[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/hypfs: fix writing of custom parameter

  • To: Juergen Gross <jgross@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Fri, 11 Sep 2020 13:14:39 +0100
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Fri, 11 Sep 2020 12:15:01 +0000
  • Ironport-sdr: ok2D6rDvz3Wps+J4358GBLFbWa/XXEJh2GXnfX2oUIlQNMF1fNy0hwQBY+3EA7sKsBf8ULM6U9 r1vwzye4c1sXcn2z4XxdQK7PdPmzZoO6o9bHQp0EdX0YJzqlUs9A3gukb+ndI8Q/dlspSX6/V7 S+zRcrrDNe5UUlOmYIcjk5iz+/MQBqWbhaDsLjA7gPBx82aGiFX2R3X/Y0gzDoeb871aHSkJ1x JFmdEKepbdmgIP6HfgLrCkHVRg6rgtcbEmJsG2gqBc5j1DThPOF5iwJvjJg23b2ZWbMxb0Gq3I aYU=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11/09/2020 06:30, Juergen Gross wrote:
> Today the maximum allowed data length for writing a hypfs node is
> tested in the generic hypfs_write() function. For custom runtime
> parameters this might be wrong, as the maximum allowed size is derived
> from the buffer holding the current setting, while there might be ways
> to set the parameter needing more characters than the minimal
> representation of that value.
>
> One example for this is the "ept" parameter. Its value buffer is sized
> to be able to hold the string "exec-sp=0" or "exec-sp=1", while it is
> allowed to use e.g. "no-exec-sp" or "exec-sp=yes" for setting it.

If you're looking for silly examples, exec-sp=disabled is also legal
boolean notation for Xen.

>
> Fix that by moving the length check one level down to the type
> specific write function.
>
> In order to avoid allocation of arbitrary sized buffers use a new
> MAX_PARAM_SIZE macro as an upper limit for custom writes. The value
> of MAX_PARAM_SIZE is the same as the limit in parse_params() for a
> single parameter.
>
> Fixes: 5b5ccafb0c42 ("xen: add basic hypervisor filesystem support")
> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>

This does fix my bug, so Tested-by: Andrew Cooper
<andrew.cooper3@xxxxxxxxxx>

This does need backporting to 4.14, so maybe is best to take in this
form for now.

However, I'm rather uneasy about the approach.

Everything here derives from command line semantics, and it's probably
not going to be long until we get runtime modification of two sub
parameters.

In a theoretical world where all the EPT suboptions were runtime
modifiable, it would be legal to try and pass

ept=exec-sp,pml,no-pml,no-ad,ad,no-ad

While being fairly nonsensical, it is well formed on the command line. 
We go left to right, and latest takes precedence.

Given that we do have buffer containing everything provided by
userspace, and all internal logic organised with const char *, why do we
need an intermediate allocation at all?

Can't we just pass that all the way down, rather than leaving the same
bug to hit at some point when we do have a parameter which legitimately
takes 128 characters of configuration?

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.