All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
	George Dunlap <George.Dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Tim Deegan <tim@xen.org>, Jan Beulich <JBeulich@suse.com>
Subject: [PATCH] xen/common: Avoid undefined behaviour by shifting into a sign bit
Date: Tue, 9 Aug 2016 13:48:02 +0100	[thread overview]
Message-ID: <1470746884-27118-1-git-send-email-andrew.cooper3@citrix.com> (raw)
In-Reply-To: <1470405013-18856-1-git-send-email-andrew.cooper3@citrix.com>

For d->shutdown_code, change the field to being unsigned and using an unsigned
sentinel.  The sentinal needs to be distinguishable from any value
representable in a u8.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Tim Deegan <tim@xen.org>

v2:
 * Change d->shutdown_code to being unsigned.
---
 xen/common/domain.c       | 6 +++---
 xen/common/schedule.c     | 2 +-
 xen/common/xmalloc_tlsf.c | 4 ++--
 xen/include/xen/sched.h   | 5 +++--
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/xen/common/domain.c b/xen/common/domain.c
index 339ee56..a8804e4 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -293,7 +293,7 @@ struct domain *domain_create(domid_t domid, unsigned int domcr_flags,
     d->auto_node_affinity = 1;
 
     spin_lock_init(&d->shutdown_lock);
-    d->shutdown_code = -1;
+    d->shutdown_code = SHUTDOWN_CODE_INVALID;
 
     spin_lock_init(&d->pbuf_lock);
 
@@ -695,7 +695,7 @@ void domain_shutdown(struct domain *d, u8 reason)
 
     spin_lock(&d->shutdown_lock);
 
-    if ( d->shutdown_code == -1 )
+    if ( d->shutdown_code == SHUTDOWN_CODE_INVALID )
         d->shutdown_code = reason;
     reason = d->shutdown_code;
 
@@ -742,7 +742,7 @@ void domain_resume(struct domain *d)
     spin_lock(&d->shutdown_lock);
 
     d->is_shutting_down = d->is_shut_down = 0;
-    d->shutdown_code = -1;
+    d->shutdown_code = SHUTDOWN_CODE_INVALID;
 
     for_each_vcpu ( d, v )
     {
diff --git a/xen/common/schedule.c b/xen/common/schedule.c
index 852f840..32a300f 100644
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -1120,7 +1120,7 @@ ret_t do_sched_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
                  d->domain_id, current->vcpu_id, sched_shutdown.reason);
 
         spin_lock(&d->shutdown_lock);
-        if ( d->shutdown_code == -1 )
+        if ( d->shutdown_code == SHUTDOWN_CODE_INVALID )
             d->shutdown_code = (u8)sched_shutdown.reason;
         spin_unlock(&d->shutdown_lock);
 
diff --git a/xen/common/xmalloc_tlsf.c b/xen/common/xmalloc_tlsf.c
index b13317e..6c1b882 100644
--- a/xen/common/xmalloc_tlsf.c
+++ b/xen/common/xmalloc_tlsf.c
@@ -177,7 +177,7 @@ static inline void MAPPING_INSERT(unsigned long r, int *fl, int *sl)
 static inline struct bhdr *FIND_SUITABLE_BLOCK(struct xmem_pool *p, int *fl,
                                                int *sl)
 {
-    u32 tmp = p->sl_bitmap[*fl] & (~0 << *sl);
+    u32 tmp = p->sl_bitmap[*fl] & (~0u << *sl);
     struct bhdr *b = NULL;
 
     if ( tmp )
@@ -187,7 +187,7 @@ static inline struct bhdr *FIND_SUITABLE_BLOCK(struct xmem_pool *p, int *fl,
     }
     else
     {
-        *fl = ffs(p->fl_bitmap & (~0 << (*fl + 1))) - 1;
+        *fl = ffs(p->fl_bitmap & (~0u << (*fl + 1))) - 1;
         if ( likely(*fl > 0) )
         {
             *sl = ffs(p->sl_bitmap[*fl]) - 1;
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 888bc19..2f9c15f 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -404,7 +404,8 @@ struct domain
     spinlock_t       shutdown_lock;
     bool_t           is_shutting_down; /* in process of shutting down? */
     bool_t           is_shut_down;     /* fully shut down? */
-    int              shutdown_code;
+#define SHUTDOWN_CODE_INVALID ~0u
+    unsigned int     shutdown_code;
 
     /* If this is not 0, send suspend notification here instead of
      * raising DOM_EXC */
@@ -483,7 +484,7 @@ extern struct vcpu *idle_vcpu[NR_CPUS];
 #define is_idle_domain(d) ((d)->domain_id == DOMID_IDLE)
 #define is_idle_vcpu(v)   (is_idle_domain((v)->domain))
 
-#define DOMAIN_DESTROYED (1<<31) /* assumes atomic_t is >= 32 bits */
+#define DOMAIN_DESTROYED (1u << 31) /* assumes atomic_t is >= 32 bits */
 #define put_domain(_d) \
   if ( atomic_dec_and_test(&(_d)->refcnt) ) domain_destroy(_d)
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  parent reply	other threads:[~2016-08-09 12:48 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-05 13:50 [PATCH 1/3] xen/common: Avoid undefined behaviour by shifting into a sign bit Andrew Cooper
2016-08-05 13:50 ` [PATCH 2/3] xen/x86: " Andrew Cooper
2016-08-05 14:06   ` Jan Beulich
2016-08-05 13:50 ` [PATCH 3/3] x86/microcode: Avoid undefined behaviour from signed integer overflow Andrew Cooper
2016-08-05 14:09   ` Jan Beulich
2016-08-11  8:42   ` Tian, Kevin
2016-08-05 14:04 ` [PATCH 1/3] xen/common: Avoid undefined behaviour by shifting into a sign bit Jan Beulich
2016-08-05 14:07   ` George Dunlap
2016-08-09 12:48 ` Andrew Cooper [this message]
2016-08-09 12:48   ` [PATCH] xen/x86: " Andrew Cooper
2016-08-09 12:48   ` [PATCH] x86/microcode: Avoid undefined behaviour from signed integer overflow Andrew Cooper
2016-08-09 14:00   ` [PATCH] xen/common: Avoid undefined behaviour by shifting into a sign bit Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1470746884-27118-1-git-send-email-andrew.cooper3@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=George.Dunlap@eu.citrix.com \
    --cc=JBeulich@suse.com \
    --cc=sstabellini@kernel.org \
    --cc=tim@xen.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.