From nobody Sat Jul 4 21:04:30 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1782917303; cv=none; d=zohomail.com; s=zohoarc; b=arrya2dGBcM66q6Eku6VDopR+n0kZz4Oqrk7Cyat00MdzTse7VNQtsyrWFb5YyJsoh9lscHlwo9CNVHKkFP+z28LsZnjBepRnQQVdTWFEi+FFzSxjQ7oWGehvIHSyDVSmAzII4lmkaixpqIylD6mgGOgk0Nw0XWeF3Bx6m2eNTg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782917303; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5H9FOEbTGuPSoUgzC/ynnLScGlyG4PkeuQTpFvOsYGs=; b=ggZxiFAvB8LeC73yRD2lEyn7z5rIK4ACqyvjaMyuV/pkQLA4voa7ualHwaAn4CHTafd2sSnnW457yi6z1m2VjKJ6oGEdo+fo9oOqt4m11maiq1J/nR3tKi+qK05ng8unn/iasE9lTpMnppQDEoiIEqRaT3iRv0H+loFICGORl4I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1782917303891872.4656263571297; Wed, 1 Jul 2026 07:48:23 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1350065.1607646 (Exim 4.92) (envelope-from ) id 1wewEG-0001VM-7D; Wed, 01 Jul 2026 14:47:56 +0000 Received: by outflank-mailman (output) from mailman id 1350065.1607646; Wed, 01 Jul 2026 14:47:56 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wewEG-0001VF-3L; Wed, 01 Jul 2026 14:47:56 +0000 Received: by outflank-mailman (input) for mailman id 1350065; Wed, 01 Jul 2026 14:47:54 +0000 Received: from mx.expurgate.net ([194.145.224.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wewEE-0001V9-M4 for xen-devel@lists.xenproject.org; Wed, 01 Jul 2026 14:47:54 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wewEE-004ARY-2x for xen-devel@lists.xenproject.org; Wed, 01 Jul 2026 16:47:54 +0200 Received: from [10.42.69.7] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a452890-bab6-0a2a0a5309dd-0a2a4507e8e2-14 for ; Wed, 01 Jul 2026 16:47:54 +0200 Received: from [209.85.128.46] (helo=mail-wm1-f46.google.com) by tlsNG-ef75cf.mxtls.expurgate.net with ESMTPS (eXpurgate 4.57.1) (envelope-from ) id 6a452899-9c8e-0a2a45070019-d155802ec593-3 for ; Wed, 01 Jul 2026 16:47:54 +0200 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4924593f45dso6460585e9.1 for ; Wed, 01 Jul 2026 07:47:53 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493be4d2bc5sm84365595e9.5.2026.07.01.07.47.52 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 01 Jul 2026 07:47:52 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:Content-Language:References:Cc:To:From:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1782917273; x=1783522073; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=5H9FOEbTGuPSoUgzC/ynnLScGlyG4PkeuQTpFvOsYGs=; b=N/UxYgEL+JoCAYj/5G8LUkWxpQSzl9wbLYZQEt6mK8qzc6TvyDtAhkXGE6C94GefQD SYKVfBbXMifkbAhxYMbDqrtRvHCXsNb9Ec2PJZf+shu7pAjxaRYL+zrZfk1xb/aTPGLX XdJqn/+LFndJ45U3ao/QHjKznPZAPeiudrk4yjQUJ4D3JPYOkKP/u9p0awKYVShD0YFC /QXRIfQl0fY5as4i7Sh8ZO/3LzO7lbPJMGEO3tCu3jI+TSj8a5s8Cs31z5Fb7J0HC/M6 BmvZxQ7x+65GCMO0IjVgy/HKPUYhSKHZ5iDktFfNhKKlBfODn3/BED1f4q9KButC/8kV FSQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782917273; x=1783522073; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5H9FOEbTGuPSoUgzC/ynnLScGlyG4PkeuQTpFvOsYGs=; b=eMaTG86YEP6gANfUR75d6ETBIhvTiznsjBCZy66OuZ6YbBPpF19PXvMMHPRSjkag7Z fO3cMSOmdb7Ov2pCEu+IEw1QBUEqAX5bZ1XRZtmut0YQ8hJ8KrpuTUmbqLpQGALEuHU9 4nucRgdCCoj2JNjPWuEi/SQlMkPr1gI52Y8F8ytkKE3kbKXmKdGvGQNV0Migr26DYRG8 HXIPJ8yVINda+/ujK3/7vDt7umN/tDfMfVBr4uwbMPUaoVNnhQf2nrJntfvk9oeUZkQt mF4d/xtkAu2FaS2NpOL2cVCvreyjwigKPZ9yLuhzoragCCmHpl6pV1xcy+TqcfnxNKbd A6EQ== X-Gm-Message-State: