Re: [PATCHv2 00/13] Improve libfdt's memory safety

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/4/18 2:52 pm, David Gibson wrote:
> It's always been a design goal of libfdt that it should be safe to
> use, even on a badly corrupted fdt image.  "Safe" here meaning that it
> should never access memory outside the blob's stated boundaries.
> 
> The existing code is pretty good about this with regards to accesses
> to the structure block, thanks to the fdt_offset_ptr() helper
> function.  However, accesses to the strings and memory reservation
> blocks were less careful and could easily lead to wild pointer
> dereferences in the case of a bad blob.
> 
> This series makes a number of improvements to libfdt safety, capping
> it off with a new fdt_check_full() function which acts like an "fsck"
> for fdt blobs.  Along the way we make some other cleanups.
> 
> Changes since v1:
>   * Assorted minor polishes based on review comments
>   * Added an extra patch to clean up sequential write mode state
>     checking
> 
> David Gibson (13):
>   libfdt: Clean up header checking functions
>   libfdt: Improve sequential write state checking
>   libfdt: Make fdt_check_header() more thorough
>   libfdt: Safer access to strings section
>   libfdt: Propagate name errors in fdt_getprop_by_offset()
>   libfdt: Safer access to memory reservations
>   Consolidate utilfdt_read_len() variants
>   libfdt: Add fdt_header_size()
>   Use size_t for blob lengths in utilfdt_read*
>   tests: Remove unused #define
>   tests: Better handling of valgrind errors saving blobs
>   tests: Use valgrind client requests for better checking
>   libfdt: Add fdt_check_full() function


LGTM

Tested-by: Alexey Kardashevskiy <aik@xxxxxxxxx>

For everything except tests/* (just too many tests, however they do succeed
now):
Reviewed-by: Alexey Kardashevskiy <aik@xxxxxxxxx>

Now it fails nicely with reverted "spapr: Initialize reserved areas list in
FDT in H_CAS handler", cool.

btw 2/13 and 6/13 produce a warning from "git am":
".git/rebase-apply/patch:205: trailing whitespace".





> 
>  fdtdump.c                  |   4 +-
>  fdtget.c                   |   2 +-
>  fdtoverlay.c               |   6 +-
>  fdtput.c                   |   2 +-
>  libfdt/fdt.c               |  76 +++++++++++++++++-
>  libfdt/fdt_overlay.c       |   6 +-
>  libfdt/fdt_ro.c            | 189 ++++++++++++++++++++++++++++++++++++++++-----
>  libfdt/fdt_rw.c            |  28 +++----
>  libfdt/fdt_sw.c            |  97 ++++++++++++++++++-----
>  libfdt/libfdt.h            |  35 ++++++++-
>  libfdt/libfdt_env.h        |   1 +
>  libfdt/libfdt_internal.h   |   5 +-
>  libfdt/version.lds         |   2 +-
>  tests/.gitignore           |   5 ++
>  tests/Makefile.tests       |   6 +-
>  tests/check_full.c         |  63 +++++++++++++++
>  tests/check_header.c       | 128 ++++++++++++++++++++++++++++++
>  tests/dumptrees.c          |   2 +
>  tests/mangle-layout.c      |   8 +-
>  tests/mangle-layout.supp   |   7 --
>  tests/open_pack.supp       |   7 --
>  tests/run_tests.sh         |  14 ++++
>  tests/sw_states.c          | 140 +++++++++++++++++++++++++++++++++
>  tests/sw_tree1.supp        |  18 -----
>  tests/testdata.h           |   2 +
>  tests/tests.h              |   1 +
>  tests/testutils.c          |  78 +++++++++++++++++--
>  tests/trees.S              |  46 +++++++++++
>  tests/truncated_memrsv.c   |  63 +++++++++++++++
>  tests/truncated_property.c |   2 +
>  tests/truncated_string.c   |  81 +++++++++++++++++++
>  util.c                     |  23 ++----
>  util.h                     |  20 +----
>  33 files changed, 1016 insertions(+), 151 deletions(-)
>  create mode 100644 tests/check_full.c
>  create mode 100644 tests/check_header.c
>  delete mode 100644 tests/mangle-layout.supp
>  delete mode 100644 tests/open_pack.supp
>  create mode 100644 tests/sw_states.c
>  delete mode 100644 tests/sw_tree1.supp
>  create mode 100644 tests/truncated_memrsv.c
>  create mode 100644 tests/truncated_string.c
> 


-- 
Alexey
--
To unsubscribe from this list: send the line "unsubscribe devicetree-compiler" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Device Tree]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux