Re: [Xen-devel] [PATCH] xen/vcpu: Improve sanity checks in vcpu_create()
Hi, On 16/01/2020 09:55, Jan Beulich wrote: On 15.01.2020 19:44, Andrew Cooper wrote: The BUG_ON() is confusing to follow. The (!is_idle_domain(d) || vcpu_id) part is a vestigial remnant of architectures poisioning idle_vcpu[0] with non-NULL pointers. Now that idle_vcpu[0] is NULL on all architectures, and d->max_vcpus specified before vcpu_create() is called, we can properly range check the requested vcpu_id. I guess this is meant to be true on top of your Arm side change which hasn't been committed yet? And perhaps better "... starts out as NULL on all ..."? I can commit the two together. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Acked-by: Julien Grall Cheers, -- Julien Grall ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] xen/vcpu: Improve sanity checks in vcpu_create()
On 15.01.2020 19:44, Andrew Cooper wrote: > The BUG_ON() is confusing to follow. The (!is_idle_domain(d) || vcpu_id) part > is a vestigial remnant of architectures poisioning idle_vcpu[0] with non-NULL > pointers. > > Now that idle_vcpu[0] is NULL on all architectures, and d->max_vcpus specified > before vcpu_create() is called, we can properly range check the requested > vcpu_id. I guess this is meant to be true on top of your Arm side change which hasn't been committed yet? And perhaps better "... starts out as NULL on all ..."? > Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
[Xen-devel] [PATCH] xen/vcpu: Improve sanity checks in vcpu_create()
The BUG_ON() is confusing to follow. The (!is_idle_domain(d) || vcpu_id) part
is a vestigial remnant of architectures poisioning idle_vcpu[0] with non-NULL
pointers.
Now that idle_vcpu[0] is NULL on all architectures, and d->max_vcpus specified
before vcpu_create() is called, we can properly range check the requested
vcpu_id.
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
CC: Wei Liu
CC: Roger Pau Monné
CC: Stefano Stabellini
CC: Julien Grall
CC: Volodymyr Babchuk
---
xen/common/domain.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 0b1103fdb2..ee3f9ffd3e 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -139,7 +139,19 @@ struct vcpu *vcpu_create(struct domain *d, unsigned int
vcpu_id)
{
struct vcpu *v;
-BUG_ON((!is_idle_domain(d) || vcpu_id) && d->vcpu[vcpu_id]);
+/*
+ * Sanity check some input expectations:
+ * - vcpu_id should be bounded by d->max_vcpus, and not previously
+ * allocated.
+ * - VCPUs should be tightly packed and allocated in ascending order,
+ * except for the idle domain which may vary based on PCPU numbering.
+ */
+if ( vcpu_id >= d->max_vcpus || d->vcpu[vcpu_id] ||
+ (!is_idle_domain(d) && vcpu_id && !d->vcpu[vcpu_id - 1]) )
+{
+ASSERT_UNREACHABLE();
+return NULL;
+}
if ( (v = alloc_vcpu_struct(d)) == NULL )
return NULL;
--
2.11.0
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
