[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] x86/hvmloader: fix usage of NULL with cpuid_count()

To: xen-changelog@xxxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Fri, 25 Apr 2025 13:33:12 +0000
Delivery-date: Fri, 25 Apr 2025 13:33:14 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit 8f2c5dc611404fe17a1fc7cfc03153c65db2bcd5
Author:     Roger Pau Monne <roger.pau@xxxxxxxxxx>
AuthorDate: Thu Apr 24 13:39:45 2025 +0200
Commit:     Roger Pau Monne <roger.pau@xxxxxxxxxx>
CommitDate: Fri Apr 25 14:50:19 2025 +0200

    x86/hvmloader: fix usage of NULL with cpuid_count()
    
    The commit that added support for retrieving the APIC IDs from the APs
    introduced several usages of cpuid() with NULL parameters, which is not
    handled by the underlying implementation.  For GCC I expect this results in
    writes to the physical address at 0, however when using Clang 19.1.2 the
    generated code in smp.o for the whole file is:
    
    tools/firmware/hvmloader/smp.o: file format elf32-i386
    
    Disassembly of section .text:
    
    00000000 <smp_initialise>:
           0: 55                            pushl   %ebp
           1: 89 e5                         movl    %esp, %ebp
           3: 53                            pushl   %ebx
           4: 31 c0                         xorl    %eax, %eax
           6: 31 c9                         xorl    %ecx, %ecx
           8: 0f a2                         cpuid
    
    Showing the usage of a NULL pointer results in undefined behavior, and
    Clang refusing to generate further code after it.
    
    Fix by using a temporary variable in cpuid_count() in place for any NULL
    parameter.
    
    Fixes: 9ad0db58c7e2 ('tools/hvmloader: Retrieve APIC IDs from the APs 
themselves')
    Signed-off-by: Roger Pau MonnÃ© <roger.pau@xxxxxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 tools/firmware/hvmloader/util.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tools/firmware/hvmloader/util.h b/tools/firmware/hvmloader/util.h
index 644450c51c..765a013ddd 100644
--- a/tools/firmware/hvmloader/util.h
+++ b/tools/firmware/hvmloader/util.h
@@ -190,6 +190,17 @@ static inline void cpuid_count(
     uint32_t *ecx,
     uint32_t *edx)
 {
+    uint32_t tmp;
+
+    if ( !eax )
+        eax = &tmp;
+    if ( !ebx )
+        ebx = &tmp;
+    if ( !ecx )
+        ecx = &tmp;
+    if ( !edx )
+        edx = &tmp;
+
     asm volatile ( "cpuid"
                    : "=a" (*eax), "=b" (*ebx), "=c" (*ecx), "=d" (*edx)
                    : "a" (leaf), "c" (subleaf) );
--
generated by git-patchbot for /home/xen/git/xen.git#master

Prev by Date: [xen master] xen: fix buffer over-read in bitmap_to_xenctl_bitmap()
Next by Date: [xen master] xen/vpci: Fix msix existing mapping printk
Previous by thread: [xen master] xen: fix buffer over-read in bitmap_to_xenctl_bitmap()
Next by thread: [xen master] xen/vpci: Fix msix existing mapping printk
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.