From: Ingo Molnar <mingo@kernel.org>
To: Xin Li <xin@zytor.com>
Cc: linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org,
linux-acpi@vger.kernel.org, tglx@linutronix.de, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
peterz@infradead.org, jgross@suse.com,
boris.ostrovsky@oracle.com, rafael@kernel.org, lenb@kernel.org
Subject: Re: [PATCH v1 2/3] x86/xen/msr: Fix uninitialized symbol 'err'
Date: Fri, 16 May 2025 15:19:20 +0200 [thread overview]
Message-ID: <aCc7WG9eniyTCgHl@gmail.com> (raw)
In-Reply-To: <30affad5-4f26-4e22-9d64-b8ece1199773@zytor.com>
* Xin Li <xin@zytor.com> wrote:
> On 5/15/2025 8:29 AM, Ingo Molnar wrote:
> >
> > * Xin Li (Intel) <xin@zytor.com> wrote:
> >
> > > xen_read_msr_safe() currently passes an uninitialized argument err to
> > > xen_do_read_msr(). But as xen_do_read_msr() may not set the argument,
> > > xen_read_msr_safe() could return err with an unpredictable value.
> > >
> > > To ensure correctness, initialize err to 0 (representing success)
> > > in xen_read_msr_safe().
> > >
> > > Because xen_read_msr_safe() is essentially a wrapper of xen_do_read_msr(),
> > > the latter should be responsible for initializing the value of *err to 0.
> > > Thus initialize *err to 0 in xen_do_read_msr().
> > >
> > > Fixes: 502ad6e5a619 ("x86/msr: Change the function type of native_read_msr_safe()")
> > > Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> > > Closes: https://lore.kernel.org/xen-devel/aBxNI_Q0-MhtBSZG@stanley.mountain/
> > > Signed-off-by: Xin Li (Intel) <xin@zytor.com>
> > > ---
> > > arch/x86/xen/enlighten_pv.c | 5 ++++-
> > > 1 file changed, 4 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
> > > index 3be38350f044..01f1d441347e 100644
> > > --- a/arch/x86/xen/enlighten_pv.c
> > > +++ b/arch/x86/xen/enlighten_pv.c
> > > @@ -1091,6 +1091,9 @@ static u64 xen_do_read_msr(u32 msr, int *err)
> > > {
> > > u64 val = 0; /* Avoid uninitialized value for safe variant. */
> > > + if (err)
> > > + *err = 0;
> > > +
> > > if (pmu_msr_chk_emulated(msr, &val, true))
> > > return val;
> > > @@ -1162,7 +1165,7 @@ static void xen_do_write_msr(u32 msr, u64 val, int *err)
> > > static int xen_read_msr_safe(u32 msr, u64 *val)
> > > {
> > > - int err;
> > > + int err = 0;
> > > *val = xen_do_read_msr(msr, &err);
> > > return err;
> >
> > So why not initialize 'err' with 0 in both callers, xen_read_msr_safe()
> > and xen_read_msr(), and avoid all the initialization trouble in
> > xen_do_read_msr()?
>
> Yeah, I should make the change in xen_read_msr() too.
>
> However xen_do_read_msr() should be implemented in a defensive way to
> set *err properly as it's part of its return value. Actually it was so,
> but one of my previous cleanup patch removed it because err is no longer
> passed to pmu_msr_chk_emulated().
Maybe. It's up to Juergen though.
Thanks,
Ingo
next prev parent reply other threads:[~2025-05-16 13:19 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-12 8:45 [PATCH v1 0/3] MSR fixes and cleanups after last round of MSR cleanups Xin Li (Intel)
2025-05-12 8:45 ` [PATCH v1 1/3] x86/msr: Remove a superfluous inclusion of <asm/asm.h> Xin Li (Intel)
2025-05-18 6:50 ` [tip: x86/core] " tip-bot2 for Xin Li (Intel)
2025-05-12 8:45 ` [PATCH v1 2/3] x86/xen/msr: Fix uninitialized symbol 'err' Xin Li (Intel)
2025-05-15 15:29 ` Ingo Molnar
2025-05-15 18:11 ` Xin Li
2025-05-16 13:19 ` Ingo Molnar [this message]
2025-05-16 13:42 ` Jürgen Groß
2025-05-17 16:23 ` Xin Li
2025-05-17 16:57 ` [PATCH v1A " Xin Li (Intel)
2025-05-17 18:51 ` Jürgen Groß
2025-05-18 6:50 ` [tip: x86/core] x86/xen/msr: Fix uninitialized variable 'err' tip-bot2 for Xin Li (Intel)
2025-05-21 6:56 ` tip-bot2 for Xin Li (Intel)
2025-05-12 8:45 ` [PATCH v1 3/3] x86/msr: Convert a native_wrmsr() use to native_wrmsrq() Xin Li (Intel)
2025-05-15 15:27 ` Ingo Molnar
2025-05-15 17:54 ` Xin Li
2025-05-17 4:42 ` Xin Li
2025-05-17 7:12 ` Ingo Molnar
2025-05-17 7:26 ` Xin Li
2025-05-17 13:21 ` Ingo Molnar
2025-05-17 16:25 ` Xin Li
2025-05-19 17:05 ` Xin Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCc7WG9eniyTCgHl@gmail.com \
--to=mingo@kernel.org \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rafael@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xenproject.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.