Xen project Mailing List

Re: [PATCH 2/5] llc-coloring: improve checking while parsing

To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 7 Apr 2026 11:49:26 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=biOqghbDfwMe3yFuMk5+Lryn4VJSb1aKAF7P5vXXWkw=; b=agAfJCfx109AEkCV4LVHYt9GhshwDUFR/3tjCPvYuadbufeSGWafTUiMB0J8GG0DuE6dNvuHsfE6NwETCypppsao5nG39gWwnARxEk5Z6+qUbGmH0ByqY6y2ICuhUU/y4bBWB5vdWbU6uYKIcnfsEq3mRQYP/gUDIhhQG2R5bNqeRnzJtWFf+YRcRLUiKBRKxVAE+NLNf8q76UtPhcWwCJG9Q0AnAxrI2eZaf9OZNNHr+6LEhGw6c3MRHgq4ZG+Fwooi/hjx6sM5Sk+FWBAor0yvAiQykEzQpAUJf19jb/yKXmUwADGVmshMaVVgycsCw56gqOMLmFiimPNXyoUvDw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=zRYiNjid0QOkqhhbO+oI5qzAStROVUw0aV7ubXE4m7i0Q0HB92S98aggEjDmxXla1xA3lRFQGjWjPT9pnQo2pGgaIny5u2Sjdyb3gIt3McHnOfLj4ey+Xj8/wwQNlr49Qdvn4FpwMhmFhwpvS+eAr4ymlXXkkCtqXjhuqB+Ru/QKnC/gsv62p78MB53Kn8qj20hxzUBWj+uv5u2Ld2I8GrRSJlieKolFgGJT8K+A1Vbud8Mcw7NZjZSTHdk1N4a9a6Fa8z9TmLfr03wudPpQ2RWnY7+ydFdNTkzBnHbs2ttBkeRWaHiNW814+jh5xCDaf9NLDyOHHgX3rNZOOj/7HA==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Kamil Frankowicz <kamil.frankowicz@xxxxxxx>

Delivery-date: Tue, 07 Apr 2026 10:52:36 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 07/04/2026 11:37 am, Jan Beulich wrote: > On 07.04.2026 12:30, Andrew Cooper wrote: >> On 24/03/2026 4:37 pm, Jan Beulich wrote: >>> We can easily avoid the risk of wrapping UINT_MAX <-> 0 by applying a >>> check against the compile-time-constant maximum number of colors. >>> >>> Additionally the overflow checks suffered from an off-by-1, as the parsed >>> ranges are inclusive (e.g. end == start being possible, requiring 1 array >>> slot, while availability of 0 slots was checked in that case). >>> >>> Fixes: 6cdea3444eaf ("xen/arm: add Dom0 cache coloring support") >>> Reported-by: Kamil Frankowicz <kamil.frankowicz@xxxxxxx> >>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> >>> >>> --- a/xen/common/llc-coloring.c >>> +++ b/xen/common/llc-coloring.c >>> @@ -76,8 +76,9 @@ static int __init parse_color_config(con >>> else /* Single value */ >>> end = start; >>> >>> - if ( start > end || (end - start) > (UINT_MAX - *num_colors) || >>> - (*num_colors + (end - start)) >= max_num_colors ) >>> + if ( end >= NR_LLC_COLORS || start > end || >>> + (end - start) >= (UINT_MAX - *num_colors) || >>> + (*num_colors + (end - start + 1)) >= max_num_colors ) >>> return -EINVAL; >>> >>> /* Colors are range checked in check_colors() */ >>> >> I think this is correct, so Acked-by: Andrew Cooper >> <andrew.cooper3@xxxxxxxxxx> > Thanks. > >> However, the parsing logic is also ridiculous. Most of the complexity >> comes because of parsing a bitmap but storing it longhand in an array of >> unsigned ints. >> >> Instead, the global variables default_colors, dom0_colors and xen_colors >> should be bitmaps sized by NR_LLC_COLORS, and d->llc_colours should be a >> bitmap sized by xen_num_colors (which itself is bound by NR_LLC_COLORS). >> >> With the default of 32 colours, this would involve no memory allocation >> at all, even on 32bit builds of Xen. > It's pretty space inefficient, yes, but the parsing wouldn't become simpler > when using bitmaps, would it? Yes it would. The current logic has opencoded bitmap helpers, and removing *num_colors simplifies all the boundary conditions (you simply don't need a cursor when collecting into a real bitmap.) ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.