From: Jan Beulich <jbeulich@suse.com>
To: "Jürgen Groß" <jgross@suse.com>
Cc: "Stefano Stabellini" <sstabellini@kernel.org>,
"Julien Grall" <julien@xen.org>, "Wei Liu" <wl@xen.org>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Ian Jackson" <ian.jackson@eu.citrix.com>,
"George Dunlap" <george.dunlap@citrix.com>,
xen-devel@lists.xenproject.org,
"Daniel De Graaf" <dgdegra@tycho.nsa.gov>,
"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [PATCH v7 04/12] xen: add basic hypervisor filesystem support
Date: Fri, 3 Apr 2020 17:31:37 +0200 [thread overview]
Message-ID: <1b83570b-17ac-9da4-cfee-fbd44c7d3edf@suse.com> (raw)
In-Reply-To: <d454afb8-40ff-c8a4-7a5a-6f8f4f4f0e4a@suse.com>
On 03.04.2020 17:05, Jürgen Groß wrote:
> On 03.04.20 16:23, Jan Beulich wrote:
>> On 02.04.2020 17:46, Juergen Gross wrote:
>>> +int hypfs_write_leaf(struct hypfs_entry_leaf *leaf,
>>> + XEN_GUEST_HANDLE_PARAM(void) uaddr, unsigned long ulen)
>>> +{
>>> + char *buf;
>>> + int ret;
>>> +
>>> + if ( leaf->e.type != XEN_HYPFS_TYPE_STRING &&
>>> + leaf->e.type != XEN_HYPFS_TYPE_BLOB && ulen != leaf->e.size )
>>> + return -EDOM;
>>> +
>>> + buf = xmalloc_array(char, ulen);
>>> + if ( !buf )
>>> + return -ENOMEM;
>>> +
>>> + ret = -EFAULT;
>>> + if ( copy_from_guest(buf, uaddr, ulen) )
>>> + goto out;
>>> +
>>> + ret = -EINVAL;
>>> + if ( leaf->e.type == XEN_HYPFS_TYPE_STRING &&
>>> + memchr(buf, 0, ulen) != (buf + ulen - 1) )
>>> + goto out;
>>> +
>>> + ret = 0;
>>> + memcpy(leaf->write_ptr, buf, ulen);
>>> + leaf->e.size = ulen;
>>> +
>>> + out:
>>> + xfree(buf);
>>> + return ret;
>>> +}
>>> +
>>> +int hypfs_write_bool(struct hypfs_entry_leaf *leaf,
>>> + XEN_GUEST_HANDLE_PARAM(void) uaddr, unsigned long ulen)
>>> +{
>>> + bool buf;
>>> +
>>> + ASSERT(leaf->e.type == XEN_HYPFS_TYPE_BOOL && leaf->e.size == sizeof(bool));
>>> +
>>> + if ( ulen != leaf->e.max_size )
>>
>> Why max_size here when the ASSERT() checks size?
>
> Just for consistency with the other write functions.
In which case perhaps extend the ASSERT() to also check max_size?
>>> +static int hypfs_write(struct hypfs_entry *entry,
>>> + XEN_GUEST_HANDLE_PARAM(void) uaddr, unsigned long ulen)
>>> +{
>>> + struct hypfs_entry_leaf *l;
>>> +
>>> + if ( !entry->write )
>>> + return -EACCES;
>>> +
>>> + if ( ulen > entry->max_size )
>>> + return -ENOSPC;
>>
>> max_size being zero for non-writable entries, perhaps use -EACCES
>> also for this special case? Together with the other comment above,
>> maybe the ->write check wants replacing this way?
>
> Checking the write function being not NULL is a nice security addon,
> as I avoid to call into a non existing function. Basically both tests
> would be equivalent, but this one is IMO better to avoid crashes.
In which case perhaps ASSERT(entry->max_size) between the two if()s?
Jan
next prev parent reply other threads:[~2020-04-03 15:32 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 15:46 [PATCH v7 00/12] Add hypervisor sysfs-like support Juergen Gross
2020-04-02 15:46 ` [PATCH v7 01/12] xen/vmx: let opt_ept_ad always reflect the current setting Juergen Gross
2020-04-03 14:05 ` Jan Beulich
2020-04-03 14:56 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 02/12] xen: add a generic way to include binary files as variables Juergen Gross
2020-04-02 15:46 ` [PATCH v7 03/12] docs: add feature document for Xen hypervisor sysfs-like support Juergen Gross
2020-04-27 13:55 ` George Dunlap
2020-05-07 11:17 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 04/12] xen: add basic hypervisor filesystem support Juergen Gross
2020-04-03 14:23 ` Jan Beulich
2020-04-03 15:05 ` Jürgen Groß
2020-04-03 15:31 ` Jan Beulich [this message]
2020-04-03 15:33 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 05/12] libs: add libxenhypfs Juergen Gross
2020-04-27 14:53 ` George Dunlap
2020-05-07 11:35 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 06/12] tools: add xenfs tool Juergen Gross
2020-04-02 15:46 ` [PATCH v7 07/12] xen: provide version information in hypfs Juergen Gross
2020-04-02 15:46 ` [PATCH v7 08/12] xen: add /buildinfo/config entry to hypervisor filesystem Juergen Gross
2020-04-03 14:31 ` Jan Beulich
2020-04-03 15:12 ` Jürgen Groß
2020-04-03 15:33 ` Jan Beulich
2020-04-03 15:45 ` Jürgen Groß
2020-04-06 12:29 ` Jan Beulich
2020-04-27 15:40 ` Jürgen Groß
2020-04-27 16:25 ` George Dunlap
2020-04-28 7:20 ` Jan Beulich
2020-04-28 8:24 ` George Dunlap
2020-04-28 8:39 ` Jan Beulich
2020-04-28 9:43 ` Julien Grall
2020-04-28 9:59 ` Jan Beulich
2020-04-28 10:06 ` Julien Grall
2020-04-28 11:23 ` George Dunlap
2020-04-28 11:30 ` Jürgen Groß
2020-04-02 15:46 ` [PATCH v7 09/12] xen: add runtime parameter access support to hypfs Juergen Gross
2020-04-03 14:51 ` Jan Beulich
2020-04-03 15:31 ` Jürgen Groß
2020-04-14 9:29 ` Julien Grall
2020-04-14 9:31 ` Jan Beulich
2020-04-14 9:45 ` Julien Grall
2020-04-14 9:50 ` Jan Beulich
2020-04-14 10:38 ` Julien Grall
2020-04-02 15:46 ` [PATCH v7 10/12] tools/libxl: use libxenhypfs for setting xen runtime parameters Juergen Gross
2020-04-02 15:46 ` [PATCH v7 11/12] tools/libxc: remove xc_set_parameters() Juergen Gross
2020-04-02 15:46 ` [PATCH v7 12/12] xen: remove XEN_SYSCTL_set_parameter support Juergen Gross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1b83570b-17ac-9da4-cfee-fbd44c7d3edf@suse.com \
--to=jbeulich@suse.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).