[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/5] xen/bitmap: fix bitmap_fill with zero-sized bitmap



>>> On 06.05.19 at 16:50, <marmarek@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> When bitmap_fill(..., 0) is called, do not try to write anything. Before
> this patch, it tried to write almost LONG_MAX, surely overwriting
> something.
> 
> Signed-off-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

I'm embarrassed, seeing that commit d8a7694e5a ("bitmap_*() should
cope with zero size bitmaps") changed the code to its present shape,
but left the issue un-addressed here despite its title.

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

> Found while debugging framebuffer located above 4GB. In that case 32bit
> variable for it overflows and framebuffer initialization zeroed
> unrelated memory. Specifically, it hit mbi->mods_count, so later on
> bitmap_fill(module_map, mbi->mods_count) in __start_xen() crashed.

The origin of your problem being a truncation one, it seems pretty
clear to me that if we want to be able to gracefully handle that,
then we need to stop using plain int in all the involved functions.
I'm curious though which bitmap_fill() it was that you saw misbehave:
There's no such call at all in xen/drivers/video/, and I'm also having
a hard time seeing how the address (rather than the size) of the
frame buffer could be involved here.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.