|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging] llc-coloring: improve checking while parsing
commit cba8a584de171c8c4510709c2edc9f1cf86b21ab
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Apr 7 13:52:44 2026 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Apr 7 13:52:44 2026 +0200
llc-coloring: improve checking while parsing
We can easily avoid the risk of wrapping UINT_MAX <-> 0 by applying a
check against the compile-time-constant maximum number of colors.
Additionally the overflow checks suffered from an off-by-1, as the parsed
ranges are inclusive (e.g. end == start being possible, requiring 1 array
slot, while availability of 0 slots was checked in that case).
Fixes: 6cdea3444eaf ("xen/arm: add Dom0 cache coloring support")
Reported-by: Mykola Kvach <xakep.amatop@xxxxxxxxx>
Reported-by: Kamil Frankowicz <kamil.frankowicz@xxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
xen/common/llc-coloring.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/xen/common/llc-coloring.c b/xen/common/llc-coloring.c
index 822a6b2ed5..eb7c72b240 100644
--- a/xen/common/llc-coloring.c
+++ b/xen/common/llc-coloring.c
@@ -76,8 +76,9 @@ static int __init parse_color_config(const char *buf,
unsigned int colors[],
else /* Single value */
end = start;
- if ( start > end || (end - start) > (UINT_MAX - *num_colors) ||
- (*num_colors + (end - start)) >= max_num_colors )
+ if ( end >= NR_LLC_COLORS || start > end ||
+ (end - start) >= (UINT_MAX - *num_colors) ||
+ (*num_colors + (end - start + 1)) >= max_num_colors )
return -EINVAL;
/* Colors are range checked in check_colors() */
--
generated by git-patchbot for /home/xen/git/xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |