* [PATCH] xen, cpu_hotplug: Prevent an out of bounds access
@ 2019-03-07 5:41 ` Dan Carpenter
0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2019-03-07 5:41 UTC (permalink / raw)
To: Boris Ostrovsky, Alex Nixon
Cc: Juergen Gross, xen-devel, Stefano Stabellini, kernel-janitors
The "cpu" variable comes from the sscanf() so Smatch marks it as
untrusted data. We can't pass a higher value than "nr_cpu_ids" to
cpu_possible() or it results in an out of bounds access.
Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/xen/cpu_hotplug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/xen/cpu_hotplug.c b/drivers/xen/cpu_hotplug.c
index b1357aa4bc55..f192b6f42da9 100644
--- a/drivers/xen/cpu_hotplug.c
+++ b/drivers/xen/cpu_hotplug.c
@@ -54,7 +54,7 @@ static int vcpu_online(unsigned int cpu)
}
static void vcpu_hotplug(unsigned int cpu)
{
- if (!cpu_possible(cpu))
+ if (cpu >= nr_cpu_ids || !cpu_possible(cpu))
return;
switch (vcpu_online(cpu)) {
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] xen, cpu_hotplug: Prevent an out of bounds access
@ 2019-03-07 5:41 ` Dan Carpenter
0 siblings, 0 replies; 6+ messages in thread
From: Dan Carpenter @ 2019-03-07 5:41 UTC (permalink / raw)
To: Boris Ostrovsky, Alex Nixon
Cc: Juergen Gross, xen-devel, Stefano Stabellini, kernel-janitors
The "cpu" variable comes from the sscanf() so Smatch marks it as
untrusted data. We can't pass a higher value than "nr_cpu_ids" to
cpu_possible() or it results in an out of bounds access.
Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/xen/cpu_hotplug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/xen/cpu_hotplug.c b/drivers/xen/cpu_hotplug.c
index b1357aa4bc55..f192b6f42da9 100644
--- a/drivers/xen/cpu_hotplug.c
+++ b/drivers/xen/cpu_hotplug.c
@@ -54,7 +54,7 @@ static int vcpu_online(unsigned int cpu)
}
static void vcpu_hotplug(unsigned int cpu)
{
- if (!cpu_possible(cpu))
+ if (cpu >= nr_cpu_ids || !cpu_possible(cpu))
return;
switch (vcpu_online(cpu)) {
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] xen, cpu_hotplug: Prevent an out of bounds access
2019-03-07 5:41 ` Dan Carpenter
@ 2019-03-07 7:12 ` Juergen Gross
-1 siblings, 0 replies; 6+ messages in thread
From: Juergen Gross @ 2019-03-07 7:12 UTC (permalink / raw)
To: Dan Carpenter, Boris Ostrovsky, Alex Nixon
Cc: xen-devel, Stefano Stabellini, kernel-janitors
On 07/03/2019 06:41, Dan Carpenter wrote:
> The "cpu" variable comes from the sscanf() so Smatch marks it as
> untrusted data. We can't pass a higher value than "nr_cpu_ids" to
> cpu_possible() or it results in an out of bounds access.
>
> Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Juergen
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] xen, cpu_hotplug: Prevent an out of bounds access
@ 2019-03-07 7:12 ` Juergen Gross
0 siblings, 0 replies; 6+ messages in thread
From: Juergen Gross @ 2019-03-07 7:12 UTC (permalink / raw)
To: Dan Carpenter, Boris Ostrovsky, Alex Nixon
Cc: xen-devel, Stefano Stabellini, kernel-janitors
On 07/03/2019 06:41, Dan Carpenter wrote:
> The "cpu" variable comes from the sscanf() so Smatch marks it as
> untrusted data. We can't pass a higher value than "nr_cpu_ids" to
> cpu_possible() or it results in an out of bounds access.
>
> Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] xen, cpu_hotplug: Prevent an out of bounds access
2019-03-07 5:41 ` Dan Carpenter
@ 2019-03-08 17:16 ` Juergen Gross
-1 siblings, 0 replies; 6+ messages in thread
From: Juergen Gross @ 2019-03-08 17:16 UTC (permalink / raw)
To: Dan Carpenter, Boris Ostrovsky, Alex Nixon
Cc: xen-devel, Stefano Stabellini, kernel-janitors
On 07/03/2019 06:41, Dan Carpenter wrote:
> The "cpu" variable comes from the sscanf() so Smatch marks it as
> untrusted data. We can't pass a higher value than "nr_cpu_ids" to
> cpu_possible() or it results in an out of bounds access.
>
> Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Pushed to xen/tip.git for-linus-5.1a
Juergen
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] xen, cpu_hotplug: Prevent an out of bounds access
@ 2019-03-08 17:16 ` Juergen Gross
0 siblings, 0 replies; 6+ messages in thread
From: Juergen Gross @ 2019-03-08 17:16 UTC (permalink / raw)
To: Dan Carpenter, Boris Ostrovsky, Alex Nixon
Cc: xen-devel, Stefano Stabellini, kernel-janitors
On 07/03/2019 06:41, Dan Carpenter wrote:
> The "cpu" variable comes from the sscanf() so Smatch marks it as
> untrusted data. We can't pass a higher value than "nr_cpu_ids" to
> cpu_possible() or it results in an out of bounds access.
>
> Fixes: d68d82afd4c8 ("xen: implement CPU hotplugging")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Pushed to xen/tip.git for-linus-5.1a
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-03-08 17:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-07 5:41 [PATCH] xen, cpu_hotplug: Prevent an out of bounds access Dan Carpenter
2019-03-07 5:41 ` Dan Carpenter
2019-03-07 7:12 ` Juergen Gross
2019-03-07 7:12 ` Juergen Gross
2019-03-08 17:16 ` Juergen Gross
2019-03-08 17:16 ` Juergen Gross
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.