xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Chester Lin <czylin@uwaterloo.ca>
To: xen-devel@lists.xen.org
Cc: ian.campbell@citrix.com, stefano.stabellini@eu.citrix.com,
	george.dunlap@eu.citrix.com, dario.faggioli@citrix.com,
	ian.jackson@eu.citrix.com, Chester Lin <czylin@uwaterloo.ca>,
	jtotto@uwaterloo.ca, JBeulich@suse.com, hjarmstr@uwaterloo.ca
Subject: [PATCH v2 3/5] n16550: add sanity check for reg_shift
Date: Tue, 19 Jan 2016 00:57:57 -0500	[thread overview]
Message-ID: <1453183077-50542-1-git-send-email-czylin@uwaterloo.ca> (raw)
In-Reply-To: <568CEBD002000078000C3D17@prv-mh.provo.novell.com>

Fix CID 1343302 by adding checking a check on the value of reg_shift.
This patch also rolls the multiplication by 8 into the shift.
No functional changes.

Suggested-by: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Chester Lin <czylin@uwaterloo.ca>
---
 xen/drivers/char/ns16550.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c
index bc24015..55cfc45 100644
--- a/xen/drivers/char/ns16550.c
+++ b/xen/drivers/char/ns16550.c
@@ -913,7 +913,8 @@ pci_uart_config(struct ns16550 *uart, bool_t skip_amt, unsigned int bar_idx)
                          * Force length of mmio region to be at least
                          * 8 bytes times (1 << reg_shift)
                          */
-                        if ( size < (0x8 * (1 << uart_param[p].reg_shift)) )
+                        if ( uart_param[p].reg_shift > 27 ||
+                             size < (1 << (uart_param[p].reg_shift + 3)) )
                             continue;
 
                         if ( bar_idx >= uart_param[p].max_bars )
-- 
1.9.5.msysgit.0

  reply	other threads:[~2016-01-19  5:57 UTC|newest]

Thread overview: 51+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-04 20:26 Taking on a Xen development project jtotto
2015-12-10 10:59 ` Wei Liu
2015-12-10 17:23 ` Andrew Cooper
2015-12-12  2:19   ` Yang Hongyang
2015-12-12 22:30     ` Joshua Otto
2015-12-12 23:02       ` Andrew Cooper
2015-12-14 22:49         ` Joshua Otto
2015-12-11 13:52 ` Ian Campbell
2015-12-12 22:07   ` Joshua Otto
2015-12-14 11:08     ` Ian Campbell
2015-12-14 22:59       ` Joshua Otto
2015-12-15 15:48         ` Ian Campbell
2015-12-28  5:16       ` Coverity tidying Joshua Otto
2015-12-28  5:16         ` [PATCH 1/5] libxl: tidy libxl_get_scheduler() according to CODING_STYLE Joshua Otto
2016-01-04 16:23           ` Ian Campbell
2016-01-05  8:20             ` Dario Faggioli
2016-01-19  5:57               ` [PATCH v2 " Chester Lin
2016-01-19  9:14                 ` Dario Faggioli
2016-01-19 11:28                 ` Wei Liu
2016-01-19 11:35                   ` Ian Campbell
2015-12-28  5:16         ` [PATCH 2/5] libxl: make GC_FREE reachable in libxl_get_scheduler() Joshua Otto
2016-01-04 16:29           ` Ian Campbell
2016-01-05  8:49             ` Dario Faggioli
2016-01-05 11:16               ` Ian Campbell
2016-01-19  5:57                 ` [PATCH v2 " Chester Lin
2016-01-19  9:08                   ` Dario Faggioli
2016-01-19 14:15                   ` Ian Jackson
2015-12-28  5:16         ` [PATCH 3/5] ns16550: widen an integer constant for Coverity Joshua Otto
2016-01-04 16:36           ` Ian Campbell
2016-01-06  9:26             ` Jan Beulich
2016-01-19  5:57               ` Chester Lin [this message]
2016-01-19 13:32                 ` [PATCH v2 3/5] n16550: add sanity check for reg_shift Jan Beulich
2016-01-25  0:41                   ` czylin
2015-12-28  5:16         ` [PATCH 4/5] credit: remove pointless local variable initialization Joshua Otto
2015-12-28  5:16         ` [PATCH 5/5] libxl: Add explicit cast to libxl_psr_cat_set_cbm Joshua Otto
2016-01-04 16:40           ` Ian Campbell
2016-01-19  5:58             ` [PATCH v2 " Chester Lin
2016-01-19  8:34               ` Dario Faggioli
2016-01-19 14:06               ` Ian Jackson
2016-01-19 14:21                 ` Ian Campbell
2016-01-19 14:28                   ` Dario Faggioli
2016-01-19 14:33                     ` Ian Jackson
2016-01-19 14:31                   ` George Dunlap
2016-01-19 14:31                 ` Ian Campbell
2016-01-19 14:35                   ` Ian Jackson
2017-01-12 18:08                     ` George Dunlap
2017-01-13  9:05                       ` Dario Faggioli
2015-12-28  9:34         ` Coverity tidying Andrew Cooper
2016-01-01  3:14           ` [PATCH] svm: rephrase local variable use for Coverity Joshua Otto
2016-01-06 13:24             ` Jan Beulich
2016-01-06 14:33               ` Boris Ostrovsky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1453183077-50542-1-git-send-email-czylin@uwaterloo.ca \
    --to=czylin@uwaterloo.ca \
    --cc=JBeulich@suse.com \
    --cc=dario.faggioli@citrix.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=hjarmstr@uwaterloo.ca \
    --cc=ian.campbell@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jtotto@uwaterloo.ca \
    --cc=stefano.stabellini@eu.citrix.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).