[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xen: clamp bitmaps to correct number of bits

On Thu, 2012-09-06 at 15:47 +0100, Jan Beulich wrote:
> >>> On 06.09.12 at 15:48, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> > On Thu, 2012-09-06 at 13:23 +0100, Jan Beulich wrote:
> >> >>> On 06.09.12 at 13:56, Ian Campbell <ian.campbell@xxxxxxxxxx> wrote:
> >> > +/* Ensure that the last byte is zero from nbits onwards. */
> >> > +static void clamp_last_byte(uint8_t *bp, int nbits)
> >> > +{
> >> > +        int lastbyte = nbits/8;
> >> > +        int remainder = nbits % 8;
> >> > +        int mask = ((1U<<remainder)-1)&0xff;
> >> 
> >> While I realize the callers use plain int, I'd be very much in favor
> >> of not continuing this bad practice (the more that you use 1U
> >> already) - simply make the parameter and all locals (assuming
> >> you really think they're useful; I would have omitted all but
> >> "remainder", given they're being used just once) unsigned.
> > 
> > I'll fold them in, it was convenient to have variables while I was
> > printk'ing what I was doing but not any more.
> 
> I won't ask you for another round because of this, but you
> still left the parameter and remaining local variable as plain
> int,

Sorry, I forgot this bit after I nuked the variables. I've respun
(below)

>  nor did you insert whitespace into the expressions. If I
> were the one to commit this, I would do the adjustment while
> committing...

This whole file seems to use Linux coding style which is why I omitted
spaces inside the if. I made the mask "(1U << remainder) - 1" and
simultaneously drop the superfluous extra brackets in v2 left over from
removing &0xff. 

> 
> Anyway, as long as there's no easily visible tools side bug
> addressed by this, I would think we should rather leave this
> for after branching - Keir?

I'm fine with that.

Ian

8<-----------------------------------------------

# HG changeset patch
# User Ian Campbell <ian.campbell@xxxxxxxxxx>
# Date 1346947834 -3600
# Node ID adf93d46186bb9b4d39aa195cf3b2445499c87a1
# Parent  6458749bcd38365bc30ae8adac608619e6eec382
xen: clamp bitmaps to correct number of bits

Valgrind running xl create reports:
 ==24777== Invalid read of size 4
 ==24777==    at 0x4072805: libxl__get_numa_candidate (libxl_numa.c:203)
 ==24777==    by 0x40680B6: libxl__build_pre (libxl_dom.c:166)
 ==24777==    by 0x405B82E: libxl__domain_build (libxl_create.c:323)
 ==24777==    by 0x405BB9C: domcreate_bootloader_done (libxl_create.c:747)
 ==24777==    by 0x407AD27: bootloader_local_detached_cb 
(libxl_bootloader.c:281)
 ==24777==    by 0x40508D8: local_device_detach_cb (libxl.c:2470)
 ==24777==    by 0x4052B10: libxl__device_disk_local_initiate_detach 
(libxl.c:2445)
 ==24777==    by 0x407AE9F: bootloader_callback (libxl_bootloader.c:265)
 ==24777==    by 0x407C69A: libxl__bootloader_run (libxl_bootloader.c:392)
 ==24777==    by 0x405CB24: do_domain_create (libxl_create.c:687)
 ==24777==    by 0x405CC5E: libxl_domain_create_new (libxl_create.c:1177)
 ==24777==    by 0x805BDE2: create_domain (xl_cmdimpl.c:1812)
 ==24777==  Address 0x42dbdd8 is 8 bytes after a block of size 48 alloc'd
 ==24777==    at 0x4023340: calloc (vg_replace_malloc.c:593)
 ==24777==    by 0x406D479: libxl__zalloc (libxl_internal.c:88)
 ==24777==    by 0x404EF38: libxl_get_cpu_topology (libxl.c:3707)
 ==24777==    by 0x4072232: libxl__get_numa_candidate (libxl_numa.c:314)
 ==24777==    by 0x40680B6: libxl__build_pre (libxl_dom.c:166)
 ==24777==    by 0x405B82E: libxl__domain_build (libxl_create.c:323)
 ==24777==    by 0x405BB9C: domcreate_bootloader_done (libxl_create.c:747)
 ==24777==    by 0x407AD27: bootloader_local_detached_cb 
(libxl_bootloader.c:281)
 ==24777==    by 0x40508D8: local_device_detach_cb (libxl.c:2470)
 ==24777==    by 0x4052B10: libxl__device_disk_local_initiate_detach 
(libxl.c:2445)
 ==24777==    by 0x407AE9F: bootloader_callback (libxl_bootloader.c:265)
 ==24777==    by 0x407C69A: libxl__bootloader_run (libxl_bootloader.c:392)

This is because with nr_cpus=4 the bitmask returned from Xen
contains 0xff rather than 0x0f bit our bitmap walking routines (e.g.
libxl_for_each_set_bit) round up to the next byte (so it iterates
e.g. 8 times not 4). This then causes us to access of the end of
whatever array we are walking through each set bit for.

The principal of least surprise suggests that these bits ought not to
be set and this is not a hot path so fix this at the hypervisor layer
by clamping the bits in the returned bitmap to the correct limit.

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---

The impact of this seems to be fairly benign in practice, so I'm not
sure about it for 4.2.0. Could leave to 4.2.1?

Dario,

Any chance you could look at the libxl bitmap functions in 4.3 and
make them use the right limit (i.e. nr_bits not (nr_bits+7)/8?

Thanks,
Ian.

diff -r 6458749bcd38 -r adf93d46186b xen/common/bitmap.c
--- a/xen/common/bitmap.c       Thu Sep 06 17:04:25 2012 +0100
+++ b/xen/common/bitmap.c       Thu Sep 06 17:10:34 2012 +0100
@@ -38,6 +38,21 @@
  * for the best explanations of this ordering.
  */
 
+/*
+ * If a bitmap has a number of bits which is not a multiple of 8 then
+ * the last few bits of the last byte of the bitmap can be
+ * unexpectedly set which can confuse consumers (e.g. in the tools)
+ * who also round up their loops to 8 bits. Ensure we clear those left
+ * over bits so as to prevent surprises.
+ */
+static void clamp_last_byte(uint8_t *bp, unsigned int nbits)
+{
+       unsigned int remainder = nbits % 8;
+
+       if (remainder)
+               bp[nbits/8] &= (1U << remainder) - 1;
+}
+
 int __bitmap_empty(const unsigned long *bitmap, int bits)
 {
        int k, lim = bits/BITS_PER_LONG;
@@ -485,6 +500,7 @@ void bitmap_long_to_byte(uint8_t *bp, co
                        nbits -= 8;
                }
        }
+       clamp_last_byte(bp, nbits);
 }
 
 void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits)
@@ -507,6 +523,7 @@ void bitmap_byte_to_long(unsigned long *
 void bitmap_long_to_byte(uint8_t *bp, const unsigned long *lp, int nbits)
 {
        memcpy(bp, lp, (nbits+7)/8);
+       clamp_last_byte(bp, nbits);
 }
 
 void bitmap_byte_to_long(unsigned long *lp, const uint8_t *bp, int nbits)




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.