From: Roger Pau Monne <roger.pau@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
boris.ostrovsky@oracle.com, xen-devel@lists.xenproject.org
Subject: Re: [PATCH v3 4/8] x86/hvm: convert gsi_assert_count into a variable size array
Date: Mon, 3 Apr 2017 17:18:11 +0100 [thread overview]
Message-ID: <20170403161811.wymzjrd72ldsm6ty@dhcp-3-128.uk.xensource.com> (raw)
In-Reply-To: <58DE8F05020000780014B6DD@prv-mh.provo.novell.com>
On Fri, Mar 31, 2017 at 09:16:53AM -0600, Jan Beulich wrote:
> >>> On 29.03.17 at 16:47, <roger.pau@citrix.com> wrote:
> > Rearrange the fields of hvm_irq so that gsi_assert_count can be converted into
> > a variable size array and add a new field to account the number of GSIs.
> >
> > Due to this changes the irq member in the hvm_domain struct also needs to
> > become a pointer set at runtime.
> >
> > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
> with one possible adjustment:
>
> > --- a/xen/arch/x86/hvm/irq.c
> > +++ b/xen/arch/x86/hvm/irq.c
> > @@ -69,6 +69,7 @@ static void __hvm_pci_intx_assert(
> > return;
> >
> > gsi = hvm_pci_intx_gsi(device, intx);
> > + ASSERT(gsi < hvm_irq->nr_gsis);
> > if ( hvm_irq->gsi_assert_count[gsi]++ == 0 )
> > assert_gsi(d, gsi);
> >
> > @@ -99,6 +100,7 @@ static void __hvm_pci_intx_deassert(
> > return;
> >
> > gsi = hvm_pci_intx_gsi(device, intx);
> > + ASSERT(gsi < hvm_irq->nr_gsis);
> > --hvm_irq->gsi_assert_count[gsi];
>
> These ASSERT()s certainly don't make the situation worse after
> just this patch alone, but once the higher Dom0 count comes
> into play them turning into nothing on release builds is sub-
> optimal. In a few cases we've used (or at least have been
> considering using) something like
>
> if ( gsi >= hvm_irq->nr_gsis)
> {
> ASSERT_UNREACHABLE();
> return;
> }
>
> to avoid the array overrun even in the release build case.
> Otoh it's only Dom0 which could actually cause this, so it
> wouldn't be a security issue as per our current classification.
> Andrew - do you have a specific opinion either way here?
Yes, I think your suggestion is better, it will trigger on debug builds while
not causing array overrun on production ones.
Roger.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-04-03 16:18 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-29 14:39 [PATCH v3 0/8] x86/vioapic: introduce support for multiple vIO APICs Roger Pau Monne
2017-03-29 14:39 ` [PATCH v3 1/8] x86/vioapic: expand hvm_vioapic to contain vIO APIC internal state Roger Pau Monne
2017-03-31 14:52 ` Jan Beulich
2017-03-29 14:47 ` [PATCH v3 2/8] x86/hvm: introduce hvm_domain_irq macro Roger Pau Monne
2017-03-31 5:10 ` Tian, Kevin
2017-03-31 14:53 ` Jan Beulich
2017-03-29 14:47 ` [PATCH v3 3/8] x86/irq: rename NR_HVM_IRQS and break it's dependency on VIOAPIC_NUM_PINS Roger Pau Monne
2017-03-31 15:01 ` Jan Beulich
2017-04-04 10:15 ` Roger Pau Monne
2017-04-04 10:18 ` Jan Beulich
2017-03-29 14:47 ` [PATCH v3 4/8] x86/hvm: convert gsi_assert_count into a variable size array Roger Pau Monne
2017-03-31 15:16 ` Jan Beulich
2017-04-03 16:18 ` Roger Pau Monne [this message]
2017-03-29 14:47 ` [PATCH v3 5/8] x86/vioapic: allow the vIO APIC to have a variable number of pins Roger Pau Monne
2017-03-31 15:20 ` Jan Beulich
2017-03-29 14:47 ` [PATCH v3 6/8] x86/vioapic: introduce support for multiple vIO APICS Roger Pau Monne
2017-03-31 15:48 ` Jan Beulich
2017-03-29 14:47 ` [PATCH v3 7/8] x86/ioapic: add prototype for io_apic_gsi_base to io_apic.h Roger Pau Monne
2017-03-29 14:47 ` [PATCH v3 8/8] x86/vioapic: allow PVHv2 Dom0 to have more than one IO APIC Roger Pau Monne
2017-03-30 8:16 ` [PATCH v3 0/8] x86/vioapic: introduce support for multiple vIO APICs Roger Pau Monne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170403161811.wymzjrd72ldsm6ty@dhcp-3-128.uk.xensource.com \
--to=roger.pau@citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.