[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] device-tree: fix infinite loop issue in 'assign_shared_memory()'
- To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
- From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
- Date: Thu, 28 Aug 2025 10:31:17 +0200
- Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1756369877; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=RIg1iHkhHRg+2G6u/bDaBlzal/A0QpfpstAn580hB7Q=; b=aWMXpG211UJFz9KnU1niBfaNUEeH/uHmpsF9CoVDDPDjnY0QK9XSEjEuy4bctXIVIfr4 v0dV+U5trhVaDSCD4O55zNQRx+qXV4nTMAMmrIqQI8lkC4LWUo88TGS74rP7CXOvaFViP oiPq8aA8V+R/LGeqlmFNuVZp9j8HJ2LtNsu5TdxSJrYh/zrifaoRddWt1tCUhF0XPVzdn KIPxx8vJAlG/qnI0nJCvMdTtWKPp3EY23BJTrtnUAd6poVDJKIWWKwcw5DEwxSj9uz17l u3zw54GPcQa3+CXwcM3+dUSZ0O943+bACsITFODqRt+UeALhuLhKAQ8ZUKre/iOcWqIGt 0eH90wkc0cEUqSW+tC95UKf9/sdlEL0Ja86+FH8TLfSkBqG/EAF/Q4+u2Vf+WdoB/LcbK /jfnB2kfKzd46iUbqE6coX7iz7z635qvEs0w5rsMCj1/JJo4ZzeiTqq1su1Cqj3cj7EXI 9coUi/Y+PTCeIdf9UmtzqExCn/vNfoVdy2D77HymkBfakgvZ4uqC66xANHjEfGszwLLx9 vVi60xFM3otX8tDxfZpkzr2Bpp88QaaxHChr0Raq0rF8rTCxP3klWM3t6BSyzxjnijMzE KPMfy59gWhS3e0TNSFW9wu10N0B2ASWo2FqcFjsR0PSlSNaAuoTZC3G/IHacing=
- Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1756369877; b=ytu0Kq6bdMjTQCPv8Qw7amP68diu3a31xTuRtwt8z2ajKSOJZ/Cx6zQv+KDODZCk6/BR NvEpHspFGynhnTuiIIzY9xLzK6rhZP32E1aGdQDvFKLYb43NTKFL6qXQdhxKHBHYFTgVD rvbdHfnZRBB6WFCNtw4EztWgEVuoTLI6CCJlNJ11WdeB8FupcUYoVA0X8CJyx34FtSPVz CYFycthVNiSCpSj8fxSfffL/l2EPaGMtNvW026fbsnZLFzE/5QIqusZWx96apdZpBcvwi UDcJPu1DLA17OsRqkn2JhS0fNgQe/TSUiCIA8mksAasGMZwc9Cc2GVzY7joQSKse40rio +9H7yLI3F5LZpWxqxO2YC+/wcH93joJ9P0aRi5njWh64zbT5OdFR/kdp5drsq7c2CHvuf IK5Jime7XCKhypBc91pRGZKzk9up85kv/QxgofXWImBITTXj60c5l8KhPw3uE6s9Llk9x D5tnsNPKG5WifdKRR2CKKv1mMY7QZdRhEocaru3gJDh8F1gIlUEpe4weqdFjfwLXki7pG tLiB9wy6ahwlcaZg2ayXsBIfuvOL/xDybXF6cZi+vWzZMDAokxWs9LG3UkAigW6Yd39zn Zkm8vtZBTfBkeSgfeJB598x0loIOcMh8RIMzsFvjndHzqq9eLXu4oDoPuy15btI=
- Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47
- Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
- Delivery-date: Thu, 28 Aug 2025 08:31:29 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 2025-08-28 10:17, Dmytro Prokopchuk1 wrote:
Resolve infinite loop issue in the 'fail:' cleanup path of the function
'assign_shared_memory()'. The issue was caused by an 'unsigned long'
type
for the loop counter 'i', which could underflow and wrap around,
violating
termination conditions.
Change 'i' to a signed data type ('long') to ensure safe termination of
the 'while (--i >= 0)' loop.
Then this likely should have Fixes tag. The R14.3 violation was found
after adding CONFIG_UNSUPPORTED=y to analyze.yaml?
This change adheres to MISRA Rule R14.3: "Controlling expressions shall
not be invariant."
Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
---
xen/common/device-tree/static-shmem.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/common/device-tree/static-shmem.c
b/xen/common/device-tree/static-shmem.c
index 8023c0a484..b4c772466c 100644
--- a/xen/common/device-tree/static-shmem.c
+++ b/xen/common/device-tree/static-shmem.c
@@ -134,7 +134,8 @@ static int __init assign_shared_memory(struct
domain *d, paddr_t gbase,
{
mfn_t smfn;
int ret = 0;
- unsigned long nr_pages, nr_borrowers, i;
+ unsigned long nr_pages, nr_borrowers;
+ long i;
struct page_info *page;
paddr_t pbase, psize;
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
|