From: Schspa Shi <schspa@gmail.com>
To: Marc Zyngier <maz@kernel.org>
Cc: will@kernel.org, catalin.marinas@arm.com,
linux-kernel@vger.kernel.org, kvmarm@lists.cs.columbia.edu,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] KVM: arm64: Fix 64 bit mmio handle
Date: Fri, 01 Jul 2022 20:22:21 +0800 [thread overview]
Message-ID: <m2sfnlvwup.fsf@gmail.com> (raw)
In-Reply-To: <a5ca4db3db9ef101258cab94d6b7e045@kernel.org>
Marc Zyngier <maz@kernel.org> writes:
> On 2022-06-30 17:50, Schspa Shi wrote:
>> Marc Zyngier <maz@kernel.org> writes:
>>
>>> On Thu, 30 Jun 2022 17:12:20 +0100,
>>> Schspa Shi <schspa@gmail.com> wrote:
>>>> If the len is 8 bytes, we can't get the correct sign extend
>>>> for
>>>> be system.
>>> I'm afraid you'll have to give me a bit more details.
>>>
>>>> Fix the mask type len and the comparison of length.
>>>> Signed-off-by: Schspa Shi <schspa@gmail.com>
>>>> ---
>>>> arch/arm64/kvm/mmio.c | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>> diff --git a/arch/arm64/kvm/mmio.c b/arch/arm64/kvm/mmio.c
>>>> index 3dd38a151d2a6..0692f8b18f35c 100644
>>>> --- a/arch/arm64/kvm/mmio.c
>>>> +++ b/arch/arm64/kvm/mmio.c
>>>> @@ -81,8 +81,8 @@ unsigned long kvm_mmio_read_buf(const void
>>>> *buf, unsigned
>>>> int len)
>>>> int kvm_handle_mmio_return(struct kvm_vcpu *vcpu)
>>>> {
>>>> unsigned long data;
>>>> + unsigned long mask;
>>>> unsigned int len;
>>>> - int mask;
>>>> /* Detect an already handled MMIO return */
>>>> if (unlikely(!vcpu->mmio_needed))
>>>> @@ -97,7 +97,7 @@ int kvm_handle_mmio_return(struct kvm_vcpu
>>>> *vcpu)
>>>> data = kvm_mmio_read_buf(run->mmio.data, len);
>>>> if (kvm_vcpu_dabt_issext(vcpu) &&
>>>> - len < sizeof(unsigned long)) {
>>>> + len <= sizeof(unsigned long)) {
>>> If you're reading an 8 byte quantity, what is there to
>>> sign-extend?
>>> Sign extension only makes sense if what you're reading is
>>> *smaller*
>>> than the size of the register you are targeting.
>>>
>> Yes, you are correct, sorry for my bad patch.
>> Please ignore this patch.
>>
>>> I must be missing something. And how is that related to
>>> running BE? BE
>>> in the host? The guest?
>> I mean BE is for guest running with BE mode.
>
> So what problem did you see? If you have noticed something going
> wrong, I'd like to get it fixed.
>
I have running some static code analysis software upon Kernel
code.
Seeing there is possible overflow.
maks << 1U << ((len * 8) -1);
The AI don't know, len is only the value of 1, 2, 4, and make this
a warnings
I tring to analysis this, but didn't realize the real scenario of
sign extension, and finally sent this problematic patch.
I do see some uninitialized memory reads (the values are not used
in the end, just as temporary space for API execution),
do we need to fix these?
> Thanks,
>
> M.
--
Schspa Shi
BRs
_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm
WARNING: multiple messages have this Message-ID (diff)
From: Schspa Shi <schspa@gmail.com>
To: Marc Zyngier <maz@kernel.org>
Cc: james.morse@arm.com, alexandru.elisei@arm.com,
suzuki.poulose@arm.com, catalin.marinas@arm.com, will@kernel.org,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: arm64: Fix 64 bit mmio handle
Date: Fri, 01 Jul 2022 20:22:21 +0800 [thread overview]
Message-ID: <m2sfnlvwup.fsf@gmail.com> (raw)
In-Reply-To: <a5ca4db3db9ef101258cab94d6b7e045@kernel.org>
Marc Zyngier <maz@kernel.org> writes:
> On 2022-06-30 17:50, Schspa Shi wrote:
>> Marc Zyngier <maz@kernel.org> writes:
>>
>>> On Thu, 30 Jun 2022 17:12:20 +0100,
>>> Schspa Shi <schspa@gmail.com> wrote:
>>>> If the len is 8 bytes, we can't get the correct sign extend
>>>> for
>>>> be system.
