Received: by 2002:a05:6358:bb9e:b0:b9:5105:a5b4 with SMTP id df30csp5842877rwb; Wed, 7 Sep 2022 08:44:02 -0700 (PDT) X-Google-Smtp-Source: AA6agR5Vyp8s9xFnCauKAkFYqFNVuOpqvgMHcHPqohcifiZsKPO2eW3ai9QRx/No5dnTuJVRZht/ X-Received: by 2002:a17:90b:388e:b0:1fb:62c1:9cb7 with SMTP id mu14-20020a17090b388e00b001fb62c19cb7mr30323072pjb.207.1662565442266; Wed, 07 Sep 2022 08:44:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662565442; cv=none; d=google.com; s=arc-20160816; b=ASFFY7qaG/4HpBAk47MCI4OvI7CAvFP03YDvBAjy+OjZmD12pf+0Xl1V6VvekNjtvE FLk43FNbwsrQeijqfoT20JqXMyXR1tZ7Y2ON2GwvrcGbvKD8e4RZHRoBlUqbQjN7mUxA IOEjFWpOxbfsIYSgmjeOyjesq2c3kXvOPz2Cyg5KuO/C9LxHGzik2Gch8ZD8c4svXxex avxOh64Nt2zM4DZaM3NilZjDLJH/LbQb/Xz5b9/eNH6sCuV/eOaTHQergH8SufLS3bM+ ZVXU6Kg6TlbzdKOLMM1fY3OZ4R02/gm/ooW7hD+tENFX55zZ3i0AgdyH+8iD/Vf8wbSo Si6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature:dkim-signature; bh=aJ34dsrJXuJLIdyPgcg3FxlDUp7oKXjhBhTpF0POUjI=; b=UVo200bn8Fd3XDfOKoc4xBWo30LDf0YyLw4dZLawdTzLb+jVtzXL9I47HRi1sWE71D EDArclyP9AlbdYMDZdZnV13CaF0DMuYx7S/aEbu+OODVAgMkh7sxfWeQB6WmE3KmjBZ3 OQtuQz2cp2CdhNXBUKW501/v15NQQIQp+vTuy90H2lvTfogWDHIPrcEJ8m0Zqr2cu+6B A4Dh3x2+/nqrBPotuVa2xhDBzkeBK0hV0WCrZ1xkdHc6oG/JNIXhqjUCNGD9BB+Mzm5R FnqHpMluFTd4ABrfYdG7XYXa7zHNMDeuNdLSMshGf7HzkXSw4zihADDHIuS6alICdaGj 8www== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=DPHxdmo4; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=ALDKvCbb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f6-20020a056a00238600b0052528200c80si14728948pfc.282.2022.09.07.08.43.51; Wed, 07 Sep 2022 08:44:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=DPHxdmo4; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=ALDKvCbb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230042AbiIGPWD (ORCPT + 99 others); Wed, 7 Sep 2022 11:22:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230237AbiIGPVy (ORCPT ); Wed, 7 Sep 2022 11:21:54 -0400 Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A24C5A9C39 for ; Wed, 7 Sep 2022 08:21:49 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 24AEB2054E; Wed, 7 Sep 2022 15:21:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1662564108; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aJ34dsrJXuJLIdyPgcg3FxlDUp7oKXjhBhTpF0POUjI=; b=DPHxdmo4W6kBAbVthqDBf1fEhUyy2N35EvG96TF2MpRM2oWK7XlsPwkuFmFBoVe/jSEVKY 5tt+BtuwIeCS+JMsgtw65qfDLlOH7bAioObSAKbZfbrkjKVU/bkIDi4oazsSOkCYSs7Bkq MCEcgjE8aSF5Ghb+xIjqr40SKJz8YQU= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1662564108; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aJ34dsrJXuJLIdyPgcg3FxlDUp7oKXjhBhTpF0POUjI=; b=ALDKvCbbtXKLIIMtlcCWet5yB28x4T2wMhqtxpQRuNfMy5tjzohcrP3iBJ81RoSw2AuV/t vcJyuPMUUwWHsXDQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id F3A4813A66; Wed, 7 Sep 2022 15:21:47 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id TU/COQu3GGODWQAAMHmgww (envelope-from ); Wed, 07 Sep 2022 15:21:47 +0000 Date: Wed, 7 Sep 2022 17:21:46 +0200 From: Jean Delvare To: Andy Shevchenko Cc: LKML , Linus Torvalds Subject: Re: [PATCH] firmware: dmi: Fortify entry point length checks Message-ID: <20220907172146.72460eda@endymion.delvare> In-Reply-To: References: <20220907103041.0a88d5c4@endymion.delvare> Organization: SUSE Linux X-Mailer: Claws Mail 3.18.0 (GTK+ 2.24.32; x86_64-suse-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Andy, On Wed, 7 Sep 2022 17:52:10 +0300, Andy Shevchenko wrote: > On Wed, Sep 7, 2022 at 11:30 AM Jean Delvare wrote: > > > > Ensure that the SMBIOS entry point is long enough to include all the > > fields we need. Otherwise it is pointless to even attempt to verify > > its checksum. > > > > Also fix the maximum length check, which is technically 32, not 31. > > It does not matter in practice as the only valid values are 31 (for > > SMBIOS 2.x) > > "NOTE: This value was incorrectly stated in version 2.1 of this specification as > 1Eh. Because of this, there might be version 2.1 implementations that > use either the 1Eh or the 1Fh value, but version 2.2 or later > implementations must use the 1Fh value." Good point, so maybe we should accept 0x1E and treat is silently as 0x1F (which is what we have been doing implicitly so far) for maximum compatibility? > > and 24 (for SMBIOS 3.x), but let's still have the check > > right in case new fields are added to either structure in the > > future. > > Thanks, makes sense to me. But probably needs more work :-) Of course more work would presumably be needed there, but I assume such changes would have to be compatible with previous implementations, so we don't want to choke on a length check for no reason. -- Jean Delvare SUSE L3 Support