[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v9 1/8] xen/common: introduce a new framework for save/restore of 'domain' context

To: paul@xxxxxxx
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Tue, 13 Oct 2020 13:44:50 +0200
Cc: 'Andrew Cooper' <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, 'Paul Durrant' <pdurrant@xxxxxxxxxx>, 'Julien Grall' <julien@xxxxxxx>, 'George Dunlap' <george.dunlap@xxxxxxxxxx>, 'Ian Jackson' <ian.jackson@xxxxxxxxxxxxx>, 'Stefano Stabellini' <sstabellini@xxxxxxxxxx>, 'Wei Liu' <wl@xxxxxxx>, 'Volodymyr Babchuk' <Volodymyr_Babchuk@xxxxxxxx>, 'Roger Pau Monné' <roger.pau@xxxxxxxxxx>
Delivery-date: Tue, 13 Oct 2020 11:44:55 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 05.10.2020 10:03, Paul Durrant wrote:
>> From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> Sent: 02 October 2020 22:20
>>
>> On 24/09/2020 14:10, Paul Durrant wrote:
>>> +int domain_save_end(struct domain_context *c)
>>> +{
>>> +    struct domain *d = c->domain;
>>> +    size_t len = ROUNDUP(c->len, DOMAIN_SAVE_ALIGN) - c->len; /* padding */
>>
>> DOMAIN_SAVE_ALIGN - (c->len & (DOMAIN_SAVE_ALIGN - 1))
>>
>> isn't vulnerable to overflow.
>>
> 
> ...and significantly uglier code. What's actually wrong with what I wrote?

I don't think there's anything "wrong" or "vulnerable" here, but
I still can see Andrew's point. The "vulnerable" aspect applies
only in the (highly hypothetical I think) cases of either
sizeof(size_t) < sizeof(int) or size_t being a signed type, afaict.
But since it's easy (and imo not "significantly uglier") to write
code that is free of any wrapping or overflowing behavior, I
think it is sensible to actually write it that way.

Jan

References:
- Re: [PATCH v9 1/8] xen/common: introduce a new framework for save/restore of 'domain' context
  - From: Andrew Cooper
- RE: [PATCH v9 1/8] xen/common: introduce a new framework for save/restore of 'domain' context
  - From: Paul Durrant

Prev by Date: Re: [PATCH v2 2/6] x86: reduce CET-SS related #ifdef-ary
Next by Date: Re: [PATCH v9 6/8] common/domain: add a domain context record for shared_info...
Previous by thread: RE: [PATCH v9 1/8] xen/common: introduce a new framework for save/restore of 'domain' context
Next by thread: Re: [PATCH v9 1/8] xen/common: introduce a new framework for save/restore of 'domain' context
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.