From mboxrd@z Thu Jan  1 00:00:00 1970
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: Re: [PATCH v3 4/7] sysctl: Add sysctl interface for
 querying PCI topology
Date: Tue, 10 Feb 2015 09:37:08 -0500
Message-ID: <54DA1794.4010809__4434.98947793177$1423579146$gmane$org@oracle.com>
References: <1423512275-6531-5-git-send-email-boris.ostrovsky@oracle.com>
	<1423512275-6531-1-git-send-email-boris.ostrovsky@oracle.com>
	<2508.1423564006@perseus.noi.kre.to>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <2508.1423564006@perseus.noi.kre.to>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Robert Elz <kre@munnari.OZ.AU>
Cc: keir@xen.org, ian.campbell@citrix.com, port-xen@netbsd.org, stefano.stabellini@eu.citrix.com, andrew.cooper3@citrix.com, dario.faggioli@citrix.com, ian.jackson@eu.citrix.com, xen-devel@lists.xen.org, jbeulich@suse.com, wei.liu2@citrix.com, ufimtseva@gmail.com
List-Id: xen-devel@lists.xenproject.org


On 02/10/2015 05:26 AM, Robert Elz wrote:
>      Date:        Mon,  9 Feb 2015 15:04:32 -0500
>      From:        Boris Ostrovsky <boris.ostrovsky@oracle.com>
>      Message-ID:  <1423512275-6531-5-git-send-email-boris.ostrovsky@oracle.com>
>
>
>    | +        num_devs = ti->num_devs - ti->first_dev;
>    | +
>    | +        if ( guest_handle_is_null(ti->devs) ||
>    | +             guest_handle_is_null(ti->nodes) ||
>    | +             (num_devs <= 0) )
>    | +        {
>    | +            ret = -EINVAL;
>    | +            break;
>    | +        }
>
> Does that need a check that ti->first_dev <= ti_num_devs ?
>
> (that is aside from the issue of subtracting one uint from another and hoping
> that you'll get a negative signed int if the one subtracted is bigger).
>
> The (num_devs <= 0) test (even if it works - which it should on most
> rational architectures) isn't good enough, as it is possible to subtract
> a very big uint from a very small unit and end up with an int that is
> positive (and potentially, very big, consider (32bit): 2 - 0x80000001).
>
> So, replace the (num_devs <= 0) test by (ti->first_dev <= ti->num_devs)  ??
>
> Or possibly include both tests, just in case ti->num_devs is very large and
> ti->first_dev is small (like 0) and when the large unsigned is converted
> to signed, it becomes negative - or is all of this just too impossible
> to worry about?


For the latter, I'll just keep num_devs as uint32. The only reason I 
declared it as a signed int was for (num_devs <= 0) test.

-boris