[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/3] x86/vmx: introduce vmx_find_msr()



>>> On 22.02.17 at 09:45, <sergey.dyasli@xxxxxxxxxx> wrote:
> On Wed, 2017-02-22 at 08:40 +0000, Tian, Kevin wrote:
>> > From: Sergey Dyasli [mailto:sergey.dyasli@xxxxxxxxxx]
>> > Sent: Wednesday, February 22, 2017 4:38 PM
>> > 
>> > > > 
>> > > > -    for ( idx = 0; idx < *msr_count; idx++ )
>> > > > +    for ( idx = 0; (*msr_area)[idx].index <= msr && idx < *msr_count; 
>> > > > idx++ 
> )
>> > > 
>> > > risk of out-of-boundary access.
>> > 
>> > How exactly out-of-bounds access is possible? The original condition
>> > 
>> >     idx < *msr_count
>> > 
>> > Is still being checked on each loop iteration.
>> > 
>> 
>> Isn't "(*msr_area[idx]).index <= msr" checked before "idx < *msr_count"?
>> 
>> So if idx==*msr_count, you first hit an out-of-boundary access...
>> 
>> I think we should change the condition order here.
>> 
> 
> You are right. I will fix this in v3.

And with that taken care of
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.