[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 4/8] x86/hvm: convert gsi_assert_count into a variable size array
>>> On 29.03.17 at 16:47, <roger.pau@xxxxxxxxxx> wrote: > Rearrange the fields of hvm_irq so that gsi_assert_count can be converted into > a variable size array and add a new field to account the number of GSIs. > > Due to this changes the irq member in the hvm_domain struct also needs to > become a pointer set at runtime. > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> with one possible adjustment: > --- a/xen/arch/x86/hvm/irq.c > +++ b/xen/arch/x86/hvm/irq.c > @@ -69,6 +69,7 @@ static void __hvm_pci_intx_assert( > return; > > gsi = hvm_pci_intx_gsi(device, intx); > + ASSERT(gsi < hvm_irq->nr_gsis); > if ( hvm_irq->gsi_assert_count[gsi]++ == 0 ) > assert_gsi(d, gsi); > > @@ -99,6 +100,7 @@ static void __hvm_pci_intx_deassert( > return; > > gsi = hvm_pci_intx_gsi(device, intx); > + ASSERT(gsi < hvm_irq->nr_gsis); > --hvm_irq->gsi_assert_count[gsi]; These ASSERT()s certainly don't make the situation worse after just this patch alone, but once the higher Dom0 count comes into play them turning into nothing on release builds is sub- optimal. In a few cases we've used (or at least have been considering using) something like if ( gsi >= hvm_irq->nr_gsis) { ASSERT_UNREACHABLE(); return; } to avoid the array overrun even in the release build case. Otoh it's only Dom0 which could actually cause this, so it wouldn't be a security issue as per our current classification. Andrew - do you have a specific opinion either way here? Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |