[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2 of 4] xentrace: fix type of offset to avoid ouf-of-bounds access

  • To: Olaf Hering <olaf@xxxxxxxxx>
  • From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
  • Date: Thu, 26 May 2011 11:05:42 +0100
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, George Dunlap <george.dunlap@xxxxxxxxxx>
  • Delivery-date: Thu, 26 May 2011 03:07:53 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=ppzKYHiXlhuLCnYS5MQ997ta82a4wrEV/rnqMgur3wWEwEZjqm4f8nSALUkFNt+ZtP yOHAimt5cyR6IU8yMo9Z+pNU0uvSmauQJl8OOOWOTs1q2VA/xtnzWpu5EeXggUxMidkk skgJEP8ySO+EahAnnJbkLrWmzRCpKTTs2suAc=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Acked-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>

On Tue, May 10, 2011 at 3:32 PM, Olaf Hering <olaf@xxxxxxxxx> wrote:
> # HG changeset patch
> # User Olaf Hering <olaf@xxxxxxxxx>
> # Date 1305037381 -7200
> # Node ID 575bf78214ef193e44806aa9766e084d721783b5
> # Parent  8ac937fa527b28243227193bf4749feb3a234c2c
> xentrace: fix type of offset to avoid ouf-of-bounds access
>
> Update the type of the local offset variable to match the type where
> this variable is stored. Also update the type of t_info_first_offset because
> it has also a limited range.
>
> Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
>
> diff -r 8ac937fa527b -r 575bf78214ef xen/common/trace.c
> --- a/xen/common/trace.c        Tue May 10 16:23:00 2011 +0200
> +++ b/xen/common/trace.c        Tue May 10 16:23:01 2011 +0200
> @@ -106,7 +106,7 @@ static uint32_t calc_tinfo_first_offset(
>  * The t_info layout is fixed and cant be changed without breaking xentrace.
>  * Initialize t_info_pages based on number of trace pages.
>  */
> -static int calculate_tbuf_size(unsigned int pages, uint32_t 
> t_info_first_offset)
> +static int calculate_tbuf_size(unsigned int pages, uint16_t 
> t_info_first_offset)
>  {
>     struct t_buf dummy_size;
>     typeof(dummy_size.prod) max_size;
> @@ -170,8 +170,8 @@ static int alloc_trace_bufs(unsigned int
>     int i, cpu, order;
>     /* Start after a fixed-size array of NR_CPUS */
>     uint32_t *t_info_mfn_list;
> -    uint32_t t_info_first_offset;
> -    int offset;
> +    uint16_t t_info_first_offset;
> +    uint16_t offset;
>
>     if ( t_info )
>         return -EBUSY;
> @@ -179,7 +179,7 @@ static int alloc_trace_bufs(unsigned int
>     if ( pages == 0 )
>         return -EINVAL;
>
> -    /* Calculate offset in u32 of first mfn */
> +    /* Calculate offset in units of u32 of first mfn */
>     t_info_first_offset = calc_tinfo_first_offset();
>
>     pages = calculate_tbuf_size(pages, t_info_first_offset);
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.