From patchwork Thu Oct 10 00:42:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Stabellini X-Patchwork-Id: 11182461 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9CECF1668 for ; Thu, 10 Oct 2019 00:43:46 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 78AEE20B7C for ; Thu, 10 Oct 2019 00:43:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="AS5SUS4e" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 78AEE20B7C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iIMX1-0005jS-ER; Thu, 10 Oct 2019 00:42:15 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iIMX0-0005jK-IW for xen-devel@lists.xenproject.org; Thu, 10 Oct 2019 00:42:14 +0000 X-Inumbo-ID: ccd85cfe-eaf6-11e9-80e3-bc764e2007e4 Received: from mail.kernel.org (unknown [198.145.29.99]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id ccd85cfe-eaf6-11e9-80e3-bc764e2007e4; Thu, 10 Oct 2019 00:42:13 +0000 (UTC) Received: from sstabellini-ThinkPad-T480s.hsd1.ca.comcast.net (c-67-164-102-47.hsd1.ca.comcast.net [67.164.102.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9F67320B7C; Thu, 10 Oct 2019 00:42:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570668132; bh=E3OgBK+Xi6PVuKpoyyJXGXOVa1BJjWGHTvZQUGqq9xo=; h=From:To:Cc:Subject:Date:From; b=AS5SUS4e9FgWN69OS/8LbXn5xW8dsa/JEicXEtStCYqn7Iwm5QtP8IQiVhPTDhomO VPV8HgcA/mgtciGC1wZPpy3AxViUQ/Gd2EBJ2A+X2+0c4cPyI0uihBZkwwztqHnjgO nGyPYB5g+AP5qN9VD0vB9jjmII+NpINrNy8Ly62A= From: Stefano Stabellini To: julien.grall@arm.com Date: Wed, 9 Oct 2019 17:42:11 -0700 Message-Id: <20191010004211.31017-1-sstabellini@kernel.org> X-Mailer: git-send-email 2.17.1 Subject: [Xen-devel] [PATCH v4] xen/arm: domain_build: harden make_cpus_node() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: jgross@suse.com, xen-devel@lists.xenproject.org, sstabellini@kernel.org, Volodymyr_Babchuk@epam.com, Stefano Stabellini MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" make_cpus_node() is using a static buffer to generate the FDT node name. While mpdir_aff is a 64-bit integer, we only ever use the bits [23:0] as only AFF{0, 1, 2} are supported for now. To avoid any potential issues in the future, check that mpdir_aff has only bits [23:0] set. Take the opportunity to reduce the size of the buffer. Indeed, only 8 characters are needed to print a 32-bit hexadecimal number. So sizeof("cpu@") + 8 + 1 (for '\0') = 13 characters is sufficient. Fixes: c81a791d34 (xen/arm: Set 'reg' of cpu node for dom0 to match MPIDR's affinity) Signed-off-by: Stefano Stabellini Reviewed-by: Julien Grall --- Changes in v4: - commit message - in-code comments Changes in v3: - make sure only [23:0] bits are used in mpidr_aff - clarify that we only need 32bit for buf writes Changes in v2: - patch added --- xen/arch/arm/domain_build.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 921b054520..38adb6e954 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -788,8 +788,8 @@ static int __init make_cpus_node(const struct domain *d, void *fdt) unsigned int cpu; const void *compatible = NULL; u32 len; - /* Placeholder for cpu@ + a 32-bit number + \0 */ - char buf[15]; + /* Placeholder for cpu@ + a 32-bit hexadecimal number + \0 */ + char buf[13]; u32 clock_frequency; bool clock_valid; uint64_t mpidr_aff; @@ -847,11 +847,26 @@ static int __init make_cpus_node(const struct domain *d, void *fdt) * the MPIDR's affinity bits. We will use AFF0 and AFF1 when * constructing the reg value of the guest at the moment, for it * is enough for the current max vcpu number. + * + * We only deal with AFF{0, 1, 2} stored in bits [23:0] at the + * moment. */ mpidr_aff = vcpuid_to_vaffinity(cpu); + if ( (mpidr_aff & ~GENMASK_ULL(23, 0)) != 0 ) + { + printk(XENLOG_ERR "Unable to handle MPIDR AFFINITY 0x%"PRIx64"\n", + mpidr_aff); + return -EINVAL; + } + dt_dprintk("Create cpu@%"PRIx64" (logical CPUID: %d) node\n", mpidr_aff, cpu); + /* + * We use PRIx64 because mpidr_aff is a 64bit integer. However, + * only bits [23:0] are used, thus, we are sure it will fit in + * buf. + */ snprintf(buf, sizeof(buf), "cpu@%"PRIx64, mpidr_aff); res = fdt_begin_node(fdt, buf); if ( res )