On 01/21/2010 12:56 PM, Christian Borntraeger wrote:
Avi, Marcelo,
kvm_handle_sie_intercept uses a jump table to get the intercept handler
for a SIE intercept. Static code analysis revealed a potential problem:
the intercept_funcs jump table was defined to contain (0x48>> 2) entries,
but we only checked for code> 0x48 which would cause an off-by-one
array overflow if code == 0x48.
Since the table is only populated up to (0x28>> 2), we can reduce the
jump table size while fixing the off-by-one.
-static const intercept_handler_t intercept_funcs[0x48>> 2] = {
+static const intercept_handler_t intercept_funcs[(0x28>> 2) + 1] = {
[0x00>> 2] = handle_noop,
[0x04>> 2] = handle_instruction,
[0x08>> 2] = handle_prog,
[0x0C>> 2] = handle_instruction_and_prog,
[0x10>> 2] = handle_noop,
[0x14>> 2] = handle_noop,
[0x1C>> 2] = kvm_s390_handle_wait,
[0x20>> 2] = handle_validity,
[0x28>> 2] = handle_stop,
};
You can define the array without a size to let the compiler figure out
the minimum size.
int kvm_handle_sie_intercept(struct kvm_vcpu *vcpu)
{
intercept_handler_t func;
u8 code = vcpu->arch.sie_block->icptcode;
- if (code& 3 || code> 0x48)
+ if (code& 3 || code> 0x28)
return -ENOTSUPP;
And here, check against ARRAY_SIZE() instead of a magic number.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
