{"id":2230012,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2230012/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260429044752.4176397-26-alistair.francis@wdc.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.1/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260429044752.4176397-26-alistair.francis@wdc.com>","date":"2026-04-29T04:47:26","name":"[PULL,25/51] riscv_htif: reject invalid signature ranges (end <= begin)","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"5b7de8ba26775a7a5ef2e7dc914cc67a98d9bc10","submitter":{"id":64571,"url":"http://patchwork.ozlabs.org/api/1.1/people/64571/?format=json","name":"Alistair Francis","email":"alistair23@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260429044752.4176397-26-alistair.francis@wdc.com/mbox/","series":[{"id":501983,"url":"http://patchwork.ozlabs.org/api/1.1/series/501983/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=501983","date":"2026-04-29T04:47:05","name":"[PULL,01/51] hw/riscv/riscv-iommu: Use standard EN_PRI bit for PRI","version":1,"mbox":"http://patchwork.ozlabs.org/series/501983/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2230012/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2230012/checks/","tags":{},"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=LT8tDNp2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g54jF26Hmz1xqf\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 14:54:41 +1000 (AEST)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wHwsO-0005EY-Vf; Wed, 29 Apr 2026 00:50:21 -0400","from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <alistair23@gmail.com>)\n id 1wHwsN-0005DC-1j\n for qemu-devel@nongnu.org; Wed, 29 Apr 2026 00:50:19 -0400","from mail-pl1-x632.google.com ([2607:f8b0:4864:20::632])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <alistair23@gmail.com>)\n id 1wHwsL-0000Qq-CB\n for qemu-devel@nongnu.org; Wed, 29 Apr 2026 00:50:18 -0400","by mail-pl1-x632.google.com with SMTP id\n d9443c01a7336-2aaed195901so52976415ad.0\n for <qemu-devel@nongnu.org>; Tue, 28 Apr 2026 21:50:17 -0700 (PDT)","from toolbx.alistair23.me ([2403:581e:fdf9:0:6209:4521:6813:45b7])\n by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2b988772ae8sm7756145ad.7.2026.04.28.21.50.11\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 28 Apr 2026 21:50:15 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1777438216; x=1778043016; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=J1DqayjN7Pd/ZfUHF12td1wkfi6fDh2DrvjYRmsYHbg=;\n b=LT8tDNp2ytUqKNNVEYgQUZbopQMgd1f5z6Q9BkM1EpBxZhjet3ATwCbQJutMk/kbcc\n Ld1YOiXAHwm4u8ifpFIEKBobVcyMdlHOhujEXhbSxKEdkWtxCJegBVjyXATzcItnPOYZ\n q9n3cs7CXNtrVRiwGdOV1HyeqbmOrq1kQ2cbw51tJuJ7O3rm/BKR+K36pN+ERd7pL49u\n xwSNxPCY7H77QgixFUhjpwasf7Fglo0lkGqt+MVXDOB26qVOjnp2HVXhbV1yPDeWhoth\n ENty4SLmySOqpcXGOGFicFHSsWrPMmjmaPGoIcLSX5SJAHqSwhchX/2a84Wq2LF4febc\n 0m1w==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777438216; x=1778043016;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=J1DqayjN7Pd/ZfUHF12td1wkfi6fDh2DrvjYRmsYHbg=;\n b=sJAoR74UEco7UHC8sqvg36WLRGkwvQdRHT90h6pOJkDgsTmg4yMymMED3LjOFo115i\n KPktysajI+S1Rl9uhVP6UdLL6ZI76oUX0jFLZ/q4XomtVg5AZor/nr/pYlM/0M4kHFDZ\n ap7iZ8aN7nv6i80UfG91LUhIV4Zh1+8EtrbzPTJTjokSflstvAi/MzZ8YqsSg053G+T6\n n3I7nmlEsN7ePjcXQ6bsbp8rtvO4T8zdNKZ58O4IggTQwMtX3rTLzvQ6oicOdw3b6Nou\n CIHOmQtkAUOVCZKd2jXjRbAtBZd4+8Nln/D+aseQGK6ebCP4Yy0MIMeKBrnij4+HeTVr\n Bz2g==","X-Forwarded-Encrypted":"i=1;\n AFNElJ+sUTR3QdGul2TeAMbz4jQglLBOsmy9KOJl8DZg2BHD/3Bx+UCkPN5qbeUZ2dILIMmgph21KyaJC+cG@nongnu.org","X-Gm-Message-State":"AOJu0YxF1oHxmPyPNTH+/gQ2MyqvbnbZ9BpJHtqq9pnNGtSLv7S+LcBP\n lzaxbmepdhsdpEA94E1gY+SJrPjW+3Ae5DeWQwoa1zVpra3N2RQDAc6Z","X-Gm-Gg":"AeBDievzrfCoVKZsWs7SdN+NA4+gaQiRVD5suekew1zP2RrYEgaP6mB7HNn5y8iwyjf\n mrnvaPbDKcz4S1iVvZ8BqZ24QXqFdTY7hGVgfSq/fOFE6IeLz/lEkXnAE6ySR4OXrcZ6HmpgRPr\n dlBLc8iaBaaiOQ3sqI0KQ/RntGlOLYOr5ZF5p6p8kI8iDs0W/jLzuzQ6dlT21xN7pOBHCt8nGcU\n FhE2JNnzp+yej/rtcR2Bk6L/R48weK+msURsO9IYtBu4Qrsi6TM3+qOXnrFWPMw+F7jUzCByCZn\n mhZUGTSCjVGRm+jStmVGbF5Me0mdMVHgGdo/DaPRqQNbWWiVndp+zEihfPjI2xM5KCUjqodxT9q\n 8s2I6DH7sGikX+BQsJVKBZmWCrI14QdzFYruC4uav2XwLIG2PYWMxApfpEili7PgNNnP5ngu6Ar\n yH68V+LVA+GMBJKeu66j3i7GVFA5Qh69I3CAoRQ7E7nZtP872Bhr4HHmf9gp3KOI0=","X-Received":"by 2002:a17:903:3848:b0:2b2:4d36:7ba with SMTP id\n d9443c01a7336-2b97c03f4d7mr59554155ad.0.1777438216023;\n Tue, 28 Apr 2026 21:50:16 -0700 (PDT)","From":"alistair23@gmail.com","X-Google-Original-From":"alistair.francis@wdc.com","To":"palmer@dabbelt.com, liwei1518@gmail.com, daniel.barboza@oss.qualcomm.com,\n zhiwei_liu@linux.alibaba.com, chao.liu.zevorn@gmail.com,\n qemu-riscv@nongnu.org, qemu-devel@nongnu.org","Cc":"alistair23@gmail.com, Munkhbaatar Enkhbaatar <munkhuu0825@gmail.com>,\n Alistair Francis <alistair.francis@wdc.com>,\n Tao Tang <tangtao1634@phytium.com.cn>, =?utf-8?q?Philippe_Mathieu-Daud?=\n\t=?utf-8?q?=C3=A9?= <philmd@linaro.org>","Subject":"[PULL 25/51] riscv_htif: reject invalid signature ranges (end <=\n begin)","Date":"Wed, 29 Apr 2026 14:47:26 +1000","Message-ID":"<20260429044752.4176397-26-alistair.francis@wdc.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260429044752.4176397-1-alistair.francis@wdc.com>","References":"<20260429044752.4176397-1-alistair.francis@wdc.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=UTF-8","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=2607:f8b0:4864:20::632;\n envelope-from=alistair23@gmail.com; helo=mail-pl1-x632.google.com","X-Spam_score_int":"-17","X-Spam_score":"-1.8","X-Spam_bar":"-","X-Spam_report":"(-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"From: Munkhbaatar Enkhbaatar <munkhuu0825@gmail.com>\n\nPrevents huge allocations and crashes caused by malformed HTIF signature\naddresses.\n\nResolves: https://gitlab.com/qemu-project/qemu/-/work_items/3205\nSigned-off-by: Munkhbaatar Enkhbaatar <munkhuu0825@gmail.com>\nReviewed-by: Alistair Francis <alistair.francis@wdc.com>\nMessage-ID: <20251209085349.61510-1-munkhuu0825@gmail.com>\n[ Squashed with following commit to fix build failures\n    hw/char/riscv_htif: Fix format specifier for uint64_t\n\n    Message-ID: <20260415134826.1742308-1-chao.liu.zevorn@gmail.com>\n    Signed-off-by: Chao Liu <chao.liu.zevorn@gmail.com>\n]\nTested-by: Tao Tang <tangtao1634@phytium.com.cn>\nReviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>\nSigned-off-by: Chao Liu <chao.liu.zevorn@gmail.com>\nSigned-off-by: Alistair Francis <alistair.francis@wdc.com>\n---\n hw/char/riscv_htif.c | 6 ++++++\n 1 file changed, 6 insertions(+)","diff":"diff --git a/hw/char/riscv_htif.c b/hw/char/riscv_htif.c\nindex e9efab16e9..a53d2ace02 100644\n--- a/hw/char/riscv_htif.c\n+++ b/hw/char/riscv_htif.c\n@@ -171,6 +171,12 @@ static void htif_handle_tohost_write(HTIFState *s, uint64_t val_written)\n                  * begin/end_signature symbols exist.\n                  */\n                 if (sig_file && begin_sig_addr && end_sig_addr) {\n+                    if (end_sig_addr <= begin_sig_addr) {\n+                        error_report(\"Invalid HTIF signature range:\"\n+                                     \" begin=0x%\" PRIx64 \" end=0x%\" PRIx64,\n+                                     begin_sig_addr, end_sig_addr);\n+                        return;\n+                    }\n                     uint64_t sig_len = end_sig_addr - begin_sig_addr;\n                     char *sig_data = g_malloc(sig_len);\n                     dma_memory_read(&address_space_memory, begin_sig_addr,\n","prefixes":["PULL","25/51"]}