[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-4.19?] xen: avoid UB in guest handle field accessors

On Mon, 2024-07-01 at 16:36 +0100, Andrew Cooper wrote:
> On 24/06/2024 1:28 pm, Jan Beulich wrote:
> > Much like noted in 43d5c5d5f70b ("xen: avoid UB in guest handle
> > arithmetic"), address calculations involved in accessing a struct
> > field
> > can overflow, too. Cast respective pointers to "unsigned long" and
> > convert type checking accordingly. Remaining arithmetic is, despite
> > there possibly being mathematical overflow, okay as per the C99
> > spec:
> > "A computation involving unsigned operands can never overflow,
> > because a
> > result that cannot be represented by the resulting unsigned integer
> > type
> > is reduced modulo the number that is one greater than the largest
> > value
> > that can be represented by the resulting type." The overflow that
> > we
> > need to guard against is checked for in array_access_ok().
> > 
> > While there add the missing (see {,__}copy_to_guest_offset()) is-
> > not-
> > const checks to {,__}copy_field_to_guest().
> > 
> > Typically, but not always, no change to generated code; code
> > generation
> > (register allocation) is different for at least
> > common/grant_table.c.
> > 
> > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>

~ Oleksii

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.