]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 591cd65)
ARM: xen: validate hypervisor compatible before parsing its version
authorPengpeng Hou <pengpeng@iscas.ac.cn>
Sun, 5 Apr 2026 00:42:00 +0000 (08:42 +0800)
committerJuergen Gross <jgross@suse.com>
Fri, 10 Apr 2026 08:45:42 +0000 (10:45 +0200)
fdt_find_hyper_node() reads the raw compatible property and then derives
hyper_node.version from a prefix match before later printing it with %s.
Flat DT properties are external boot input, and this path does not prove
that the first compatible entry is NUL-terminated within the returned
property length.

Keep the existing flat-DT lookup path, but verify that the first
compatible entry terminates within the returned property length before
deriving the version suffix from it.

Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Juergen Gross <jgross@suse.com>
Message-ID: <20260405094005.5-arm-xen-v2-pengpeng@iscas.ac.cn>

arch/arm/xen/enlighten.c patch | blob | blame | history

diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
index 4feed2c2498dd089cf78ab5b34d436e76b2ef03f..25a0ce3b4584a6efbaa806a9f10ad7fa02d8e94d 100644 (file)
--- a/arch/arm/xen/enlighten.c
+++ b/arch/arm/xen/enlighten.c
@@ -218,8 +218,9 @@ static __initdata struct {
 static int __init fdt_find_hyper_node(unsigned long node, const char *uname,
                                      int depth, void *data)
 {
-       const void *s = NULL;
+       const char *s = NULL;
        int len;
+       size_t prefix_len = strlen(hyper_node.prefix);
 
        if (depth != 1 || strcmp(uname, "hypervisor") != 0)
                return 0;
@@ -228,9 +229,10 @@ static int __init fdt_find_hyper_node(unsigned long node, const char *uname,
                hyper_node.found = true;
 
        s = of_get_flat_dt_prop(node, "compatible", &len);
-       if (strlen(hyper_node.prefix) + 3  < len &&
-           !strncmp(hyper_node.prefix, s, strlen(hyper_node.prefix)))
-               hyper_node.version = s + strlen(hyper_node.prefix);
+       if (s && len > 0 && strnlen(s, len) < len &&
+           len > prefix_len + 3 &&
+           !strncmp(hyper_node.prefix, s, prefix_len))
+               hyper_node.version = s + prefix_len;
 
        /*
         * Check if Xen supports EFI by checking whether there is the
A mirror of Linus' kernel repository