From: Christoffer Dall <cdall@linaro.org>
To: Marc Zyngier <marc.zyngier@arm.com>
Cc: kvm@vger.kernel.org, Andre Przywara <andre.przywara@arm.com>,
stable@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table
Date: Fri, 13 Oct 2017 13:57:42 +0200 [thread overview]
Message-ID: <20171013115742.GA10539@cbox> (raw)
In-Reply-To: <0fbee4b3-c555-76d6-4a9e-8a869e87d8ee@arm.com>
On Fri, Oct 13, 2017 at 12:00:50PM +0100, Marc Zyngier wrote:
> On 13/10/17 11:52, Christoffer Dall wrote:
> > We currently allocate an entry dynamically, but we never check if the
> > allocation actually succeeded. We actually don't need a dynamic
> > allocation, because we know the maximum size of an ITS table entry, so
> > we can simply use an allocation on the stack.
> >
> > Cc: <stable@vger.kernel.org>
> > Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
> > ---
> > virt/kvm/arm/vgic/vgic-its.c | 19 ++++++++-----------
> > 1 file changed, 8 insertions(+), 11 deletions(-)
> >
> > diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c
> > index f51c1e1..555f42f 100644
> > --- a/virt/kvm/arm/vgic/vgic-its.c
> > +++ b/virt/kvm/arm/vgic/vgic-its.c
> > @@ -176,6 +176,7 @@ static const struct vgic_its_abi its_table_abi_versions[] = {
> > };
> >
> > #define NR_ITS_ABIS ARRAY_SIZE(its_table_abi_versions)
> > +#define MAX_ENTRY_SIZE 8 /* Max Entry size across all ABI versions */
> >
> > inline const struct vgic_its_abi *vgic_its_get_abi(struct vgic_its *its)
> > {
> > @@ -1801,37 +1802,33 @@ typedef int (*entry_fn_t)(struct vgic_its *its, u32 id, void *entry,
> > static int scan_its_table(struct vgic_its *its, gpa_t base, int size, int esz,
> > int start_id, entry_fn_t fn, void *opaque)
> > {
> > - void *entry = kzalloc(esz, GFP_KERNEL);
> > struct kvm *kvm = its->dev->kvm;
> > unsigned long len = size;
> > int id = start_id;
> > gpa_t gpa = base;
> > + char entry[MAX_ENTRY_SIZE];
>
> Nit: you can drop the memset below if you initialize immediately, and
> GCC supporting dynamic arrays allows you to write this:
>
> char entry[esz] = { 0, };
>
> so that you don't have to add the MAX_ENTRY_SIZE.
>
Using a dynamic sized array is a great idea, but trying to initalize it
at the same time gives me:
error: variable-sized object may not be initialized
Is there a trick I'm unfamiliar with?
> > int ret;
> >
> > + memset(entry, 0, MAX_ENTRY_SIZE);
> > +
> > while (len > 0) {
> > int next_offset;
> > size_t byte_offset;
> >
> > ret = kvm_read_guest(kvm, gpa, entry, esz);
> > if (ret)
> > - goto out;
> > + return ret;
> >
> > next_offset = fn(its, id, entry, opaque);
> > - if (next_offset <= 0) {
> > - ret = next_offset;
> > - goto out;
> > - }
> > + if (next_offset <= 0)
> > + return next_offset;
> >
> > byte_offset = next_offset * esz;
> > id += next_offset;
> > gpa += byte_offset;
> > len -= byte_offset;
> > }
> > - ret = 1;
> > -
> > -out:
> > - kfree(entry);
> > - return ret;
> > + return 1;
> > }
> >
> > /**
> >
>
> Otherwise:
>
> Acked-by: Marc Zyngier <marc.zyngier@arm.com>
>
Thanks!
-Christoffer
WARNING: multiple messages have this Message-ID (diff)
From: cdall@linaro.org (Christoffer Dall)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table
Date: Fri, 13 Oct 2017 13:57:42 +0200 [thread overview]
Message-ID: <20171013115742.GA10539@cbox> (raw)
In-Reply-To: <0fbee4b3-c555-76d6-4a9e-8a869e87d8ee@arm.com>
On Fri, Oct 13, 2017 at 12:00:50PM +0100, Marc Zyngier wrote:
> On 13/10/17 11:52, Christoffer Dall wrote:
> > We currently allocate an entry dynamically, but we never check if the
> > allocation actually succeeded. We actually don't need a dynamic
> > allocation, because we know the maximum size of an ITS table entry, so
> > we can simply use an allocation on the stack.
> >
> > Cc: <stable@vger.kernel.org>
> > Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
> > ---
> > virt/kvm/arm/vgic/vgic-its.c | 19 ++++++++-----------
> > 1 file changed, 8 insertions(+), 11 deletions(-)
> >
> > diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c
> > index f51c1e1..555f42f 100644
> > --- a/virt/kvm/arm/vgic/vgic-its.c
> > +++ b/virt/kvm/arm/vgic/vgic-its.c
> > @@ -176,6 +176,7 @@ static const struct vgic_its_abi its_table_abi_versions[] = {
> > };
> >
> > #define NR_ITS_ABIS ARRAY_SIZE(its_table_abi_versions)
> > +#define MAX_ENTRY_SIZE 8 /* Max Entry size across all ABI versions */
> >
> > inline const struct vgic_its_abi *vgic_its_get_abi(struct vgic_its *its)
> > {
> > @@ -1801,37 +1802,33 @@ typedef int (*entry_fn_t)(struct vgic_its *its, u32 id, void *entry,
> > static int scan_its_table(struct vgic_its *its, gpa_t base, int size, int esz,
> > int start_id, entry_fn_t fn, void *opaque)
> > {
> > - void *entry = kzalloc(esz, GFP_KERNEL);
> > struct kvm *kvm = its->dev->kvm;
> > unsigned long len = size;
> > int id = start_id;
> > gpa_t gpa = base;
> > + char entry[MAX_ENTRY_SIZE];
>
> Nit: you can drop the memset below if you initialize immediately, and
> GCC supporting dynamic arrays allows you to write this:
>
> char entry[esz] = { 0, };
>
> so that you don't have to add the MAX_ENTRY_SIZE.
>
Using a dynamic sized array is a great idea, but trying to initalize it
at the same time gives me:
error: variable-sized object may not be initialized
Is there a trick I'm unfamiliar with?
> > int ret;
> >
> > + memset(entry, 0, MAX_ENTRY_SIZE);
> > +
> > while (len > 0) {
> > int next_offset;
> > size_t byte_offset;
> >
> > ret = kvm_read_guest(kvm, gpa, entry, esz);
> > if (ret)
> > - goto out;
> > + return ret;
> >
> > next_offset = fn(its, id, entry, opaque);
> > - if (next_offset <= 0) {
> > - ret = next_offset;
> > - goto out;
> > - }
> > + if (next_offset <= 0)
> > + return next_offset;
> >
> > byte_offset = next_offset * esz;
> > id += next_offset;
> > gpa += byte_offset;
> > len -= byte_offset;
> > }
> > - ret = 1;
> > -
> > -out:
> > - kfree(entry);
> > - return ret;
> > + return 1;
> > }
> >
> > /**
> >
>
> Otherwise:
>
> Acked-by: Marc Zyngier <marc.zyngier@arm.com>
>
Thanks!
-Christoffer
WARNING: multiple messages have this Message-ID (diff)
From: Christoffer Dall <cdall@linaro.org>
To: Marc Zyngier <marc.zyngier@arm.com>
Cc: Christoffer Dall <christoffer.dall@linaro.org>,
kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org, kvm@vger.kernel.org,
Eric Auger <eric.auger@redhat.com>,
Andre Przywara <andre.przywara@arm.com>,
stable@vger.kernel.org
Subject: Re: [PATCH] KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table
Date: Fri, 13 Oct 2017 13:57:42 +0200 [thread overview]
Message-ID: <20171013115742.GA10539@cbox> (raw)
In-Reply-To: <0fbee4b3-c555-76d6-4a9e-8a869e87d8ee@arm.com>
On Fri, Oct 13, 2017 at 12:00:50PM +0100, Marc Zyngier wrote:
> On 13/10/17 11:52, Christoffer Dall wrote:
> > We currently allocate an entry dynamically, but we never check if the
> > allocation actually succeeded. We actually don't need a dynamic
> > allocation, because we know the maximum size of an ITS table entry, so
> > we can simply use an allocation on the stack.
> >
> > Cc: <stable@vger.kernel.org>
> > Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
> > ---
> > virt/kvm/arm/vgic/vgic-its.c | 19 ++++++++-----------
> > 1 file changed, 8 insertions(+), 11 deletions(-)
> >
> > diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c
> > index f51c1e1..555f42f 100644
> > --- a/virt/kvm/arm/vgic/vgic-its.c
> > +++ b/virt/kvm/arm/vgic/vgic-its.c
> > @@ -176,6 +176,7 @@ static const struct vgic_its_abi its_table_abi_versions[] = {
> > };
> >
> > #define NR_ITS_ABIS ARRAY_SIZE(its_table_abi_versions)
> > +#define MAX_ENTRY_SIZE 8 /* Max Entry size across all ABI versions */
> >
> > inline const struct vgic_its_abi *vgic_its_get_abi(struct vgic_its *its)
> > {
> > @@ -1801,37 +1802,33 @@ typedef int (*entry_fn_t)(struct vgic_its *its, u32 id, void *entry,
> > static int scan_its_table(struct vgic_its *its, gpa_t base, int size, int esz,
> > int start_id, entry_fn_t fn, void *opaque)
> > {
> > - void *entry = kzalloc(esz, GFP_KERNEL);
> > struct kvm *kvm = its->dev->kvm;
> > unsigned long len = size;
> > int id = start_id;
> > gpa_t gpa = base;
> > + char entry[MAX_ENTRY_SIZE];
>
> Nit: you can drop the memset below if you initialize immediately, and
> GCC supporting dynamic arrays allows you to write this:
>
> char entry[esz] = { 0, };
>
> so that you don't have to add the MAX_ENTRY_SIZE.
>
Using a dynamic sized array is a great idea, but trying to initalize it
at the same time gives me:
error: variable-sized object may not be initialized
Is there a trick I'm unfamiliar with?
> > int ret;
> >
> > + memset(entry, 0, MAX_ENTRY_SIZE);
> > +
> > while (len > 0) {
> > int next_offset;
> > size_t byte_offset;
> >
> > ret = kvm_read_guest(kvm, gpa, entry, esz);
> > if (ret)
> > - goto out;
> > + return ret;
> >
> > next_offset = fn(its, id, entry, opaque);
> > - if (next_offset <= 0) {
> > - ret = next_offset;
> > - goto out;
> > - }
> > + if (next_offset <= 0)
> > + return next_offset;
> >
> > byte_offset = next_offset * esz;
> > id += next_offset;
> > gpa += byte_offset;
> > len -= byte_offset;
> > }
> > - ret = 1;
> > -
> > -out:
> > - kfree(entry);
> > - return ret;
> > + return 1;
> > }
> >
> > /**
> >
>
> Otherwise:
>
> Acked-by: Marc Zyngier <marc.zyngier@arm.com>
>
Thanks!
-Christoffer
next prev parent reply other threads:[~2017-10-13 11:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-13 10:52 [PATCH] KVM: arm64: its: Fix missing dynamic allocation check in scan_its_table Christoffer Dall
2017-10-13 10:52 ` Christoffer Dall
2017-10-13 11:00 ` Marc Zyngier
2017-10-13 11:00 ` Marc Zyngier
2017-10-13 11:57 ` Christoffer Dall [this message]
2017-10-13 11:57 ` Christoffer Dall
2017-10-13 11:57 ` Christoffer Dall
2017-10-13 12:21 ` Marc Zyngier
2017-10-13 12:21 ` Marc Zyngier
2017-10-13 12:21 ` Marc Zyngier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171013115742.GA10539@cbox \
--to=cdall@linaro.org \
--cc=andre.przywara@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=marc.zyngier@arm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.