[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] device-tree: fix infinite loop issue in 'assign_shared_memory()'

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Dmytro Prokopchuk1 <dmytro_prokopchuk1@xxxxxxxx>
  • Date: Thu, 28 Aug 2025 09:01:28 +0000
  • Accept-language: en-US, uk-UA, ru-RU
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m1pVTqEwqo04a7XIAi1BP6JzpupGuwX7dTZeMjUnZoo=; b=LSq1OP0V+fJoUi3T+R+E6S9Qly1ss+SCEkaGHvk29sGKZaGv4yDRaUDSMdp1Nk8P5z7R2fRARnwIeFqloQqurFJANPdJ+xrDTcvcsNQVCulhzlPeOBKV51zOIdI8h1yZwRHiOXHuaBd7XebcxZlKbrdgRUDQR1EVI85m//a5u+Hv+doG8Fj5j2Y+pEdOilQCJdlCuFjdPSzQE4B09E5yhF3vu6wYIsobvuUWgJUKQEYk5N9eXh2hJHHu1EEvVETHwUTS/za9RlivFCS+idIQo2PQTyTjbwlt0lMY3fbk/QxCdCL2kBr45S2YEaLfCQvBboZhLmPMYL3uwH0bFMbLyQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=T4T60U8wv6A+s414rsQXU2pD7Ol6BMWAgENtVECm4LA491jYVeOVnngbObAN5a3zhAZ6idW3CnellSMfAWg+hgNt6rQcs/KrvOJxoADNoYxLaKlQ1INW6gT8A8J1Eb3Vx8bKIPJ78vZn8p1L+I7Uho0tmPM5M+xP1cl/qMZya77mZajfQlrnb8f/kd+NZPk7KyOubZ8f1MwRn/FbkaaaVVrn1uL65AWHBO0C8vpzIkxCK0jhEULsdVSCRoZKsp6n6F8jLEMQkzusUot/ZvV46IzqTIui05Oz/r7ikSLKvhhG0PPoS4+c1+vHvSbLa9Jk7wwwVNeGy1PE6ZYNU2FXPQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 28 Aug 2025 09:01:43 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHcF/Q482rbLahQD0qhywmRaenDcbR3v1QAgAAFb4A=
  • Thread-topic: [PATCH] device-tree: fix infinite loop issue in 'assign_shared_memory()'

On 8/28/25 11:42, Jan Beulich wrote:
> On 28.08.2025 10:17, Dmytro Prokopchuk1 wrote:
>> Resolve infinite loop issue in the 'fail:' cleanup path of the function
>> 'assign_shared_memory()'. The issue was caused by an 'unsigned long' type
>> for the loop counter 'i', which could underflow and wrap around, violating
>> termination conditions.
>> Change 'i' to a signed data type ('long') to ensure safe termination of
>> the 'while (--i >= 0)' loop.
> 
> If I was a maintainer of this code, I would strongly object to such a change.
> A signed type variable used as (effectively) an array index is almost always
> conceptually wrong. Plus i continues to be compared to nr_pages, which still
> is of an unsigned type.
> 
> What imo wants changing instead is the use of the variable:
> 
>   fail:
>      while ( i-- > 0 )
>          put_page_nr(page + i, nr_borrowers);
> 
> or yet more simply
> 
>   fail:
>      while ( i-- )
>          put_page_nr(page + i, nr_borrowers);
> 
> See e.g. prepare_staticmem_pages() for a similar case.
> 
> Jan

I had the such thought...
Thanks for advice. I will change it.

Dmytro.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.