AOJu0YycWKNFN1xxGjYv2CpxadBzZTY9OxIHO4cLcUqpsS69hH89nhqF to0cEJJo7Tp5SOwJ0weu/XSQIQGY3NeYVijHl8C+wyEtildFbGp4OSd66jTwhgJ8R1ipbDV6uct kw/Kzqg== X-Gm-Gg: AfdE7cmaKJK9uAux0wiCKUBb663gAOsQVb1amVctd5fJtg3EbbB18rur05eqG1WN3K0 gdcQaH29cnKcQ/N5DdlDKbJPFY9LlPUdHq9EvtJBPXzwxCPMRpf4JX/rHKQSOI1K+AXdjiKutZX pTzg7RJT5yQr9oOLEao72pCpfkbynR06jfQzGBpF9cL5L0SlZc5Dc1XueZi4FebHdF1Ekwr4Y7Y dD7r5Vdilh8Fl6NJT5OC7x9EVNHbw7Tv9S6daSappVOlKQlC6pRyJGQGG9rQ13e9lXiRcny3ril FZVWFTYennKPbVVH9Cbq/+fo0vqmDuhTzwrqyIE4vBr9gqjpUbrhAHgNGeGxACEZYk3UgLbq/V5 rtbqOzYPXx/cVF0YYfGha3dXMGZqwsYe0UUoq5CVI4xs+L/sjmuus9ODLl6DP5Buo5gUohT8eR2 9utbE/sloRHvLoAx/KGnYCdjcuuOqxucFlw0IlGZJDQ1O1UfH2CfDGQCWntFO7ocKetu6zlEAOm 3wv4/o5y46++0A= X-Received: by 2002:a05:600d:644f:10b0:493:bc4a:d5f4 with SMTP id 5b1f17b1804b1-493c2bb226bmr23916745e9.38.1782917273336; Wed, 01 Jul 2026 07:47:53 -0700 (PDT) Message-ID: Date: Wed, 1 Jul 2026 16:47:52 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v2 1/2] libxc: drop size parameter from xc_flask_context_to_sid() From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Anthony PERARD , Juergen Gross , Daniel Smith , Marek Marczykowski References: Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-ef75cf/1782917274-7D92225E-99338FD6/0/0 X-purgate-type: clean X-purgate-size: 3695 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1782917305926158500 Nul-terminated strings are passed in all cases, so the strlen() can very well be invoked by the function itself. In preparation for a hypervisor change also include the nul terminator in the size calculation. Signed-off-by: Jan Beulich Acked-by: Marek Marczykowski-G=C3=B3recki Reviewed-by: Anthony PERARD Reviewed-by: Daniel P. Smith --- Ideally libxl_flask_context_to_sid() would follow suit, but aiui doing so would break its (stable) API. Of course the casts in xc_flask_access() are suspicious. --- v2: Avoid assert() use in libxl. --- a/tools/helpers/init-xenstore-domain.c +++ b/tools/helpers/init-xenstore-domain.c @@ -108,7 +108,7 @@ static int build(xc_interface *xch) =20 if ( flask ) { - rv =3D xc_flask_context_to_sid(xch, flask, strlen(flask), &config.= ssidref); + rv =3D xc_flask_context_to_sid(xch, flask, &config.ssidref); if ( rv ) { fprintf(stderr, "xc_flask_context_to_sid failed\n"); --- a/tools/include/xenctrl.h +++ b/tools/include/xenctrl.h @@ -2372,7 +2372,7 @@ long xc_sharing_used_frames(xc_interface /*** End sharing interface ***/ =20 int xc_flask_load(xc_interface *xc_handle, char *buf, uint32_t size); -int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t s= ize, uint32_t *sid); +int xc_flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t *= sid); int xc_flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf, u= int32_t size); int xc_flask_getenforce(xc_interface *xc_handle); int xc_flask_setenforce(xc_interface *xc_handle, int mode); --- a/tools/libs/ctrl/xc_flask.c +++ b/tools/libs/ctrl/xc_flask.c @@ -83,10 +83,11 @@ int xc_flask_load(xc_interface *xch, cha return err; } =20 -int xc_flask_context_to_sid(xc_interface *xch, char *buf, uint32_t size, u= int32_t *sid) +int xc_flask_context_to_sid(xc_interface *xch, char *buf, uint32_t *sid) { int err; struct xen_flask_op op =3D {}; + size_t size =3D strlen(buf) + 1; DECLARE_HYPERCALL_BOUNCE(buf, size, XC_HYPERCALL_BUFFER_BOUNCE_IN); =20 if ( xc_hypercall_bounce_pre(xch, buf) ) @@ -249,7 +250,7 @@ static int xc_flask_add(xc_interface *xc int err; struct xen_flask_op op =3D {}; =20 - err =3D xc_flask_context_to_sid(xch, scontext, strlen(scontext), &sid); + err =3D xc_flask_context_to_sid(xch, scontext, &sid); if ( err ) return err; =20 @@ -325,10 +326,10 @@ int xc_flask_access(xc_interface *xch, c struct xen_flask_op op =3D {}; int err; =20 - err =3D xc_flask_context_to_sid(xch, (char*)scon, strlen(scon), &op.u.= access.ssid); + err =3D xc_flask_context_to_sid(xch, (char*)scon, &op.u.access.ssid); if ( err ) return err; - err =3D xc_flask_context_to_sid(xch, (char*)tcon, strlen(tcon), &op.u.= access.tsid); + err =3D xc_flask_context_to_sid(xch, (char*)tcon, &op.u.access.tsid); if ( err ) return err; =20 --- a/tools/libs/light/libxl_flask.c +++ b/tools/libs/light/libxl_flask.c @@ -21,7 +21,10 @@ int libxl_flask_context_to_sid(libxl_ctx { int rc; =20 - rc =3D xc_flask_context_to_sid(ctx->xch, buf, len, ssidref); + if (len !=3D strlen(buf)) + return ERROR_INVAL; + + rc =3D xc_flask_context_to_sid(ctx->xch, buf, ssidref); =20 return rc; } --- a/tools/python/xen/lowlevel/xc/xc.c +++ b/tools/python/xen/lowlevel/xc/xc.c @@ -1754,7 +1754,7 @@ static PyObject *pyflask_context_to_sid( return PyErr_SetFromErrno(xc_error_obj); } =20 - ret =3D xc_flask_context_to_sid(xc_handle, ctx, strlen(ctx), &sid); + ret =3D xc_flask_context_to_sid(xc_handle, ctx, &sid); =20 xc_interface_close(xc_handle); =20 From nobody Sat Jul 4 21:04:30 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1782917334; cv=none; d=zohomail.com; s=zohoarc; b=DYC7WVZWJ2/wLoKjBVQDo+8STPEMCYvLZMYkL0G88KJ+DuyODqlFkddw/dvT/5TPLBEsRtNGYMswsSvZoUCvJC+vr9m3n1zGiP+SDGUYZl27OvXEVsdD2Lne0JTI3t0B0zC0xlOloK2jHgWzOi7ecd6omwiz8XJd2Cz6U32j5f0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1782917334; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=f6RRyZm2oHP9FW10uig6BZI7qLTDrMsOg0vt+/wGgiA=; b=LrJj/iRZt7L2fjcZSv92jzXEYHedic0VPW5+JcU8EKGZOnjO6imQ+TEpRDCYT3YI89ltMU8Z10TplOxottZP4X5BDOmvnIYHyD20Zf546OnWiTJfe0VgzqmEqAUyl6EvwTWTadrcijYh5/qu6PyV9dWAYVWhb38PmIElj1Nr+2M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1782917334082990.3578647799899; Wed, 1 Jul 2026 07:48:54 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1350073.1607654 (Exim 4.92) (envelope-from ) id 1wewEv-000261-E7; Wed, 01 Jul 2026 14:48:37 +0000 Received: by outflank-mailman (output) from mailman id 1350073.1607654; Wed, 01 Jul 2026 14:48:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wewEv-00025t-BA; Wed, 01 Jul 2026 14:48:37 +0000 Received: by outflank-mailman (input) for mailman id 1350073; Wed, 01 Jul 2026 14:48:36 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wewEu-000251-G3 for xen-devel@lists.xenproject.org; Wed, 01 Jul 2026 14:48:36 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wewEt-003lr9-Og for xen-devel@lists.xenproject.org; Wed, 01 Jul 2026 16:48:35 +0200 Received: from [10.42.69.10] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 6a4528aa-bab6-0a2a0a5309dd-0a2a450ae036-36 for ; Wed, 01 Jul 2026 16:48:35 +0200 Received: from [209.85.128.53] (helo=mail-wm1-f53.google.com) by tlsNG-4011c0.mxtls.expurgate.net with ESMTPS (eXpurgate 4.57.1) (envelope-from ) id 6a4528c3-e40e-0a2a450a0019-d1558035c921-3 for ; Wed, 01 Jul 2026 16:48:35 +0200 Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-493b966dd74so3200155e9.3 