[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 1/5] xen/bitmap: fix bitmap_fill with zero-sized bitmap

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 6 May 2019 16:50:17 +0200
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>
Delivery-date: Mon, 06 May 2019 15:03:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

When bitmap_fill(..., 0) is called, do not try to write anything. Before
this patch, it tried to write almost LONG_MAX, surely overwriting
something.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
---
Found while debugging framebuffer located above 4GB. In that case 32bit
variable for it overflows and framebuffer initialization zeroed
unrelated memory. Specifically, it hit mbi->mods_count, so later on
bitmap_fill(module_map, mbi->mods_count) in __start_xen() crashed.
---
 xen/include/xen/bitmap.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/include/xen/bitmap.h b/xen/include/xen/bitmap.h
index fe3c720..0430c1c 100644
--- a/xen/include/xen/bitmap.h
+++ b/xen/include/xen/bitmap.h
@@ -126,6 +126,8 @@ static inline void bitmap_fill(unsigned long *dst, int 
nbits)
        size_t nlongs = BITS_TO_LONGS(nbits);
 
        switch (nlongs) {
+       case 0:
+               break;
        default:
                memset(dst, -1, (nlongs - 1) * sizeof(unsigned long));
                /* fall through */
-- 
git-series 0.9.1

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/5] xen/bitmap: fix bitmap_fill with zero-sized bitmap
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH 1/5] xen/bitmap: fix bitmap_fill with zero-sized bitmap
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH 0/5] Fixes for large framebuffer, placed above 4GB
  - From: Marek Marczykowski-Górecki

Prev by Date: [Xen-devel] [PATCH 2/5] drivers/video: drop unused limits
Next by Date: [Xen-devel] [PATCH 3/5] drivers/video: Drop framebuffer size constraints
Previous by thread: Re: [Xen-devel] [PATCH 2/5] drivers/video: drop unused limits
Next by thread: Re: [Xen-devel] [PATCH 1/5] xen/bitmap: fix bitmap_fill with zero-sized bitmap
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.