From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dan Carpenter <dan.carpenter@oracle.com>
Subject: Re: xen/mmu: Copy and revector the P2M tree.
Date: Mon, 20 Jul 2015 13:03:52 +0300
Message-ID: <20150720100352.GA4084@mwanda>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <dan.carpenter@oracle.com>) id 1ZH7tC-0003IL-Mb
	for xen-devel@lists.xenproject.org; Mon, 20 Jul 2015 10:01:38 +0000
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
	by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with
	ESMTP id t6KA1YsE024580
	(version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <xen-devel@lists.xenproject.org>; Mon, 20 Jul 2015 10:01:35 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
	by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id t6KA1Yj5025288
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
	for <xen-devel@lists.xenproject.org>; Mon, 20 Jul 2015 10:01:34 GMT
Received: from abhmp0003.oracle.com (abhmp0003.oracle.com [141.146.116.9])
	by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id t6KA1TaQ031837
	for <xen-devel@lists.xenproject.org>; Mon, 20 Jul 2015 10:01:29 GMT
Content-Disposition: inline
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: konrad.wilk@oracle.com
Cc: xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org

Hello Konrad Rzeszutek Wilk,

The patch 7f9140626c75: "xen/mmu: Copy and revector the P2M tree."
from Jul 26, 2012, leads to the following static checker warning:

	arch/x86/xen/mmu.c:1105 xen_cleanhighmap()
	warn: potential pointer math issue ('level2_kernel_pgt' is pointer to unsigned long)

arch/x86/xen/mmu.c
  1096  #ifdef CONFIG_X86_64
  1097  static void __init xen_cleanhighmap(unsigned long vaddr,
  1098                                      unsigned long vaddr_end)
  1099  {
  1100          unsigned long kernel_end = roundup((unsigned long)_brk_end, PMD_SIZE) - 1;
  1101          pmd_t *pmd = level2_kernel_pgt + pmd_index(vaddr);
  1102  
  1103          /* NOTE: The loop is more greedy than the cleanup_highmap variant.
  1104           * We include the PMD passed in on _both_ boundaries. */
  1105          for (; vaddr <= vaddr_end && (pmd < (level2_kernel_pgt + PAGE_SIZE));
                                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This pointer math is weird because we typically think of PAGE_SIZE as
a number of bytes but since level2_kernel_pgt is a pointer to unsigned
long, it looks like this loop can go through more iterations than
intended.

  1106                          pmd++, vaddr += PMD_SIZE) {
  1107                  if (pmd_none(*pmd))
  1108                          continue;
  1109                  if (vaddr < (unsigned long) _text || vaddr > kernel_end)
  1110                          set_pmd(pmd, __pmd(0));
  1111          }
  1112          /* In case we did something silly, we should crash in this function
  1113           * instead of somewhere later and be confusing. */
  1114          xen_mc_flush();
  1115  }

regards,
dan carpenter