* [PATCH CPU v2] cpuid: initialize cpuinfo with boot_cpu_data
@ 2022-02-11 15:25 Norbert Manthey
2022-02-14 8:35 ` Jan Beulich
0 siblings, 1 reply; 2+ messages in thread
From: Norbert Manthey @ 2022-02-11 15:25 UTC (permalink / raw)
To: xen-devel
Cc: Norbert Manthey, Jan Beulich, Andrew Cooper, Roger Pau Monné,
Wei Liu
When re-identifying CPU data, we might use uninitialized data when
checking for the cache line property to adapt the cache
alignment. The data that depends on this uninitialized read is
currently not forwarded.
To avoid problems in the future, initialize the data cpuinfo
structure before re-identifying the CPU again.
The trace to hit the uninitialized read reported by Coverity is:
bool recheck_cpu_features(unsigned int cpu)
...
struct cpuinfo_x86 c;
...
identify_cpu(&c);
void identify_cpu(struct cpuinfo_x86 *c)
...
generic_identify(c)
static void generic_identify(struct cpuinfo_x86 *c)
...
if (this_cpu->c_early_init)
this_cpu->c_early_init(c); // which is early_init_intel
static void early_init_intel(struct cpuinfo_x86 *c)
...
if (c->x86 == 15 && c->x86_cache_alignment == 64)
c->x86_cache_alignment = 128;
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
---
xen/arch/x86/cpuid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -609,7 +609,7 @@ void __init init_guest_cpuid(void)
bool recheck_cpu_features(unsigned int cpu)
{
bool okay = true;
- struct cpuinfo_x86 c;
+ struct cpuinfo_x86 c = {0};
const struct cpuinfo_x86 *bsp = &boot_cpu_data;
unsigned int i;
--
2.17.1
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH CPU v2] cpuid: initialize cpuinfo with boot_cpu_data
2022-02-11 15:25 [PATCH CPU v2] cpuid: initialize cpuinfo with boot_cpu_data Norbert Manthey
@ 2022-02-14 8:35 ` Jan Beulich
0 siblings, 0 replies; 2+ messages in thread
From: Jan Beulich @ 2022-02-14 8:35 UTC (permalink / raw)
To: Norbert Manthey; +Cc: Andrew Cooper, Roger Pau Monné, Wei Liu, xen-devel
On 11.02.2022 16:25, Norbert Manthey wrote:
> When re-identifying CPU data, we might use uninitialized data when
> checking for the cache line property to adapt the cache
> alignment. The data that depends on this uninitialized read is
> currently not forwarded.
>
> To avoid problems in the future, initialize the data cpuinfo
> structure before re-identifying the CPU again.
>
> The trace to hit the uninitialized read reported by Coverity is:
>
> bool recheck_cpu_features(unsigned int cpu)
> ...
> struct cpuinfo_x86 c;
> ...
> identify_cpu(&c);
>
> void identify_cpu(struct cpuinfo_x86 *c)
> ...
> generic_identify(c)
>
> static void generic_identify(struct cpuinfo_x86 *c)
> ...
> if (this_cpu->c_early_init)
> this_cpu->c_early_init(c); // which is early_init_intel
>
> static void early_init_intel(struct cpuinfo_x86 *c)
> ...
> if (c->x86 == 15 && c->x86_cache_alignment == 64)
> c->x86_cache_alignment = 128;
>
> This bug was discovered and resolved using Coverity Static Analysis
> Security Testing (SAST) by Synopsys, Inc.
>
> Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
Acked-by: Jan Beulich <jbeulich@suse.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-14 8:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-11 15:25 [PATCH CPU v2] cpuid: initialize cpuinfo with boot_cpu_data Norbert Manthey
2022-02-14 8:35 ` Jan Beulich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.