[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [XEN PATCH] xen/vpci: Fix UB in mask_write
On Thu, Nov 07, 2024 at 10:25:02AM +0100, Jan Beulich wrote: > On 06.11.2024 13:26, Mykyta Poturai wrote: > > On 06.11.2024 10:07, Roger Pau Monné wrote:> > >> Wait - how can msi->vectors ever be 0? AFAICT there's no way in the > >> MSI logic to configure 0 vectors, there will always be at least 1 vector > >> enabled. > >> > >> Maybe what you want, if this fix is for compliance reasons, is an > >> assert unreachable that msi->vectors > 0? > > > > I did some investigation and figured out that the value of 0 is being > > set by guest writing to msi_control_reg. As far as I understand, the > > control_write() function only checks that vectors are not greater than > > the maximum allowed value, but does not check for 0. > > How that? How could it even check for 0, when 0 isn't possible? Quoting > the code there: > > unsigned int vectors = min_t(uint8_t, > 1u << MASK_EXTR(val, PCI_MSI_FLAGS_QSIZE), > pdev->msi_maxvec); > > "val" in the guest written value. As that's used as a shift count, how > could 0 result there? The only way I can see 0 ending up in vectors is > when pdev->msi_maxvec was still zero. Yet that's then a bug in device > initialization. See followup emails, I've arrived at the same conclusion and Mykyta confirmed it's msi_maxvec that's indeed 0. Still waiting for them to figure out why msi_maxvec is 0. Thanks, Roger.
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |