[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH] xen/vpci: Fix UB in mask_write
- To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- From: Mykyta Poturai <Mykyta_Poturai@xxxxxxxx>
- Date: Wed, 6 Nov 2024 14:32:13 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=D2jS3YFSDVwMR4MCij1kqd9LS89we+Pb26VysOxdMS4=; b=guggDLDn35e8i5wus8pz58Kc8V16A6CEd5tXZdb03IRsOkc3gC464pxxqCJdhhUvAf0G0hscZRKNVWrRpAB6BftPDhm1Ev3K2XutdeZ9y4W9Y9Y7ocILQl5ZMDOcTnj43poPsTOyIYe0cBLol/DkiDy+zIn6UrYF98VMhvcPYaoX7KYqQjoO5pB4f8COyc/nBY/5FhhQr6fdsJ+Z1kf0R7RluGWlHRqXNzaIQNcUcOFrKcMXphObX27FfpPJkRRJb6+UfPD8BVCpLqX/EAN+49L2LnjC/0UzU0KXAFyfpJl0PveSukAAkkyik5n8Sp6aerJNBu6+d7pRDOxzNlZTzQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=alHGsTpE191ZOnGsr+zMB9DQvlA7eUIlDB46DJA55jAxAjLCAJW1EJfs6ieqYGCtYt2Od4wbzQ9BSRru6F1uTg5qYRAhGsBa8OR8IqgciUbPUvJSPHH/q7TX/iC5hDg8RH4hPehtuQ1cnV7B7RmrL8mIfHaALz3r9G1X7870786GYtsb9gG005OSEvpmgNw4To9OgJbqfzzlwKlcUIO90Z4eaamSlIDaPeLyItSbMCwScssLQ+6gRQhPhEOykl2a22J4Vxc0oHPu7b1tnPdOdOETDYaXyDmorKSN+2DCpdTPBZrmjcXiZ5lxtMqcQwhkJrMnvfwDtVI+4vISY2XhwQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Wed, 06 Nov 2024 14:32:45 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHbMCKf4QVge+H9k02dX4ZlwzpGqLKp9EiAgAACIoCAAChLAIAAD1kAgAAEXgCAAB6ggA==
- Thread-topic: [XEN PATCH] xen/vpci: Fix UB in mask_write
On 06.11.24 14:42, Roger Pau Monné wrote:
> On Wed, Nov 06, 2024 at 12:26:55PM +0000, Mykyta Poturai wrote:
>> On 06.11.2024 10:07, Roger Pau Monné wrote:
>>> Wait - how can msi->vectors ever be 0? AFAICT there's no way in the
>>> MSI logic to configure 0 vectors, there will always be at least 1 vector
>>> enabled.
>>>
>>> Maybe what you want, if this fix is for compliance reasons, is an
>>> assert unreachable that msi->vectors > 0?
>>
>> I did some investigation and figured out that the value of 0 is being
>> set by guest writing to msi_control_reg. As far as I understand, the
>> control_write() function only checks that vectors are not greater than
>> the maximum allowed value, but does not check for 0.
>
> control_write() will set vectors to (1UL << val), so even if user
> provides val == 0, vectors will be 1.
>
> Can you provide an example input value of control_write() that will
> lead to msi->vectors == 0?
>
> Is maybe msi_maxvec not set correctly in your use case if you indeed
> see vectors == 0?
>
> Thanks, Roger.
Indeed, I have checked and msi_maxvec is set to 0. Thanks for pointing
this out. I will investigate further why this is happening. It is quite
strange that it somehow worked on 4.18 with the same problem.
I will change the check to an assert then, so if something similar
happens again it can be caught earlier.
Mykyta
|
