Xen project Mailing List

Re: [PATCH 1/6] xen/trace: Don't over-read trace objects

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 20 Sep 2021 10:00:59 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dyevKjBK76O5ncYs/3yqDWIl6YXimggBjpRUnzmX/UU=; b=hitddAUXiJRCzk8iyt9NjIUPoqk8//6TQMn8TzKRDg9ZTHHs1Mz39usVpjjt9BFG7Ehm4FOa7+4bWQsCs6IQi8HKBLj+tmbAwv0eUpYrK3cl0H3yqiC2Ke8o5scUOyg+igl3dqJOqKhxQeRXa3ve4PuP/hNyQf6BW0J54NpH4Aq+eR1O38jTdAiwS6Q/Y6LwmXjjbWIuONBSwKykcRTFJFKYT2EftJx4TncrGeddjnnKMf1d5evG9ch8zV0xYOJmLKcS/mh53FafM/1wq/8FotJD6O9hEHRUrXzpOUOa5/81Fmvpa2mP9DgqjcJIjYr17TsK0ku0Feo+zS19gBkFbw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UC7rOPcUN5aCkojKf6l1VAWgaGb71zMZ6pu6RDBisMY6+RhF7i4OMFf9cvB9HqlPbyxWLxhFRgmI91r3teTd8vFK7vB+g2kjEVWJQ3+Vwb/He3D1x06+gd9e8rdl6nhtTwsoaA1dsTqgLMZhOqvNrWp4eAwOLBIxh9MADrDL877A4BCXEKkpYvVlri+Cp8g3Vsp93xxG5hjJrSfzDNwLPwwdFFyPIFGiv28JNhgCazUx7h+Nov44FFWSZxEZ97fSz2X0K3h5EvTFQmfS3+bqawXr2xMufBOE37vTivhizpnqo3oxc1UG+zZT4Ybl/bW3Syw8lyPHTrpgtJxF5MXkVg==

Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;

Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Dario Faggioli <dfaggioli@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 20 Sep 2021 08:01:15 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 17.09.2021 15:26, Andrew Cooper wrote: > On 17/09/2021 13:58, Jan Beulich wrote: >> On 17.09.2021 10:45, Andrew Cooper wrote: >>> --- a/xen/common/trace.c >>> +++ b/xen/common/trace.c >>> @@ -686,22 +686,21 @@ void __trace_var(u32 event, bool_t cycles, unsigned >>> int extra, >>> unsigned long flags; >>> u32 bytes_to_tail, bytes_to_wrap; >>> unsigned int rec_size, total_size; >>> - unsigned int extra_word; >>> bool_t started_below_highwater; >>> >>> if( !tb_init_done ) >>> return; >>> >>> - /* Convert byte count into word count, rounding up */ >>> - extra_word = (extra / sizeof(u32)); >>> - if ( (extra % sizeof(u32)) != 0 ) >>> - extra_word++; >>> - >>> - ASSERT(extra_word <= TRACE_EXTRA_MAX); >>> - extra_word = min_t(int, extra_word, TRACE_EXTRA_MAX); >>> - >>> - /* Round size up to nearest word */ >>> - extra = extra_word * sizeof(u32); >>> + /* >>> + * Trace records require extra data which is an exact multiple of >>> + * uint32_t. Reject out-of-spec records. Any failure here is an >>> error in >>> + * the caller. >>> + */ >> Hmm, is "require" accurate? > > In terms of "what will go wrong if this condition is violated", yes. > >> They may very well come without extra data >> afaics. > > 0 is fine, and used by plenty of records, and also permitted by the > filtering logic. I was about to say that the two parts of your reply contradict one another, when I finally realized that it looks like the first sentence in the comment can be read two ways: "Trace records require extra data" then going on to describe properties, or "Trace records require extra data to be an exact multiple of uint32_t." Obviously this is to me as a non-native speaker. But maybe you could still reword this to be unambiguous? (I'm not going to exclude that the lack of a comma, which I did silently add while reading, makes a difference here: Does "Trace records require extra data, which is an exact multiple of uint32_t" end up altering the meaning?) Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.