, 26 Aug 2021 22:43:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44740) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mJRme-0006DT-DQ for qemu-devel@nongnu.org; Thu, 26 Aug 2021 22:39:56 -0400 Received: from bilbo.ozlabs.org ([203.11.71.1]:52607 helo=ozlabs.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mJRma-0007Ab-T5 for qemu-devel@nongnu.org; Thu, 26 Aug 2021 22:39:56 -0400 Received: by ozlabs.org (Postfix, from userid 1007) id 4GwkSs47Dqz9sVw; Fri, 27 Aug 2021 12:39:41 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1630031981; bh=jFjg7zSHptXuUExa8Hb0/MIGCWZ21BiPvlf+W6uJnhI=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=RoI1B9cimyPeTABV6a7yIknWTNOEDg1k1G/6N+9/5SVWMiZ2KPwQFYNyNYmWVCtnZ 9gxBbmFKqEejeY5Py0ax1HFFA7gzB5RVx1k6SGKGmdRJMEB+dnR4dq1FhZN/vI7TlK jzm5cmygaXs0oZX6pa1/M7vhPVQTiG8ejdwqzyjo= Date: Fri, 27 Aug 2021 12:39:34 +1000 From: David Gibson To: =?iso-8859-1?Q?Marc-Andr=E9?= Lureau Subject: Re: [PATCH] RFC: build-sys: drop dtc submodule Message-ID: References: <20210825124309.223622-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nFewlV3cgnRMorpD" Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=203.11.71.1; envelope-from=dgibson@ozlabs.org; helo=ozlabs.org X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , John Paul Adrian Glaubitz , Philippe =?iso-8859-1?Q?Mathieu-Daud=E9?= , QEMU Developers Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" --nFewlV3cgnRMorpD Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 26, 2021 at 11:34:59AM +0400, Marc-Andr=E9 Lureau wrote: > Hi >=20 > On Thu, Aug 26, 2021 at 7:11 AM David Gibson > wrote: >=20 > > On Thu, Aug 26, 2021 at 12:11:17AM +0400, Marc-Andr=E9 Lureau wrote: > > > Hi > > > > > > On Thu, Aug 26, 2021 at 12:00 AM Peter Maydell > > > > > wrote: > > > > > > > On Wed, 25 Aug 2021 at 20:55, Marc-Andr=E9 Lureau > > > > wrote: > > > > > fdt_check_full was added in 1.4.7: > > > > > https://git.kernel.org/pub/scm/utils/dtc/dtc.git/tag/?h=3Dv1.4.7 > > > > > > > > > > Only ubuntu appears to be lagging a bit behind. I wonder if they > > would > > > > consider an update. > > > > > > > > I doubt it. You would need to wait until that actually falls off > > > > our supported list. You also have a couple of years to wait until > > > > Debian oldstable is no longer on our supported list. > > > > > > > > Maybe, I don't know why debian oldstable would have received a new > > version > > > plus fixes, and not ubuntu. > > > > > > It seems we could have our own fallback copy of fdt_check_full() thou= gh.. > > > I'll give that a try. > > > > We could, but fdt_check_full() is actually a pretty complex function. > > > > > Yeah, that would be used for those who don't have >=3D 1.4.7. >=20 > Alternatively we could lower the fdt_check_full to fdt_check_header in th= is > case? It seems it is used to verify the DT from SLOF. It may be trusted I > suppose, or a malformed DT may only impact the guest? No, fdt_check_header() isn't enough. We can't trust the dt blob from SLOF, because it's coming from guest context. We *expect* it to come =66rom the SLOF iamge we control, but nothing prevents anything else in the guest from calling the hypercall, or corrupting the in-memory SLOF image. And, a bad DT won't just impact the guest - there's a couple of things we need from it (that's the only reason we need to have SLOF give us back the DT at all). Note that the blob might not just have bad content, but could have bad formatting which will make the functions qemu uses to access it misbehave. So, our options are either be super-careful on every possible DT access after this point, or pre-check it when it's loaded with fdt_check_full(). --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --nFewlV3cgnRMorpD Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAmEoUGMACgkQbDjKyiDZ s5I5+xAAlS29VfClVn2zYW3zAW2gDG0rgbi/A96Kw49fIAdEne1lEooWyk5J7PlW EvX/I6REh6+C7A9gzoo0UaZQsdPFlHxI1ggRGW2BTJo6/8CHkw7gZI0FL8Fu7hrZ qmCsSUqPi7v5Ohta9MtP5xqydJCyGMa4zcczoMLTTfruXEiYgutupkH3Te5wcsP8 s3dD2Eq5DAe72BzbQqBGfungJMwd5VKD+tsyU+3aztmoZUBzF307gHc/elJNdGZp zIxX3+cMuFh7+LvmXMppMABTQrSI7kCBBcT/IATG3P9pV402at9QpipEXl9AnUVt b2vCgEiwJ4yYLbO46lprOnUqkTAF4onAdqsBilorNv2AmGBupC6+uo+CC3Q1VCLk A11SQhwEJ9lkCxZEdvV1td1O9t6RG9rF8ZaMkdskmaegBClufvQlm5tq2qu32Lfg 8gQ0w9lZgxEJ54QIYpT1f0K0PyEKs7M3/seSHv2KBHhd2FbmBnClG/S6fTkspySl 1IFBhEd/axfyb5KHiO/1IZ1MXpqamrnpcFCbJ3YtqomBHskoR3e7QwEWiSIdy8wQ bu0+jfuWPBUx7g3fIM0qcSHhDVaqQQazR7eM9cOSKiApzGZb/dIyBDNwV065ERbv AI36N2wDzjOmk/2V1YnXGIARMm/8+Bt7uKlXCJdk/2Xrs82tvCA= =YTJt -----END PGP SIGNATURE----- --nFewlV3cgnRMorpD--