On 12/4/18 2:52 pm, David Gibson wrote: > It's always been a design goal of libfdt that it should be safe to > use, even on a badly corrupted fdt image. "Safe" here meaning that it > should never access memory outside the blob's stated boundaries. > > The existing code is pretty good about this with regards to accesses > to the structure block, thanks to the fdt_offset_ptr() helper > function. However, accesses to the strings and memory reservation > blocks were less careful and could easily lead to wild pointer > dereferences in the case of a bad blob. > > This series makes a number of improvements to libfdt safety, capping > it off with a new fdt_check_full() function which acts like an "fsck" > for fdt blobs. Along the way we make some other cleanups. > > Changes since v1: > * Assorted minor polishes based on review comments > * Added an extra patch to clean up sequential write mode state > checking > > David Gibson (13): > libfdt: Clean up header checking functions > libfdt: Improve sequential write state checking > libfdt: Make fdt_check_header() more thorough > libfdt: Safer access to strings section > libfdt: Propagate name errors in fdt_getprop_by_offset() > libfdt: Safer access to memory reservations > Consolidate utilfdt_read_len() variants > libfdt: Add fdt_header_size() > Use size_t for blob lengths in utilfdt_read* > tests: Remove unused #define > tests: Better handling of valgrind errors saving blobs > tests: Use valgrind client requests for better checking > libfdt: Add fdt_check_full() function LGTM Tested-by: Alexey Kardashevskiy <aik@xxxxxxxxx> For everything except tests/* (just too many tests, however they do succeed now): Reviewed-by: Alexey Kardashevskiy <aik@xxxxxxxxx> Now it fails nicely with reverted "spapr: Initialize reserved areas list in FDT in H_CAS handler", cool. btw 2/13 and 6/13 produce a warning from "git am": ".git/rebase-apply/patch:205: trailing whitespace". > > fdtdump.c | 4 +- > fdtget.c | 2 +- > fdtoverlay.c | 6 +- > fdtput.c | 2 +- > libfdt/fdt.c | 76 +++++++++++++++++- > libfdt/fdt_overlay.c | 6 +- > libfdt/fdt_ro.c | 189 ++++++++++++++++++++++++++++++++++++++++----- > libfdt/fdt_rw.c | 28 +++---- > libfdt/fdt_sw.c | 97 ++++++++++++++++++----- > libfdt/libfdt.h | 35 ++++++++- > libfdt/libfdt_env.h | 1 + > libfdt/libfdt_internal.h | 5 +- > libfdt/version.lds | 2 +- > tests/.gitignore | 5 ++ > tests/Makefile.tests | 6 +- > tests/check_full.c | 63 +++++++++++++++ > tests/check_header.c | 128 ++++++++++++++++++++++++++++++ > tests/dumptrees.c | 2 + > tests/mangle-layout.c | 8 +- > tests/mangle-layout.supp | 7 -- > tests/open_pack.supp | 7 -- > tests/run_tests.sh | 14 ++++ > tests/sw_states.c | 140 +++++++++++++++++++++++++++++++++ > tests/sw_tree1.supp | 18 ----- > tests/testdata.h | 2 + > tests/tests.h | 1 + > tests/testutils.c | 78 +++++++++++++++++-- > tests/trees.S | 46 +++++++++++ > tests/truncated_memrsv.c | 63 +++++++++++++++ > tests/truncated_property.c | 2 + > tests/truncated_string.c | 81 +++++++++++++++++++ > util.c | 23 ++---- > util.h | 20 +---- > 33 files changed, 1016 insertions(+), 151 deletions(-) > create mode 100644 tests/check_full.c > create mode 100644 tests/check_header.c > delete mode 100644 tests/mangle-layout.supp > delete mode 100644 tests/open_pack.supp > create mode 100644 tests/sw_states.c > delete mode 100644 tests/sw_tree1.supp > create mode 100644 tests/truncated_memrsv.c > create mode 100644 tests/truncated_string.c > -- Alexey -- To unsubscribe from this list: send the line "unsubscribe devicetree-compiler" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html