[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxc: fix uninitialised usage of rc in meminit_hvm

To: Ian Campbell <ian.campbell@xxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Wed, 3 Feb 2016 10:42:51 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Roger Pau Monne <royger@xxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 03 Feb 2016 10:42:56 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Wed, Feb 03, 2016 at 10:30:54AM +0000, Ian Campbell wrote:
> On Tue, 2016-02-02 at 12:37 +0000, Wei Liu wrote:
> > On Tue, Feb 02, 2016 at 12:33:20PM +0100, Roger Pau Monne wrote:
> > > From: Roger Pau Monne <royger@xxxxxxxxxxx>
> > > 
> > > Due to the HVMlite changes there's a chance that the value in rc is
> > > checked
> > > without being initialised. Fix this by initialising it to 0.
> > > 
> > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> > > Reported-by: Olaf Hering <olaf@xxxxxxxxx>
> > 
> > Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> 
> This is CID 1351229, I think?
> 

Yes, I think so.

> ** CID 1351229:  Uninitialized variables  (UNINIT)
> > /tools/libxc/xc_dom_x86.c: 1443 in meminit_hvm()
> > 
> > 
> > ________________________________________________________________________________________________________
> > *** CID 1351229:  Uninitialized variables  (UNINIT)
> > /tools/libxc/xc_dom_x86.c: 1443 in meminit_hvm()
> > 1437                 cur_pages = 0xc0;
> > 1438                 stat_normal_pages += 0xc0;
> > 1439             }
> > 1440             else
> > 1441                 cur_pages = vmemranges[vmemid].start >> PAGE_SHIFT;
> > 1442     
> > >>>     CID 1351229:  Uninitialized variables  (UNINIT)
> > >>>     Using uninitialized value "rc".
> > 1443             while ( (rc == 0) && (end_pages > cur_pages) )
> > 1444             {
> > 1445                 /* Clip count to maximum 1GB extent. */
> > 1446                 unsigned long count = end_pages - cur_pages;
> > 1447                 unsigned long max_pages = SUPERPAGE_1GB_NR_PFNS;
> > 1448    
> 
> Note that this while loop ends with:
>         if ( rc != 0 )
>             break;
> and there are no continue statements.
> 
> Therefore I wonder if we would be better off removing the rc == 0 part of
> the loop condition?
> 

No, there is no if ( rc != 0 )  inside the said while loop.  That "if"
is for the outer for loop.

We could add a test for the while loop, if that looks clearer to you.

> The issue with this patch is the usual one that it will hide other
> unintentional uses of rc before it is set to a good value.
> 
> This issue was exposed by a prior "rc = xc_domain_populate_physmap_exact"
> becoming conditional on device_model. What is also concerning is the lack
> of error checking on that call -- is it really ok to just barrel on under
> these circumstance?
> 

Yeah, that should ideally be fixed, too.

Wei.

> Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH v10 3/9] libxc: allow creating domains without emulated devices.
  - From: Olaf Hering
- [Xen-devel] [PATCH] libxc: fix uninitialised usage of rc in meminit_hvm
  - From: Roger Pau Monne
- Re: [Xen-devel] [PATCH] libxc: fix uninitialised usage of rc in meminit_hvm
  - From: Wei Liu
- Re: [Xen-devel] [PATCH] libxc: fix uninitialised usage of rc in meminit_hvm
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] Leaks in xc_tbuf_get_size() (Was: Re: New Defects reported by Coverity Scan for XenProject)
Next by Date: [Xen-devel] [PATCH] tools: xenconsole: cleanup when clock_gettime fails.
Previous by thread: Re: [Xen-devel] [PATCH] libxc: fix uninitialised usage of rc in meminit_hvm
Next by thread: Re: [Xen-devel] [PATCH] libxc: fix uninitialised usage of rc in meminit_hvm
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.