All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
@ 2017-06-21 14:56 Razvan Cojocaru
  2017-06-21 15:05 ` Andrew Cooper
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 14:56 UTC (permalink / raw)
  To: xen-devel; +Cc: andrew.cooper3, tamas, Razvan Cojocaru, jbeulich

Fixed an issue where the maximum index allowed (31) goes beyond the
actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
Coverity-ID: 1412966

Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>

---
Changes since V1:
 - Changed '3' to 'ARRAY_SIZE(...)'.
---
 xen/arch/x86/monitor.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
index bedf13c..af68a79 100644
--- a/xen/arch/x86/monitor.c
+++ b/xen/arch/x86/monitor.c
@@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
         bool_t old_status;
 
         /* sanity check: avoid left-shift undefined behavior */
-        if ( unlikely(mop->u.mov_to_cr.index > 31) )
+        if ( unlikely(mop->u.mov_to_cr.index >=
+             ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
             return -EINVAL;
 
         if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) )
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
  2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
@ 2017-06-21 15:05 ` Andrew Cooper
  2017-06-21 15:10 ` Wei Liu
  2017-06-21 16:06 ` Jan Beulich
  2 siblings, 0 replies; 8+ messages in thread
From: Andrew Cooper @ 2017-06-21 15:05 UTC (permalink / raw)
  To: Razvan Cojocaru, xen-devel; +Cc: tamas, jbeulich

On 21/06/17 15:56, Razvan Cojocaru wrote:
> Fixed an issue where the maximum index allowed (31) goes beyond the
> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> Coverity-ID: 1412966
>
> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
  2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
  2017-06-21 15:05 ` Andrew Cooper
@ 2017-06-21 15:10 ` Wei Liu
  2017-06-21 15:12   ` Razvan Cojocaru
  2017-06-21 16:06 ` Jan Beulich
  2 siblings, 1 reply; 8+ messages in thread
From: Wei Liu @ 2017-06-21 15:10 UTC (permalink / raw)
  To: Razvan Cojocaru; +Cc: andrew.cooper3, tamas, Wei Liu, jbeulich, xen-devel

On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
> Fixed an issue where the maximum index allowed (31) goes beyond the
> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> Coverity-ID: 1412966
> 
> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
> 
> ---
> Changes since V1:
>  - Changed '3' to 'ARRAY_SIZE(...)'.
> ---
>  xen/arch/x86/monitor.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
> index bedf13c..af68a79 100644
> --- a/xen/arch/x86/monitor.c
> +++ b/xen/arch/x86/monitor.c
> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>          bool_t old_status;
>  
>          /* sanity check: avoid left-shift undefined behavior */

This comment should be deleted now.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
  2017-06-21 15:10 ` Wei Liu
@ 2017-06-21 15:12   ` Razvan Cojocaru
  2017-06-21 15:19     ` Wei Liu
  0 siblings, 1 reply; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 15:12 UTC (permalink / raw)
  To: Wei Liu; +Cc: andrew.cooper3, tamas, jbeulich, xen-devel

On 06/21/2017 06:10 PM, Wei Liu wrote:
> On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
>> Fixed an issue where the maximum index allowed (31) goes beyond the
>> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
>> Coverity-ID: 1412966
>>
>> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
>>
>> ---
>> Changes since V1:
>>  - Changed '3' to 'ARRAY_SIZE(...)'.
>> ---
>>  xen/arch/x86/monitor.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
>> index bedf13c..af68a79 100644
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>>          bool_t old_status;
>>  
>>          /* sanity check: avoid left-shift undefined behavior */
> 
> This comment should be deleted now.

It technically continues to be correct, but if you'd like I can send V3
- otherwise (and if it's not too much hassle) it can be deleted on
commit. I'm happy to accomodate either scenario.


Thanks,
Razvan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
  2017-06-21 15:12   ` Razvan Cojocaru
@ 2017-06-21 15:19     ` Wei Liu
  0 siblings, 0 replies; 8+ messages in thread
From: Wei Liu @ 2017-06-21 15:19 UTC (permalink / raw)
  To: Razvan Cojocaru; +Cc: andrew.cooper3, tamas, Wei Liu, jbeulich, xen-devel

On Wed, Jun 21, 2017 at 06:12:47PM +0300, Razvan Cojocaru wrote:
> On 06/21/2017 06:10 PM, Wei Liu wrote:
> > On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
> >> Fixed an issue where the maximum index allowed (31) goes beyond the
> >> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> >> Coverity-ID: 1412966
> >>
> >> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
> >>
> >> ---
> >> Changes since V1:
> >>  - Changed '3' to 'ARRAY_SIZE(...)'.
> >> ---
> >>  xen/arch/x86/monitor.c | 3 ++-
> >>  1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
> >> index bedf13c..af68a79 100644
> >> --- a/xen/arch/x86/monitor.c
> >> +++ b/xen/arch/x86/monitor.c
> >> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
> >>          bool_t old_status;
> >>  
> >>          /* sanity check: avoid left-shift undefined behavior */
> > 
> > This comment should be deleted now.
> 
> It technically continues to be correct, but if you'd like I can send V3
> - otherwise (and if it's not too much hassle) it can be deleted on
> commit. I'm happy to accomodate either scenario.
> 

I don't think I care enough really. :-)

Since Andrew has reviewed this patch, it can be committed (by him) at
some point.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
  2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
  2017-06-21 15:05 ` Andrew Cooper
  2017-06-21 15:10 ` Wei Liu
@ 2017-06-21 16:06 ` Jan Beulich
  2017-06-21 16:23   ` Razvan Cojocaru
  2017-06-21 16:26   ` Razvan Cojocaru
  2 siblings, 2 replies; 8+ messages in thread
From: Jan Beulich @ 2017-06-21 16:06 UTC (permalink / raw)
  To: Razvan Cojocaru; +Cc: andrew.cooper3, tamas, xen-devel

>>> On 21.06.17 at 16:56, <rcojocaru@bitdefender.com> wrote:
> --- a/xen/arch/x86/monitor.c
> +++ b/xen/arch/x86/monitor.c
> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>          bool_t old_status;
>  
>          /* sanity check: avoid left-shift undefined behavior */
> -        if ( unlikely(mop->u.mov_to_cr.index > 31) )
> +        if ( unlikely(mop->u.mov_to_cr.index >=
> +             ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )

Indentation.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
  2017-06-21 16:06 ` Jan Beulich
@ 2017-06-21 16:23   ` Razvan Cojocaru
  2017-06-21 16:26   ` Razvan Cojocaru
  1 sibling, 0 replies; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 16:23 UTC (permalink / raw)
  To: xen-devel

On 06/21/2017 07:06 PM, Jan Beulich wrote:
>>>> On 21.06.17 at 16:56, <rcojocaru@bitdefender.com> wrote:
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>>          bool_t old_status;
>>  
>>          /* sanity check: avoid left-shift undefined behavior */
>> -        if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> +        if ( unlikely(mop->u.mov_to_cr.index >=
>> +             ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
> 
> Indentation.

Right, that should have matched the end of the "unlikely(" above. I'll
modify it, remove the comment Wei commented on and submit V3.


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
  2017-06-21 16:06 ` Jan Beulich
  2017-06-21 16:23   ` Razvan Cojocaru
@ 2017-06-21 16:26   ` Razvan Cojocaru
  1 sibling, 0 replies; 8+ messages in thread
From: Razvan Cojocaru @ 2017-06-21 16:26 UTC (permalink / raw)
  To: xen-devel; +Cc: Andrew Cooper, Tamas K Lengyel, Jan Beulich

(Re-sent with CCs preserved).

On 06/21/2017 07:06 PM, Jan Beulich wrote:
>>>> On 21.06.17 at 16:56, <rcojocaru@bitdefender.com> wrote:
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>>          bool_t old_status;
>>  
>>          /* sanity check: avoid left-shift undefined behavior */
>> -        if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> +        if ( unlikely(mop->u.mov_to_cr.index >=
>> +             ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
> 
> Indentation.

Right, that should have matched the end of the "unlikely(" above. I'll
modify it, remove the comment Wei commented on and submit V3.


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-06-21 16:26 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-21 14:56 [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) Razvan Cojocaru
2017-06-21 15:05 ` Andrew Cooper
2017-06-21 15:10 ` Wei Liu
2017-06-21 15:12   ` Razvan Cojocaru
2017-06-21 15:19     ` Wei Liu
2017-06-21 16:06 ` Jan Beulich
2017-06-21 16:23   ` Razvan Cojocaru
2017-06-21 16:26   ` Razvan Cojocaru

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.