>>> I'm afraid you'll have to give me a bit more details.
>>>
>>>> Fix the mask type len and the comparison of length.
>>>> Signed-off-by: Schspa Shi <schspa@gmail.com>
>>>> ---
>>>> arch/arm64/kvm/mmio.c | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>> diff --git a/arch/arm64/kvm/mmio.c b/arch/arm64/kvm/mmio.c
>>>> index 3dd38a151d2a6..0692f8b18f35c 100644
>>>> --- a/arch/arm64/kvm/mmio.c
>>>> +++ b/arch/arm64/kvm/mmio.c
>>>> @@ -81,8 +81,8 @@ unsigned long kvm_mmio_read_buf(const void
>>>> *buf, unsigned
>>>> int len)
>>>> int kvm_handle_mmio_return(struct kvm_vcpu *vcpu)
>>>> {
>>>> unsigned long data;
>>>> + unsigned long mask;
>>>> unsigned int len;
>>>> - int mask;
>>>> /* Detect an already handled MMIO return */
>>>> if (unlikely(!vcpu->mmio_needed))
>>>> @@ -97,7 +97,7 @@ int kvm_handle_mmio_return(struct kvm_vcpu
>>>> *vcpu)
>>>> data = kvm_mmio_read_buf(run->mmio.data, len);
>>>> if (kvm_vcpu_dabt_issext(vcpu) &&
>>>> - len < sizeof(unsigned long)) {
>>>> + len <= sizeof(unsigned long)) {
>>> If you're reading an 8 byte quantity, what is there to
>>> sign-extend?
>>> Sign extension only makes sense if what you're reading is
>>> *smaller*
>>> than the size of the register you are targeting.
>>>
>> Yes, you are correct, sorry for my bad patch.
>> Please ignore this patch.
>>
>>> I must be missing something. And how is that related to
>>> running BE? BE
>>> in the host? The guest?
>> I mean BE is for guest running with BE mode.
>
> So what problem did you see? If you have noticed something going
> wrong, I'd like to get it fixed.
>
I have running some static code analysis software upon Kernel
code.
Seeing there is possible overflow.
maks << 1U << ((len * 8) -1);
The AI don't know, len is only the value of 1, 2, 4, and make this
a warnings
I tring to analysis this, but didn't realize the real scenario of
sign extension, and finally sent this problematic patch.
I do see some uninitialized memory reads (the values are not used
in the end, just as temporary space for API execution),
do we need to fix these?
> Thanks,
>
> M.
--
Schspa Shi
BRs
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Schspa Shi <schspa@gmail.com>
To: Marc Zyngier <maz@kernel.org>
Cc: james.morse@arm.com, alexandru.elisei@arm.com,
suzuki.poulose@arm.com, catalin.marinas@arm.com, will@kernel.org,
linux-arm-kernel@lists.infradead.org,
kvmarm@lists.cs.columbia.edu, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: arm64: Fix 64 bit mmio handle
Date: Fri, 01 Jul 2022 20:22:21 +0800 [thread overview]
Message-ID: <m2sfnlvwup.fsf@gmail.com> (raw)
In-Reply-To: <a5ca4db3db9ef101258cab94d6b7e045@kernel.org>
Marc Zyngier <maz@kernel.org> writes:
> On 2022-06-30 17:50, Schspa Shi wrote:
>> Marc Zyngier <maz@kernel.org> writes:
>>
>>> On Thu, 30 Jun 2022 17:12:20 +0100,
>>> Schspa Shi <schspa@gmail.com> wrote:
>>>> If the len is 8 bytes, we can't get the correct sign extend
>>>> for
>>>> be system.
>>> I'm afraid you'll have to give me a bit more details.
>>>
>>>> Fix the mask type len and the comparison of length.
>>>> Signed-off-by: Schspa Shi <schspa@gmail.com>
>>>> ---
>>>> arch/arm64/kvm/mmio.c | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>> diff --git a/arch/arm64/kvm/mmio.c b/arch/arm64/kvm/mmio.c
>>>> index 3dd38a151d2a6..0692f8b18f35c 100644
>>>> --- a/arch/arm64/kvm/mmio.c
>>>> +++ b/arch/arm64/kvm/mmio.c
>>>> @@ -81,8 +81,8 @@ unsigned long kvm_mmio_read_buf(const void
>>>> *buf, unsigned
>>>> int len)
>>>> int kvm_handle_mmio_return(struct kvm_vcpu *vcpu)
>>>> {
>>>> unsigned long data;
>>>> + unsigned long mask;
>>>> unsigned int len;
>>>> - int mask;
>>>> /* Detect an already handled MMIO return */
>>>> if (unlikely(!vcpu->mmio_needed))
>>>> @@ -97,7 +97,7 @@ int kvm_handle_mmio_return(struct kvm_vcpu
>>>> *vcpu)
>>>> data = kvm_mmio_read_buf(run->mmio.data, len);
>>>> if (kvm_vcpu_dabt_issext(vcpu) &&
>>>> - len < sizeof(unsigned long)) {
>>>> + len <= sizeof(unsigned long)) {
>>> If you're reading an 8 byte quantity, what is there to
>>> sign-extend?
>>> Sign extension only makes sense if what you're reading is
>>> *smaller*
>>> than the size of the register you are targeting.
>>>
>> Yes, you are correct, sorry for my bad patch.
>> Please ignore this patch.
>>
>>> I must be missing something. And how is that related to
>>> running BE? BE
>>> in the host? The guest?
>> I mean BE is for guest running with BE mode.
>
> So what problem did you see? If you have noticed something going
> wrong, I'd like to get it fixed.
>
I have running some static code analysis software upon Kernel
code.
Seeing there is possible overflow.
maks << 1U << ((len * 8) -1);
The AI don't know, len is only the value of 1, 2, 4, and make this
a warnings
I tring to analysis this, but didn't realize the real scenario of
sign extension, and finally sent this problematic patch.
I do see some uninitialized memory reads (the values are not used
in the end, just as temporary space for API execution),
do we need to fix these?
> Thanks,
>
> M.
--
Schspa Shi
BRs
next prev parent reply other threads:[~2022-07-01 14:25 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-30 16:12 [PATCH] KVM: arm64: Fix 64 bit mmio handle Schspa Shi
2022-06-30 16:12 ` Schspa Shi
2022-06-30 16:12 ` Schspa Shi
2022-06-30 16:23 ` Marc Zyngier
2022-06-30 16:23 ` Marc Zyngier
2022-06-30 16:23 ` Marc Zyngier
2022-06-30 16:50 ` Schspa Shi
2022-06-30 16:50 ` Schspa Shi
2022-06-30 16:50 ` Schspa Shi
2022-07-01 10:50 ` Marc Zyngier
2022-07-01 10:50 ` Marc Zyngier
2022-07-01 10:50 ` Marc Zyngier
2022-07-01 12:22 ` Schspa Shi [this message]
2022-07-01 12:22 ` Schspa Shi
2022-07-01 12:22 ` Schspa Shi
2022-07-01 13:48 ` Marc Zyngier
2022-07-01 13:48 ` Marc Zyngier
2022-07-01 13:48 ` Marc Zyngier
2022-07-01 14:22 ` Schspa Shi
2022-07-01 14:22 ` Schspa Shi
2022-07-01 14:22 ` Schspa Shi
2022-07-06 7:11 ` Marc Zyngier
2022-07-06 7:11 ` Marc Zyngier
2022-07-06 7:11 ` Marc Zyngier
2022-07-06 11:29 ` Schspa Shi
2022-07-06 11:29 ` Schspa Shi
2022-07-06 11:29 ` Schspa Shi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2sfnlvwup.fsf@gmail.com \
--to=schspa@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.