[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH] xen/vpci: Fix UB in mask_write
- To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- From: Mykyta Poturai <Mykyta_Poturai@xxxxxxxx>
- Date: Mon, 11 Nov 2024 12:21:32 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Xr+91tTKpUbVd+SK71h0guGfK6SqdYIMAO319HNtcK8=; b=nBitSAihMJOHDAGeqesdDnQm8cBZfrHntS1D1WlAcILKFSvOEqV54MHVNW0yyjz4flVzxwrXLCK4NN8YFMS9duNx6Qi7tJ9Zmzrj743jra2fcLSPym7PUL1phFnF6i0K75Xgps4sq24TQWxiTcP/tzAdnIFP+vgi4K6oz/uQT8gUukFu3g6SzUwpI0kuCZF8QrDqHcRJH0qjOuBkrWPGvvRIazMvAZ2GhYpOTblmUnyBeJRYZJgp4XHo7OWw2kTT2xj2h/ZM3hGLxXcR/ofE4vrNVax1F86PnozQqlNE+LUMDt5JYY4KafLWYt7qMCaChsVGn0kTtIHcsRc1jNLD3w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=B2o8hIv5NurcgJ4n94VgSV/JsdqY2hioKVk9/CQq5SVwsjX/5NwNocIJ7FjmjtrEJ8Tj6MFXwPAYpjR6nDJCb+u02sfgs51DvDMB/GiuisIXG/ZECqytUXZbc/KYP+UZpGmi+0hhiq/Qgcmz+bikFttCNP/bas/rXaH0zX/KpCkDz7HZbyyhLyCUSZdr1onne31lp8u5MG+Ip0j/WQAKMmYfmB4zTUPLXMnmYbWvjQON3fqehmzcM/1d7s+axEONrNuK010B9PVbLegxDgI1uM5V2LcStaUHP6DygJ9/50n/2sFgND5W/N1jDvA6gKaphqOhmHixlqAYzKI+35g6Hw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
- Cc: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Mon, 11 Nov 2024 12:21:44 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Thread-index: AQHbMCKf4QVge+H9k02dX4ZlwzpGqLKp9EiAgAACIoCAAChLAIAAD1kAgAAEXgCAAB6ggIAABvkAgAewKgA=
- Thread-topic: [XEN PATCH] xen/vpci: Fix UB in mask_write
On 06.11.24 16:57, Roger Pau Monné wrote:
>
> Let's try to figure out what causes msi_maxvec to be 0 in your case
> and then we can see how to better detect this. If msi_maxvec needs to
> be checked it should likely be done in init_msi().
>
> Regards, Roger.
Hi everyone,
So I have done some more investigations, and I think it finally makes
sense. The real cause of my crashes was a long-standing bug in yet to be
upstreamed vpci patches where the register value and offset were swapped
by mistake. And this bug was hidden for a long time because mask_write
skipped actually doing anything, respecting vectors = 0, so I failed to
spot it from the get-go.
Regarding msi_maxvec there seems to be an implicit dependency between
CONFIG_HAS_VPCI and CONFIG_HAS_PCI_MSI. If HAS_PCI_MSI=n, then
pdev_msi_init gets replaced with a stub and msi_maxvec remains 0, but it
is still used in control_write unconditionally.
I see two possible solutions to this: either adding an explicit
dependency or, if msi_maxvec can't be 0 anyway, always initializing it
to 1. But I am not sure which one is better.
Mykyta
|
