Xen devel - Apr 2012 - [PATCH] readnote: Add bzImage kernel support

Add the check of bzImage kernel and make it work
with RHEL 6 bzipped kernels

Signed-off-by: Xuesen Guo <xuesen.guo@hitachiconsulting.com>

diff -r d690c7e896a2 -r e640d59ff132 tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Wed Apr 11 15:31:26 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel() function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary *elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,6 +204,27 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return -EINVAL;
+		}
+
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+
+		image = image + payload_offset;
+		st.st_size = payload_length;
+	}
+	
 	size = st.st_size;
 
 	usize = xc_dom_check_gzip(xch, image, st.st_size);

This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)

Add the check of bzImage kernel and make it work
with RHEL 6 bzipped kernels

Signed-off-by: Xuesen Guo <xuesen.guo@hitachiconsulting.com>

diff -r d690c7e896a2 -r e640d59ff132 tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Wed Apr 11 15:31:26 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel() function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary *elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,6 +204,27 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return -EINVAL;
+		}
+
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+
+		image = image + payload_offset;
+		st.st_size = payload_length;
+	}
+	
 	size = st.st_size;
 
 	usize = xc_dom_check_gzip(xch, image, st.st_size);

This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)

Add the check of bzImage kernel and make it work
with RHEL 6 bzipped kernels

Signed-off-by: Xuesen Guo <xuesen.guo@hitachiconsulting.com>

diff -r d690c7e896a2 -r e640d59ff132 tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Wed Apr 11 15:31:26 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel() function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary *elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,6 +204,27 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return -EINVAL;
+		}
+
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+
+		image = image + payload_offset;
+		st.st_size = payload_length;
+	}
+	
 	size = st.st_size;
 
 	usize = xc_dom_check_gzip(xch, image, st.st_size);

This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)

Add the check of bzImage kernel and make it work
with RHEL 6 bzipped kernels

Signed-off-by: Xuesen Guo <xuesen.guo@hitachiconsulting.com>

diff -r d690c7e896a2 -r e640d59ff132 tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Wed Apr 11 15:31:26 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel() function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary *elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,6 +204,27 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return -EINVAL;
+		}
+
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+
+		image = image + payload_offset;
+		st.st_size = payload_length;
+	}
+	
 	size = st.st_size;
 
 	usize = xc_dom_check_gzip(xch, image, st.st_size);

This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)

On Thu, 2012-04-12 at 02:38 +0100, Xuesen Guo wrote:
> Add the check of bzImage kernel and make it work
> with RHEL 6 bzipped kernels
Thanks, a single small nit inline below.
> @@ -159,6 +204,27 @@ int main(int argc, char **argv)
>  		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
>  		return 1;
>  	}
> +	
> +	/* Check the magic of bzImage kernel */
> +	hdr = (struct setup_header *)image;
> +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
> +	{
> +		if ( hdr->version < VERSION(2,8) )
> +		{
> +			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
> +			return -EINVAL;
Should be return 1 in this context.

Thanks,
Ian.
> +		}
> +
> +		/* upcast to 64 bits to avoid overflow */
> +		/* setup_sects is u8 and so cannot overflow */
> +		payload_offset = (hdr->setup_sects + 1) * 512;
> +		payload_offset += hdr->payload_offset;
> +		payload_length = hdr->payload_length;
> +
> +		image = image + payload_offset;
> +		st.st_size = payload_length;
> +	}
> +	
>  	size = st.st_size;
>  
>  	usize = xc_dom_check_gzip(xch, image, st.st_size);

Xuesen Guo writes ("[PATCH] readnote: Add bzImage kernel
support"):
> Add the check of bzImage kernel and make it work
> with RHEL 6 bzipped kernels
Thanks for this.  Technically we are in feature freeze but we should
probably make an exception for this.

However, this code will need a thorough line-by-line review as it
is privileged code dealing with potentially hostile kernels, and this
kind of data format unpicking has in the past been the source of bugs
including security vulnerabilities.

So please bear with us while we find time to do that review.

I emphasise that it''s no reflection on you or the quality of your
code: any submission which solved this same problem ought to be
carefully scrutinised.

Thanks,
Ian.

Add the check of bzImage kernel and make it work
with RHEL 6 bzipped kernels

Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>

diff -r d690c7e896a2 -r ec8e99606fbe tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Thu Apr 26 10:57:09 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel() function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary *elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,6 +204,27 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return 1;
+		}
+
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+
+		image = image + payload_offset;
+		st.st_size = payload_length;
+	}
+	
 	size = st.st_size;
 
 	usize = xc_dom_check_gzip(xch, image, st.st_size);

This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)

On Thu, 2012-04-26 at 04:00 +0100, Xuesen Guo wrote:
> Add the check of bzImage kernel and make it work
> with RHEL 6 bzipped kernels
> 
> Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
> 
> diff -r d690c7e896a2 -r ec8e99606fbe tools/xcutils/readnotes.c
> --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
> +++ b/tools/xcutils/readnotes.c	Thu Apr 26 10:57:09 2012 +0800
> @@ -18,6 +18,48 @@
>  
>  static xc_interface *xch;
>  
> +/* According to the implemation of xc_dom_probe_bzimage_kernel() function
*/
> +/* We add support of bzImage kernel */
> +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> +struct setup_header {
> +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> +	uint8_t  setup_sects;
> +	uint16_t root_flags;
> +	uint32_t syssize;
> +	uint16_t ram_size;
> +	uint16_t vid_mode;
> +	uint16_t root_dev;
> +	uint16_t boot_flag;
> +	uint16_t jump;
> +	uint32_t header;
> +#define HDR_MAGIC  "HdrS"
> +#define HDR_MAGIC_SZ 4
> +	uint16_t version;
> +#define VERSION(h,l) (((h)<<8) | (l))
> +	uint32_t realmode_swtch;
> +	uint16_t start_sys;
> +	uint16_t kernel_version;
> +	uint8_t  type_of_loader;
> +	uint8_t  loadflags;
> +	uint16_t setup_move_size;
> +	uint32_t code32_start;
> +	uint32_t ramdisk_image;
> +	uint32_t ramdisk_size;
> +	uint32_t bootsect_kludge;
> +	uint16_t heap_end_ptr;
> +	uint16_t _pad1;
> +	uint32_t cmd_line_ptr;
> +	uint32_t initrd_addr_max;
> +	uint32_t kernel_alignment;
> +	uint8_t  relocatable_kernel;
> +	uint8_t  _pad2[3];
> +	uint32_t cmdline_size;
> +	uint32_t hardware_subarch;
> +	uint64_t hardware_subarch_data;
> +	uint32_t payload_offset;
> +	uint32_t payload_length;
> +} __attribute__((packed));
> +
>  static void print_string_note(const char *prefix, struct elf_binary *elf,
>  			      const elf_note *note)
>  {
> @@ -131,6 +173,9 @@ int main(int argc, char **argv)
>  	const elf_shdr *shdr;
>  	int notes_found = 0;
>  
> +	struct setup_header *hdr;
> +	uint64_t payload_offset, payload_length;
> +
>  	if (argc != 2)
>  	{
>  		fprintf(stderr, "Usage: readnotes <elfimage>\n");
> @@ -159,6 +204,27 @@ int main(int argc, char **argv)
>  		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
>  		return 1;
>  	}
> +	
> +	/* Check the magic of bzImage kernel */
> +	hdr = (struct setup_header *)image;
> +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
> +	{
> +		if ( hdr->version < VERSION(2,8) )
> +		{
> +			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
> +			return 1;
> +		}
> +
> +		/* upcast to 64 bits to avoid overflow */
> +		/* setup_sects is u8 and so cannot overflow */
> +		payload_offset = (hdr->setup_sects + 1) * 512;
> +		payload_offset += hdr->payload_offset;
> +		payload_length = hdr->payload_length;
Up to this point this is all the same as xc_dom_probe_bzimage_kernel and
therefore looks to me to be safe and correct.

However xc_dom_probe_bzimage_kernel has some additional checks before it
trusts the offset and length. Specifically it compares them against the
size of the on disk kernel image:
    if ( payload_offset >= dom->kernel_size )
    {
        xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: payload offset
overflow",
                     __FUNCTION__);
        return -EINVAL;
    }
    if ( (payload_offset + payload_length) > dom->kernel_size )
    {
        xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: payload length
overflow",
                     __FUNCTION__);
        return -EINVAL;
    }

I think you likely want to retain some similar check here, using
st.st_size as the boundary instead of dom->kernel_size.
> +
> +		image = image + payload_offset;
> +		st.st_size = payload_length;
> +	}
> +	
>  	size = st.st_size;
The usage of size vs st.st_size in the existing code is not very
obvious, IMHO it would be preferable to consistently always use size
from this point on, since changing st.st_size has the possibility of
surprise. IOW the tail here would be:

		image = image + payload_offset;
		size = payload_length
	} else {
		size = st.st_size;
 	}

and then use size and not st.st_size for the remainder of the function.

Ian.
>  	usize = xc_dom_check_gzip(xch, image, st.st_size);
> 
> This e-mail is intended solely for the person or entity to which it is
addressed
> and may contain confidential and/or privileged information. Any review,
dissemination,
> copying, printing or other use of this e-mail by persons or entities other
than the
> addressee is prohibited. If you have received this e-mail in error, please
contact
> the sender immediately and delete the material from any computer.
> To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
> Hitachi Consulting (China) Co., Ltd. (HCCD0411)
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

Many thanks for your comments.
I will resend the patch according to your suggestions.

--Xuesen


On Thu, 2012-04-26 at 08:39 +0100, Ian Campbell wrote:
> On Thu, 2012-04-26 at 04:00 +0100, Xuesen Guo wrote:
> > Add the check of bzImage kernel and make it work
> > with RHEL 6 bzipped kernels
> > 
> > Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
> > 
> > diff -r d690c7e896a2 -r ec8e99606fbe tools/xcutils/readnotes.c
> > --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
> > +++ b/tools/xcutils/readnotes.c	Thu Apr 26 10:57:09 2012 +0800
> > @@ -18,6 +18,48 @@
> >  
> >  static xc_interface *xch;
> >  
> > +/* According to the implemation of xc_dom_probe_bzimage_kernel()
function */
> > +/* We add support of bzImage kernel */
> > +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> > +struct setup_header {
> > +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> > +	uint8_t  setup_sects;
> > +	uint16_t root_flags;
> > +	uint32_t syssize;
> > +	uint16_t ram_size;
> > +	uint16_t vid_mode;
> > +	uint16_t root_dev;
> > +	uint16_t boot_flag;
> > +	uint16_t jump;
> > +	uint32_t header;
> > +#define HDR_MAGIC  "HdrS"
> > +#define HDR_MAGIC_SZ 4
> > +	uint16_t version;
> > +#define VERSION(h,l) (((h)<<8) | (l))
> > +	uint32_t realmode_swtch;
> > +	uint16_t start_sys;
> > +	uint16_t kernel_version;
> > +	uint8_t  type_of_loader;
> > +	uint8_t  loadflags;
> > +	uint16_t setup_move_size;
> > +	uint32_t code32_start;
> > +	uint32_t ramdisk_image;
> > +	uint32_t ramdisk_size;
> > +	uint32_t bootsect_kludge;
> > +	uint16_t heap_end_ptr;
> > +	uint16_t _pad1;
> > +	uint32_t cmd_line_ptr;
> > +	uint32_t initrd_addr_max;
> > +	uint32_t kernel_alignment;
> > +	uint8_t  relocatable_kernel;
> > +	uint8_t  _pad2[3];
> > +	uint32_t cmdline_size;
> > +	uint32_t hardware_subarch;
> > +	uint64_t hardware_subarch_data;
> > +	uint32_t payload_offset;
> > +	uint32_t payload_length;
> > +} __attribute__((packed));
> > +
> >  static void print_string_note(const char *prefix, struct elf_binary
*elf,
> >  			      const elf_note *note)
> >  {
> > @@ -131,6 +173,9 @@ int main(int argc, char **argv)
> >  	const elf_shdr *shdr;
> >  	int notes_found = 0;
> >  
> > +	struct setup_header *hdr;
> > +	uint64_t payload_offset, payload_length;
> > +
> >  	if (argc != 2)
> >  	{
> >  		fprintf(stderr, "Usage: readnotes <elfimage>\n");
> > @@ -159,6 +204,27 @@ int main(int argc, char **argv)
> >  		fprintf(stderr, "Unable to map %s: %s\n", f,
strerror(errno));
> >  		return 1;
> >  	}
> > +	
> > +	/* Check the magic of bzImage kernel */
> > +	hdr = (struct setup_header *)image;
> > +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
> > +	{
> > +		if ( hdr->version < VERSION(2,8) )
> > +		{
> > +			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
> > +			return 1;
> > +		}
> > +
> > +		/* upcast to 64 bits to avoid overflow */
> > +		/* setup_sects is u8 and so cannot overflow */
> > +		payload_offset = (hdr->setup_sects + 1) * 512;
> > +		payload_offset += hdr->payload_offset;
> > +		payload_length = hdr->payload_length;
> 
> Up to this point this is all the same as xc_dom_probe_bzimage_kernel and
> therefore looks to me to be safe and correct.
> 
> However xc_dom_probe_bzimage_kernel has some additional checks before it
> trusts the offset and length. Specifically it compares them against the
> size of the on disk kernel image:
>     if ( payload_offset >= dom->kernel_size )
>     {
>         xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: payload
offset overflow",
>                      __FUNCTION__);
>         return -EINVAL;
>     }
>     if ( (payload_offset + payload_length) > dom->kernel_size )
>     {
>         xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: payload
length overflow",
>                      __FUNCTION__);
>         return -EINVAL;
>     }
> 
> I think you likely want to retain some similar check here, using
> st.st_size as the boundary instead of dom->kernel_size.
> 
> > +
> > +		image = image + payload_offset;
> > +		st.st_size = payload_length;
> > +	}
> > +	
> >  	size = st.st_size;
> 
> The usage of size vs st.st_size in the existing code is not very
> obvious, IMHO it would be preferable to consistently always use size
> from this point on, since changing st.st_size has the possibility of
> surprise. IOW the tail here would be:
> 
> 		image = image + payload_offset;
> 		size = payload_length
> 	} else {
> 		size = st.st_size;
>  	}
> 
> and then use size and not st.st_size for the remainder of the function.
> 
> Ian.
> 
> >  	usize = xc_dom_check_gzip(xch, image, st.st_size);
> > 
> > This e-mail is intended solely for the person or entity to which it is
addressed
> > and may contain confidential and/or privileged information. Any
review, dissemination,
> > copying, printing or other use of this e-mail by persons or entities
other than the
> > addressee is prohibited. If you have received this e-mail in error,
please contact
> > the sender immediately and delete the material from any computer.
> > To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
> > Hitachi Consulting (China) Co., Ltd. (HCCD0411)
> > 
> > 
> > 
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xen.org
> > http://lists.xen.org/xen-devel
> 
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Add the check of bzImage kernel and make it work
with RHEL 6 bzipped kernels

Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>

---
Changed since v1:
  * add additional checks of the offset and length
  * not changing st.st_size, use size instead of st.st_size

diff -r d690c7e896a2 -r 27a6422ac06d tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:17 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel() function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary *elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,13 +204,45 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
-	size = st.st_size;
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return 1;
+		}
 
-	usize = xc_dom_check_gzip(xch, image, st.st_size);
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+		
+		if ( payload_offset >= st.st_size )
+		{
+			printf("%s: payload offset overflow", __FUNCTION__);
+			return 1;
+		}
+		if ( (payload_offset + payload_length) > st.st_size )
+		{
+			printf("%s: payload length overflow", __FUNCTION__);
+			return 1;
+		}
+
+		image = image + payload_offset;
+		size = payload_length;
+	} else {
+		size = st.st_size;
+	}
+
+	usize = xc_dom_check_gzip(xch, image, size);
 	if (usize)
 	{
 		tmp = malloc(usize);
-		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
+		xc_dom_do_gunzip(xch, image, size, tmp, usize);
 		image = tmp;
 		size = usize;
 	}

This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)

On Thu, 2012-04-26 at 09:54 +0100, Xuesen Guo wrote:
> Add the check of bzImage kernel and make it work
> with RHEL 6 bzipped kernels
> 
> Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
Thanks, I think is now equivalent to xc_dom_probe_bzimage_kernel(),
which has been security audited, and therefore:

Acked-by: Ian Campbell <ian.campbell@citrix.com>
> 
> ---
> Changed since v1:
>   * add additional checks of the offset and length
>   * not changing st.st_size, use size instead of st.st_size
> 
> diff -r d690c7e896a2 -r 27a6422ac06d tools/xcutils/readnotes.c
> --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
> +++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:17 2012 +0800
> @@ -18,6 +18,48 @@
>  
>  static xc_interface *xch;
>  
> +/* According to the implemation of xc_dom_probe_bzimage_kernel() function
*/
> +/* We add support of bzImage kernel */
> +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> +struct setup_header {
> +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> +	uint8_t  setup_sects;
> +	uint16_t root_flags;
> +	uint32_t syssize;
> +	uint16_t ram_size;
> +	uint16_t vid_mode;
> +	uint16_t root_dev;
> +	uint16_t boot_flag;
> +	uint16_t jump;
> +	uint32_t header;
> +#define HDR_MAGIC  "HdrS"
> +#define HDR_MAGIC_SZ 4
> +	uint16_t version;
> +#define VERSION(h,l) (((h)<<8) | (l))
> +	uint32_t realmode_swtch;
> +	uint16_t start_sys;
> +	uint16_t kernel_version;
> +	uint8_t  type_of_loader;
> +	uint8_t  loadflags;
> +	uint16_t setup_move_size;
> +	uint32_t code32_start;
> +	uint32_t ramdisk_image;
> +	uint32_t ramdisk_size;
> +	uint32_t bootsect_kludge;
> +	uint16_t heap_end_ptr;
> +	uint16_t _pad1;
> +	uint32_t cmd_line_ptr;
> +	uint32_t initrd_addr_max;
> +	uint32_t kernel_alignment;
> +	uint8_t  relocatable_kernel;
> +	uint8_t  _pad2[3];
> +	uint32_t cmdline_size;
> +	uint32_t hardware_subarch;
> +	uint64_t hardware_subarch_data;
> +	uint32_t payload_offset;
> +	uint32_t payload_length;
> +} __attribute__((packed));
> +
>  static void print_string_note(const char *prefix, struct elf_binary *elf,
>  			      const elf_note *note)
>  {
> @@ -131,6 +173,9 @@ int main(int argc, char **argv)
>  	const elf_shdr *shdr;
>  	int notes_found = 0;
>  
> +	struct setup_header *hdr;
> +	uint64_t payload_offset, payload_length;
> +
>  	if (argc != 2)
>  	{
>  		fprintf(stderr, "Usage: readnotes <elfimage>\n");
> @@ -159,13 +204,45 @@ int main(int argc, char **argv)
>  		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
>  		return 1;
>  	}
> -	size = st.st_size;
> +	
> +	/* Check the magic of bzImage kernel */
> +	hdr = (struct setup_header *)image;
> +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
> +	{
> +		if ( hdr->version < VERSION(2,8) )
> +		{
> +			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
> +			return 1;
> +		}
>  
> -	usize = xc_dom_check_gzip(xch, image, st.st_size);
> +		/* upcast to 64 bits to avoid overflow */
> +		/* setup_sects is u8 and so cannot overflow */
> +		payload_offset = (hdr->setup_sects + 1) * 512;
> +		payload_offset += hdr->payload_offset;
> +		payload_length = hdr->payload_length;
> +		
> +		if ( payload_offset >= st.st_size )
> +		{
> +			printf("%s: payload offset overflow", __FUNCTION__);
> +			return 1;
> +		}
> +		if ( (payload_offset + payload_length) > st.st_size )
> +		{
> +			printf("%s: payload length overflow", __FUNCTION__);
> +			return 1;
> +		}
> +
> +		image = image + payload_offset;
> +		size = payload_length;
> +	} else {
> +		size = st.st_size;
> +	}
> +
> +	usize = xc_dom_check_gzip(xch, image, size);
>  	if (usize)
>  	{
>  		tmp = malloc(usize);
> -		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
> +		xc_dom_do_gunzip(xch, image, size, tmp, usize);
>  		image = tmp;
>  		size = usize;
>  	}
> 
> This e-mail is intended solely for the person or entity to which it is
addressed
> and may contain confidential and/or privileged information. Any review,
dissemination,
> copying, printing or other use of this e-mail by persons or entities other
than the
> addressee is prohibited. If you have received this e-mail in error, please
contact
> the sender immediately and delete the material from any computer.
> To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
> Hitachi Consulting (China) Co., Ltd. (HCCD0411)
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

>>> On 26.04.12 at 10:54, Xuesen Guo
<Xuesen.Guo@hitachiconsulting.com> wrote:
> Add the check of bzImage kernel and make it work
> with RHEL 6 bzipped kernels
I fail to see the relation of the term "bzipped" above to the actual
patch.

Jan
> Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
> 
> ---
> Changed since v1:
>   * add additional checks of the offset and length
>   * not changing st.st_size, use size instead of st.st_size
> 
> diff -r d690c7e896a2 -r 27a6422ac06d tools/xcutils/readnotes.c
> --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
> +++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:17 2012 +0800
> @@ -18,6 +18,48 @@
>  
>  static xc_interface *xch;
>  
> +/* According to the implemation of xc_dom_probe_bzimage_kernel() function 
> */
> +/* We add support of bzImage kernel */
> +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> +struct setup_header {
> +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> +	uint8_t  setup_sects;
> +	uint16_t root_flags;
> +	uint32_t syssize;
> +	uint16_t ram_size;
> +	uint16_t vid_mode;
> +	uint16_t root_dev;
> +	uint16_t boot_flag;
> +	uint16_t jump;
> +	uint32_t header;
> +#define HDR_MAGIC  "HdrS"
> +#define HDR_MAGIC_SZ 4
> +	uint16_t version;
> +#define VERSION(h,l) (((h)<<8) | (l))
> +	uint32_t realmode_swtch;
> +	uint16_t start_sys;
> +	uint16_t kernel_version;
> +	uint8_t  type_of_loader;
> +	uint8_t  loadflags;
> +	uint16_t setup_move_size;
> +	uint32_t code32_start;
> +	uint32_t ramdisk_image;
> +	uint32_t ramdisk_size;
> +	uint32_t bootsect_kludge;
> +	uint16_t heap_end_ptr;
> +	uint16_t _pad1;
> +	uint32_t cmd_line_ptr;
> +	uint32_t initrd_addr_max;
> +	uint32_t kernel_alignment;
> +	uint8_t  relocatable_kernel;
> +	uint8_t  _pad2[3];
> +	uint32_t cmdline_size;
> +	uint32_t hardware_subarch;
> +	uint64_t hardware_subarch_data;
> +	uint32_t payload_offset;
> +	uint32_t payload_length;
> +} __attribute__((packed));
> +
>  static void print_string_note(const char *prefix, struct elf_binary *elf,
>  			      const elf_note *note)
>  {
> @@ -131,6 +173,9 @@ int main(int argc, char **argv)
>  	const elf_shdr *shdr;
>  	int notes_found = 0;
>  
> +	struct setup_header *hdr;
> +	uint64_t payload_offset, payload_length;
> +
>  	if (argc != 2)
>  	{
>  		fprintf(stderr, "Usage: readnotes <elfimage>\n");
> @@ -159,13 +204,45 @@ int main(int argc, char **argv)
>  		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
>  		return 1;
>  	}
> -	size = st.st_size;
> +	
> +	/* Check the magic of bzImage kernel */
> +	hdr = (struct setup_header *)image;
> +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
> +	{
> +		if ( hdr->version < VERSION(2,8) )
> +		{
> +			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
> +			return 1;
> +		}
>  
> -	usize = xc_dom_check_gzip(xch, image, st.st_size);
> +		/* upcast to 64 bits to avoid overflow */
> +		/* setup_sects is u8 and so cannot overflow */
> +		payload_offset = (hdr->setup_sects + 1) * 512;
> +		payload_offset += hdr->payload_offset;
> +		payload_length = hdr->payload_length;
> +		
> +		if ( payload_offset >= st.st_size )
> +		{
> +			printf("%s: payload offset overflow", __FUNCTION__);
> +			return 1;
> +		}
> +		if ( (payload_offset + payload_length) > st.st_size )
> +		{
> +			printf("%s: payload length overflow", __FUNCTION__);
> +			return 1;
> +		}
> +
> +		image = image + payload_offset;
> +		size = payload_length;
> +	} else {
> +		size = st.st_size;
> +	}
> +
> +	usize = xc_dom_check_gzip(xch, image, size);
>  	if (usize)
>  	{
>  		tmp = malloc(usize);
> -		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
> +		xc_dom_do_gunzip(xch, image, size, tmp, usize);
>  		image = tmp;
>  		size = usize;
>  	}
> 
> This e-mail is intended solely for the person or entity to which it is 
> addressed
> and may contain confidential and/or privileged information. Any review, 
> dissemination,
> copying, printing or other use of this e-mail by persons or entities other 
> than the 
> addressee is prohibited. If you have received this e-mail in error, please 
> contact
> the sender immediately and delete the material from any computer.
> To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
> Hitachi Consulting (China) Co., Ltd. (HCCD0411)
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org 
> http://lists.xen.org/xen-devel

On Thu, 2012-04-26 at 10:13 +0100, Jan Beulich wrote:
> >>> On 26.04.12 at 10:54, Xuesen Guo
<Xuesen.Guo@hitachiconsulting.com> wrote:
> > Add the check of bzImage kernel and make it work
> > with RHEL 6 bzipped kernels
> 
> I fail to see the relation of the term "bzipped" above to the
actual patch.
Oh yes, this is a common misconception (which I failed to notice in my
review).

The "bz" in bzImage does not refer to the bzip compression algorithm.
Rather it refers to "big zImage". It''s a historical thing
because the
original zImage compressor was restricted to <1M (or something) of RAM
at decompression time and bzImage was introduced to cope with more and
therefore worked for larger kernels. Obviously 1M is very limiting to in
practice everyone uses bzImage today...

Now of course today, just to add to the confusion, bzImage can support
multiple compression algorithms, including the original z, but also
bzip2, lzma and xz.

Ian
> 
> Jan
> 
> > Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
> > 
> > ---
> > Changed since v1:
> >   * add additional checks of the offset and length
> >   * not changing st.st_size, use size instead of st.st_size
> > 
> > diff -r d690c7e896a2 -r 27a6422ac06d tools/xcutils/readnotes.c
> > --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
> > +++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:17 2012 +0800
> > @@ -18,6 +18,48 @@
> >  
> >  static xc_interface *xch;
> >  
> > +/* According to the implemation of xc_dom_probe_bzimage_kernel()
function
> > */
> > +/* We add support of bzImage kernel */
> > +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> > +struct setup_header {
> > +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> > +	uint8_t  setup_sects;
> > +	uint16_t root_flags;
> > +	uint32_t syssize;
> > +	uint16_t ram_size;
> > +	uint16_t vid_mode;
> > +	uint16_t root_dev;
> > +	uint16_t boot_flag;
> > +	uint16_t jump;
> > +	uint32_t header;
> > +#define HDR_MAGIC  "HdrS"
> > +#define HDR_MAGIC_SZ 4
> > +	uint16_t version;
> > +#define VERSION(h,l) (((h)<<8) | (l))
> > +	uint32_t realmode_swtch;
> > +	uint16_t start_sys;
> > +	uint16_t kernel_version;
> > +	uint8_t  type_of_loader;
> > +	uint8_t  loadflags;
> > +	uint16_t setup_move_size;
> > +	uint32_t code32_start;
> > +	uint32_t ramdisk_image;
> > +	uint32_t ramdisk_size;
> > +	uint32_t bootsect_kludge;
> > +	uint16_t heap_end_ptr;
> > +	uint16_t _pad1;
> > +	uint32_t cmd_line_ptr;
> > +	uint32_t initrd_addr_max;
> > +	uint32_t kernel_alignment;
> > +	uint8_t  relocatable_kernel;
> > +	uint8_t  _pad2[3];
> > +	uint32_t cmdline_size;
> > +	uint32_t hardware_subarch;
> > +	uint64_t hardware_subarch_data;
> > +	uint32_t payload_offset;
> > +	uint32_t payload_length;
> > +} __attribute__((packed));
> > +
> >  static void print_string_note(const char *prefix, struct elf_binary
*elf,
> >  			      const elf_note *note)
> >  {
> > @@ -131,6 +173,9 @@ int main(int argc, char **argv)
> >  	const elf_shdr *shdr;
> >  	int notes_found = 0;
> >  
> > +	struct setup_header *hdr;
> > +	uint64_t payload_offset, payload_length;
> > +
> >  	if (argc != 2)
> >  	{
> >  		fprintf(stderr, "Usage: readnotes <elfimage>\n");
> > @@ -159,13 +204,45 @@ int main(int argc, char **argv)
> >  		fprintf(stderr, "Unable to map %s: %s\n", f,
strerror(errno));
> >  		return 1;
> >  	}
> > -	size = st.st_size;
> > +	
> > +	/* Check the magic of bzImage kernel */
> > +	hdr = (struct setup_header *)image;
> > +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
> > +	{
> > +		if ( hdr->version < VERSION(2,8) )
> > +		{
> > +			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
> > +			return 1;
> > +		}
> >  
> > -	usize = xc_dom_check_gzip(xch, image, st.st_size);
> > +		/* upcast to 64 bits to avoid overflow */
> > +		/* setup_sects is u8 and so cannot overflow */
> > +		payload_offset = (hdr->setup_sects + 1) * 512;
> > +		payload_offset += hdr->payload_offset;
> > +		payload_length = hdr->payload_length;
> > +		
> > +		if ( payload_offset >= st.st_size )
> > +		{
> > +			printf("%s: payload offset overflow", __FUNCTION__);
> > +			return 1;
> > +		}
> > +		if ( (payload_offset + payload_length) > st.st_size )
> > +		{
> > +			printf("%s: payload length overflow", __FUNCTION__);
> > +			return 1;
> > +		}
> > +
> > +		image = image + payload_offset;
> > +		size = payload_length;
> > +	} else {
> > +		size = st.st_size;
> > +	}
> > +
> > +	usize = xc_dom_check_gzip(xch, image, size);
> >  	if (usize)
> >  	{
> >  		tmp = malloc(usize);
> > -		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
> > +		xc_dom_do_gunzip(xch, image, size, tmp, usize);
> >  		image = tmp;
> >  		size = usize;
> >  	}
> > 
> > This e-mail is intended solely for the person or entity to which it is
> > addressed
> > and may contain confidential and/or privileged information. Any
review,
> > dissemination,
> > copying, printing or other use of this e-mail by persons or entities
other
> > than the 
> > addressee is prohibited. If you have received this e-mail in error,
please
> > contact
> > the sender immediately and delete the material from any computer.
> > To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
> > Hitachi Consulting (China) Co., Ltd. (HCCD0411)
> > 
> > 
> > 
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xen.org 
> > http://lists.xen.org/xen-devel 
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

I fixed the confusion, shall I need to resend this patch?
------------------------------------------------------------------------
readnote: Add bzImage kernel support

Add the check of bzImage kernel and make it work
with RHEL 6 big zImage kernel

Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

---
Changed since v1:
  * add additional checks of the offset and length
  * not changing st.st_size, use size instead of st.st_size
  
---
Changed since v2:
  * changing decription bzipped kernels to big zImage kernel


Thanks!
Xuesen 

On Thu, 2012-04-26 at 10:20 +0100, Ian Campbell wrote:
> On Thu, 2012-04-26 at 10:13 +0100, Jan Beulich wrote:
> > >>> On 26.04.12 at 10:54, Xuesen Guo
<Xuesen.Guo@hitachiconsulting.com> wrote:
> > > Add the check of bzImage kernel and make it work
> > > with RHEL 6 bzipped kernels
> > 
> > I fail to see the relation of the term "bzipped" above to
the actual patch.
> 
> Oh yes, this is a common misconception (which I failed to notice in my
> review).
> 
> The "bz" in bzImage does not refer to the bzip compression
algorithm.
> Rather it refers to "big zImage". It''s a historical
thing because the
> original zImage compressor was restricted to <1M (or something) of RAM
> at decompression time and bzImage was introduced to cope with more and
> therefore worked for larger kernels. Obviously 1M is very limiting to in
> practice everyone uses bzImage today...
> 
> Now of course today, just to add to the confusion, bzImage can support
> multiple compression algorithms, including the original z, but also
> bzip2, lzma and xz.
> 
> Ian
> 
> > 
> > Jan
> > 
> > > Signed-off-by: Xuesen Guo
<Xuesen.Guo@hitachiconsulting.com>
> > > 
> > > ---
> > > Changed since v1:
> > >   * add additional checks of the offset and length
> > >   * not changing st.st_size, use size instead of st.st_size
> > > 
> > > diff -r d690c7e896a2 -r 27a6422ac06d tools/xcutils/readnotes.c
> > > --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
> > > +++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:17 2012 +0800
> > > @@ -18,6 +18,48 @@
> > >  
> > >  static xc_interface *xch;
> > >  
> > > +/* According to the implemation of xc_dom_probe_bzimage_kernel()
function
> > > */
> > > +/* We add support of bzImage kernel */
> > > +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> > > +struct setup_header {
> > > +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> > > +	uint8_t  setup_sects;
> > > +	uint16_t root_flags;
> > > +	uint32_t syssize;
> > > +	uint16_t ram_size;
> > > +	uint16_t vid_mode;
> > > +	uint16_t root_dev;
> > > +	uint16_t boot_flag;
> > > +	uint16_t jump;
> > > +	uint32_t header;
> > > +#define HDR_MAGIC  "HdrS"
> > > +#define HDR_MAGIC_SZ 4
> > > +	uint16_t version;
> > > +#define VERSION(h,l) (((h)<<8) | (l))
> > > +	uint32_t realmode_swtch;
> > > +	uint16_t start_sys;
> > > +	uint16_t kernel_version;
> > > +	uint8_t  type_of_loader;
> > > +	uint8_t  loadflags;
> > > +	uint16_t setup_move_size;
> > > +	uint32_t code32_start;
> > > +	uint32_t ramdisk_image;
> > > +	uint32_t ramdisk_size;
> > > +	uint32_t bootsect_kludge;
> > > +	uint16_t heap_end_ptr;
> > > +	uint16_t _pad1;
> > > +	uint32_t cmd_line_ptr;
> > > +	uint32_t initrd_addr_max;
> > > +	uint32_t kernel_alignment;
> > > +	uint8_t  relocatable_kernel;
> > > +	uint8_t  _pad2[3];
> > > +	uint32_t cmdline_size;
> > > +	uint32_t hardware_subarch;
> > > +	uint64_t hardware_subarch_data;
> > > +	uint32_t payload_offset;
> > > +	uint32_t payload_length;
> > > +} __attribute__((packed));
> > > +
> > >  static void print_string_note(const char *prefix, struct
elf_binary *elf,
> > >  			      const elf_note *note)
> > >  {
> > > @@ -131,6 +173,9 @@ int main(int argc, char **argv)
> > >  	const elf_shdr *shdr;
> > >  	int notes_found = 0;
> > >  
> > > +	struct setup_header *hdr;
> > > +	uint64_t payload_offset, payload_length;
> > > +
> > >  	if (argc != 2)
> > >  	{
> > >  		fprintf(stderr, "Usage: readnotes
<elfimage>\n");
> > > @@ -159,13 +204,45 @@ int main(int argc, char **argv)
> > >  		fprintf(stderr, "Unable to map %s: %s\n", f,
strerror(errno));
> > >  		return 1;
> > >  	}
> > > -	size = st.st_size;
> > > +	
> > > +	/* Check the magic of bzImage kernel */
> > > +	hdr = (struct setup_header *)image;
> > > +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0
)
> > > +	{
> > > +		if ( hdr->version < VERSION(2,8) )
> > > +		{
> > > +			printf("%s: boot protocol too old (%04x)",
__FUNCTION__, hdr->version);
> > > +			return 1;
> > > +		}
> > >  
> > > -	usize = xc_dom_check_gzip(xch, image, st.st_size);
> > > +		/* upcast to 64 bits to avoid overflow */
> > > +		/* setup_sects is u8 and so cannot overflow */
> > > +		payload_offset = (hdr->setup_sects + 1) * 512;
> > > +		payload_offset += hdr->payload_offset;
> > > +		payload_length = hdr->payload_length;
> > > +		
> > > +		if ( payload_offset >= st.st_size )
> > > +		{
> > > +			printf("%s: payload offset overflow",
__FUNCTION__);
> > > +			return 1;
> > > +		}
> > > +		if ( (payload_offset + payload_length) > st.st_size )
> > > +		{
> > > +			printf("%s: payload length overflow",
__FUNCTION__);
> > > +			return 1;
> > > +		}
> > > +
> > > +		image = image + payload_offset;
> > > +		size = payload_length;
> > > +	} else {
> > > +		size = st.st_size;
> > > +	}
> > > +
> > > +	usize = xc_dom_check_gzip(xch, image, size);
> > >  	if (usize)
> > >  	{
> > >  		tmp = malloc(usize);
> > > -		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
> > > +		xc_dom_do_gunzip(xch, image, size, tmp, usize);
> > >  		image = tmp;
> > >  		size = usize;
> > >  	}
> > > 
> > > This e-mail is intended solely for the person or entity to which
it is
> > > addressed
> > > and may contain confidential and/or privileged information. Any
review,
> > > dissemination,
> > > copying, printing or other use of this e-mail by persons or
entities other
> > > than the 
> > > addressee is prohibited. If you have received this e-mail in
error, please
> > > contact
> > > the sender immediately and delete the material from any computer.
> > > To unsubscribe send an email to:
Unsubscribe@hitachiconsulting.com
> > > Hitachi Consulting (China) Co., Ltd. (HCCD0411)
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@lists.xen.org 
> > > http://lists.xen.org/xen-devel 
> > 
> > 
> > 
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xen.org
> > http://lists.xen.org/xen-devel
> 
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

# HG changeset patch
# Parent d690c7e896a26c54a5ab85458824059de72d5cba
readnote: Add bzImage kernel support

Add the check of bzImage kernel and make it work
with RHEL 6 big zImage kernel

Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

---
Changed since v1:
  * add additional checks of the offset and length
  * not changing st.st_size, use size instead of st.st_size
  
---
Changed since v2:
  * changing decription bzipped kernels to big zImage kernel

diff -r d690c7e896a2 tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:16 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel()
function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary
*elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,13 +204,45 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
-	size = st.st_size;
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return 1;
+		}
 
-	usize = xc_dom_check_gzip(xch, image, st.st_size);
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+		
+		if ( payload_offset >= st.st_size )
+		{
+			printf("%s: payload offset overflow", __FUNCTION__);
+			return 1;
+		}
+		if ( (payload_offset + payload_length) > st.st_size )
+		{
+			printf("%s: payload length overflow", __FUNCTION__);
+			return 1;
+		}
+
+		image = image + payload_offset;
+		size = payload_length;
+	} else {
+		size = st.st_size;
+	}
+
+	usize = xc_dom_check_gzip(xch, image, size);
 	if (usize)
 	{
 		tmp = malloc(usize);
-		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
+		xc_dom_do_gunzip(xch, image, size, tmp, usize);
 		image = tmp;
 		size = usize;
 	}


On Thu, 2012-04-26 at 17:51 +0800, Xuesen Guo wrote:
> I fixed the confusion, shall I need to resend this patch?
> ------------------------------------------------------------------------
> readnote: Add bzImage kernel support
> 
> Add the check of bzImage kernel and make it work
> with RHEL 6 big zImage kernel
> 
> Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
> Acked-by: Ian Campbell <ian.campbell@citrix.com>
> 
> ---
> Changed since v1:
>   * add additional checks of the offset and length
>   * not changing st.st_size, use size instead of st.st_size
>   
> ---
> Changed since v2:
>   * changing decription bzipped kernels to big zImage kernel
> 
> 
> Thanks!
> Xuesen 
> 
> On Thu, 2012-04-26 at 10:20 +0100, Ian Campbell wrote: 
> > On Thu, 2012-04-26 at 10:13 +0100, Jan Beulich wrote:
> > > >>> On 26.04.12 at 10:54, Xuesen Guo
<Xuesen.Guo@hitachiconsulting.com> wrote:
> > > > Add the check of bzImage kernel and make it work
> > > > with RHEL 6 bzipped kernels
> > > 
> > > I fail to see the relation of the term "bzipped" above
to the actual patch.
> > 
> > Oh yes, this is a common misconception (which I failed to notice in my
> > review).
> > 
> > The "bz" in bzImage does not refer to the bzip compression
algorithm.
> > Rather it refers to "big zImage". It''s a historical
thing because the
> > original zImage compressor was restricted to <1M (or something) of
RAM
> > at decompression time and bzImage was introduced to cope with more and
> > therefore worked for larger kernels. Obviously 1M is very limiting to
in
> > practice everyone uses bzImage today...
> > 
> > Now of course today, just to add to the confusion, bzImage can support
> > multiple compression algorithms, including the original z, but also
> > bzip2, lzma and xz.
> > 
> > Ian
> > 
> > > 
> > > Jan
> > > 
> > > > Signed-off-by: Xuesen Guo
<Xuesen.Guo@hitachiconsulting.com>
> > > > 
> > > > ---
> > > > Changed since v1:
> > > >   * add additional checks of the offset and length
> > > >   * not changing st.st_size, use size instead of st.st_size
> > > > 
> > > > diff -r d690c7e896a2 -r 27a6422ac06d
tools/xcutils/readnotes.c
> > > > --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012
+0100
> > > > +++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:17 2012
+0800
> > > > @@ -18,6 +18,48 @@
> > > >  
> > > >  static xc_interface *xch;
> > > >  
> > > > +/* According to the implemation of
xc_dom_probe_bzimage_kernel() function
> > > > */
> > > > +/* We add support of bzImage kernel */
> > > > +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> > > > +struct setup_header {
> > > > +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> > > > +	uint8_t  setup_sects;
> > > > +	uint16_t root_flags;
> > > > +	uint32_t syssize;
> > > > +	uint16_t ram_size;
> > > > +	uint16_t vid_mode;
> > > > +	uint16_t root_dev;
> > > > +	uint16_t boot_flag;
> > > > +	uint16_t jump;
> > > > +	uint32_t header;
> > > > +#define HDR_MAGIC  "HdrS"
> > > > +#define HDR_MAGIC_SZ 4
> > > > +	uint16_t version;
> > > > +#define VERSION(h,l) (((h)<<8) | (l))
> > > > +	uint32_t realmode_swtch;
> > > > +	uint16_t start_sys;
> > > > +	uint16_t kernel_version;
> > > > +	uint8_t  type_of_loader;
> > > > +	uint8_t  loadflags;
> > > > +	uint16_t setup_move_size;
> > > > +	uint32_t code32_start;
> > > > +	uint32_t ramdisk_image;
> > > > +	uint32_t ramdisk_size;
> > > > +	uint32_t bootsect_kludge;
> > > > +	uint16_t heap_end_ptr;
> > > > +	uint16_t _pad1;
> > > > +	uint32_t cmd_line_ptr;
> > > > +	uint32_t initrd_addr_max;
> > > > +	uint32_t kernel_alignment;
> > > > +	uint8_t  relocatable_kernel;
> > > > +	uint8_t  _pad2[3];
> > > > +	uint32_t cmdline_size;
> > > > +	uint32_t hardware_subarch;
> > > > +	uint64_t hardware_subarch_data;
> > > > +	uint32_t payload_offset;
> > > > +	uint32_t payload_length;
> > > > +} __attribute__((packed));
> > > > +
> > > >  static void print_string_note(const char *prefix, struct
elf_binary *elf,
> > > >  			      const elf_note *note)
> > > >  {
> > > > @@ -131,6 +173,9 @@ int main(int argc, char **argv)
> > > >  	const elf_shdr *shdr;
> > > >  	int notes_found = 0;
> > > >  
> > > > +	struct setup_header *hdr;
> > > > +	uint64_t payload_offset, payload_length;
> > > > +
> > > >  	if (argc != 2)
> > > >  	{
> > > >  		fprintf(stderr, "Usage: readnotes
<elfimage>\n");
> > > > @@ -159,13 +204,45 @@ int main(int argc, char **argv)
> > > >  		fprintf(stderr, "Unable to map %s: %s\n", f,
strerror(errno));
> > > >  		return 1;
> > > >  	}
> > > > -	size = st.st_size;
> > > > +	
> > > > +	/* Check the magic of bzImage kernel */
> > > > +	hdr = (struct setup_header *)image;
> > > > +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ)
== 0 )
> > > > +	{
> > > > +		if ( hdr->version < VERSION(2,8) )
> > > > +		{
> > > > +			printf("%s: boot protocol too old (%04x)",
__FUNCTION__, hdr->version);
> > > > +			return 1;
> > > > +		}
> > > >  
> > > > -	usize = xc_dom_check_gzip(xch, image, st.st_size);
> > > > +		/* upcast to 64 bits to avoid overflow */
> > > > +		/* setup_sects is u8 and so cannot overflow */
> > > > +		payload_offset = (hdr->setup_sects + 1) * 512;
> > > > +		payload_offset += hdr->payload_offset;
> > > > +		payload_length = hdr->payload_length;
> > > > +		
> > > > +		if ( payload_offset >= st.st_size )
> > > > +		{
> > > > +			printf("%s: payload offset overflow",
__FUNCTION__);
> > > > +			return 1;
> > > > +		}
> > > > +		if ( (payload_offset + payload_length) > st.st_size )
> > > > +		{
> > > > +			printf("%s: payload length overflow",
__FUNCTION__);
> > > > +			return 1;
> > > > +		}
> > > > +
> > > > +		image = image + payload_offset;
> > > > +		size = payload_length;
> > > > +	} else {
> > > > +		size = st.st_size;
> > > > +	}
> > > > +
> > > > +	usize = xc_dom_check_gzip(xch, image, size);
> > > >  	if (usize)
> > > >  	{
> > > >  		tmp = malloc(usize);
> > > > -		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
> > > > +		xc_dom_do_gunzip(xch, image, size, tmp, usize);
> > > >  		image = tmp;
> > > >  		size = usize;
> > > >  	}
> > > > 
> > > > This e-mail is intended solely for the person or entity to
which it is
> > > > addressed
> > > > and may contain confidential and/or privileged information.
Any review,
> > > > dissemination,
> > > > copying, printing or other use of this e-mail by persons or
entities other
> > > > than the 
> > > > addressee is prohibited. If you have received this e-mail in
error, please
> > > > contact
> > > > the sender immediately and delete the material from any
computer.
> > > > To unsubscribe send an email to:
Unsubscribe@hitachiconsulting.com
> > > > Hitachi Consulting (China) Co., Ltd. (HCCD0411)
> > > > 
> > > > 
> > > > 
> > > > _______________________________________________
> > > > Xen-devel mailing list
> > > > Xen-devel@lists.xen.org 
> > > > http://lists.xen.org/xen-devel 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > Xen-devel mailing list
> > > Xen-devel@lists.xen.org
> > > http://lists.xen.org/xen-devel
> > 
> > 
> > 
>

Xuesen Guo writes ("Re: [Xen-devel] [PATCH] readnote: Add bzImage kernel
support"):
> readnote: Add bzImage kernel support
I tried to apply this but I''m afraid it no longer applies to
xen-unstable tip:

patching file tools/xcutils/readnotes.c
Hunk #1 FAILED at 17
Hunk #3 FAILED at 161
2 out of 3 hunks FAILED -- saving rejects to file tools/xcutils/readnotes.c.rej
abort: patch failed to apply

Ian.

On Fri, 2012-05-11 at 17:43 +0100, Ian Jackson wrote:
> Xuesen Guo writes ("Re: [Xen-devel] [PATCH] readnote: Add bzImage
kernel support"):
> > readnote: Add bzImage kernel support
> 
> I tried to apply this but I''m afraid it no longer applies to
> xen-unstable tip:
> 
> patching file tools/xcutils/readnotes.c
> Hunk #1 FAILED at 17
> Hunk #3 FAILED at 161
> 2 out of 3 hunks FAILED -- saving rejects to file
tools/xcutils/readnotes.c.rej
> abort: patch failed to apply
> 
> Ian.
The most recent change to this file was 
        changeset:   21483:779c0ef9682c
        user:        Keir Fraser <keir.fraser@citrix.com>
        date:        Fri May 28 09:30:19 2010 +0100
        summary:     libxc: eliminate static variables, use xentoollog; API
change
        
I expect something else is up -- whitespace mangling perhaps? Or maybe
the patch simply isn''t based on xen-unstable.hg?

Ian.

I used the Evolution(GUI) sending patches manually, this might mangle the
whitespace of a patch making it impossible to apply.
According to Linux''s email-clients.txt, I resend this patch.

# HG changeset patch
# Parent d690c7e896a26c54a5ab85458824059de72d5cba
readnote: Add bzImage kernel support

Add the check of bzImage kernel and make it work
with RHEL 6 big zImage kernel

Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

---
Changed since v1:
  * add additional checks of the offset and length
  * not changing st.st_size, use size instead of st.st_size
  
---
Changed since v2:
  * changing decription bzipped kernels to big zImage kernel

diff -r d690c7e896a2 tools/xcutils/readnotes.c
--- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
+++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:16 2012 +0800
@@ -18,6 +18,48 @@
 
 static xc_interface *xch;
 
+/* According to the implemation of xc_dom_probe_bzimage_kernel() function */
+/* We add support of bzImage kernel */
+/* Copied from tools/libxc/xc_doom_bzImageloader.c */
+struct setup_header {
+	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
+	uint8_t  setup_sects;
+	uint16_t root_flags;
+	uint32_t syssize;
+	uint16_t ram_size;
+	uint16_t vid_mode;
+	uint16_t root_dev;
+	uint16_t boot_flag;
+	uint16_t jump;
+	uint32_t header;
+#define HDR_MAGIC  "HdrS"
+#define HDR_MAGIC_SZ 4
+	uint16_t version;
+#define VERSION(h,l) (((h)<<8) | (l))
+	uint32_t realmode_swtch;
+	uint16_t start_sys;
+	uint16_t kernel_version;
+	uint8_t  type_of_loader;
+	uint8_t  loadflags;
+	uint16_t setup_move_size;
+	uint32_t code32_start;
+	uint32_t ramdisk_image;
+	uint32_t ramdisk_size;
+	uint32_t bootsect_kludge;
+	uint16_t heap_end_ptr;
+	uint16_t _pad1;
+	uint32_t cmd_line_ptr;
+	uint32_t initrd_addr_max;
+	uint32_t kernel_alignment;
+	uint8_t  relocatable_kernel;
+	uint8_t  _pad2[3];
+	uint32_t cmdline_size;
+	uint32_t hardware_subarch;
+	uint64_t hardware_subarch_data;
+	uint32_t payload_offset;
+	uint32_t payload_length;
+} __attribute__((packed));
+
 static void print_string_note(const char *prefix, struct elf_binary *elf,
 			      const elf_note *note)
 {
@@ -131,6 +173,9 @@ int main(int argc, char **argv)
 	const elf_shdr *shdr;
 	int notes_found = 0;
 
+	struct setup_header *hdr;
+	uint64_t payload_offset, payload_length;
+
 	if (argc != 2)
 	{
 		fprintf(stderr, "Usage: readnotes <elfimage>\n");
@@ -159,13 +204,45 @@ int main(int argc, char **argv)
 		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
 		return 1;
 	}
-	size = st.st_size;
+	
+	/* Check the magic of bzImage kernel */
+	hdr = (struct setup_header *)image;
+	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
+	{
+		if ( hdr->version < VERSION(2,8) )
+		{
+			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
+			return 1;
+		}
 
-	usize = xc_dom_check_gzip(xch, image, st.st_size);
+		/* upcast to 64 bits to avoid overflow */
+		/* setup_sects is u8 and so cannot overflow */
+		payload_offset = (hdr->setup_sects + 1) * 512;
+		payload_offset += hdr->payload_offset;
+		payload_length = hdr->payload_length;
+		
+		if ( payload_offset >= st.st_size )
+		{
+			printf("%s: payload offset overflow", __FUNCTION__);
+			return 1;
+		}
+		if ( (payload_offset + payload_length) > st.st_size )
+		{
+			printf("%s: payload length overflow", __FUNCTION__);
+			return 1;
+		}
+
+		image = image + payload_offset;
+		size = payload_length;
+	} else {
+		size = st.st_size;
+	}
+
+	usize = xc_dom_check_gzip(xch, image, size);
 	if (usize)
 	{
 		tmp = malloc(usize);
-		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
+		xc_dom_do_gunzip(xch, image, size, tmp, usize);
 		image = tmp;
 		size = usize;
 	}


On Fri, 2012-05-11 at 17:49 +0100, Ian Campbell wrote:
> On Fri, 2012-05-11 at 17:43 +0100, Ian Jackson wrote:
> > Xuesen Guo writes ("Re: [Xen-devel] [PATCH] readnote: Add bzImage
kernel support"):
> > > readnote: Add bzImage kernel support
> > 
> > I tried to apply this but I''m afraid it no longer applies to
> > xen-unstable tip:
> > 
> > patching file tools/xcutils/readnotes.c
> > Hunk #1 FAILED at 17
> > Hunk #3 FAILED at 161
> > 2 out of 3 hunks FAILED -- saving rejects to file
tools/xcutils/readnotes.c.rej
> > abort: patch failed to apply
> > 
> > Ian.
> 
> The most recent change to this file was 
>         changeset:   21483:779c0ef9682c
>         user:        Keir Fraser <keir.fraser@citrix.com>
>         date:        Fri May 28 09:30:19 2010 +0100
>         summary:     libxc: eliminate static variables, use xentoollog; API
change
>         
> I expect something else is up -- whitespace mangling perhaps? Or maybe
> the patch simply isn''t based on xen-unstable.hg?
> 
> Ian.
> 
> 
This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)

Also the attached is the patch.

