[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/3] xen/common: llc-coloring: Fix off-by-one in parse_color_config()
- To: Michal Orzel <michal.orzel@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Thu, 9 Apr 2026 12:47:13 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=y6Zvtn+ZQQ9XXES2Ko5NN7Qt68GnFrmqrpOHfcBVcpI=; b=qhEIRaHk+RyGn9v9JA30964IjXm48wM/FALl8sAfEdcehEMjV3e9P1Uut6Vsu+g792fjS6TdxXv5kcnxeQOG8jRdO64tZ8xolGRoHYybuwgwoyHzNZ/6G+w4xzq3hEyAduAyV8bP67ufVh/1SScdpp+mzvnFV1yok+xiDMbKSAt0AV7O8ylgJth6+vH5jlTQHf6w3XGHVDVwAnVP5L6sP6roU/jXApvV3bB9gkUK2q6s2YBBPRqE+Va+X+yclcTRicy6yrxyzicZPzfu2EAk8OJxvw59l8opO2xz+ll58cz70cjyA/0q225tKW6zA0biNPgdt4TvhZiIb3M+sH0q/A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=v8p6aV7hkIe0XkM9WyB7X3rirr9aL5L+fgV1Nn7iPG/gzbJUthsSidRMqR94OgkdIcwFUuKKprfZBEN5i8D7BT/TnFi2Qv7v76iGt2cYYKpOEN5MrxxGRdL4CXY+rb29/FQr2GI2SwQ1MRMjpkxsNyKK8YTqp00tKGySSsyz9CiHN2WLducB5iqU+122chIKkXv1slUCrT/+cCohpK0btux7QYLxDiKxXC7rC9i42HGxMBeQ4mQ4R/gLfiTBkTKcR2HXW6+MaxtVzXwiQF24R8SU6bTk8caqdoJ3MlBz4rSr7+jFySDZ9aaCXTQL2QvMwz4fdjhKwXGCfmztrstrLg==
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
- Delivery-date: Thu, 09 Apr 2026 11:47:24 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 09/04/2026 12:39 pm, Michal Orzel wrote:
> The check uses >= to compare the total number of colors against
> max_num_colors (which is ARRAY_SIZE of the colors array). This
> incorrectly rejects input that would exactly fill the array.
>
> For example, with NR_LLC_COLORS=16, specifying 1 color for Xen and 15
> for dom0 would fail.
>
> Change >= to > so that exactly filling the array is permitted.
>
> Fixes: 95ef5ddf8a ("xen/arm: add Dom0 cache coloring support")
> Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
> ---
> xen/common/llc-coloring.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/xen/common/llc-coloring.c b/xen/common/llc-coloring.c
> index eb7c72b24023..30c1594dac9f 100644
> --- a/xen/common/llc-coloring.c
> +++ b/xen/common/llc-coloring.c
> @@ -78,7 +78,7 @@ static int __init parse_color_config(const char *buf,
> unsigned int colors[],
>
> if ( end >= NR_LLC_COLORS || start > end ||
> (end - start) >= (UINT_MAX - *num_colors) ||
> - (*num_colors + (end - start + 1)) >= max_num_colors )
> + (*num_colors + (end - start + 1)) > max_num_colors )
> return -EINVAL;
>
> /* Colors are range checked in check_colors() */
This boundary was changed by
https://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=cba8a584de171c8c4510709c2edc9f1cf86b21ab
because it was off-by-one.
Are you saying that the analysis in that patch was wrong?
~Andrew
|
