[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[XEN PATCH] xen/vpci: Fix UB in mask_write

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Mykyta Poturai <Mykyta_Poturai@xxxxxxxx>
  • Date: Wed, 6 Nov 2024 08:05:19 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Pn7wSdWlSZGzjxlyLqWviHvXcweDVYrt/uwijGWzxoY=; b=vQycoSpeTCT9hVW0yvThGLjuYCQOzNTVtkREeErYCroewT9Zfj7LBC016fUYGI5FmNyU9uYvQJap5ew4xk1Cox/4Pv2QW0gUAmeExBf0dO9+mHczVcThJpKzQecFdoMf/5p4sArK9uB0PPCRj77qdTJqbvw6JJDwRUYhDrs/VVTi0Na8ez1GyJ7yr8IB5W6Z10wC5vhKW5K9nnzFGBn2toGiQvPT0+SpwkRAudUBE0m8WsT3SHbfO56pH74/uzQy3SB9FrK3cY9iRtXQNxocoXFC5WcouQJtR25UBACDTIy5rRhYYlE0Sb3aXotv0KTNjI1kBWznCiI570kBgKJ1ww==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ap00gm3mPYT9snOiWYVhUFaatO7l4FNowGNkOLER71OeihbI5nqtHSVaddIB63Fgi7+/eoODMx9451XefuQ5J7CkpUM43c/inP6bXGrxviB4+2REUXNGK6HwvV6ICYiIMfjjANyj4PwNfJ2ttorcenWe9kIZj2BEGm/ElZzN112pshJXMMh5HhMp3F3HwA7nWstx7MQbWGuU5KqqBW9XK8Y+Z1mZJLpiLs9ecbdvmK2QaGAhS2XBlNOTctszySyZ1saBtlAlCMtkHD30HcrRjok4BuWLOg5SZCKOIoK9uuqhYBGBpjxxS5UvlGcXNepqenyIYC/3AB5rOkmA4fZftw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Mykyta Poturai <Mykyta_Poturai@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Wed, 06 Nov 2024 08:05:46 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHbMCKf4QVge+H9k02dX4ZlwzpGqA==
  • Thread-topic: [XEN PATCH] xen/vpci: Fix UB in mask_write
During the construction of dmask value, it gets shifted by
(32 - msi->vectors) bits. If msi->vectors is 0, the result of the shift
becomes undefined due to shifting by a size of the type. While this
works fine on x86, on ARM the resulting mask becomes 0xFFFFFFFF, which
is incorrect.

Fix this by adding an explicit check for msi->vectors == 0.

Signed-off-by: Mykyta Poturai <mykyta_poturai@xxxxxxxx>
---
 xen/drivers/vpci/msi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/drivers/vpci/msi.c b/xen/drivers/vpci/msi.c
index 7bda47e7fc..787296fd42 100644
--- a/xen/drivers/vpci/msi.c
+++ b/xen/drivers/vpci/msi.c
@@ -172,7 +172,7 @@ static void cf_check mask_write(
     struct vpci_msi *msi = data;
     uint32_t dmask = msi->mask ^ val;
 
-    if ( !dmask )
+    if ( !dmask || msi->vectors == 0 )
         return;
 
     if ( msi->enabled )
-- 
2.34.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.