From nobody Sun Apr 12 22:42:05 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1775355342338545.6499507847681;
 Sat, 4 Apr 2026 19:15:42 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.1273969.1560361 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1w9D11-0007LJ-Fc; Sun, 05 Apr 2026 02:15:07 +0000
Received: by outflank-mailman (output) from mailman id 1273969.1560361;
 Sun, 05 Apr 2026 02:15:07 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1w9D11-0007LB-AN; Sun, 05 Apr 2026 02:15:07 +0000
Received: by outflank-mailman (input) for mailman id 1273969;
 Sun, 05 Apr 2026 02:15:06 +0000
Received: from mx.expurgate.net ([195.190.135.10])
 by lists.xenproject.org with esmtp (Exim 4.92)
 (envelope-from <pengpeng@iscas.ac.cn>) id 1w9D10-0007L2-Kz
 for xen-devel@lists.xenproject.org; Sun, 05 Apr 2026 02:15:06 +0000
Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with
 esmtp
 id 1w9D0y-00HESx-8N
 for xen-devel@lists.xenproject.org; Sun, 05 Apr 2026 04:15:04 +0200
Received: from [10.42.69.4] (helo=localhost)
 by localhost with ESMTP (eXpurgate MTA 0.9.1)
 (envelope-from <pengpeng@iscas.ac.cn>)
 id 69d1c4b5-e002-0a2a0a5209dd-0a2a4504aa54-36
 for <xen-devel@lists.xenproject.org>; Sun, 05 Apr 2026 04:15:02 +0200
Received: from [159.226.251.21] (helo=cstnet.cn)
 by tlsNG-ebf023.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.0)
 (envelope-from <pengpeng@iscas.ac.cn>)
 id 69d1c5a3-bb33-0a2a45040019-9fe2fb15c5ca-3
 for <xen-devel@lists.xenproject.org>; Sun, 05 Apr 2026 04:15:01 +0200
Received: from 0005-arm-xen-v2.eml (unknown [111.196.245.197])
 by APP-01 (Coremail) with SMTP id qwCowADnjGihxdFpUAU5DA--.3582S2;
 Sun, 05 Apr 2026 10:14:57 +0800 (CST)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Authentication-Results: eu.smtp.expurgate.cloud; none
From: Pengpeng Hou <pengpeng@iscas.ac.cn>
Date: Sun, 5 Apr 2026 08:42:00 +0800
Message-ID: <20260405094005.5-arm-xen-v2-pengpeng@iscas.ac.cn>
To: Stefano Stabellini <sstabellini@kernel.org>
Cc: xen-devel@lists.xenproject.org, linux-arm-kernel@lists.infradead.org,
 linux-kernel@vger.kernel.org, pengpeng@iscas.ac.cn
In-Reply-To: <20260403111502.2-dt-arm-xen-pengpeng@iscas.ac.cn>
References: <20260403111502.2-dt-arm-xen-pengpeng@iscas.ac.cn>
Subject: [PATCH v2] ARM: xen: validate hypervisor compatible before parsing
 its version
X-CM-TRANSID: qwCowADnjGihxdFpUAU5DA--.3582S2
X-Coremail-Antispam: 1UD129KBjvJXoW7Zr4rKFW7Jw13Zryxtry5urg_yoW8CFyDpF
	WFg3sIvFWfta4xW34IyFWDWFy5G3WkXrW7XFyku3W7Ars8t34rKrW2qr1SvF93Ary8G3ya
	vrW0yF18AF4UJaUanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDU0xBIdaVrnRJUUUkl14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0
	rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02
	1l84ACjcxK6xIIjxv20xvE14v26ryj6F1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26F4j
	6r4UJwA2z4x0Y4vEx4A2jsIE14v26F4UJVW0owA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_Cr
	1j6rxdM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj
	6xIIjxv20xvE14v26r126r1DMcIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr
	0_Gr1lF7xvr2IY64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7MxkF7I0En4kS14v26r12
	6r1DMxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI
	0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUAVWUtwCIc40Y
	0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxV
	W8JVWxJwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1l
	IxAIcVC2z280aVCY1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7VUjiID7UUUU
	U==
X-Originating-IP: [111.196.245.197]
X-CM-SenderInfo: pshqw1xhqjqxpvfd2hldfou0/
X-purgate-ID: tlsNG-ebf023/1775355302-3152351B-AFCB4424/0/0
X-purgate-type: clean
X-purgate-size: 1932
X-ZM-MESSAGEID: 1775355346036154100
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

fdt_find_hyper_node() reads the raw compatible property and then derives
hyper_node.version from a prefix match before later printing it with %s.
Flat DT properties are external boot input, and this path does not prove
that the first compatible entry is NUL-terminated within the returned
property length.

Keep the existing flat-DT lookup path, but verify that the first
compatible entry terminates within the returned property length before
deriving the version suffix from it.

Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---
Changes since v1:
- keep `of_get_flat_dt_prop()` instead of switching to `fdt_stringlist_get(=
)`
- validate the first compatible entry with bounded `strnlen()`

 arch/arm/xen/enlighten.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
index 4feed2c2..25a0ce3b 100644
--- a/arch/arm/xen/enlighten.c
+++ b/arch/arm/xen/enlighten.c
@@ -218,8 +218,9 @@ static __initdata struct {
 static int __init fdt_find_hyper_node(unsigned long node, const char *unam=
e,
 				      int depth, void *data)
 {
-	const void *s =3D NULL;
+	const char *s =3D NULL;
 	int len;
+	size_t prefix_len =3D strlen(hyper_node.prefix);
=20
 	if (depth !=3D 1 || strcmp(uname, "hypervisor") !=3D 0)
 		return 0;
@@ -228,9 +229,10 @@ static int __init fdt_find_hyper_node(unsigned long no=
de, const char *uname,
 		hyper_node.found =3D true;
=20
 	s =3D of_get_flat_dt_prop(node, "compatible", &len);
-	if (strlen(hyper_node.prefix) + 3  < len &&
-	    !strncmp(hyper_node.prefix, s, strlen(hyper_node.prefix)))
-		hyper_node.version =3D s + strlen(hyper_node.prefix);
+	if (s && len > 0 && strnlen(s, len) < len &&
+	    len > prefix_len + 3 &&
+	    !strncmp(hyper_node.prefix, s, prefix_len))
+		hyper_node.version =3D s + prefix_len;
=20
 	/*
 	 * Check if Xen supports EFI by checking whether there is the
--=20
2.50.1