Xen project Mailing List

[Xen-devel] [PATCH] x86/monitor: minor left-shift undefined behavior checks

From: Corneliu ZUZU <czuzu@xxxxxxxxxxxxxxx>

Date: Thu, 18 Feb 2016 12:53:43 +0200

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

Delivery-date: Thu, 18 Feb 2016 10:53:53 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=DMpnffEW2K7C5JxwWDv4Yn7GWK/Z5ynMXTByBMV3EWWzewzyh8g+WStItLRqqu5J7KyRWmdl6XwsFw7b1LuJGp0kSiaQHhvP3ZrgarH2Nd05FdOKRDsLL5UumAFBe8irZLS0w0n1Y2Qw0CuNXuLwmX/ZCjGRPxl0h/Q771wCR5vv+BbZl66bwGdBmWv+KIuvh5VJrAWJC/4C5rAhIskDw+BN/vrXyxkKdCo6SXhTDUobKdZrEQCMlYOZ3+OfqwfuzElAamq9Hib00VeLXedAn7sKt6MsF5ma9owFUuJcSwA1fe5lCN2FYVlHDK3PQBwm1Ddh2qNOKsqyxMJJrYhjNg==; h=Received:Received:Received:Received:Received:From:To:Cc:Subject:Date:Message-Id:X-Mailer:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;

List-id: Xen developer discussion <xen-devel.lists.xen.org>

This minor patch adds a range-check to avoid left-shift caused undefined behavior. Also replaces '1 <<' w/ '1U <<' @ x86 monitor.h in an effort to avoid a future potential '1 << 31' that would cause a similar issue. Signed-off-by: Corneliu ZUZU <czuzu@xxxxxxxxxxxxxxx> --- xen/arch/x86/monitor.c | 13 +++++++++---- xen/include/asm-x86/monitor.h | 10 +++++----- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c index a507edb..b4bd008 100644 --- a/xen/arch/x86/monitor.c +++ b/xen/arch/x86/monitor.c @@ -32,10 +32,15 @@ int arch_monitor_domctl_event(struct domain *d, { case XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG: { - unsigned int ctrlreg_bitmask = - monitor_ctrlreg_bitmask(mop->u.mov_to_cr.index); - bool_t old_status = - !!(ad->monitor.write_ctrlreg_enabled & ctrlreg_bitmask); + unsigned int ctrlreg_bitmask; + bool_t old_status; + + /* sanity check: avoid left-shift undefined behavior */ + if ( unlikely(mop->u.mov_to_cr.index > 31) ) + return -EINVAL; + + ctrlreg_bitmask = monitor_ctrlreg_bitmask(mop->u.mov_to_cr.index); + old_status = !!(ad->monitor.write_ctrlreg_enabled & ctrlreg_bitmask); if ( unlikely(old_status == requested_status) ) return -EEXIST; diff --git a/xen/include/asm-x86/monitor.h b/xen/include/asm-x86/monitor.h index c789f71..f1bf4bd 100644 --- a/xen/include/asm-x86/monitor.h +++ b/xen/include/asm-x86/monitor.h @@ -40,14 +40,14 @@ static inline uint32_t arch_monitor_get_capabilities(struct domain *d) if ( !is_hvm_domain(d) || !cpu_has_vmx ) return capabilities; - capabilities = (1 << XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG) | - (1 << XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR) | - (1 << XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT) | - (1 << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST); + capabilities = (1U << XEN_DOMCTL_MONITOR_EVENT_WRITE_CTRLREG) | + (1U << XEN_DOMCTL_MONITOR_EVENT_MOV_TO_MSR) | + (1U << XEN_DOMCTL_MONITOR_EVENT_SOFTWARE_BREAKPOINT) | + (1U << XEN_DOMCTL_MONITOR_EVENT_GUEST_REQUEST); /* Since we know this is on VMX, we can just call the hvm func */ if ( hvm_is_singlestep_supported() ) - capabilities |= (1 << XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP); + capabilities |= (1U << XEN_DOMCTL_MONITOR_EVENT_SINGLESTEP); return capabilities; } -- 2.5.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.