On Mon, 2012-05-28 at 14:03 +0800, Xuesen Guo wrote:
> I used the Evolution(GUI) sending patches manually, this might mangle the
whitespace of a patch making it impossible to apply.
> According to Linux''s email-clients.txt, I resend this patch.
> 
> # HG changeset patch
> # Parent d690c7e896a26c54a5ab85458824059de72d5cba
> readnote: Add bzImage kernel support
> 
> Add the check of bzImage kernel and make it work
> with RHEL 6 big zImage kernel
> 
> Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
> Acked-by: Ian Campbell <ian.campbell@citrix.com>
> 
> ---
> Changed since v1:
>   * add additional checks of the offset and length
>   * not changing st.st_size, use size instead of st.st_size
>   
> ---
> Changed since v2:
>   * changing decription bzipped kernels to big zImage kernel
> 
> diff -r d690c7e896a2 tools/xcutils/readnotes.c
> --- a/tools/xcutils/readnotes.c	Thu Apr 05 11:06:03 2012 +0100
> +++ b/tools/xcutils/readnotes.c	Thu Apr 26 16:53:16 2012 +0800
> @@ -18,6 +18,48 @@
>  
>  static xc_interface *xch;
>  
> +/* According to the implemation of xc_dom_probe_bzimage_kernel() function
*/
> +/* We add support of bzImage kernel */
> +/* Copied from tools/libxc/xc_doom_bzImageloader.c */
> +struct setup_header {
> +	uint8_t  _pad0[0x1f1];  /* skip uninteresting stuff */
> +	uint8_t  setup_sects;
> +	uint16_t root_flags;
> +	uint32_t syssize;
> +	uint16_t ram_size;
> +	uint16_t vid_mode;
> +	uint16_t root_dev;
> +	uint16_t boot_flag;
> +	uint16_t jump;
> +	uint32_t header;
> +#define HDR_MAGIC  "HdrS"
> +#define HDR_MAGIC_SZ 4
> +	uint16_t version;
> +#define VERSION(h,l) (((h)<<8) | (l))
> +	uint32_t realmode_swtch;
> +	uint16_t start_sys;
> +	uint16_t kernel_version;
> +	uint8_t  type_of_loader;
> +	uint8_t  loadflags;
> +	uint16_t setup_move_size;
> +	uint32_t code32_start;
> +	uint32_t ramdisk_image;
> +	uint32_t ramdisk_size;
> +	uint32_t bootsect_kludge;
> +	uint16_t heap_end_ptr;
> +	uint16_t _pad1;
> +	uint32_t cmd_line_ptr;
> +	uint32_t initrd_addr_max;
> +	uint32_t kernel_alignment;
> +	uint8_t  relocatable_kernel;
> +	uint8_t  _pad2[3];
> +	uint32_t cmdline_size;
> +	uint32_t hardware_subarch;
> +	uint64_t hardware_subarch_data;
> +	uint32_t payload_offset;
> +	uint32_t payload_length;
> +} __attribute__((packed));
> +
>  static void print_string_note(const char *prefix, struct elf_binary *elf,
>  			      const elf_note *note)
>  {
> @@ -131,6 +173,9 @@ int main(int argc, char **argv)
>  	const elf_shdr *shdr;
>  	int notes_found = 0;
>  
> +	struct setup_header *hdr;
> +	uint64_t payload_offset, payload_length;
> +
>  	if (argc != 2)
>  	{
>  		fprintf(stderr, "Usage: readnotes <elfimage>\n");
> @@ -159,13 +204,45 @@ int main(int argc, char **argv)
>  		fprintf(stderr, "Unable to map %s: %s\n", f, strerror(errno));
>  		return 1;
>  	}
> -	size = st.st_size;
> +	
> +	/* Check the magic of bzImage kernel */
> +	hdr = (struct setup_header *)image;
> +	if ( memcmp(&hdr->header, HDR_MAGIC, HDR_MAGIC_SZ) == 0 )
> +	{
> +		if ( hdr->version < VERSION(2,8) )
> +		{
> +			printf("%s: boot protocol too old (%04x)", __FUNCTION__,
hdr->version);
> +			return 1;
> +		}
>  
> -	usize = xc_dom_check_gzip(xch, image, st.st_size);
> +		/* upcast to 64 bits to avoid overflow */
> +		/* setup_sects is u8 and so cannot overflow */
> +		payload_offset = (hdr->setup_sects + 1) * 512;
> +		payload_offset += hdr->payload_offset;
> +		payload_length = hdr->payload_length;
> +		
> +		if ( payload_offset >= st.st_size )
> +		{
> +			printf("%s: payload offset overflow", __FUNCTION__);
> +			return 1;
> +		}
> +		if ( (payload_offset + payload_length) > st.st_size )
> +		{
> +			printf("%s: payload length overflow", __FUNCTION__);
> +			return 1;
> +		}
> +
> +		image = image + payload_offset;
> +		size = payload_length;
> +	} else {
> +		size = st.st_size;
> +	}
> +
> +	usize = xc_dom_check_gzip(xch, image, size);
>  	if (usize)
>  	{
>  		tmp = malloc(usize);
> -		xc_dom_do_gunzip(xch, image, st.st_size, tmp, usize);
> +		xc_dom_do_gunzip(xch, image, size, tmp, usize);
>  		image = tmp;
>  		size = usize;
>  	}
> 
> 
> On Fri, 2012-05-11 at 17:49 +0100, Ian Campbell wrote:
> > On Fri, 2012-05-11 at 17:43 +0100, Ian Jackson wrote:
> > > Xuesen Guo writes ("Re: [Xen-devel] [PATCH] readnote: Add
bzImage kernel support"):
> > > > readnote: Add bzImage kernel support
> > > 
> > > I tried to apply this but I''m afraid it no longer
applies to
> > > xen-unstable tip:
> > > 
> > > patching file tools/xcutils/readnotes.c
> > > Hunk #1 FAILED at 17
> > > Hunk #3 FAILED at 161
> > > 2 out of 3 hunks FAILED -- saving rejects to file
tools/xcutils/readnotes.c.rej
> > > abort: patch failed to apply
> > > 
> > > Ian.
> > 
> > The most recent change to this file was 
> >         changeset:   21483:779c0ef9682c
> >         user:        Keir Fraser <keir.fraser@citrix.com>
> >         date:        Fri May 28 09:30:19 2010 +0100
> >         summary:     libxc: eliminate static variables, use
xentoollog; API change
> >         
> > I expect something else is up -- whitespace mangling perhaps? Or maybe
> > the patch simply isn''t based on xen-unstable.hg?
> > 
> > Ian.
> > 
> > 
> 
This e-mail is intended solely for the person or entity to which it is addressed
and may contain confidential and/or privileged information. Any review,
dissemination,
copying, printing or other use of this e-mail by persons or entities other than
the
addressee is prohibited. If you have received this e-mail in error, please
contact
the sender immediately and delete the material from any computer.
To unsubscribe send an email to: Unsubscribe@hitachiconsulting.com 
Hitachi Consulting (China) Co., Ltd. (HCCD0411)


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Xuesen Guo writes ("Re: [Xen-devel] [PATCH] readnote: Add bzImage kernel
support"):
> Also the attached is the patch.
...
> > readnote: Add bzImage kernel support
...
> > Signed-off-by: Xuesen Guo <Xuesen.Guo@hitachiconsulting.com>
> > Acked-by: Ian Campbell <ian.campbell@citrix.com>
Thanks,

Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>