I recently reviewed PR 18 and found the following potential vulnerabilities.
SL does not check slpb.runtime_bss_high_base == rpb->XtVmmRuntimeBSSHighBegin. It also does not check slpb.runtime_bss_high_size == XMHF_RUNTIME_LARGE_BSS_DATA_SIZE
SL does not check that the runtime bss high memory is full of zero. It also does not memset this memory with zero.
SL does not check that [rpb->XtVmmRuntimeBSSHighBegin, rpb->XtVmmRuntimeBSSHighBegin + XMHF_RUNTIME_LARGE_BSS_DATA_SIZE) and [rpb->XtVmmRuntimePhysBase, rpb->XtVmmRuntimePhysBase + rpb->XtVmmRuntimeSize) do not overlap. (i.e. attacker can make run time high bss and other part of runtime overlap).
I recently reviewed PR 18 and found the following potential vulnerabilities.
slpb.runtime_bss_high_base == rpb->XtVmmRuntimeBSSHighBegin
. It also does not checkslpb.runtime_bss_high_size == XMHF_RUNTIME_LARGE_BSS_DATA_SIZE
[rpb->XtVmmRuntimeBSSHighBegin, rpb->XtVmmRuntimeBSSHighBegin + XMHF_RUNTIME_LARGE_BSS_DATA_SIZE)
and[rpb->XtVmmRuntimePhysBase, rpb->XtVmmRuntimePhysBase + rpb->XtVmmRuntimeSize)
do not overlap. (i.e. attacker can make run time high bss and other part of runtime overlap).Please consider fixing them, thank you!