Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Razvan Cojocaru 
(Re-sent with CCs preserved).

On 06/21/2017 07:06 PM, Jan Beulich wrote:
 On 21.06.17 at 16:56,  wrote:
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>>  bool_t old_status;
>>  
>>  /* sanity check: avoid left-shift undefined behavior */
>> -if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> +if ( unlikely(mop->u.mov_to_cr.index >=
>> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
> 
> Indentation.

Right, that should have matched the end of the "unlikely(" above. I'll
modify it, remove the comment Wei commented on and submit V3.


Thanks,
Razvan

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Razvan Cojocaru 
On 06/21/2017 07:06 PM, Jan Beulich wrote:
 On 21.06.17 at 16:56,  wrote:
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>>  bool_t old_status;
>>  
>>  /* sanity check: avoid left-shift undefined behavior */
>> -if ( unlikely(mop->u.mov_to_cr.index > 31) )
>> +if ( unlikely(mop->u.mov_to_cr.index >=
>> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
> 
> Indentation.

Right, that should have matched the end of the "unlikely(" above. I'll
modify it, remove the comment Wei commented on and submit V3.


Thanks,
Razvan

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Jan Beulich 
>>> On 21.06.17 at 16:56,  wrote:
> --- a/xen/arch/x86/monitor.c
> +++ b/xen/arch/x86/monitor.c
> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>  bool_t old_status;
>  
>  /* sanity check: avoid left-shift undefined behavior */
> -if ( unlikely(mop->u.mov_to_cr.index > 31) )
> +if ( unlikely(mop->u.mov_to_cr.index >=
> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )

Indentation.

Jan


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Wei Liu 
On Wed, Jun 21, 2017 at 06:12:47PM +0300, Razvan Cojocaru wrote:
> On 06/21/2017 06:10 PM, Wei Liu wrote:
> > On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
> >> Fixed an issue where the maximum index allowed (31) goes beyond the
> >> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> >> Coverity-ID: 1412966
> >>
> >> Signed-off-by: Razvan Cojocaru 
> >>
> >> ---
> >> Changes since V1:
> >>  - Changed '3' to 'ARRAY_SIZE(...)'.
> >> ---
> >>  xen/arch/x86/monitor.c | 3 ++-
> >>  1 file changed, 2 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
> >> index bedf13c..af68a79 100644
> >> --- a/xen/arch/x86/monitor.c
> >> +++ b/xen/arch/x86/monitor.c
> >> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
> >>  bool_t old_status;
> >>  
> >>  /* sanity check: avoid left-shift undefined behavior */
> > 
> > This comment should be deleted now.
> 
> It technically continues to be correct, but if you'd like I can send V3
> - otherwise (and if it's not too much hassle) it can be deleted on
> commit. I'm happy to accomodate either scenario.
> 

I don't think I care enough really. :-)

Since Andrew has reviewed this patch, it can be committed (by him) at
some point.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Razvan Cojocaru 
On 06/21/2017 06:10 PM, Wei Liu wrote:
> On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
>> Fixed an issue where the maximum index allowed (31) goes beyond the
>> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
>> Coverity-ID: 1412966
>>
>> Signed-off-by: Razvan Cojocaru 
>>
>> ---
>> Changes since V1:
>>  - Changed '3' to 'ARRAY_SIZE(...)'.
>> ---
>>  xen/arch/x86/monitor.c | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
>> index bedf13c..af68a79 100644
>> --- a/xen/arch/x86/monitor.c
>> +++ b/xen/arch/x86/monitor.c
>> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>>  bool_t old_status;
>>  
>>  /* sanity check: avoid left-shift undefined behavior */
> 
> This comment should be deleted now.

It technically continues to be correct, but if you'd like I can send V3
- otherwise (and if it's not too much hassle) it can be deleted on
commit. I'm happy to accomodate either scenario.


Thanks,
Razvan


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Wei Liu 
On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote:
> Fixed an issue where the maximum index allowed (31) goes beyond the
> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> Coverity-ID: 1412966
> 
> Signed-off-by: Razvan Cojocaru 
> 
> ---
> Changes since V1:
>  - Changed '3' to 'ARRAY_SIZE(...)'.
> ---
>  xen/arch/x86/monitor.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
> index bedf13c..af68a79 100644
> --- a/xen/arch/x86/monitor.c
> +++ b/xen/arch/x86/monitor.c
> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
>  bool_t old_status;
>  
>  /* sanity check: avoid left-shift undefined behavior */

This comment should be deleted now.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Andrew Cooper 
On 21/06/17 15:56, Razvan Cojocaru wrote:
> Fixed an issue where the maximum index allowed (31) goes beyond the
> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
> Coverity-ID: 1412966
>
> Signed-off-by: Razvan Cojocaru 

Reviewed-by: Andrew Cooper 

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)

2017-06-21 Thread Razvan Cojocaru 
Fixed an issue where the maximum index allowed (31) goes beyond the
actual number of array elements (4) of ad->monitor.write_ctrlreg_mask.
Coverity-ID: 1412966

Signed-off-by: Razvan Cojocaru 

---
Changes since V1:
 - Changed '3' to 'ARRAY_SIZE(...)'.
---
 xen/arch/x86/monitor.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c
index bedf13c..af68a79 100644
--- a/xen/arch/x86/monitor.c
+++ b/xen/arch/x86/monitor.c
@@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d,
 bool_t old_status;
 
 /* sanity check: avoid left-shift undefined behavior */
-if ( unlikely(mop->u.mov_to_cr.index > 31) )
+if ( unlikely(mop->u.mov_to_cr.index >=
+ ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) )
 return -EINVAL;
 
 if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) )
-- 
1.9.1


___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel