Xen project Mailing List

Re: [PATCH v5 02/11] xen/arm: avoid repetitive checking in process_shm_node

To: Penny Zheng <Penny.Zheng@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Michal Orzel <michal.orzel@xxxxxxx>

Date: Wed, 6 Dec 2023 12:35:00 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=arm.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/VxlAYorZ6hx9bTDrrfqZmv9S+meKM/WoC3ZESJsK4M=; b=fgsQhFTdM7vnUc/HPylgFSoqwRa45YqlZ4m6OGp0viAYEe9TTq8nw5NKNanyEE3WCh+bfj48pArJ8IV1vMaOLW+wstd8m0cTljFrJDGlHp90gP2JwLvlDe+v9cOauR584JhcCqFwnuIEFyCIW/vyza4jiu4tYGL1EECdLoz/y//K8W4tP5tdxDUWThqQT7xx3j3esetLN2kR+xDeKdycdxZyyubxQs46aSE60IlDAsDUZwPtYg+mA11Kn9WQ7u4w9NWLESlo42Wgdf/as9MCvvoKqVgZxf0f/T22imuMTg0j0F2247Z+2IR63X3BojyINS2JlME7dM1W+LZ8RXad1A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TTOpLn2pxbrsEigyr3ZARwkJ5a9fScBamm5qw9UVQRa8yYpMDWszSH5Pr9g/q2WUPBC/q0cKwCATvfrUnVV+HbAgUtzSka/5og7J13LrbTLS1z2RcrcPWxCgOnd9SFm5VHn9OgUWGu7klPJWA+J0OEWMiQiZasIr73mZmFwwIfo9VIEKM9lptbpwTzuZ8T4klT3IjD21qZEWNG0bw6Fo77+5ParK0sGyJZUblmt1BRb+S+DCbN5mIKGgXUzMU5gy54Al1YdwGWG+B53lPufWWrub9tPPRUfvlQcnGhMXe+sZ/byJkRh5WF0bfys/03GOKSmoE7IFZVOnsKWQMPr7Ug==

Cc: <wei.chen@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Wed, 06 Dec 2023 11:35:12 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Penny, On 06/12/2023 10:06, Penny Zheng wrote: > > > Putting overlap and overflow checking in the loop is causing repetitive > operation, so this commit extracts both checking outside the loop. > > Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx> In general the patch looks good to me: Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx> That said, there are 2 things I realized during review. > --- > v6: > new commit > --- > xen/arch/arm/static-shmem.c | 39 +++++++++++++++---------------------- > 1 file changed, 16 insertions(+), 23 deletions(-) > > diff --git a/xen/arch/arm/static-shmem.c b/xen/arch/arm/static-shmem.c > index cb268cd2ed..1a1a9386e4 100644 > --- a/xen/arch/arm/static-shmem.c > +++ b/xen/arch/arm/static-shmem.c > @@ -349,7 +349,7 @@ int __init process_shm_node(const void *fdt, int node, > uint32_t address_cells, > { > const struct fdt_property *prop, *prop_id, *prop_role; > const __be32 *cell; > - paddr_t paddr, gaddr, size; > + paddr_t paddr, gaddr, size, end; > struct meminfo *mem = &bootinfo.reserved_mem; > unsigned int i; > int len; > @@ -422,6 +422,13 @@ int __init process_shm_node(const void *fdt, int node, > uint32_t address_cells, > return -EINVAL; > } > > + end = paddr + size; > + if ( end <= paddr ) > + { > + printk("fdt: static shared memory region %s overflow\n", shm_id); > + return -EINVAL; > + } > + > for ( i = 0; i < mem->nr_banks; i++ ) > { > /* > @@ -441,30 +448,13 @@ int __init process_shm_node(const void *fdt, int node, > uint32_t address_cells, > return -EINVAL; > } > } > + else if ( strcmp(shm_id, mem->bank[i].shm_id) != 0 ) > + continue; > else > { > - paddr_t end = paddr + size; > - paddr_t bank_end = mem->bank[i].start + mem->bank[i].size; > - > - if ( (end <= paddr) || (bank_end <= mem->bank[i].start) ) You are iterating over reserved memory regions in general, so apart from shmem regions there might be truly /reserved ones. It appears that we don't have overflow check in device_tree_get_meminfo, so this second check was the only place to detect that (protected by a feature, so not very useful) :) This is just an observation and I agree to drop it. We should be checking for an overflow in device_tree_get_meminfo. The second observation I made is that we don't seem to assign and check the return code from device_tree_for_each_node. This means, that any error while parsing the early fdt (e.g. static shm issues) does not stop Xen from booting, which might result in strange behavior later on. If others agree, I'm ok to send a fix for that. ~Michal

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.