Re: [PATCH v4 18/31] hw/i386/sev: Add function to get SEV metadata from OVMF header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 31/05/2024 16:41, Paolo Bonzini wrote:
> On Fri, May 31, 2024 at 5:20 PM Liam Merwick <liam.merwick@xxxxxxxxxx> wrote:
>>> +    metadata = (OvmfSevMetadata *)(flash_ptr + flash_size - data->offset);
>>> +    if (memcmp(metadata->signature, "ASEV", 4) != 0) {
>>> +        return;
>>> +    }
>>> +
>>> +    ovmf_sev_metadata_table = g_malloc(metadata->len);
>>
>> There should be a bounds check on metadata->len before using it.
> 
> You mean like:
> 
>      if (metadata->len <= flash_size - data->offset) {
>          ovmf_sev_metadata_table = g_memdup2(metadata, metadata->len);
>      }
> 

Yeah, and maybe before that

if (metadata->len < sizeof(OvmfSevMetadata))
      return

But the main thing would be checking the upper bound to avoid
allocating a huge amount of memory 

Regards,
Liam
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux