Xen project Mailing List

Re: [PATCH] device-tree: fix infinite loop issue in 'assign_shared_memory()'

To: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>

From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>

Date: Thu, 28 Aug 2025 10:31:17 +0200

Arc-authentication-results: i=1; bugseng.com; arc=none smtp.remote-ip=162.55.131.47

Arc-message-signature: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; c=relaxed/relaxed; t=1756369877; h=DKIM-Signature:MIME-Version:Date:From:To:Cc:Subject:In-Reply-To: References:Message-ID:X-Sender:Organization:Content-Type: Content-Transfer-Encoding; bh=RIg1iHkhHRg+2G6u/bDaBlzal/A0QpfpstAn580hB7Q=; b=aWMXpG211UJFz9KnU1niBfaNUEeH/uHmpsF9CoVDDPDjnY0QK9XSEjEuy4bctXIVIfr4 v0dV+U5trhVaDSCD4O55zNQRx+qXV4nTMAMmrIqQI8lkC4LWUo88TGS74rP7CXOvaFViP oiPq8aA8V+R/LGeqlmFNuVZp9j8HJ2LtNsu5TdxSJrYh/zrifaoRddWt1tCUhF0XPVzdn KIPxx8vJAlG/qnI0nJCvMdTtWKPp3EY23BJTrtnUAd6poVDJKIWWKwcw5DEwxSj9uz17l u3zw54GPcQa3+CXwcM3+dUSZ0O943+bACsITFODqRt+UeALhuLhKAQ8ZUKre/iOcWqIGt 0eH90wkc0cEUqSW+tC95UKf9/sdlEL0Ja86+FH8TLfSkBqG/EAF/Q4+u2Vf+WdoB/LcbK /jfnB2kfKzd46iUbqE6coX7iz7z635qvEs0w5rsMCj1/JJo4ZzeiTqq1su1Cqj3cj7EXI 9coUi/Y+PTCeIdf9UmtzqExCn/vNfoVdy2D77HymkBfakgvZ4uqC66xANHjEfGszwLLx9 vVi60xFM3otX8tDxfZpkzr2Bpp88QaaxHChr0Raq0rF8rTCxP3klWM3t6BSyzxjnijMzE KPMfy59gWhS3e0TNSFW9wu10N0B2ASWo2FqcFjsR0PSlSNaAuoTZC3G/IHacing=

Arc-seal: i=1; d=bugseng.com; s=openarc; a=rsa-sha256; cv=none; t=1756369877; b=ytu0Kq6bdMjTQCPv8Qw7amP68diu3a31xTuRtwt8z2ajKSOJZ/Cx6zQv+KDODZCk6/BR NvEpHspFGynhnTuiIIzY9xLzK6rhZP32E1aGdQDvFKLYb43NTKFL6qXQdhxKHBHYFTgVD rvbdHfnZRBB6WFCNtw4EztWgEVuoTLI6CCJlNJ11WdeB8FupcUYoVA0X8CJyx34FtSPVz CYFycthVNiSCpSj8fxSfffL/l2EPaGMtNvW026fbsnZLFzE/5QIqusZWx96apdZpBcvwi UDcJPu1DLA17OsRqkn2JhS0fNgQe/TSUiCIA8mksAasGMZwc9Cc2GVzY7joQSKse40rio +9H7yLI3F5LZpWxqxO2YC+/wcH93joJ9P0aRi5njWh64zbT5OdFR/kdp5drsq7c2CHvuf IK5Jime7XCKhypBc91pRGZKzk9up85kv/QxgofXWImBITTXj60c5l8KhPw3uE6s9Llk9x D5tnsNPKG5WifdKRR2CKKv1mMY7QZdRhEocaru3gJDh8F1gIlUEpe4weqdFjfwLXki7pG tLiB9wy6ahwlcaZg2ayXsBIfuvOL/xDybXF6cZi+vWzZMDAokxWs9LG3UkAigW6Yd39zn Zkm8vtZBTfBkeSgfeJB598x0loIOcMh8RIMzsFvjndHzqq9eLXu4oDoPuy15btI=

Authentication-results: bugseng.com; arc=none smtp.remote-ip=162.55.131.47

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>

Delivery-date: Thu, 28 Aug 2025 08:31:29 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 2025-08-28 10:17, Dmytro Prokopchuk1 wrote:

Resolve infinite loop issue in the 'fail:' cleanup path of the function

'assign_shared_memory()'. The issue was caused by an 'unsigned long'typefor the loop counter 'i', which could underflow and wrap around,violating

termination conditions.
Change 'i' to a signed data type ('long') to ensure safe termination of
the 'while (--i >= 0)' loop.

Then this likely should have Fixes tag. The R14.3 violation was found

after adding CONFIG_UNSUPPORTED=y to analyze.yaml?

This change adheres to MISRA Rule R14.3: "Controlling expressions shall
not be invariant."

Signed-off-by: Dmytro Prokopchuk <dmytro_prokopchuk1@xxxxxxxx>
---
 xen/common/device-tree/static-shmem.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/common/device-tree/static-shmem.cb/xen/common/device-tree/static-shmem.c

index 8023c0a484..b4c772466c 100644
--- a/xen/common/device-tree/static-shmem.c
+++ b/xen/common/device-tree/static-shmem.c

@@ -134,7 +134,8 @@ static int __init assign_shared_memory(structdomain *d, paddr_t gbase,

 {
     mfn_t smfn;
     int ret = 0;
-    unsigned long nr_pages, nr_borrowers, i;
+    unsigned long nr_pages, nr_borrowers;
+    long i;
     struct page_info *page;
     paddr_t pbase, psize;

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.