From nobody Fri May 17 01:34:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1661375127214496.58513457867775; Wed, 24 Aug 2022 14:05:27 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.392945.631592 (Exim 4.92) (envelope-from ) id 1oQxYf-0001D7-Dh; Wed, 24 Aug 2022 21:05:05 +0000 Received: by outflank-mailman (output) from mailman id 392945.631592; Wed, 24 Aug 2022 21:05:05 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oQxYf-0001D0-Aw; Wed, 24 Aug 2022 21:05:05 +0000 Received: by outflank-mailman (input) for mailman id 392945; Wed, 24 Aug 2022 21:05:04 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oQxYd-0001Cu-UW for xen-devel@lists.xenproject.org; Wed, 24 Aug 2022 21:05:04 +0000 Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 69e17ddc-23f0-11ed-bd2e-47488cf2e6aa; Wed, 24 Aug 2022 23:05:01 +0200 (CEST) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id C54143200959; Wed, 24 Aug 2022 17:04:57 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 24 Aug 2022 17:04:58 -0400 Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 24 Aug 2022 17:04:56 -0400 (EDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 69e17ddc-23f0-11ed-bd2e-47488cf2e6aa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to; s=fm1; t= 1661375097; x=1661461497; bh=yE/a49KCDC/wAg21Ynv+sCjtM31EEPC4C76 5bis3j/g=; b=kZO7wjDNGYf9uWymjyupq6f+U+MYCAetEv9DeFYeLrHZ8eTJUhW vRY++HEiFm6EBVZxLaUJAZCAgiVolePolcDfXjnAiplGCgd5/LvbY24yGohR+tcn udM/C2fTHY0xVym2BiDJbc9v06hb8P2InGdsdbzOZC/9MC5N5aFCow9HMThAOpQx cGK7dycmN4m53ST2g1Guj82Kkl1jURUYqr8xGuZTo9zp0KRQHpmTVejPz/4Tt/ka LH0Zumd+zIhkSw5fAhY+a6VUqIoNsqzy8Y5o04JjOKtFmjtzascJn5iZHtG5kknK faAacLI9cP0J7UwsVA6B5B45X0LxL+cE+jg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; t=1661375097; x=1661461497; bh=yE/a49KCDC/wA g21Ynv+sCjtM31EEPC4C765bis3j/g=; b=WgpGHq4CuC7CJD6ShkOfng5Oozv7D 8HtBkWEHeEVvb8364x84L3RN7iiHXK85bT+5jtM+qkKDqx6XjWImeWXYtWV1tbCI y75T2VgnnW4tTvdBMR8IQjzTaSO6Tj1WCQZJKRVIpIr1V/QX8YwtPQTMHxKP08jb /NHPlFZSlMqTsvrJLFMpkajfS1iurGzL+Zyi0Uj9YXHAhJ2bzZWg2m6JDrRAb2nQ 3OSOeUaYwuPGZo5uEIqJDL8ElLOegrq3sgTHkKDZgaRbYnSMlK7/CLpH7LzyQdhE 94I7CVYeXnhFEuY/5p1IuchAiebYQ9I4pdIDBY3LkS2QIFrZ55EYng3Yw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdejuddgudeitdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffogggtgfesthekredtredtjeenucfhrhhomhepffgvmhhi ucforghrihgvucfqsggvnhhouhhruceouggvmhhisehinhhvihhsihgslhgvthhhihhngh hslhgrsgdrtghomheqnecuggftrfgrthhtvghrnhephfeggfeiiedtieejgedutdekgfet geehheegteekvefhfefgudehtdevleegueegnecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomhepuggvmhhisehinhhvihhsihgslhgvthhhihhnghhs lhgrsgdrtghomh X-ME-Proxy: Feedback-ID: iac594737:Fastmail From: Demi Marie Obenour To: Xen developer discussion Cc: Demi Marie Obenour , Jan Beulich , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Subject: [PATCH] Make XEN_FW_EFI_MEM_INFO easier to use Date: Wed, 24 Aug 2022 17:04:52 -0400 Message-Id: <20220824210452.3089-1-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1661375128679100001 Content-Type: text/plain; charset="utf-8" The XEN_FW_EFI_MEM_INFO platform op has very surprising behavior: it only sets info->mem.size if the initial value was *larger* than the size of the memory region. This is not particularly useful and cost me most of a day of debugging. It also has some integer overflow problems, though as the data comes from dom0 or the firmware (both of which are trusted) these are not security issues. Fix both of these problems by unconditionally setting the memory region size and by computing it in a way that is immune to integer overflow. The new code is slightly longer, but it is much easier to understand and use. --- xen/common/efi/runtime.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c index a8fc2b99ae098d74af1978bdf58212eb99cce70f..a086850c9b0bbb6e4dd3ccca647= c09d346f87c55 100644 --- a/xen/common/efi/runtime.c +++ b/xen/common/efi/runtime.c @@ -269,19 +269,21 @@ case XEN_FW_EFI_MEM_INFO: for ( i =3D 0; i < efi_memmap_size; i +=3D efi_mdesc_size ) { + uint64_t len; EFI_MEMORY_DESCRIPTOR *desc =3D efi_memmap + i; - u64 len =3D desc->NumberOfPages << EFI_PAGE_SHIFT; + + if ( desc->NumberOfPages > (UINT64_MAX >> EFI_PAGE_SHIFT) ) + len =3D UINT64_MAX; + else + len =3D desc->NumberOfPages << EFI_PAGE_SHIFT; =20 if ( info->mem.addr >=3D desc->PhysicalStart && - info->mem.addr < desc->PhysicalStart + len ) + info->mem.addr - desc->PhysicalStart < len ) { info->mem.type =3D desc->Type; info->mem.attr =3D desc->Attribute; - if ( info->mem.addr + info->mem.size < info->mem.addr || - info->mem.addr + info->mem.size > - desc->PhysicalStart + len ) - info->mem.size =3D desc->PhysicalStart + len - - info->mem.addr; + info->mem.size =3D len - (info->mem.addr - desc->PhysicalS= tart); + return 0; } } --=20 Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab