[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86, amd_ucode: Support multiple container files appended together

To: Aravind Gopalakrishnan <aravind.gopalakrishnan@xxxxxxx>
From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Date: Fri, 20 Jun 2014 22:33:22 -0400
Cc: keir@xxxxxxx, jbeulich@xxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Sat, 21 Jun 2014 02:32:24 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

+    while ( (error = install_equiv_cpu_table(mc_amd, buf, &tot_size,
+                                             &offset)) == 0 )
install_equiv_cpu_table() checks whether container size is largerthan the buffer size.
Not really.
It is basically checking if we have data at all to parse (like thecomment says:/* No more data */)
If we have multiple containers merged I think tot_size is the size ofthe merged file, not of an individual container.
That's right.
And this makes the first check in install_equiv_cpu_table() notespecially meaningful.
Theoretically-
If it so happens that we don't have any patch files and just thecontainer header,
then mpbuf->len would be zero and
 if ( mpbuf->len + CONT_HDR_SIZE >= *tot_size )
will fail in this case- (which gives some meaning to the check beingthere)1. If containers are concatenated, but there is no matching patch onthe first one
2. So, we fast-fwd to next container file but this one has mpbuf->len=0

So if you have two merged containers, the first one being 1K and thesecond one empty, then while processing the second container you willinstead of returning -EINVAL continue because 'if (0+12 >= 1K) ' willevaluate to false. And it seems to me that you then may well go beyondthe end of the buffer.

Which leads me to another scenario though-
1. If we do have multiple containers and if right patch is not on thefirst one, but on some subsequent container
2. If the first container has mpbuf->len=0
Then we'd just error out right there. Hmm.. I'll have to re-work thelogic then.

Isn't it the other way around? We won't error out, we will continue.Which is wrong.

Come to think, if the first container is corrupted for some reason andreturns error (or there's an -ENOMEM), then we are going to returnpre-maturelyInstead, we should probably (try to) forward to next container andlook for patches there as well.
Shall fix this logic in a v2..

BTW, it may be worth documenting container format in English. As itstands now, one has to look at the code to figure out the layout.


-boris


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86, amd_ucode: Support multiple container files appended together
  - From: Aravind Gopalakrishnan

References:
- [Xen-devel] [PATCH] x86, amd_ucode: Support multiple container files appended together
  - From: Aravind Gopalakrishnan
- Re: [Xen-devel] [PATCH] x86, amd_ucode: Support multiple container files appended together
  - From: Boris Ostrovsky
- Re: [Xen-devel] [PATCH] x86, amd_ucode: Support multiple container files appended together
  - From: Aravind Gopalakrishnan

Prev by Date: [Xen-devel] [xen-4.1-testing test] 27396: regressions - FAIL
Next by Date: Re: [Xen-devel] [PATCH v12 2/7] remus: add libnl3 dependency for network buffering support
Previous by thread: Re: [Xen-devel] [PATCH] x86, amd_ucode: Support multiple container files appended together
Next by thread: Re: [Xen-devel] [PATCH] x86, amd_ucode: Support multiple container files appended together
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.