From nobody Tue Feb 10 03:36:48 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1635533861852889.767595842433; Fri, 29 Oct 2021 11:57:41 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-394-2fyZF3XvPuaOXMUmVADMmw-1; Fri, 29 Oct 2021 14:57:37 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 53D66814267; Fri, 29 Oct 2021 18:57:32 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 821B313ABD; Fri, 29 Oct 2021 18:57:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D39DB4A703; Fri, 29 Oct 2021 18:57:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 19TIvP5D006371 for ; Fri, 29 Oct 2021 14:57:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id D270E40CFD10; Fri, 29 Oct 2021 18:57:25 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CCE0040CFD0B for ; Fri, 29 Oct 2021 18:57:25 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A983E811E78 for ; Fri, 29 Oct 2021 18:57:25 +0000 (UTC) Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-235-2D816gBiM1KTAPVKraDA2w-1; Fri, 29 Oct 2021 14:57:23 -0400 Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id C65963F176 for ; Fri, 29 Oct 2021 18:57:21 +0000 (UTC) Received: by mail-lj1-f199.google.com with SMTP id x8-20020a2e5848000000b00212c1f21630so1023822ljd.20 for ; Fri, 29 Oct 2021 11:57:21 -0700 (PDT) Received: from ws.lan.d-node.is ([95.165.29.203]) by smtp.gmail.com with ESMTPSA id a28sm663983ljd.65.2021.10.29.11.57.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Oct 2021 11:57:20 -0700 (PDT) X-MC-Unique: 2fyZF3XvPuaOXMUmVADMmw-1 X-MC-Unique: 2D816gBiM1KTAPVKraDA2w-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Dn2AaFBPHAk5NAmkAQPJKq1YwFnMCe9DEDDrkBWRr+k=; b=mRZhb4FsmM65YLre2QblPyicM0HIHJ1hxMU3BPT+4xYYdChhoW37xPMb/EjUjZzGsL ooNX4WdsGr/jX8GWckfWPHPWB9JaJ+sr+rU4XkN84nA0Zao9q7N7qXrwk76cETh62TCL ThYtprXLrptC+05MauTsk9FQ6Ew6EcaiYS/jIyijYK2ZeO397JvUd+Qdeo9UPJc9DPCL Nko+S/5MzWuj5UVMYMXaBI5F28dHGxW05z0CnxkHXLirY4KZboPTjpD/tI8yXsDKi24L 47LJI2W3qWLG46jFsMS5uAcMYA350Nx1e3j/PvQ7UU9uj4vFIL8WyfhaK5UW3DKvsmCT 3o1g== X-Gm-Message-State: AOAM531JkCZ3NHhF2ZujNMtTV2bGLcO+eOZ+VRwUo0D4+NrttrPlmq5C hG6PB3qUGQyeaH4Rsasypvxdy7wU3sgR6WFS16voj5oHlJbaNGA6uVNZLgFFT3QJtSbSfzErYnL HK0UYpvLe0H1K72vWCi4Qy/gcd2cYs/hVvg== X-Received: by 2002:ac2:4c89:: with SMTP id d9mr12049942lfl.421.1635533841138; Fri, 29 Oct 2021 11:57:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJySDD71nKB3erfvqGlE0Fq5bRF+oKmslFOuYRm0W9PzaFapEb05Pb8/rCNmLYZkAO4KoDn6uQ== X-Received: by 2002:ac2:4c89:: with SMTP id d9mr12049919lfl.421.1635533840843; Fri, 29 Oct 2021 11:57:20 -0700 (PDT) From: Dmitrii Shcherbakov To: libvir-list@redhat.com, dmitrii.shcherbakov@canonical.com Subject: [libvirt PATCH v2 1/3] PCI VPD: handle additional edge cases Date: Fri, 29 Oct 2021 21:57:16 +0300 Message-Id: <20211029185718.338025-2-dmitrii.shcherbakov@canonical.com> In-Reply-To: <20211029185718.338025-1-dmitrii.shcherbakov@canonical.com> References: <20211029185718.338025-1-dmitrii.shcherbakov@canonical.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 19TIvP5D006371 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1635533864339100001 Content-Type: text/plain; charset="utf-8" * RV and RW fields must be at the last position in their respective section (per the conditions in the spec). Therefore, the parser now stops iterating over fields as soon as it encounters one of those fields and checks whether the end of the resource has been reached; * The lack of the RW field is not treated as a parsing error since we can still extract valid data even though this is a PCI/PCIe VPD spec violation; * Individual fields must have a valid length - the parser needs to check for invalid length values that violate boundary conditions of the resource. * A zero-length field may be the last one in the resource, however, the boundary check is currently too strict to allow that. Signed-off-by: Dmitrii Shcherbakov --- src/util/virpcivpd.c | 41 ++++++++++--- tests/virpcivpdtest.c | 137 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 169 insertions(+), 9 deletions(-) diff --git a/src/util/virpcivpd.c b/src/util/virpcivpd.c index 8856bca459..4c96bc1a06 100644 --- a/src/util/virpcivpd.c +++ b/src/util/virpcivpd.c @@ -466,8 +466,12 @@ virPCIVPDParseVPDLargeResourceFields(int vpdFileFd, ui= nt16_t resPos, uint16_t re =20 bool hasChecksum =3D false; bool hasRW =3D false; + bool endReached =3D false; =20 - while (fieldPos + 3 < resPos + resDataLen) { + /* Note the equal sign - fields may have a zero length in which case t= hey will + * just occupy 3 header bytes. In the in case of the RW field this may= mean that + * no more space is left in the section. */ + while (fieldPos + 3 <=3D resPos + resDataLen) { /* Keyword resources consist of keywords (2 ASCII bytes per the sp= ec) and 1-byte length. */ if (virPCIVPDReadVPDBytes(vpdFileFd, buf, 3, fieldPos, csum) !=3D = 3) { /* Invalid field encountered which means the resource itself i= s invalid too. Report @@ -518,6 +522,13 @@ virPCIVPDParseVPDLargeResourceFields(int vpdFileFd, ui= nt16_t resPos, uint16_t re return false; } =20 + if (resPos + resDataLen < fieldPos + fieldDataLen) { + /* In this case the field cannot simply be skipped since the p= osition of the + * next field is determined based on the length of a previous = field. */ + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("A field data length violates the resource le= ngth boundary.")); + return false; + } if (virPCIVPDReadVPDBytes(vpdFileFd, buf, bytesToRead, fieldPos, c= sum) !=3D bytesToRead) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not parse a resource field data - VPD = has invalid format")); @@ -546,12 +557,13 @@ virPCIVPDParseVPDLargeResourceFields(int vpdFileFd, u= int16_t resPos, uint16_t re hasChecksum =3D true; g_free(g_steal_pointer(&fieldKeyword)); g_free(g_steal_pointer(&fieldValue)); - continue; + break; } else if (fieldFormat =3D=3D VIR_PCI_VPD_RESOURCE_FIELD_VALUE_FOR= MAT_RDWR) { /* Skip the read-write space since it is used for indication o= nly. */ hasRW =3D true; g_free(g_steal_pointer(&fieldKeyword)); g_free(g_steal_pointer(&fieldValue)); + break; } else if (fieldFormat =3D=3D VIR_PCI_VPD_RESOURCE_FIELD_VALUE_FOR= MAT_LAST) { /* Skip unknown fields */ g_free(g_steal_pointer(&fieldKeyword)); @@ -579,14 +591,25 @@ virPCIVPDParseVPDLargeResourceFields(int vpdFileFd, u= int16_t resPos, uint16_t re g_free(g_steal_pointer(&fieldKeyword)); g_free(g_steal_pointer(&fieldValue)); } - if (readOnly && !hasChecksum) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("VPD-R does not contain the mandatory RV field")); - return false; - } else if (!readOnly && !hasRW) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("VPD-W does not contain the mandatory RW field")); + + /* May have exited the loop prematurely in case RV or RW were encounte= red and + * they were not the last fields in the section. */ + endReached =3D (fieldPos >=3D resPos + resDataLen); + if (readOnly && !(hasChecksum && endReached)) { + VIR_DEBUG("VPD-R does not contain the mandatory RV field as the la= st field"); return false; + } else if (!readOnly && !endReached) { + /* The lack of RW is allowed on purpose in the read-write section = since some vendors + * violate the PCI/PCIe specs and do not include it, however, this= does not prevent parsing + * of valid data. If the RW is present, however, we make sure it i= s the last field in + * the read-write section. */ + if (hasRW) { + VIR_DEBUG("VPD-W section parsing ended prematurely (RW is not = the last field)."); + return false; + } else { + VIR_DEBUG("VPD-W section parsing ended prematurely."); + return false; + } } =20 return true; diff --git a/tests/virpcivpdtest.c b/tests/virpcivpdtest.c index 2cc9069132..a99bde2b92 100644 --- a/tests/virpcivpdtest.c +++ b/tests/virpcivpdtest.c @@ -597,6 +597,107 @@ testVirPCIVPDParseFullVPD(const void *opaque G_GNUC_U= NUSED) return ret; } =20 +static int +testVirPCIVPDParseZeroLengthRW(const void *opaque G_GNUC_UNUSED) +{ + int fd =3D -1; + size_t dataLen =3D 0; + + g_autoptr(virPCIVPDResource) res =3D NULL; + virPCIVPDResourceCustom *custom =3D NULL; + + /* The RW field has a zero length which means there is no more RW spa= ce left. */ + const uint8_t fullVPDExample[] =3D { + VPD_STRING_RESOURCE_EXAMPLE_HEADER, VPD_STRING_RESOURCE_EXAMPLE_DA= TA, + VPD_R_FIELDS_EXAMPLE_HEADER, VPD_R_FIELDS_EXAMPLE_DATA, + PCI_VPD_LARGE_RESOURCE_FLAG | PCI_VPD_READ_WRITE_LARGE_RESOURCE_FL= AG, 0x08, 0x00, + 'V', 'Z', 0x02, '4', '2', + 'R', 'W', 0x00, + PCI_VPD_RESOURCE_END_VAL + }; + + dataLen =3D sizeof(fullVPDExample) / sizeof(uint8_t); + fd =3D virCreateAnonymousFile(fullVPDExample, dataLen); + res =3D virPCIVPDParse(fd); + VIR_FORCE_CLOSE(fd); + + if (!res) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + "The resource pointer is NULL after parsing which i= s unexpected"); + return -1; + } + + if (!res->ro) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + "Read-only keywords are missing from the VPD resource."); + return -1; + } else if (!res->rw) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + "Read-write keywords are missing from the VPD resource."); + return -1; + } + + if (testVirPCIVPDValidateExampleReadOnlyFields(res)) + return -1; + + custom =3D g_ptr_array_index(res->rw->vendor_specific, 0); + if (custom->idx !=3D 'Z' || STRNEQ_NULLABLE(custom->value, "42")) + return -1; + + custom =3D NULL; + return 0; +} + +static int +testVirPCIVPDParseNoRW(const void *opaque G_GNUC_UNUSED) +{ + int fd =3D -1; + size_t dataLen =3D 0; + + g_autoptr(virPCIVPDResource) res =3D NULL; + virPCIVPDResourceCustom *custom =3D NULL; + + /* The RW field has a zero length which means there is no more RW spa= ce left. */ + const uint8_t fullVPDExample[] =3D { + VPD_STRING_RESOURCE_EXAMPLE_HEADER, VPD_STRING_RESOURCE_EXAMPLE_DA= TA, + VPD_R_FIELDS_EXAMPLE_HEADER, VPD_R_FIELDS_EXAMPLE_DATA, + PCI_VPD_LARGE_RESOURCE_FLAG | PCI_VPD_READ_WRITE_LARGE_RESOURCE_FL= AG, 0x05, 0x00, + 'V', 'Z', 0x02, '4', '2', + PCI_VPD_RESOURCE_END_VAL + }; + + dataLen =3D sizeof(fullVPDExample) / sizeof(uint8_t); + fd =3D virCreateAnonymousFile(fullVPDExample, dataLen); + res =3D virPCIVPDParse(fd); + VIR_FORCE_CLOSE(fd); + + if (!res) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + "The resource pointer is NULL after parsing which i= s unexpected"); + return -1; + } + + if (!res->ro) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + "Read-only keywords are missing from the VPD resource."); + return -1; + } else if (!res->rw) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + "Read-write keywords are missing from the VPD resource."); + return -1; + } + + if (testVirPCIVPDValidateExampleReadOnlyFields(res)) + return -1; + + custom =3D g_ptr_array_index(res->rw->vendor_specific, 0); + if (custom->idx !=3D 'Z' || STRNEQ_NULLABLE(custom->value, "42")) + return -1; + + custom =3D NULL; + return 0; +} + static int testVirPCIVPDParseFullVPDSkipInvalidKeywords(const void *opaque G_GNUC_UNU= SED) { @@ -717,6 +818,33 @@ testVirPCIVPDParseFullVPDInvalid(const void *opaque G_= GNUC_UNUSED) 'R', 'V', 0x02, 0x8A, 0x00, \ PCI_VPD_RESOURCE_END_VAL =20 +/* The SN field has a length field that goes past the resource boundaries.= */ +# define VPD_INVALID_SN_FIELD_LENGTH \ + VPD_STRING_RESOURCE_EXAMPLE_HEADER, \ + 't', 'e', 's', 't', 'n', 'a', 'm', 'e', \ + PCI_VPD_LARGE_RESOURCE_FLAG | PCI_VPD_READ_ONLY_LARGE_RESOURCE_FLAG, 0= x0A, 0x00, \ + 'S', 'N', 0x42, 0x04, 0x02, \ + 'R', 'V', 0x02, 0xE8, 0x00, \ + PCI_VPD_RESOURCE_END_VAL + +/* The RV field is not the last one in VPD-R while the checksum is valid. = */ +# define VPD_INVALID_RV_NOT_LAST \ + VPD_STRING_RESOURCE_EXAMPLE_HEADER, \ + 't', 'e', 's', 't', 'n', 'a', 'm', 'e', \ + PCI_VPD_LARGE_RESOURCE_FLAG | PCI_VPD_READ_ONLY_LARGE_RESOURCE_FLAG, 0= x0A, 0x00, \ + 'R', 'V', 0x02, 0xD1, 0x00, \ + 'S', 'N', 0x02, 0x04, 0x02, \ + PCI_VPD_RESOURCE_END_VAL + +# define VPD_INVALID_RW_NOT_LAST \ + VPD_STRING_RESOURCE_EXAMPLE_HEADER, VPD_STRING_RESOURCE_EXAMPLE_DATA, \ + VPD_R_FIELDS_EXAMPLE_HEADER, VPD_R_FIELDS_EXAMPLE_DATA, \ + PCI_VPD_LARGE_RESOURCE_FLAG | PCI_VPD_READ_WRITE_LARGE_RESOURCE_FLAG, = 0x08, 0x00, \ + 'R', 'W', 0x00, \ + 'V', 'Z', 0x02, '4', '2', \ + PCI_VPD_RESOURCE_END_VAL + + # define TEST_INVALID_VPD(invalidVPD) \ do { \ g_autoptr(virPCIVPDResource) res =3D NULL; \ @@ -741,6 +869,9 @@ testVirPCIVPDParseFullVPDInvalid(const void *opaque G_G= NUC_UNUSED) TEST_INVALID_VPD(VPD_R_UNEXPECTED_RW_IN_VPD_R_KEY); TEST_INVALID_VPD(VPD_R_INVALID_FIELD_VALUE); TEST_INVALID_VPD(VPD_INVALID_STRING_RESOURCE_VALUE); + TEST_INVALID_VPD(VPD_INVALID_SN_FIELD_LENGTH); + TEST_INVALID_VPD(VPD_INVALID_RV_NOT_LAST); + TEST_INVALID_VPD(VPD_INVALID_RW_NOT_LAST); =20 return 0; } @@ -767,6 +898,12 @@ mymain(void) ret =3D -1; if (virTestRun("Parsing VPD string resources ", testVirPCIVPDParseVPDS= tringResource, NULL) < 0) ret =3D -1; + if (virTestRun("Parsing a VPD resource with a zero-length RW ", + testVirPCIVPDParseZeroLengthRW, NULL) < 0) + ret =3D -1; + if (virTestRun("Parsing a VPD resource without an RW ", + testVirPCIVPDParseNoRW, NULL) < 0) + ret =3D -1; if (virTestRun("Parsing a VPD resource with an invalid keyword ", testVirPCIVPDParseFullVPDSkipInvalidKeywords, NULL) < 0) ret =3D -1; --=20 2.32.0