[Xen-devel] [PATCH v4] xen/arm: domain_build: harden make_cpus_node()

From: Stefano Stabellini <sstabellini@kernel.org>
To: julien.grall@arm.com
Cc: jgross@suse.com, xen-devel@lists.xenproject.org,
	sstabellini@kernel.org, Volodymyr_Babchuk@epam.com,
	Stefano Stabellini <stefano.stabellini@xilinx.com>
Subject: [Xen-devel] [PATCH v4] xen/arm: domain_build: harden make_cpus_node()
Date: Wed,  9 Oct 2019 17:42:11 -0700	[thread overview]
Message-ID: <20191010004211.31017-1-sstabellini@kernel.org> (raw)

make_cpus_node() is using a static buffer to generate the FDT node name.
While mpdir_aff is a 64-bit integer, we only ever use the bits [23:0] as
only AFF{0, 1, 2} are supported for now.

To avoid any potential issues in the future, check that mpdir_aff has
only bits [23:0] set.

Take the opportunity to reduce the size of the buffer. Indeed, only 8
characters are needed to print a 32-bit hexadecimal number. So
sizeof("cpu@") + 8 + 1 (for '\0') = 13 characters is sufficient.

Fixes: c81a791d34 (xen/arm: Set 'reg' of cpu node for dom0 to match MPIDR's affinity)
Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
---
Changes in v4:
- commit message
- in-code comments

Changes in v3:
- make sure only [23:0] bits are used in mpidr_aff
- clarify that we only need 32bit for buf writes

Changes in v2:
- patch added
---
 xen/arch/arm/domain_build.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index 921b054520..38adb6e954 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -788,8 +788,8 @@ static int __init make_cpus_node(const struct domain *d, void *fdt)
     unsigned int cpu;
     const void *compatible = NULL;
     u32 len;
-    /* Placeholder for cpu@ + a 32-bit number + \0 */
-    char buf[15];
+    /* Placeholder for cpu@ + a 32-bit hexadecimal number + \0 */
+    char buf[13];
     u32 clock_frequency;
     bool clock_valid;
     uint64_t mpidr_aff;
@@ -847,11 +847,26 @@ static int __init make_cpus_node(const struct domain *d, void *fdt)
          * the MPIDR's affinity bits. We will use AFF0 and AFF1 when
          * constructing the reg value of the guest at the moment, for it
          * is enough for the current max vcpu number.
+         *
+         * We only deal with AFF{0, 1, 2} stored in bits [23:0] at the
+         * moment.
          */
         mpidr_aff = vcpuid_to_vaffinity(cpu);
+        if ( (mpidr_aff & ~GENMASK_ULL(23, 0)) != 0 )
+        {
+            printk(XENLOG_ERR "Unable to handle MPIDR AFFINITY 0x%"PRIx64"\n", 
+                   mpidr_aff);
+            return -EINVAL;
+        }
+
         dt_dprintk("Create cpu@%"PRIx64" (logical CPUID: %d) node\n",
                    mpidr_aff, cpu);
 
+        /*
+         * We use PRIx64 because mpidr_aff is a 64bit integer. However,
+         * only bits [23:0] are used, thus, we are sure it will fit in
+         * buf.
+         */
         snprintf(buf, sizeof(buf), "cpu@%"PRIx64, mpidr_aff);
         res = fdt_begin_node(fdt, buf);
         if ( res )
-- 
2.17.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
