From: Alejandro Vallejo Date: Thu, 14 Sep 2023 12:22:53 +0000 (+0100) Subject: libfsimage/xfs: Add compile-time check to libfsimage X-Git-Tag: 4.18.0-rc3~11 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=7d85c70431593550e32022e3a19a37f306f49e00;p=xen.git libfsimage/xfs: Add compile-time check to libfsimage Adds the common tools include folder to the -I compile flags of libfsimage. This allows us to use: xen-tools/common-macros.h:BUILD_BUG_ON() With it, statically assert a sanitized "blocklog - SECTOR_BITS" cannot underflow. This is part of XSA-443 / CVE-2023-34325 Signed-off-by: Alejandro Vallejo Reviewed-by: Jan Beulich --- diff --git a/tools/libfsimage/common.mk b/tools/libfsimage/common.mk index 4fc8c66795..e4336837d0 100644 --- a/tools/libfsimage/common.mk +++ b/tools/libfsimage/common.mk @@ -1,7 +1,7 @@ include $(XEN_ROOT)/tools/Rules.mk FSDIR := $(libdir)/xenfsimage -CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\" +CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ $(CFLAGS_xeninclude) -DFSIMAGE_FSDIR=\"$(FSDIR)\" CFLAGS += -D_GNU_SOURCE LDFLAGS += -L../common/ diff --git a/tools/libfsimage/xfs/fsys_xfs.c b/tools/libfsimage/xfs/fsys_xfs.c index b5c53d3d22..e98b367901 100644 --- a/tools/libfsimage/xfs/fsys_xfs.c +++ b/tools/libfsimage/xfs/fsys_xfs.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "xfs.h" #define MAX_LINK_COUNT 8 @@ -475,9 +476,10 @@ xfs_mount (fsi_file_t *ffi, const char *options) xfs.agblklog = super.sb_agblklog; /* Derived from sanitized parameters */ + BUILD_BUG_ON(XFS_SB_BLOCKLOG_MIN < SECTOR_BITS); + xfs.bdlog = super.sb_blocklog - SECTOR_BITS; xfs.bsize = 1 << super.sb_blocklog; xfs.blklog = super.sb_blocklog; - xfs.bdlog = super.sb_blocklog - SECTOR_BITS; xfs.isize = 1 << super.sb_inodelog; xfs.dirbsize = 1 << (super.sb_blocklog + super.sb_dirblklog); xfs.inopblog = super.sb_blocklog - super.sb_inodelog;