[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.18] x86/time: Fix UBSAN failure in __update_vcpu_system_time()


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Henry Wang <Henry.Wang@xxxxxxx>
  • Date: Thu, 2 Nov 2023 00:26:22 +0000
  • Accept-language: zh-CN, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l+xx6dDF8TT3KbcbkiNHfoWYhRPgmYTT5dC2i1/z2E4=; b=aK8iHgk+BMKkCuGN1HxCmnpnvqZL7EEgnKyZrDyKHLCJgDDHS+7P0mHb9/b+wnA1oZjokVHUeavQVi2mIMHtU1IGipWhC9JMPBtUb13CWZzylk+FjlLJn+BSsEoMCV+eA1Mkj5n81yb260Ug5QxCbFJ8C19qAjHc2fibloKRQyt00ctulrUDjDvtNzTaYcBlF3WRDbwAG3LFJaG6JZnHbuZfo94NnjqoCLO20WiYfIfY0PPlCvCj12N7597R13YDNAMVfOV2J9YD2Su7i94B8cVrv/27rjIS1fNxZSNlK6yn44xUgzGpxa9r1rXHVlpdrvw6/8TYUMol0Qfnykip3A==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l+xx6dDF8TT3KbcbkiNHfoWYhRPgmYTT5dC2i1/z2E4=; b=V5KmQJa57Zk4T2hTDUDaVTA7hVvvqtIShA5lk9EwUYtwO5/ymeOxHjmWkOCTJgGc/AemQVZLIjvBHewYa7Nw5AAIvfzC1mcsYYWwwoJbTXgk+mAsb7qSWrl3Xrh8xLRrdWFwDlU34zBPF5diypGfig5bHoMRx+LcIkAkinmUT7Tt08fRgI99nBiJ3Qgh0YHofFJI+oqtcatqYTgbYe3rcPIsy24MMoYykFi3oj+2q1+Zx/IfLCOGDxlURPi3OJvOgQ6XzyNFq3EYtxiC0dmm8ifPNsuefpCF7Hr50XAkkEirbtb1fzjjJ9sCn6tGlxUCm7CWV0UEcoK8KCxOMltL8A==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=e0W8Yp8LjE1x77fkHek3bP77BaQVl4PjgelCWifRxWniSHEhkfzA56hdlHaj0y0C/6Zg95UiB51JNEwjYwCu2352X+xq8CBCuufhuzPjUP9yLc2MhQSAy1SbBcWWCjPTPangVNA1B+Uwdk7WtgFUqowmGRdjh3rEAK/K9ZhI1RWt6cW6237WUYQOXqyFELuqPw6yJoBAvYrHw9TB4oqeCbgHF6UZtT/kkumBHbIXhwdIE/X28Xc6lOgyDg2v9MVM59xosspnuo59OQkAQz3nwa/1JhngMBaxoD/7Jw/vBNxknTw0KC8d/kdThVwRIa+8y8t8bMGdoLJwUzBJXMyjAg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MkaXXqwWZBeDCDKk0UcLluy7Khh5ITk4eWPIaEtx44G8717JAXJhC+QHKVnHMjyuJWp18naN1x1/Y2UxCdCA88mRhvCdhTfZK1DFvOJUqzACE7SqLQTJ93BiOYH4iR0Q76rWwLb0w0w8Q0Afr/aUabry9tTTiXQEv2iDW0ZtHTkrHKgy2hHA5zEnkYEsHY4g7bq+4oWIavQG208asPLeRNWf3h7l5GG+nyAcQBd74SfmghXrgu9bQ/1kfmNGF115DQeb1FUVXICKEAWTfdrhbQ5EXbOe8aUyH24yrPJgCN6exvghJCAH6uuH02DAjVQ9JmkBSTcFjeptVjfPYghOqQ==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 02 Nov 2023 00:26:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHaDQNMdo+Q+JMNb0ag5u1DRain9LBmLFYA
  • Thread-topic: [PATCH for-4.18] x86/time: Fix UBSAN failure in __update_vcpu_system_time()

Hi Andrew,

> On Nov 2, 2023, at 04:37, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> 
> As reported:
> 
>  (XEN) 
> ================================================================================
>  (XEN) UBSAN: Undefined behaviour in arch/x86/time.c:1542:32
>  (XEN) member access within null pointer of type 'union vcpu_info_t'
>  (XEN) ----[ Xen-4.19-unstable  x86_64  debug=y ubsan=y  Not tainted ]----
>  ...
>  (XEN) Xen call trace:
>  (XEN)    [<ffff82d040345036>] R common/ubsan/ubsan.c#ubsan_epilogue+0xa/0xd2
>  (XEN)    [<ffff82d0403456e8>] F __ubsan_handle_type_mismatch+0x133/0x49b
>  (XEN)    [<ffff82d040345b4a>] F __ubsan_handle_type_mismatch_v1+0xfa/0xfc
>  (XEN)    [<ffff82d040623356>] F 
> arch/x86/time.c#__update_vcpu_system_time+0x212/0x30f
>  (XEN)    [<ffff82d040623461>] F update_vcpu_system_time+0xe/0x10
>  (XEN)    [<ffff82d04062389d>] F 
> arch/x86/time.c#local_time_calibration+0x1f7/0x523
>  (XEN)    [<ffff82d0402a64b5>] F common/softirq.c#__do_softirq+0x1f4/0x31a
>  (XEN)    [<ffff82d0402a67ad>] F do_softirq+0x13/0x15
>  (XEN)    [<ffff82d0405a95dc>] F arch/x86/domain.c#idle_loop+0x2e0/0x367
>  (XEN)
>  (XEN) 
> ================================================================================
> 
> It is not valid to derive a pointer from vcpu_info() prior to checking that
> the underlying map pointer is good.
> 
> Reorder actions so the NULL pointer check is first.
> 
> Fixes: 20279afd7323 ("x86: split populating of struct vcpu_time_info into a 
> separate function")
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> CC: Wei Liu <wl@xxxxxxx>
> CC: Henry Wang <Henry.Wang@xxxxxxx>
> 
> 4.18 blocker, or we'll need to issue an XSA/CVE.

Release-acked-by: Henry Wang <Henry.Wang@xxxxxxx>

Kind regards,
Henry


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.