|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] xen/grant: Fix signed/unsigned comparisons issues
Each function takes an unsigned count, and loops based on a signed i. This
causes problems when between 2 and 4 billion operations are requested.
In practice, signed-ness issues aren't possible because count exceeding
INT_MAX is excluded earlier in do_grant_op(), but the code reads as if it is
buggy, and GCC obviously can't spot this either.
Bloat-o-meter reports:
add/remove: 0/0 grow/shrink: 0/4 up/down: 0/-95 (-95)
Function old new delta
do_grant_table_op 7155 7140 -15
gnttab_transfer 2732 2716 -16
gnttab_unmap_grant_ref 771 739 -32
gnttab_unmap_and_replace 771 739 -32
Total: Before=2996364, After=2996269, chg -0.00%
and inspection of gnttab_unmap_grant_ref() at least reveals one fewer local
variables on the stack.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Julien Grall <julien@xxxxxxx>
gnttab_unmap_grant_ref()'s stack frame size is 0x740 (dropping to 0x738) which
is alarmingly close to 2k.
---
xen/common/grant_table.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index bc37acae0e..0f81875bee 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1270,7 +1270,7 @@ static long
gnttab_map_grant_ref(
XEN_GUEST_HANDLE_PARAM(gnttab_map_grant_ref_t) uop, unsigned int count)
{
- int i;
+ unsigned int i;
struct gnttab_map_grant_ref op;
for ( i = 0; i < count; i++ )
@@ -1568,13 +1568,14 @@ static long
gnttab_unmap_grant_ref(
XEN_GUEST_HANDLE_PARAM(gnttab_unmap_grant_ref_t) uop, unsigned int count)
{
- int i, c, partial_done, done = 0;
+ unsigned int i, partial_done, done = 0;
struct gnttab_unmap_grant_ref op;
struct gnttab_unmap_common common[GNTTAB_UNMAP_BATCH_SIZE];
while ( count != 0 )
{
- c = min(count, (unsigned int)GNTTAB_UNMAP_BATCH_SIZE);
+ unsigned int c = min(count, (unsigned int)GNTTAB_UNMAP_BATCH_SIZE);
+
partial_done = 0;
for ( i = 0; i < c; i++ )
@@ -1633,13 +1634,14 @@ static long
gnttab_unmap_and_replace(
XEN_GUEST_HANDLE_PARAM(gnttab_unmap_and_replace_t) uop, unsigned int count)
{
- int i, c, partial_done, done = 0;
+ unsigned int i, partial_done, done = 0;
struct gnttab_unmap_and_replace op;
struct gnttab_unmap_common common[GNTTAB_UNMAP_BATCH_SIZE];
while ( count != 0 )
{
- c = min(count, (unsigned int)GNTTAB_UNMAP_BATCH_SIZE);
+ unsigned int c = min(count, (unsigned int)GNTTAB_UNMAP_BATCH_SIZE);
+
partial_done = 0;
for ( i = 0; i < c; i++ )
@@ -2142,7 +2144,7 @@ gnttab_transfer(
struct domain *d = current->domain;
struct domain *e;
struct page_info *page;
- int i;
+ unsigned int i;
struct gnttab_transfer gop;
mfn_t mfn;
unsigned int max_bitsize;
@@ -3359,7 +3361,7 @@ static long
gnttab_swap_grant_ref(XEN_GUEST_HANDLE_PARAM(gnttab_swap_grant_ref_t) uop,
unsigned int count)
{
- int i;
+ unsigned int i;
gnttab_swap_grant_ref_t op;
for ( i = 0; i < count; i++ )
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |