subject:"\[Xen\-devel\] \[PATCH\] x86\/monitor\: Fixed CID 1412966\: Memory \- corruptions \(OVERRUN\)"

Re: [Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Andrew Cooper

On 21/06/17 15:33, Andrew Cooper wrote:
> On 21/06/17 15:28, Razvan Cojocaru wrote:
>> Fixed an issue where the maximum index allowed (31) goes beyond the
>> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
>> Coverity-ID: 1412966
>>
>> Signed-off-by: Razvan Cojocaru 
>> ---
>>  xen/arch/x86/monitor.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
>> index bedf13c..4620b15 100644
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,7 @@ int arch_monitor_domctl_event(struct domain *d,
>>  bool_t old_status;
>>  
>>  /* sanity check: avoid left-shift undefined behavior */
>> -if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> +if ( unlikely(mop->u.mov_to_cr.index > 3) )
>> = ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)
> ?

Sorry - that should be ">= ARRAY" when it doesn't get interpreted as an
email quotation.

~Andrew

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Razvan Cojocaru

On 06/21/2017 05:33 PM, Andrew Cooper wrote:
> On 21/06/17 15:28, Razvan Cojocaru wrote:
>> Fixed an issue where the maximum index allowed (31) goes beyond the
>> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
>> Coverity-ID: 1412966
>>
>> Signed-off-by: Razvan Cojocaru 
>> ---
>>  xen/arch/x86/monitor.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
>> index bedf13c..4620b15 100644
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,7 @@ int arch_monitor_domctl_event(struct domain *d,
>>  bool_t old_status;
>>  
>>  /* sanity check: avoid left-shift undefined behavior */
>> -if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> +if ( unlikely(mop->u.mov_to_cr.index > 3) )
> 
>> = ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)
> > ?

Yes, that'd be the right way to do it. :)

V2 coming up in a second.


Thanks,
Razvan

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Andrew Cooper

On 21/06/17 15:28, Razvan Cojocaru wrote:
> Fixed an issue where the maximum index allowed (31) goes beyond the
> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> Coverity-ID: 1412966
>
> Signed-off-by: Razvan Cojocaru 
> ---
>  xen/arch/x86/monitor.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
> index bedf13c..4620b15 100644
> --- a/xen/arch/x86/monitor.c
> +++ b/xen/arch/x86/monitor.c
> @@ -133,7 +133,7 @@ int arch_monitor_domctl_event(struct domain *d,
>  bool_t old_status;
>  
>  /* sanity check: avoid left-shift undefined behavior */
> -if ( unlikely(mop->u.mov_to_cr.index > 31) )
> +if ( unlikely(mop->u.mov_to_cr.index > 3) )

>= ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)

?

~Andrew

>  return -EINVAL;
>  
>  if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) )


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Razvan Cojocaru

Fixed an issue where the maximum index allowed (31) goes beyond the
actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
Coverity-ID: 1412966

Signed-off-by: Razvan Cojocaru 
---
 xen/arch/x86/monitor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
index bedf13c..4620b15 100644
--- a/xen/arch/x86/monitor.c
+++ b/xen/arch/x86/monitor.c
@@ -133,7 +133,7 @@ int arch_monitor_domctl_event(struct domain *d,
 bool_t old_status;
 
 /* sanity check: avoid left-shift undefined behavior */
-if ( unlikely(mop->u.mov_to_cr.index > 31) )
+if ( unlikely(mop->u.mov_to_cr.index > 3) )
 return -EINVAL;
 
 if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) )
-- 
1.9.1


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

Re: [Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

Re: [Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

[Xen-devel] [PATCH] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

4 matches

Site Navigation

Mail list logo

Footer information