File xsa443-04.patch of Package xen.34726

From e72c68e702dd930bc6013182bb44d3e8fbbb6bf4 Mon Sep 17 00:00:00 2001
From: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Date: Thu, 14 Sep 2023 13:22:53 +0100
Subject: [PATCH 04/11] libfsimage/xfs: Add compile-time check to libfsimage

Adds the common tools include folder to the -I compile flags
of libfsimage. This allows us to use:
  xen-tools/common-macros.h:BUILD_BUG_ON()

With it, statically assert a sanitized "blocklog - SECTOR_BITS" cannot
underflow.

This is part of XSA-443 / CVE-2023-34325

Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
 tools/libfsimage/Rules.mk       | 2 +-
 tools/libfsimage/xfs/fsys_xfs.c | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/libfsimage/Rules.mk b/tools/libfsimage/Rules.mk
index bb6d42abb494..80598fb70aa7 100644
--- a/tools/libfsimage/Rules.mk
+++ b/tools/libfsimage/Rules.mk
@@ -1,6 +1,6 @@
 include $(XEN_ROOT)/tools/Rules.mk
 
-CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ -DFSIMAGE_FSDIR=\"$(FSDIR)\"
+CFLAGS += -Wno-unknown-pragmas -I$(XEN_ROOT)/tools/libfsimage/common/ $(CFLAGS_xeninclude) -DFSIMAGE_FSDIR=\"$(FSDIR)\"
 CFLAGS += -Werror -D_GNU_SOURCE
 LDFLAGS += -L../common/
 
diff --git a/tools/libfsimage/xfs/fsys_xfs.c b/tools/libfsimage/xfs/fsys_xfs.c
index e4eb7e1ee26f..4a8dd6f2397b 100644
--- a/tools/libfsimage/xfs/fsys_xfs.c
+++ b/tools/libfsimage/xfs/fsys_xfs.c
@@ -19,6 +19,7 @@
 
 #include <stdbool.h>
 #include <xenfsimage_grub.h>
+#include <xen-tools/libs.h>
 #include "xfs.h"
 
 #define MAX_LINK_COUNT	8
@@ -477,9 +478,10 @@ xfs_mount (fsi_file_t *ffi, const char *options)
 	xfs.agblklog = super.sb_agblklog;
 
 	/* Derived from sanitized parameters */
+	BUILD_BUG_ON(XFS_SB_BLOCKLOG_MIN < SECTOR_BITS);
+	xfs.bdlog = super.sb_blocklog - SECTOR_BITS;
 	xfs.bsize = 1 << super.sb_blocklog;
 	xfs.blklog = super.sb_blocklog;
-	xfs.bdlog = super.sb_blocklog - SECTOR_BITS;
 	xfs.isize = 1 << super.sb_inodelog;
 	xfs.dirbsize = 1 << (super.sb_blocklog + super.sb_dirblklog);
 	xfs.inopblog = super.sb_blocklog - super.sb_inodelog;
-- 
2.42.0