From: Alejandro Vallejo Date: Thu, 14 Sep 2023 12:22:53 +0000 (+0100) Subject: libfsimage/xfs: Add compile-time check to libfsimage X-Git-Tag: RELEASE-4.15.6~56 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=586aab25bbc2e42b97cba514b50280526a870296;p=xen.git libfsimage/xfs: Add compile-time check to libfsimage Adds the common tools include folder to the -I compile flags of libfsimage. This allows us to use: xen-tools/common-macros.h:BUILD_BUG_ON() With it, statically assert a sanitized "blocklog - SECTOR_BITS" cannot underflow. This is part of XSA-443 / CVE-2023-34325 Signed-off-by: Alejandro Vallejo Reviewed-by: Jan Beulich (cherry picked from commit 7d85c70431593550e32022e3a19a37f306f49e00) --- diff --git a/tools/libfsimage/Rules.mk b/tools/libfsimage/Rules.mk index bb6d42abb4..80598fb70a 100644 --- a/tools/libfsimage/Rules.mk +++ b/tools/libfsimage/Rules.mk @@ -1,6 +1,6 @@ include $(XEN_ROOT)/tools/Rules.mk -CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\" +CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ $(CFLAGS_xeninclude) -DFSIMAGE_FSDIR=\"$(FSDIR)\" CFLAGS += -Werror -D_GNU_SOURCE LDFLAGS += -L../common/ diff --git a/tools/libfsimage/xfs/fsys_xfs.c b/tools/libfsimage/xfs/fsys_xfs.c index e4eb7e1ee2..4a8dd6f239 100644 --- a/tools/libfsimage/xfs/fsys_xfs.c +++ b/tools/libfsimage/xfs/fsys_xfs.c @@ -19,6 +19,7 @@ #include #include +#include #include "xfs.h" #define MAX_LINK_COUNT 8 @@ -477,9 +478,10 @@ xfs_mount (fsi_file_t *ffi, const char *options) xfs.agblklog = super.sb_agblklog; /* Derived from sanitized parameters */ + BUILD_BUG_ON(XFS_SB_BLOCKLOG_MIN < SECTOR_BITS); + xfs.bdlog = super.sb_blocklog - SECTOR_BITS; xfs.bsize = 1 << super.sb_blocklog; xfs.blklog = super.sb_blocklog; - xfs.bdlog = super.sb_blocklog - SECTOR_BITS; xfs.isize = 1 << super.sb_inodelog; xfs.dirbsize = 1 << (super.sb_blocklog + super.sb_dirblklog); xfs.inopblog = super.sb_blocklog - super.sb_inodelog;