From: Olaf Hering <olaf@aepfle.de>
To: xen-devel@lists.xensource.com
Cc: George Dunlap <george.dunlap@citrix.com>
Subject: [PATCH 2 of 4] xentrace: fix type of offset to avoid ouf-of-bounds access
Date: Tue, 10 May 2011 16:32:37 +0200 [thread overview]
Message-ID: <575bf78214ef193e4480.1305037957@localhost> (raw)
In-Reply-To: <patchbomb.1305037955@localhost>
# HG changeset patch
# User Olaf Hering <olaf@aepfle.de>
# Date 1305037381 -7200
# Node ID 575bf78214ef193e44806aa9766e084d721783b5
# Parent 8ac937fa527b28243227193bf4749feb3a234c2c
xentrace: fix type of offset to avoid ouf-of-bounds access
Update the type of the local offset variable to match the type where
this variable is stored. Also update the type of t_info_first_offset because
it has also a limited range.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
diff -r 8ac937fa527b -r 575bf78214ef xen/common/trace.c
--- a/xen/common/trace.c Tue May 10 16:23:00 2011 +0200
+++ b/xen/common/trace.c Tue May 10 16:23:01 2011 +0200
@@ -106,7 +106,7 @@ static uint32_t calc_tinfo_first_offset(
* The t_info layout is fixed and cant be changed without breaking xentrace.
* Initialize t_info_pages based on number of trace pages.
*/
-static int calculate_tbuf_size(unsigned int pages, uint32_t t_info_first_offset)
+static int calculate_tbuf_size(unsigned int pages, uint16_t t_info_first_offset)
{
struct t_buf dummy_size;
typeof(dummy_size.prod) max_size;
@@ -170,8 +170,8 @@ static int alloc_trace_bufs(unsigned int
int i, cpu, order;
/* Start after a fixed-size array of NR_CPUS */
uint32_t *t_info_mfn_list;
- uint32_t t_info_first_offset;
- int offset;
+ uint16_t t_info_first_offset;
+ uint16_t offset;
if ( t_info )
return -EBUSY;
@@ -179,7 +179,7 @@ static int alloc_trace_bufs(unsigned int
if ( pages == 0 )
return -EINVAL;
- /* Calculate offset in u32 of first mfn */
+ /* Calculate offset in units of u32 of first mfn */
t_info_first_offset = calc_tinfo_first_offset();
pages = calculate_tbuf_size(pages, t_info_first_offset);
next prev parent reply other threads:[~2011-05-10 14:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-10 14:32 [PATCH 0 of 4] xentrace [v2]: non-contiguous allocation of per-cpu buffer Olaf Hering
2011-05-10 14:32 ` [PATCH 1 of 4] xentrace: reduce trace buffer size to something mfn_offset can reach Olaf Hering
2011-05-26 10:05 ` George Dunlap
2011-05-10 14:32 ` Olaf Hering [this message]
2011-05-26 10:05 ` [PATCH 2 of 4] xentrace: fix type of offset to avoid ouf-of-bounds access George Dunlap
2011-05-10 14:32 ` [PATCH 3 of 4] xentrace: update __insert_record() to copy the trace record to individual mfns Olaf Hering
2011-05-26 10:06 ` George Dunlap
2011-05-10 14:32 ` [PATCH 4 of 4] xentrace: allocate non-contiguous per-cpu trace buffers Olaf Hering
2011-05-26 10:06 ` George Dunlap
2011-05-20 8:36 ` [PATCH 0 of 4] xentrace [v2]: non-contiguous allocation of per-cpu buffer Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=575bf78214ef193e4480.1305037957@localhost \
--to=olaf@aepfle.de \
--cc=george.dunlap@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.