[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/gnttab: fix gnttab_acquire_resource()

To: Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Julien Grall <julien@xxxxxxx>
Date: Fri, 9 Sep 2022 09:56:56 +0100
Cc: Henry.Wang@xxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Fri, 09 Sep 2022 08:57:05 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Juergen,

On 09/09/2022 09:09, Juergen Gross wrote:

Commit 9dc46386d89d ("gnttab: work around "may be used uninitialized"
warning") was wrong, as vaddr can legitimately be NULL in case
XENMEM_resource_grant_table_id_status was specified for a grant table
v1. This would result in crashes in debug builds due to
ASSERT_UNREACHABLE() triggering.

Basically revert said commit, but keep returning -ENODATA in that case.

This commit was introduced to silence a compiler warning (treated aserror in Xen build system). As you revert it, did you check the saidcompiler (IIRC GCC 4.3) was still happy?

Fixes: 9dc46386d89d ("gnttab: work around "may be used uninitialized" warning")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
---
Might be considered for 4.17 and for backporting
---
  xen/common/grant_table.c | 14 +++-----------
  1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index ad773a6996..68e7f1df38 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -4125,7 +4125,10 @@ int gnttab_acquire_resource(

case XENMEM_resource_grant_table_id_status:

          if ( gt->gt_version != 2 )
+        {
+            rc = -ENODATA;
              break;
+        }

/* Check that void ** is a suitable representation for gt->status. */

          BUILD_BUG_ON(!__builtin_types_compatible_p(
@@ -4135,17 +4138,6 @@ int gnttab_acquire_resource(
          break;
      }

- /*

-     * Some older toolchains can't spot that vaddrs won't remain uninitialized
-     * on non-error paths, and hence it needs setting to NULL at the top of the
-     * function.  Leave some runtime safety.
-     */
-    if ( !vaddrs )
-    {
-        ASSERT_UNREACHABLE();
-        rc = -ENODATA;
-    }
-
      /* Any errors?  Bad id, or from growing the table? */
      if ( rc )
          goto out;


Looking at the code just below the loop is:

for ( i = 0; i < nr_frames; ++i )
   mfn_list[i] = virt_to_mfn(vaddrs[frame + 1]);

Given that 'nr_frames' is provided by the caller it is a bit unclear howwe guarantee that 'vaddrs' will not be NULL when nr_frames > 0.


Can you explain how you came to the conclusion that this is not possible?

Cheers,

--
Julien Grall

Follow-Ups:
- Re: [PATCH] xen/gnttab: fix gnttab_acquire_resource()
  - From: Juergen Gross

References:
- [PATCH] xen/gnttab: fix gnttab_acquire_resource()
  - From: Juergen Gross

Prev by Date: [qemu-mainline test] 173074: regressions - FAIL
Next by Date: Re: [PATCH] xen/gnttab: fix gnttab_acquire_resource()
Previous by thread: RE: [PATCH] xen/gnttab: fix gnttab_acquire_resource()
Next by thread: Re: [PATCH] xen/gnttab: fix gnttab_acquire_resource()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.