* [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
@ 2017-06-21 14:56 Razvan Cojocaru
2017-06-21 15:05 ` Andrew Cooper
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 14:56 UTC (permalink / raw)
To: xen-devel; +Cc: andrew.cooper3, tamas, Razvan Cojocaru, jbeulich
Fixed an issue where the maximum index allowed (31) goes beyond the
actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
Coverity-ID: 1412966
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
---
Changes since V1:
- Changed '3' to 'ARRAY_SIZE(...)'.
---
xen/arch/x86/monitor.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
index bedf13c..af68a79 100644
--- a/xen/arch/x86/monitor.c
+++ b/xen/arch/x86/monitor.c
@@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
bool_t old_status;
/* sanity check: avoid left-shift undefined behavior */
- if ( unlikely(mop->u.mov_to_cr.index > 31) )
+ if ( unlikely(mop->u.mov_to_cr.index >=
+ ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
return -EINVAL;
if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) )
--
1.9.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
@ 2017-06-21 15:05 ` Andrew Cooper
2017-06-21 15:10 ` Wei Liu
2017-06-21 16:06 ` Jan Beulich
2 siblings, 0 replies; 8+ messages in thread
From: Andrew Cooper @ 2017-06-21 15:05 UTC (permalink / raw)
To: Razvan Cojocaru, xen-devel; +Cc: tamas, jbeulich
On 21/06/17 15:56, Razvan Cojocaru wrote:
> Fixed an issue where the maximum index allowed (31) goes beyond the
> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> Coverity-ID: 1412966
>
> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
2017-06-21 15:05 ` Andrew Cooper
@ 2017-06-21 15:10 ` Wei Liu
2017-06-21 15:12 ` Razvan Cojocaru
2017-06-21 16:06 ` Jan Beulich
2 siblings, 1 reply; 8+ messages in thread
From: Wei Liu @ 2017-06-21 15:10 UTC (permalink / raw)
To: Razvan Cojocaru; +Cc: andrew.cooper3, tamas, Wei Liu, jbeulich, xen-devel
On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
> Fixed an issue where the maximum index allowed (31) goes beyond the
> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> Coverity-ID: 1412966
>
> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
>
> ---
> Changes since V1:
> - Changed '3' to 'ARRAY_SIZE(...)'.
> ---
> xen/arch/x86/monitor.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
> index bedf13c..af68a79 100644
> --- a/xen/arch/x86/monitor.c
> +++ b/xen/arch/x86/monitor.c
> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
> bool_t old_status;
>
> /* sanity check: avoid left-shift undefined behavior */
This comment should be deleted now.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
2017-06-21 15:10 ` Wei Liu
@ 2017-06-21 15:12 ` Razvan Cojocaru
2017-06-21 15:19 ` Wei Liu
0 siblings, 1 reply; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 15:12 UTC (permalink / raw)
To: Wei Liu; +Cc: andrew.cooper3, tamas, jbeulich, xen-devel
On 06/21/2017 06:10 PM, Wei Liu wrote:
> On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
>> Fixed an issue where the maximum index allowed (31) goes beyond the
>> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
>> Coverity-ID: 1412966
>>
>> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
>>
>> ---
>> Changes since V1:
>> - Changed '3' to 'ARRAY_SIZE(...)'.
>> ---
>> xen/arch/x86/monitor.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
>> index bedf13c..af68a79 100644
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>> bool_t old_status;
>>
>> /* sanity check: avoid left-shift undefined behavior */
>
> This comment should be deleted now.
It technically continues to be correct, but if you'd like I can send V3
- otherwise (and if it's not too much hassle) it can be deleted on
commit. I'm happy to accomodate either scenario.
Thanks,
Razvan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
2017-06-21 15:12 ` Razvan Cojocaru
@ 2017-06-21 15:19 ` Wei Liu
0 siblings, 0 replies; 8+ messages in thread
From: Wei Liu @ 2017-06-21 15:19 UTC (permalink / raw)
To: Razvan Cojocaru; +Cc: andrew.cooper3, tamas, Wei Liu, jbeulich, xen-devel
On Wed, Jun 21, 2017 at 06:12:47PM +0300, Razvan Cojocaru wrote:
> On 06/21/2017 06:10 PM, Wei Liu wrote:
> > On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
> >> Fixed an issue where the maximum index allowed (31) goes beyond the
> >> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> >> Coverity-ID: 1412966
> >>
> >> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
> >>
> >> ---
> >> Changes since V1:
> >> - Changed '3' to 'ARRAY_SIZE(...)'.
> >> ---
> >> xen/arch/x86/monitor.c | 3 ++-
> >> 1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
> >> index bedf13c..af68a79 100644
> >> --- a/xen/arch/x86/monitor.c
> >> +++ b/xen/arch/x86/monitor.c
> >> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
> >> bool_t old_status;
> >>
> >> /* sanity check: avoid left-shift undefined behavior */
> >
> > This comment should be deleted now.
>
> It technically continues to be correct, but if you'd like I can send V3
> - otherwise (and if it's not too much hassle) it can be deleted on
> commit. I'm happy to accomodate either scenario.
>
I don't think I care enough really. :-)
Since Andrew has reviewed this patch, it can be committed (by him) at
some point.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
2017-06-21 15:05 ` Andrew Cooper
2017-06-21 15:10 ` Wei Liu
@ 2017-06-21 16:06 ` Jan Beulich
2017-06-21 16:23 ` Razvan Cojocaru
2017-06-21 16:26 ` Razvan Cojocaru
2 siblings, 2 replies; 8+ messages in thread
From: Jan Beulich @ 2017-06-21 16:06 UTC (permalink / raw)
To: Razvan Cojocaru; +Cc: andrew.cooper3, tamas, xen-devel
>>> On 21.06.17 at 16:56, <rcojocaru@bitdefender.com> wrote:
> --- a/xen/arch/x86/monitor.c
> +++ b/xen/arch/x86/monitor.c
> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
> bool_t old_status;
>
> /* sanity check: avoid left-shift undefined behavior */
> - if ( unlikely(mop->u.mov_to_cr.index > 31) )
> + if ( unlikely(mop->u.mov_to_cr.index >=
> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
Indentation.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
2017-06-21 16:06 ` Jan Beulich
@ 2017-06-21 16:23 ` Razvan Cojocaru
2017-06-21 16:26 ` Razvan Cojocaru
1 sibling, 0 replies; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 16:23 UTC (permalink / raw)
To: xen-devel
On 06/21/2017 07:06 PM, Jan Beulich wrote:
>>>> On 21.06.17 at 16:56, <rcojocaru@bitdefender.com> wrote:
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>> bool_t old_status;
>>
>> /* sanity check: avoid left-shift undefined behavior */
>> - if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> + if ( unlikely(mop->u.mov_to_cr.index >=
>> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
>
> Indentation.
Right, that should have matched the end of the "unlikely(" above. I'll
modify it, remove the comment Wei commented on and submit V3.
Thanks,
Razvan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
2017-06-21 16:06 ` Jan Beulich
2017-06-21 16:23 ` Razvan Cojocaru
@ 2017-06-21 16:26 ` Razvan Cojocaru
1 sibling, 0 replies; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 16:26 UTC (permalink / raw)
To: xen-devel; +Cc: Andrew Cooper, Tamas K Lengyel, Jan Beulich
(Re-sent with CCs preserved).
On 06/21/2017 07:06 PM, Jan Beulich wrote:
>>>> On 21.06.17 at 16:56, <rcojocaru@bitdefender.com> wrote:
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>> bool_t old_status;
>>
>> /* sanity check: avoid left-shift undefined behavior */
>> - if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> + if ( unlikely(mop->u.mov_to_cr.index >=
>> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
>
> Indentation.
Right, that should have matched the end of the "unlikely(" above. I'll
modify it, remove the comment Wei commented on and submit V3.
Thanks,
Razvan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-06-21 16:26 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
2017-06-21 15:05 ` Andrew Cooper
2017-06-21 15:10 ` Wei Liu
2017-06-21 15:12 ` Razvan Cojocaru
2017-06-21 15:19 ` Wei Liu
2017-06-21 16:06 ` Jan Beulich
2017-06-21 16:23 ` Razvan Cojocaru
2017-06-21 16:26 ` Razvan Cojocaru
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.