On Fri, Apr 13, 2018 at 01:32:20PM +1000, Alexey Kardashevskiy wrote: > On 12/4/18 2:52 pm, David Gibson wrote: > > It's always been a design goal of libfdt that it should be safe to > > use, even on a badly corrupted fdt image. "Safe" here meaning that it > > should never access memory outside the blob's stated boundaries. > > > > The existing code is pretty good about this with regards to accesses > > to the structure block, thanks to the fdt_offset_ptr() helper > > function. However, accesses to the strings and memory reservation > > blocks were less careful and could easily lead to wild pointer > > dereferences in the case of a bad blob. > > > > This series makes a number of improvements to libfdt safety, capping > > it off with a new fdt_check_full() function which acts like an "fsck" > > for fdt blobs. Along the way we make some other cleanups. > > > > Changes since v1: > > * Assorted minor polishes based on review comments > > * Added an extra patch to clean up sequential write mode state > > checking > > > > David Gibson (13): > > libfdt: Clean up header checking functions > > libfdt: Improve sequential write state checking > > libfdt: Make fdt_check_header() more thorough > > libfdt: Safer access to strings section > > libfdt: Propagate name errors in fdt_getprop_by_offset() > > libfdt: Safer access to memory reservations > > Consolidate utilfdt_read_len() variants > > libfdt: Add fdt_header_size() > > Use size_t for blob lengths in utilfdt_read* > > tests: Remove unused #define > > tests: Better handling of valgrind errors saving blobs > > tests: Use valgrind client requests for better checking > > libfdt: Add fdt_check_full() function > > > LGTM I'm not sure what that means. > Tested-by: Alexey Kardashevskiy <aik@xxxxxxxxx> > > For everything except tests/* (just too many tests, however they do succeed > now): > Reviewed-by: Alexey Kardashevskiy <aik@xxxxxxxxx> > > Now it fails nicely with reverted "spapr: Initialize reserved areas list in > FDT in H_CAS handler", cool. Good to hear. > btw 2/13 and 6/13 produce a warning from "git am": > ".git/rebase-apply/patch:205: trailing whitespace". Oops, I did indeed add some pointless whitespace in some of the new files. Fixed now. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
