|
Revision tags: v0.11.0, v0.10.0 |
|
| #
36324f6b |
| 24-Sep-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
Apply GCC's tainted_args attribute to library entrypoints
The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.
In the process, quite
Apply GCC's tainted_args attribute to library entrypoints
The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.
In the process, quite a number of APIs were discovered to be unsafe in
ways that were not immediately fixable. Often this is because they lack
arguments that enable the appropriate bounds-checking to be applied.
Redesigning them is work beyond the scope of the immediate
effort. Instead, we also introduce a new annotation,
LIBPLDM_ABI_DEPRECATED_UNSAFE, that simply lacks
`__attribute__((tainted_args))` and therefore doesn't trigger the extra
analysis.
Change-Id: Ib8994eaa3907a5432d040426ad03687cbf4c2136
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
| #
d7d08f65 |
| 03-Oct-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
dsp: fru: Bounds check encode_fru_record()
```
../src/dsp/fru.c:200:17: error: use of attacker-controlled value ‘tlvs_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-
dsp: fru: Bounds check encode_fru_record()
```
../src/dsp/fru.c:200:17: error: use of attacker-controlled value ‘tlvs_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
200 | memcpy(fru_table + *curr_size, tlvs, tlvs_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: Ibc2831c5fd9665bb2645d49c856fc1a77c6e1feb
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
| #
82c34815 |
| 03-Oct-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
dsp: fru: Bounds check encode_get_fru_record_by_option_resp()
```
../src/dsp/fru.c: In function ‘encode_get_fru_record_by_option_resp’:
../src/dsp/fru.c:388:17: error: use of attacker-controlled val
dsp: fru: Bounds check encode_get_fru_record_by_option_resp()
```
../src/dsp/fru.c: In function ‘encode_get_fru_record_by_option_resp’:
../src/dsp/fru.c:388:17: error: use of attacker-controlled value ‘data_size’ as size without upper-bounds checking [CWE-129] [-Werror=analyzer-tainted-size]
388 | memcpy(resp->fru_structure_data, fru_structure_data, data_size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I01b43823e3a24c7e7ed229d09643b15fcff4d43b
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
|
Revision tags: v0.9.1, v0.9.0 |
|
| #
d9b70ba7 |
| 08-Jun-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
dsp: fru: Rename get_fru_record_by_option_check()
We drop the `_check` suffix so that it is now
`get_fru_record_by_option()`.
To do so, introduce some infrastructure that makes renaming APIs
easier
dsp: fru: Rename get_fru_record_by_option_check()
We drop the `_check` suffix so that it is now
`get_fru_record_by_option()`.
To do so, introduce some infrastructure that makes renaming APIs
easier and scripts the migration for users. The renaming process comes
in several parts, which are captured in the addition to the changes
checklist.
The coccinelle script based off the insight at [1].
[1]: https://stackoverflow.com/questions/42776220/coccinelle-help-to-replace-a-function-with-variable-args
Change-Id: I730b76c3e3c92dcc046fecbee76cd6b040f11d21
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|
| #
48761c62 |
| 03-Jun-2024 |
Andrew Jeffery <andrew@codeconstruct.com.au> |
libpldm: Reorganize source and test files
Primarily this is about moving specification-specific files into
'dsp/' (in the "DMTF Standard Publication" sense[1]) subdirectories of
both src/ and tests/
libpldm: Reorganize source and test files
Primarily this is about moving specification-specific files into
'dsp/' (in the "DMTF Standard Publication" sense[1]) subdirectories of
both src/ and tests/.
[1]: https://www.dmtf.org/sites/default/files/standards/documents/DSP4014_2.14.0.pdf
libpldm is a concrete C implementation of the PLDM family of
specifications. This invokes some accidental complexity[2] such as the
msgbuf APIs and other concerns.
[2]: https://en.wikipedia.org/wiki/No_Silver_Bullet
Separate the essential complexity (everything under the dsp/
subdirectories) from the accidental complexity (almost everything else).
While doing so, I took the opportunity to drop the 'libpldm_' prefix
and '_test' suffix from a variety of tests. The 'libpldm_' prefix is a
hangover from the days when libpldm was a subproject of OpenBMC's pldm
repo. The '_test' suffix feels redundant given the parent directory
path.
Note that we maintain separation of the src/ and tests/. The test suite
is implemented in C++ while libpldm's APIs are declared and defined in
C. The ability to chop all the tests and C++ out of the implementation
by ignoring a subtree seems like a desirable property when vendoring the
library into other projects.
Finally, update the x86_64 GCC ABI dump, as rearranging the source
causes a lot of churn in its definitions.
Change-Id: Icffcc6cf48b3101ecd38168827c0a81cffb8f083
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
show more ...
|