[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v4 01/21] AMD/IOMMU: correct potentially-UB shifts

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 25 Apr 2022 10:30:33 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=auT+iHb+14B5DSUBAnnO1f63YotPDBxUCIQdd1daVCQ=; b=KwUE1AYIyP3gjap9B32YKMnqeHp4fny8SovKioxF06tJnxP+yJpcwcM9BTJgDVOhPEqWkKz8wp/93BwT7a04GiJF5oyME0JZWwnyEVUa/uNnW2A5tFLWK86Ls52E5bRInJRLtYgHJoxGxMRzv1ed9u5721knwVbbkAEZISYti1LQ3PqS7zmU9v9bEwu1+Vn0Ek5o9hsRfB/ZS27t3L9KSeYnJHmJ6Lsf3h8nSVCR8NBtCAOi/ad9mOQHPUpy01MtWjmtNbxKO/vrDdUI58D5azA7/Y33zOfOYtVO3AS+f2OLXw9FNM4sH98YyWuOCSki6j3jyIP54XSXw7fXfeaoIA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W8ISYQKoqRhrdnvlD6ztHf03SR2TYQaYd+zN3O+7vR9MdyJem5BOf1Rs1E/TGlgk1lZP2GRjarvkPA6jkanIY0taYYaJ1/+Cscd74mHyFfmGagSa1RW0Ert//Sajd+RidRoshl326qo2gpBl4Fz+5+OjTfastat8aEniOCC/XcVbC7otQEl7KsFlKqyKuV45GpfT4d+BBeZgtpA//2pBAZu9RZXA3ZbslzamTdIrH0KSutMBjkbsyn0eqy4shhBW4Y0FLq24M/v26WGRcomsHzOCxenGvoH0MZQtYOL23MLYjhZL9RhsWB/mAJ5ueMCF9mkt8qP2XzYvJBsND1Me9A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Mon, 25 Apr 2022 08:30:41 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Recent changes (likely 5fafa6cf529a ["AMD/IOMMU: have callers specify
the target level for page table walks"]) have made Coverity notice a
shift count in iommu_pde_from_dfn() which might in theory grow too
large. While this isn't a problem in practice, address the concern
nevertheless to not leave dangling breakage in case very large
superpages would be enabled at some point.

Coverity ID: 1504264

While there also address a similar issue in set_iommu_ptes_present().
It's not clear to me why Coverity hasn't spotted that one.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
v4: New.

--- a/xen/drivers/passthrough/amd/iommu_map.c
+++ b/xen/drivers/passthrough/amd/iommu_map.c
@@ -89,11 +89,11 @@ static unsigned int set_iommu_ptes_prese
                                            bool iw, bool ir)
 {
     union amd_iommu_pte *table, *pde;
-    unsigned int page_sz, flush_flags = 0;
+    unsigned long page_sz = 1UL << (PTE_PER_TABLE_SHIFT * (pde_level - 1));
+    unsigned int flush_flags = 0;
 
     table = map_domain_page(_mfn(pt_mfn));
     pde = &table[pfn_to_pde_idx(dfn, pde_level)];
-    page_sz = 1U << (PTE_PER_TABLE_SHIFT * (pde_level - 1));
 
     if ( (void *)(pde + nr_ptes) > (void *)table + PAGE_SIZE )
     {
@@ -281,7 +281,7 @@ static int iommu_pde_from_dfn(struct dom
         {
             unsigned long mfn, pfn;
 
-            pfn =  dfn & ~((1 << (PTE_PER_TABLE_SHIFT * next_level)) - 1);
+            pfn = dfn & ~((1UL << (PTE_PER_TABLE_SHIFT * next_level)) - 1);
             mfn = next_table_mfn;
 
             /* allocate lower level page table */

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.