From: Jan Beulich <jbeulich@suse.com>
To: paul@xen.org
Cc: "'Andrew Cooper'" <andrew.cooper3@citrix.com>,
xen-devel@lists.xenproject.org,
"'Paul Durrant'" <pdurrant@amazon.com>,
"'Julien Grall'" <julien@xen.org>,
"'George Dunlap'" <george.dunlap@citrix.com>,
"'Ian Jackson'" <ian.jackson@eu.citrix.com>,
"'Stefano Stabellini'" <sstabellini@kernel.org>,
"'Wei Liu'" <wl@xen.org>,
"'Volodymyr Babchuk'" <Volodymyr_Babchuk@epam.com>,
"'Roger Pau Monné'" <roger.pau@citrix.com>
Subject: Re: [PATCH v9 1/8] xen/common: introduce a new framework for save/restore of 'domain' context
Date: Tue, 13 Oct 2020 13:44:50 +0200 [thread overview]
Message-ID: <769dcdc2-a77d-47fa-e66a-2e2d92ec0e1c@suse.com> (raw)
In-Reply-To: <000201d69aed$fe07a990$fa16fcb0$@xen.org>
On 05.10.2020 10:03, Paul Durrant wrote:
>> From: Andrew Cooper <andrew.cooper3@citrix.com>
>> Sent: 02 October 2020 22:20
>>
>> On 24/09/2020 14:10, Paul Durrant wrote:
>>> +int domain_save_end(struct domain_context *c)
>>> +{
>>> + struct domain *d = c->domain;
>>> + size_t len = ROUNDUP(c->len, DOMAIN_SAVE_ALIGN) - c->len; /* padding */
>>
>> DOMAIN_SAVE_ALIGN - (c->len & (DOMAIN_SAVE_ALIGN - 1))
>>
>> isn't vulnerable to overflow.
>>
>
> ...and significantly uglier code. What's actually wrong with what I wrote?
I don't think there's anything "wrong" or "vulnerable" here, but
I still can see Andrew's point. The "vulnerable" aspect applies
only in the (highly hypothetical I think) cases of either
sizeof(size_t) < sizeof(int) or size_t being a signed type, afaict.
But since it's easy (and imo not "significantly uglier") to write
code that is free of any wrapping or overflowing behavior, I
think it is sensible to actually write it that way.
Jan
next prev parent reply other threads:[~2020-10-13 11:45 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-24 13:10 [PATCH v9 0/8] domain context infrastructure Paul Durrant
2020-09-24 13:10 ` [PATCH v9 1/8] xen/common: introduce a new framework for save/restore of 'domain' context Paul Durrant
2020-10-02 21:20 ` Andrew Cooper
2020-10-03 14:33 ` Wei Liu
2020-10-05 8:03 ` Paul Durrant
2020-10-13 11:44 ` Jan Beulich [this message]
2020-10-02 22:00 ` Andrew Cooper
2020-09-24 13:10 ` [PATCH v9 2/8] xen/common/domctl: introduce XEN_DOMCTL_get/setdomaincontext Paul Durrant
2020-09-30 14:31 ` Wei Liu
2020-10-02 21:58 ` Andrew Cooper
2020-10-05 9:18 ` Durrant, Paul
2020-09-24 13:10 ` [PATCH v9 3/8] tools/misc: add xen-domctx to present domain context Paul Durrant
2020-09-30 14:32 ` Wei Liu
2020-10-02 22:39 ` Andrew Cooper
2020-10-05 9:16 ` Durrant, Paul
2020-09-24 13:10 ` [PATCH v9 4/8] docs/specs: add missing definitions to libxc-migration-stream Paul Durrant
2020-09-30 14:35 ` Wei Liu
2020-10-02 22:42 ` Andrew Cooper
2020-10-05 9:14 ` Durrant, Paul
2020-09-24 13:10 ` [PATCH v9 5/8] docs / tools: specific migration v4 to include DOMAIN_CONTEXT Paul Durrant
2020-09-30 14:41 ` Wei Liu
2020-10-05 10:09 ` Andrew Cooper
2020-10-05 10:13 ` Paul Durrant
2020-09-24 13:10 ` [PATCH v9 6/8] common/domain: add a domain context record for shared_info Paul Durrant
2020-09-25 12:44 ` Jan Beulich
2020-09-30 14:42 ` Wei Liu
2020-10-05 10:39 ` Andrew Cooper
2020-10-07 12:03 ` Paul Durrant
2020-10-13 11:49 ` Jan Beulich
2020-09-24 13:10 ` [PATCH v9 7/8] x86/time: add a domain context record for tsc_info Paul Durrant
2020-09-30 14:43 ` Wei Liu
2020-09-24 13:10 ` [PATCH v9 8/8] tools/libxc: add DOMAIN_CONTEXT records to the migration stream Paul Durrant
2020-09-30 14:46 ` Wei Liu
2020-10-01 15:17 ` Andrew Cooper
2020-09-24 19:36 ` [PATCH v9 0/8] domain context infrastructure Lengyel, Tamas
2020-09-25 12:49 ` Paul Durrant
2020-09-28 14:16 ` Lengyel, Tamas
2020-09-29 11:53 ` Durrant, Paul
2020-09-29 12:05 ` Tamas K Lengyel
2020-09-29 12:13 ` Durrant, Paul
2020-09-29 14:19 ` Lengyel, Tamas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=769dcdc2-a77d-47fa-e66a-2e2d92ec0e1c@suse.com \
--to=jbeulich@suse.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=julien@xen.org \
--cc=paul@xen.org \
--cc=pdurrant@amazon.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.