[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH] xen/vpci: Fix UB in mask_write
- To: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- From: Mykyta Poturai <Mykyta_Poturai@xxxxxxxx>
- Date: Wed, 6 Nov 2024 12:26:55 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uqGMfKXQm0rTh++zwIjh7vpRxxaU+KD1aOJ3YCb+cc8=; b=BmO8R9W0DWPLR/uWwXDIKG6KlpQnj75T7HDUWIksiRWyH/W0WX26xtUkDAdfn9IdwxF9vJAKjOi1g0EGHQtku8ZQ/jcEKv7WbHjNzgmi82GkkwyCFOYhFH4WFqwTk7BHlgYyo6MQHoVXeZvIT3pZgIqncar+eBjzkgV8spgsH4t0vuSLULMtlN//5AMpTP789QoqhJxEGdhU+/afQvqkZHhyiTh+JXu7NOIbEKQ4oHhLMqt+kXM35AmGyYScXC6yVJWfIhPaHLjgZtxEC5vX11rqtqyHwb/89H4HDIyCsGO58i9e0oepQupB3TMlSdD5Acp2Jqlc1k68mJ4KVXsY7A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CgWdCKOZUYQeciKGMhAP9sh043Y4sUzzXD2sUTUDcjJN01kS/K8R5xrC2WsbMktWSGwnveO3sIu10NHPi/T/z3I0dwQ6F4VfwQajSd91DqUuzGQuoX1u2wmqJoT72kNRmhxGCqW0LBfOXGqanvSU+mijBZGcKaaVJ/e4UnCADaD1KQGPzl+kH2IJCUQ3zNhRO1LEOZoPv2nOd3vB5zaX/aIpX3gyWhNwkxLULtvZgbAS0hOC0BsSWJuTl5/TVyXKaPiuM7Le0+bJ8QrAIFPDIqPw+fS4xB0ptjwf3u3p6N99fKBz6IL2BNDZCI+K0DFiUNFiu+JO/SfRNntSEaUp3A==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 06 Nov 2024 12:27:06 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHbMCKf4QVge+H9k02dX4ZlwzpGqLKp9EiAgAACIoCAAChLAIAAD1kA
- Thread-topic: [XEN PATCH] xen/vpci: Fix UB in mask_write
On 06.11.2024 10:07, Roger Pau Monné wrote:>
> Wait - how can msi->vectors ever be 0? AFAICT there's no way in the
> MSI logic to configure 0 vectors, there will always be at least 1 vector
> enabled.
>
> Maybe what you want, if this fix is for compliance reasons, is an
> assert unreachable that msi->vectors > 0?
I did some investigation and figured out that the value of 0 is being
set by guest writing to msi_control_reg. As far as I understand, the
control_write() function only checks that vectors are not greater than
the maximum allowed value, but does not check for 0.
So I am not sure if this is a valid scenario or not. Is this incorrect
guest behavior and it should be forbidden from setting vectors to 0
and enable to 1 at the same time?
On 06.11.24 13:31, Jan Beulich wrote:
>
> Which raises a question as to (lack of) context: Was this spotted by
> mere code inspection? Or by a static analyzer? If so, which one? That
> may help figure whether some workaround like the one suggested is
> necessary, or whether it can simply be left alone.
>
> Jan
I have found this while porting the PCI passthrough patches to Xen 4.20.
After checking the previous version which was on 4.18 it seems that
on it msi->vectors are also set to 0 but nothing breaks due to it being
the explicit end of the loop. So I have assumed that setting it to 0 is
a valid scenario.
I am testing all of this on Rcar Gen4 boards.
Mykyta
|
