|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH] ioreq: Assert with out of bounds vCPU ID
A 4K page appears to be able to hold 128 ioreq entries, which luckly
matches the current vCPU limit. However, if we decide to increase the
domain vCPU limit, that doesn't hold anymore and this function would now
silently create a out of bounds pointer leading to confusing problems.
All architectures have no more than 128 as vCPU limit on HVM guests,
and have pages that are at most 4 KB, so this case doesn't occurs in
with the current limits.
Assert if the vCPU ID will lead to a out of bounds pointer.
No functional change.
Reported-by: Julian Vetter <julian.vetter@xxxxxxxxxx>
Signed-off-by: Teddy Astie <teddy.astie@xxxxxxxxxx>
---
Not sure if this is the best approach, perhaps preventing compilation if the
vCPU limit is higher than what the ioreq page can hold is preferable ?
xen/common/ioreq.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/xen/common/ioreq.c b/xen/common/ioreq.c
index f5fd30ce12..b2ef46ed7b 100644
--- a/xen/common/ioreq.c
+++ b/xen/common/ioreq.c
@@ -99,6 +99,7 @@ static ioreq_t *get_ioreq(struct ioreq_server *s, struct vcpu
*v)
ASSERT((v == current) || !vcpu_runnable(v));
ASSERT(p != NULL);
+ ASSERT(v->vcpu_id < (PAGE_SIZE / sizeof(struct ioreq)));
return &p->vcpu_ioreq[v->vcpu_id];
}
--
2.51.2
--
Teddy Astie | Vates XCP-ng Developer
XCP-ng & Xen Orchestra - Vates solutions
web: https://vates.tech
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |