mirror of
https://github.com/ipxe/ipxe
synced 2026-01-30 16:40:24 +03:00
[image] Make image data read-only to most consumers
Almost all image consumers do not need to modify the content of the image. Now that the image data is a pointer type (rather than the opaque userptr_t type), we can rely on the compiler to enforce this at build time. Change the .data field to be a const pointer, so that the compiler can verify that image consumers do not modify the image content. Provide a transparent .rwdata field for consumers who have a legitimate (and now explicit) reason to modify the image content. We do not attempt to impose any runtime restriction on checking whether or not an image is writable. The only existing instances of genuinely read-only images are the various unit test images, and it is acceptable for defective test cases to result in a segfault rather than a runtime error. Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
@@ -59,9 +59,6 @@ void asn1_okx ( struct asn1_test *test, const char *file, unsigned int line ) {
|
||||
/* Sanity check */
|
||||
assert ( sizeof ( out ) == digest->digestsize );
|
||||
|
||||
/* Correct image data pointer */
|
||||
test->image->data = virt_to_user ( ( void * ) test->image->data );
|
||||
|
||||
/* Check that image is detected as correct type */
|
||||
okx ( register_image ( test->image ) == 0, file, line );
|
||||
okx ( test->image->type == test->type, file, line );
|
||||
|
||||
@@ -47,7 +47,7 @@ struct asn1_test {
|
||||
.refcnt = REF_INIT ( ref_no_free ), \
|
||||
.name = #_name, \
|
||||
.flags = ( IMAGE_STATIC | IMAGE_STATIC_NAME ), \
|
||||
.data = ( userptr_t ) ( _name ## __file ), \
|
||||
.data = _name ## __file, \
|
||||
.len = sizeof ( _name ## __file ), \
|
||||
}; \
|
||||
static struct asn1_test_digest _name ## _expected[] = { \
|
||||
|
||||
@@ -37,7 +37,6 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
|
||||
#include <ipxe/sha256.h>
|
||||
#include <ipxe/x509.h>
|
||||
#include <ipxe/image.h>
|
||||
#include <ipxe/uaccess.h>
|
||||
#include <ipxe/der.h>
|
||||
#include <ipxe/cms.h>
|
||||
#include <ipxe/privkey.h>
|
||||
@@ -86,7 +85,7 @@ struct cms_test_keypair {
|
||||
.refcnt = REF_INIT ( ref_no_free ), \
|
||||
.name = #NAME, \
|
||||
.flags = ( IMAGE_STATIC | IMAGE_STATIC_NAME ), \
|
||||
.data = ( userptr_t ) ( NAME ## _data ), \
|
||||
.data = NAME ## _data, \
|
||||
.len = sizeof ( NAME ## _data ), \
|
||||
}, \
|
||||
}
|
||||
@@ -99,7 +98,7 @@ struct cms_test_keypair {
|
||||
.refcnt = REF_INIT ( ref_no_free ), \
|
||||
.name = #NAME, \
|
||||
.flags = ( IMAGE_STATIC | IMAGE_STATIC_NAME ), \
|
||||
.data = ( userptr_t ) ( NAME ## _data ), \
|
||||
.data = NAME ## _data, \
|
||||
.len = sizeof ( NAME ## _data ), \
|
||||
}, \
|
||||
}
|
||||
@@ -113,7 +112,7 @@ struct cms_test_keypair {
|
||||
.name = #NAME, \
|
||||
.flags = ( IMAGE_STATIC | IMAGE_STATIC_NAME ), \
|
||||
.type = &der_image_type, \
|
||||
.data = ( userptr_t ) ( NAME ## _data ), \
|
||||
.data = NAME ## _data, \
|
||||
.len = sizeof ( NAME ## _data ), \
|
||||
}, \
|
||||
}
|
||||
@@ -1652,16 +1651,9 @@ static time_t test_expired = 1375573111ULL; /* Sat Aug 3 23:38:31 2013 */
|
||||
*/
|
||||
static void cms_message_okx ( struct cms_test_message *msg,
|
||||
const char *file, unsigned int line ) {
|
||||
const void *data = ( ( void * ) msg->image.data );
|
||||
|
||||
/* Fix up image data pointer */
|
||||
msg->image.data = virt_to_user ( data );
|
||||
|
||||
/* Check ability to parse message */
|
||||
okx ( cms_message ( &msg->image, &msg->cms ) == 0, file, line );
|
||||
|
||||
/* Reset image data pointer */
|
||||
msg->image.data = ( ( userptr_t ) data );
|
||||
}
|
||||
#define cms_message_ok( msg ) \
|
||||
cms_message_okx ( msg, __FILE__, __LINE__ )
|
||||
@@ -1705,10 +1697,6 @@ static void cms_verify_okx ( struct cms_test_message *msg,
|
||||
time_t time, struct x509_chain *store,
|
||||
struct x509_root *root, const char *file,
|
||||
unsigned int line ) {
|
||||
const void *data = ( ( void * ) img->image.data );
|
||||
|
||||
/* Fix up image data pointer */
|
||||
img->image.data = virt_to_user ( data );
|
||||
|
||||
/* Invalidate any certificates from previous tests */
|
||||
x509_invalidate_chain ( msg->cms->certificates );
|
||||
@@ -1717,9 +1705,6 @@ static void cms_verify_okx ( struct cms_test_message *msg,
|
||||
okx ( cms_verify ( msg->cms, &img->image, name, time, store,
|
||||
root ) == 0, file, line );
|
||||
okx ( img->image.flags & IMAGE_TRUSTED, file, line );
|
||||
|
||||
/* Reset image data pointer */
|
||||
img->image.data = ( ( userptr_t ) data );
|
||||
}
|
||||
#define cms_verify_ok( msg, img, name, time, store, root ) \
|
||||
cms_verify_okx ( msg, img, name, time, store, root, \
|
||||
@@ -1742,10 +1727,6 @@ static void cms_verify_fail_okx ( struct cms_test_message *msg,
|
||||
time_t time, struct x509_chain *store,
|
||||
struct x509_root *root, const char *file,
|
||||
unsigned int line ) {
|
||||
const void *data = ( ( void * ) img->image.data );
|
||||
|
||||
/* Fix up image data pointer */
|
||||
img->image.data = virt_to_user ( data );
|
||||
|
||||
/* Invalidate any certificates from previous tests */
|
||||
x509_invalidate_chain ( msg->cms->certificates );
|
||||
@@ -1754,9 +1735,6 @@ static void cms_verify_fail_okx ( struct cms_test_message *msg,
|
||||
okx ( cms_verify ( msg->cms, &img->image, name, time, store,
|
||||
root ) != 0, file, line );
|
||||
okx ( ! ( img->image.flags & IMAGE_TRUSTED ), file, line );
|
||||
|
||||
/* Reset image data pointer */
|
||||
img->image.data = ( ( userptr_t ) data );
|
||||
}
|
||||
#define cms_verify_fail_ok( msg, img, name, time, store, root ) \
|
||||
cms_verify_fail_okx ( msg, img, name, time, store, root, \
|
||||
@@ -1777,10 +1755,6 @@ static void cms_decrypt_okx ( struct cms_test_image *img,
|
||||
struct cms_test_keypair *keypair,
|
||||
struct cms_test_image *expected,
|
||||
const char *file, unsigned int line ) {
|
||||
const void *data = ( ( void * ) img->image.data );
|
||||
|
||||
/* Fix up image data pointer */
|
||||
img->image.data = virt_to_user ( data );
|
||||
|
||||
/* Check ability to decrypt image */
|
||||
okx ( cms_decrypt ( envelope->cms, &img->image, NULL,
|
||||
|
||||
@@ -55,9 +55,6 @@ void pixbuf_okx ( struct pixel_buffer_test *test, const char *file,
|
||||
assert ( ( test->width * test->height * sizeof ( test->data[0] ) )
|
||||
== test->len );
|
||||
|
||||
/* Correct image data pointer */
|
||||
test->image->data = virt_to_user ( ( void * ) test->image->data );
|
||||
|
||||
/* Check that image is detected as correct type */
|
||||
okx ( register_image ( test->image ) == 0, file, line );
|
||||
okx ( test->image->type == test->type, file, line );
|
||||
@@ -72,8 +69,8 @@ void pixbuf_okx ( struct pixel_buffer_test *test, const char *file,
|
||||
|
||||
/* Check pixel buffer data */
|
||||
okx ( pixbuf->len == test->len, file, line );
|
||||
okx ( memcmp ( pixbuf->data, virt_to_user ( test->data ),
|
||||
test->len ) == 0, file, line );
|
||||
okx ( memcmp ( pixbuf->data, test->data, test->len ) == 0,
|
||||
file, line );
|
||||
|
||||
pixbuf_put ( pixbuf );
|
||||
}
|
||||
|
||||
@@ -42,7 +42,7 @@ struct pixel_buffer_test {
|
||||
.refcnt = REF_INIT ( ref_no_free ), \
|
||||
.name = #_name, \
|
||||
.flags = ( IMAGE_STATIC | IMAGE_STATIC_NAME ), \
|
||||
.data = ( userptr_t ) ( _name ## __file ), \
|
||||
.data = _name ## __file, \
|
||||
.len = sizeof ( _name ## __file ), \
|
||||
}; \
|
||||
static struct pixel_buffer_test _name = { \
|
||||
|
||||
Reference in New Issue
Block a user