Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
(Re-sent with CCs preserved). On 06/21/2017 07:06 PM, Jan Beulich wrote: On 21.06.17 at 16:56,wrote: >> --- a/xen/arch/x86/monitor.c >> +++ b/xen/arch/x86/monitor.c >> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d, >> bool_t old_status; >> >> /* sanity check: avoid left-shift undefined behavior */ >> -if ( unlikely(mop->u.mov_to_cr.index > 31) ) >> +if ( unlikely(mop->u.mov_to_cr.index >= >> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) ) > > Indentation. Right, that should have matched the end of the "unlikely(" above. I'll modify it, remove the comment Wei commented on and submit V3. Thanks, Razvan ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
On 06/21/2017 07:06 PM, Jan Beulich wrote: On 21.06.17 at 16:56,wrote: >> --- a/xen/arch/x86/monitor.c >> +++ b/xen/arch/x86/monitor.c >> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d, >> bool_t old_status; >> >> /* sanity check: avoid left-shift undefined behavior */ >> -if ( unlikely(mop->u.mov_to_cr.index > 31) ) >> +if ( unlikely(mop->u.mov_to_cr.index >= >> + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) ) > > Indentation. Right, that should have matched the end of the "unlikely(" above. I'll modify it, remove the comment Wei commented on and submit V3. Thanks, Razvan ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
>>> On 21.06.17 at 16:56,wrote: > --- a/xen/arch/x86/monitor.c > +++ b/xen/arch/x86/monitor.c > @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d, > bool_t old_status; > > /* sanity check: avoid left-shift undefined behavior */ > -if ( unlikely(mop->u.mov_to_cr.index > 31) ) > +if ( unlikely(mop->u.mov_to_cr.index >= > + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) ) Indentation. Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
On Wed, Jun 21, 2017 at 06:12:47PM +0300, Razvan Cojocaru wrote: > On 06/21/2017 06:10 PM, Wei Liu wrote: > > On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote: > >> Fixed an issue where the maximum index allowed (31) goes beyond the > >> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask. > >> Coverity-ID: 1412966 > >> > >> Signed-off-by: Razvan Cojocaru> >> > >> --- > >> Changes since V1: > >> - Changed '3' to 'ARRAY_SIZE(...)'. > >> --- > >> xen/arch/x86/monitor.c | 3 ++- > >> 1 file changed, 2 insertions(+), 1 deletion(-) > >> > >> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c > >> index bedf13c..af68a79 100644 > >> --- a/xen/arch/x86/monitor.c > >> +++ b/xen/arch/x86/monitor.c > >> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d, > >> bool_t old_status; > >> > >> /* sanity check: avoid left-shift undefined behavior */ > > > > This comment should be deleted now. > > It technically continues to be correct, but if you'd like I can send V3 > - otherwise (and if it's not too much hassle) it can be deleted on > commit. I'm happy to accomodate either scenario. > I don't think I care enough really. :-) Since Andrew has reviewed this patch, it can be committed (by him) at some point. ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
On 06/21/2017 06:10 PM, Wei Liu wrote: > On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote: >> Fixed an issue where the maximum index allowed (31) goes beyond the >> actual number of array elements (4) of ad->monitor.write_ctrlreg_mask. >> Coverity-ID: 1412966 >> >> Signed-off-by: Razvan Cojocaru>> >> --- >> Changes since V1: >> - Changed '3' to 'ARRAY_SIZE(...)'. >> --- >> xen/arch/x86/monitor.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c >> index bedf13c..af68a79 100644 >> --- a/xen/arch/x86/monitor.c >> +++ b/xen/arch/x86/monitor.c >> @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d, >> bool_t old_status; >> >> /* sanity check: avoid left-shift undefined behavior */ > > This comment should be deleted now. It technically continues to be correct, but if you'd like I can send V3 - otherwise (and if it's not too much hassle) it can be deleted on commit. I'm happy to accomodate either scenario. Thanks, Razvan ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
On Wed, Jun 21, 2017 at 05:56:02PM +0300, Razvan Cojocaru wrote: > Fixed an issue where the maximum index allowed (31) goes beyond the > actual number of array elements (4) of ad->monitor.write_ctrlreg_mask. > Coverity-ID: 1412966 > > Signed-off-by: Razvan Cojocaru> > --- > Changes since V1: > - Changed '3' to 'ARRAY_SIZE(...)'. > --- > xen/arch/x86/monitor.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c > index bedf13c..af68a79 100644 > --- a/xen/arch/x86/monitor.c > +++ b/xen/arch/x86/monitor.c > @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d, > bool_t old_status; > > /* sanity check: avoid left-shift undefined behavior */ This comment should be deleted now. ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
On 21/06/17 15:56, Razvan Cojocaru wrote: > Fixed an issue where the maximum index allowed (31) goes beyond the > actual number of array elements (4) of ad->monitor.write_ctrlreg_mask. > Coverity-ID: 1412966 > > Signed-off-by: Razvan CojocaruReviewed-by: Andrew Cooper ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
[Xen-devel] [PATCH V2] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN)
Fixed an issue where the maximum index allowed (31) goes beyond the actual number of array elements (4) of ad->monitor.write_ctrlreg_mask. Coverity-ID: 1412966 Signed-off-by: Razvan Cojocaru--- Changes since V1: - Changed '3' to 'ARRAY_SIZE(...)'. --- xen/arch/x86/monitor.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c index bedf13c..af68a79 100644 --- a/xen/arch/x86/monitor.c +++ b/xen/arch/x86/monitor.c @@ -133,7 +133,8 @@ int arch_monitor_domctl_event(struct domain *d, bool_t old_status; /* sanity check: avoid left-shift undefined behavior */ -if ( unlikely(mop->u.mov_to_cr.index > 31) ) +if ( unlikely(mop->u.mov_to_cr.index >= + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) ) return -EINVAL; if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) ) -- 1.9.1 ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel