WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH 2 of 4] xentrace: fix type of offset to avoid ouf

To: Olaf Hering <olaf@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH 2 of 4] xentrace: fix type of offset to avoid ouf-of-bounds access
From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date: Thu, 26 May 2011 11:05:42 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, George Dunlap <george.dunlap@xxxxxxxxxx>
Delivery-date: Thu, 26 May 2011 03:07:53 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=T/jTWoKFRn5+p46GbLwuulmKhh7PcLaZDzjzwZqDfsQ=; b=mj4nqaETsvqjOQoXX3iJuYaRh5MT0tCWMOEU5xBf/quI6GOoAFp43MYEFx7ID5hV63 O3pwrc0MAHUYqFycPGQBhKzxTKe2kfpKILUeIzFpQ9G+bwh/vbCpTd4X26OeB4L1yYX0 ZeCzSkBWhgskUe9BpEOMlkweXbi/NlrQu0Gkc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=ppzKYHiXlhuLCnYS5MQ997ta82a4wrEV/rnqMgur3wWEwEZjqm4f8nSALUkFNt+ZtP yOHAimt5cyR6IU8yMo9Z+pNU0uvSmauQJl8OOOWOTs1q2VA/xtnzWpu5EeXggUxMidkk skgJEP8ySO+EahAnnJbkLrWmzRCpKTTs2suAc=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <575bf78214ef193e4480.1305037957@localhost>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <patchbomb.1305037955@localhost> <575bf78214ef193e4480.1305037957@localhost>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Acked-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>

On Tue, May 10, 2011 at 3:32 PM, Olaf Hering <olaf@xxxxxxxxx> wrote:
> # HG changeset patch
> # User Olaf Hering <olaf@xxxxxxxxx>
> # Date 1305037381 -7200
> # Node ID 575bf78214ef193e44806aa9766e084d721783b5
> # Parent  8ac937fa527b28243227193bf4749feb3a234c2c
> xentrace: fix type of offset to avoid ouf-of-bounds access
>
> Update the type of the local offset variable to match the type where
> this variable is stored. Also update the type of t_info_first_offset because
> it has also a limited range.
>
> Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
>
> diff -r 8ac937fa527b -r 575bf78214ef xen/common/trace.c
> --- a/xen/common/trace.c        Tue May 10 16:23:00 2011 +0200
> +++ b/xen/common/trace.c        Tue May 10 16:23:01 2011 +0200
> @@ -106,7 +106,7 @@ static uint32_t calc_tinfo_first_offset(
>  * The t_info layout is fixed and cant be changed without breaking xentrace.
>  * Initialize t_info_pages based on number of trace pages.
>  */
> -static int calculate_tbuf_size(unsigned int pages, uint32_t 
> t_info_first_offset)
> +static int calculate_tbuf_size(unsigned int pages, uint16_t 
> t_info_first_offset)
>  {
>     struct t_buf dummy_size;
>     typeof(dummy_size.prod) max_size;
> @@ -170,8 +170,8 @@ static int alloc_trace_bufs(unsigned int
>     int i, cpu, order;
>     /* Start after a fixed-size array of NR_CPUS */
>     uint32_t *t_info_mfn_list;
> -    uint32_t t_info_first_offset;
> -    int offset;
> +    uint16_t t_info_first_offset;
> +    uint16_t offset;
>
>     if ( t_info )
>         return -EBUSY;
> @@ -179,7 +179,7 @@ static int alloc_trace_bufs(unsigned int
>     if ( pages == 0 )
>         return -EINVAL;
>
> -    /* Calculate offset in u32 of first mfn */
> +    /* Calculate offset in units of u32 of first mfn */
>     t_info_first_offset = calc_tinfo_first_offset();
>
>     pages = calculate_tbuf_size(pages, t_info_first_offset);
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel