From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: xen-devel@lists.xenproject.org, Jan Beulich <jbeulich@suse.com>,
Tim Deegan <tim@xen.org>
Subject: Re: [PATCH v2 4/5] x86/shadow: fix UB pointer arithmetic in sh_mfn_is_a_page_table()
Date: Tue, 18 Mar 2025 16:27:01 +0100 [thread overview]
Message-ID: <Z9mQxW04yGdxGjko@macbook.local> (raw)
In-Reply-To: <1871a0ff-5766-4707-8791-c20279c12fd9@citrix.com>
On Tue, Mar 18, 2025 at 12:53:30PM +0000, Andrew Cooper wrote:
> On 18/03/2025 9:19 am, Roger Pau Monne wrote:
> > UBSAN complains with:
> >
> > UBSAN: Undefined behaviour in arch/x86/mm/shadow/private.h:515:30
> > pointer operation overflowed ffff82e000000000 to ffff82dfffffffe0
> > [...]
> > Xen call trace:
> > [<ffff82d040303882>] R common/ubsan/ubsan.c#ubsan_epilogue+0xa/0xc0
> > [<ffff82d040304cc3>] F lib/xxhash64.c#__ubsan_handle_pointer_overflow+0xcb/0x100
> > [<ffff82d040471c5d>] F arch/x86/mm/shadow/guest_2.c#sh_page_fault__guest_2+0x1e350
> > [<ffff82d0403b216b>] F lib/xxhash64.c#svm_vmexit_handler+0xdf3/0x2450
> > [<ffff82d0402049c0>] F lib/xxhash64.c#svm_stgi_label+0x5/0x15
>
> Something is definitely wonky in this backtrace.
Oh, yes, it's a TODO I have pending when using LLVM LD. I sent a fix
very long time ago, but it was quite ugly.
> >
> > Fix by moving the call to mfn_to_page() after the check of whether the
> > passed gmfn is valid. This avoid the call to mfn_to_page() with an
> > INVALID_MFN parameter.
> >
> > While there make the page local variable const, it's not modified by the
> > function.
> >
> > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>
> Whatever is wonky in the backtrace isn't related to this patch, so
> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>, but the backtrace
> does want fixing.
I can get the proper backtrace using clang + GNU LD.
Thanks, Roger.
next prev parent reply other threads:[~2025-03-18 15:27 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-18 9:18 [PATCH v2 0/5] x86/ubsan: fix ubsan on clang + code fixes Roger Pau Monne
2025-03-18 9:19 ` [PATCH v2 1/5] x86/wait: prevent duplicated assembly labels Roger Pau Monne
2025-03-18 12:49 ` Andrew Cooper
2025-03-18 9:19 ` [PATCH v2 2/5] x86/vga: fix mapping of the VGA text buffer Roger Pau Monne
2025-03-18 13:11 ` Andrew Cooper
2025-03-18 14:28 ` Jan Beulich
2025-03-18 15:31 ` Roger Pau Monné
2025-03-18 15:49 ` Jan Beulich
2025-03-18 9:19 ` [PATCH v2 3/5] x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE Roger Pau Monne
2025-03-18 12:51 ` Andrew Cooper
2025-03-18 14:33 ` Jan Beulich
2025-03-18 15:35 ` Roger Pau Monné
2025-03-18 15:50 ` Jan Beulich
2025-03-18 16:47 ` Roger Pau Monné
2025-03-18 17:01 ` Jan Beulich
2025-03-18 17:50 ` Roger Pau Monné
2025-03-18 9:19 ` [PATCH v2 4/5] x86/shadow: fix UB pointer arithmetic in sh_mfn_is_a_page_table() Roger Pau Monne
2025-03-18 12:53 ` Andrew Cooper
2025-03-18 14:36 ` Jan Beulich
2025-03-18 15:29 ` Roger Pau Monné
2025-03-18 15:27 ` Roger Pau Monné [this message]
2025-03-18 9:19 ` [PATCH v2 5/5] kconfig/randconfig: enable UBSAN for randconfig Roger Pau Monne
2025-03-18 12:57 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z9mQxW04yGdxGjko@macbook.local \
--to=roger.pau@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.