for ; Wed, 01 Jul 2026 07:48:35 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493be4f76a7sm79269095e9.13.2026.07.01.07.48.34 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 01 Jul 2026 07:48:34 -0700 (PDT) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=google header.d=suse.com header.i="@suse.com" header.h="Content-Transfer-Encoding:In-Reply-To:Autocrypt:Content-Language:References:Cc:To:From:Subject:User-Agent:MIME-Version:Date:Message-ID" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1782917315; x=1783522115; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=f6RRyZm2oHP9FW10uig6BZI7qLTDrMsOg0vt+/wGgiA=; b=TonPrCXw+myyYio+xjGg4zuxR0Fa4fllVBXiP/GdtgxNLxmniwcde/HvHwUCuEBtai bj6AzYTWB3ZqBW6s41qbTgqeSRlSD3lF/Kggp9zukWvJ8AnZN7rs9434V9mUkGMaa9hI 76ETSf0P05K6EZGhkkj/tfxb5vT0nVVynNi8wvza1HGypIX7uOcwZqfPXEgK8b9r9Hnp 9ukJWV43yqT71qRK4szNNn181QCg1zuVtAEtItT+sonGFsEvKwGX748OjUF6JNeU8eRt ElkL/cbUcgkQw0uVAcQPUXMO7ihKszfkO1i9gGhNiSf897uISgFR2bfVwb3mJlyWcjZR 7rgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782917315; x=1783522115; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :references:cc:to:from:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=f6RRyZm2oHP9FW10uig6BZI7qLTDrMsOg0vt+/wGgiA=; b=OYPJ6Ld0ejdAYiBBTleb//xsn+VLCWQsv1Q7H8AVznV1pJ0/sGeLTdCFJtgKLC9DFU L2LnBrU5jkAAkUo55HKwdKjfdoD0lMhjQgIu7qZn3liCIMrRNTUF4dLf0h+lATkSMFxL 44zKTkzQFJ7kzCEPrBYwDLATV2lGBAkVuP4ZC2uVh0zAtu7PI4HKCQgQG5zDcEgxBoR9 yLChhQkV1UYwOYb2mYJc8wXBOwPISKR4PHvmgnBdFi2HcGfWU61Npf1ZJhwNtl5ZB1I2 vSPk4wrLCFtvvGOnoBliQqHhyumAQbhKgyCGziRy2Po17vHhtoMSmydpA4ZwFNi++p/V hDmg== X-Gm-Message-State: AOJu0YwyR/rswohA06LUfZyYA83QJDBYSvy+ZLhuioKMpi6FWC2NSPSW FaerZNWsciWfs1YAzRJX2ml3V5z0i6vxyDXpKFJSuTxS3F0ce/3MjUReQhnAAGFtE426/FI/4Hq JxXgYiA== X-Gm-Gg: AfdE7cn46AZwmehu0s88Inn1DXdATYibQSlxQ7gDS4wpidji/nsDA9/v/qrvktm29PT bWQqTw9ue2grTxBYznvI7cD9A78noySMSuWYO8oSySs4snCrQQQu+apMjE7bJ++U7s6bmAuFaKa bkhIBlXKp5g4D8PbHCFFQg7MRknGmRoE+w0PCvw7t5xTPK1q+QRDGF+S49QmpYLdSgaWzb8hoOi zPq/pOyE10l66A7g9MEZylWT5ulhq1qEMyUwCD1r69FFTeYQ8/gvHn1ZIP7p9pq4E9KVuHhlSSa ym0RJJBirfO9oDplrupkrWvQGaQzV3sGHOHdcSmEAlecwq46hPyfN9npIINztaJ4+nJ4Ji9kXky /tqUQmSE/WFsF8aOiofDdpTSkSe6tH8rmU1LBzOhFI8iMbToqXcVIwZD6Sjf3T+6daKanQTq1Ip in556SKesIuwJcR85wYPETj9gR4Pcu/AN+DpXIlWCL2vy0kyXqB3KYkBMuemz2XNoKz2y9fB1b3 e2XvJ1RRg2DDHE= X-Received: by 2002:a05:600c:8590:b0:492:6487:a87 with SMTP id 5b1f17b1804b1-493c2ba1f4dmr25417315e9.32.1782917315064; Wed, 01 Jul 2026 07:48:35 -0700 (PDT) Message-ID: <80bc4e83-b767-4692-9ce1-0ebf68d7ab26@suse.com> Date: Wed, 1 Jul 2026 16:48:33 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v2 2/2] lib: make safe_copy_string_from_guest() validate input From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Julien Grall , Stefano Stabellini , Anthony PERARD , Michal Orzel , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= , Daniel Smith , Oleksii Kurochko References: Content-Language: en-US Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: Content-Transfer-Encoding: quoted-printable X-purgate-ID: tlsNG-4011c0/1782917315-D492DDDE-00F26FA8/0/0 X-purgate-type: clean X-purgate-size: 3769 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1782917336242158500 Content-Type: text/plain; charset="utf-8" ... rather than papering over guest flaws: Strings passed ought to be nul- terminated (yet sadly libxc hasn't been doing so thus far). This way we also avoid order-1 allocations, seeing that all present callers pass PAGE_SIZE for max_size. Signed-off-by: Jan Beulich Acked-by: Oleksii Kurochko # Changelog Reviewed-by: Anthony PERARD Reviewed-by: Oleksii Kurochko --- I can't spot any caller side use of FLASK_DEVICETREE_LABEL, hence there's no corresponding prereq patch. --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ The format is based on [Keep a Changelog ## [4.23.0 UNRELEASED](https://xenbits.xenproject.org/gitweb/?p=3Dxen.git;= a=3Dshortlog;h=3Dstaging) - TBD =20 ### Changed + - XEN_DOMCTL_DEV_DT's, FLASK_[GS]ETBOOL's, and FLASK_DEVICETREE_LABEL's i= nput + string sizes need to include the nul terminator. =20 ### Added =20 --- a/xen/lib/guest-strcpy.c +++ b/xen/lib/guest-strcpy.c @@ -3,8 +3,8 @@ #include =20 /* - * The function copies a string from the guest and adds a NUL to - * make sure the string is correctly terminated. + * The function copies a string from the guest and checks there's a NUL + * terminating the string. */ char *safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, size_t size, size_t max_size) @@ -14,8 +14,7 @@ char *safe_copy_string_from_guest(XEN_GU if ( size > max_size ) return ERR_PTR(-ENOBUFS); =20 - /* Add an extra +1 to append \0 */ - tmp =3D xmalloc_array(char, size + 1); + tmp =3D xmalloc_array(char, size); if ( !tmp ) return ERR_PTR(-ENOMEM); =20 @@ -24,7 +23,12 @@ char *safe_copy_string_from_guest(XEN_GU xfree(tmp); return ERR_PTR(-EFAULT); } - tmp[size] =3D '\0'; + + if ( !memchr(tmp, 0, size) ) + { + xfree(tmp); + return ERR_PTR(-EMSGSIZE); + } =20 return tmp; } --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -574,7 +574,7 @@ struct xen_domctl_assign_device { uint32_t machine_sbdf; /* machine PCI ID of assigned device = */ } pci; struct { - uint32_t size; /* Length of the path */ + uint32_t size; /* Length of the path, including nul terminator= */ XEN_GUEST_HANDLE_64(char) path; /* Path to the device tree nod= e */ #ifdef __XEN__ struct dt_device_node *dev; /* Resolved device node of the abo= ve */ --- a/xen/include/public/xsm/flask_op.h +++ b/xen/include/public/xsm/flask_op.h @@ -26,7 +26,8 @@ typedef struct xen_flask_setenforce xen_ struct xen_flask_sid_context { /* IN/OUT: sid to convert to/from string */ uint32_t sid; - /* IN: size of the context buffer + /* + * IN: size of the context buffer, including nul terminator * OUT: actual size of the output context string */ uint32_t size; @@ -86,8 +87,11 @@ struct xen_flask_boolean { uint8_t new_value; /* IN: commit new value instead of only setting pending [SET] */ uint8_t commit; - /* IN: size of boolean name buffer [GET/SET] - * OUT: actual size of name [GET only] */ + /* + * IN: size of boolean name buffer [GET/SET]; must cover nul terminator + * if "name" (below) is an input + * OUT: actual size of name [GET only] + */ uint32_t size; /* IN: if bool_id is -1, used to find boolean [GET/SET] * OUT: textual name of boolean [GET only] @@ -150,7 +154,7 @@ typedef struct xen_flask_relabel xen_fla struct xen_flask_devicetree_label { /* IN */ uint32_t sid; - uint32_t length; + uint32_t length; /* length of the path, including nul terminator */ XEN_GUEST_HANDLE(char) path; }; typedef struct xen_flask_devicetree_label xen_flask_devicetree_label_t;