From patchwork Wed Jun 21 16:37:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Razvan Cojocaru X-Patchwork-Id: 9802295 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EB65560329 for ; Wed, 21 Jun 2017 16:40:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2833D28563 for ; Wed, 21 Jun 2017 16:39:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1CBDF285F9; Wed, 21 Jun 2017 16:39:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A32C528563 for ; Wed, 21 Jun 2017 16:39:55 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNidg-0005rw-6d; Wed, 21 Jun 2017 16:37:56 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNidf-0005rk-3p for xen-devel@lists.xen.org; Wed, 21 Jun 2017 16:37:55 +0000 Received: from [85.158.143.35] by server-10.bemta-6.messagelabs.com id 3A/C1-03613-2E0AA495; Wed, 21 Jun 2017 16:37:54 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprCIsWRWlGSWpSXmKPExsUSfTxjoe7DBV6 RBqvm6Fss+biYxYHR4+ju30wBjFGsmXlJ+RUJrBlHrs9jK9jPUXHvTCtTA+M7ti5GTg4hAQ+J TzP3MXcxcgHZaxklDu+dCeVcY5TY2nWUGabq0P4+NojEHkaJy19PgCXYBAwlVm9sARslIiAtc e3zZUYQm1mgVOLWzz9MILawQLDElM+vwGpYBFQlvm7dywJi8wINffl8AdgcCQE5iZPHJrNC2D kSTTcWANkcQLaUxP9WJZC9EgJrWSS+7TvECFEjI/Fo4k22CYwCCxgZVjFqFKcWlaUW6RoZ6iU VZaZnlOQmZuboGhqY6eWmFhcnpqfmJCYV6yXn525iBIYWAxDsYPyzLOAQoyQHk5IoL/Mkr0gh vqT8lMqMxOKM+KLSnNTiQ4wyHBxKEryswFAVEixKTU+tSMvMAQY5TFqCg0dJhPfMVKA0b3FBY m5xZjpE6hSjopQ474r5QAkBkERGaR5cGyyyLjHKSgnzMgIdIsRTkFqUm1mCKv+KUZyDUUmYd/ VcoCk8mXklcNNfAS1mAlr84ogHyOKSRISUVAMjZwHrjJYT15U/rjedwP2q1tRsuu0Bvkdz5k5 1bMu9Gb9D6M2dDzlRqVz3v7iV/cgLzlzUKqWwsM6y7miIuewatoRInnsfU0u3BCirc9wxevqA SSE7MvUoe/6aCdKbDkk+fqKQ/5H59JboiWqZqf8/PI28FvYq803EdUMvy5+JLJEl6w993P9Zi aU4I9FQi7moOBEAd0ffw6cCAAA= X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-13.tower-21.messagelabs.com!1498063073!69145823!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.19; banners=-,-,- X-VirusChecked: Checked Received: (qmail 52569 invoked from network); 21 Jun 2017 16:37:53 -0000 Received: from mx01.bbu.dsd.mx.bitdefender.com (HELO mx01.bbu.dsd.mx.bitdefender.com) (91.199.104.161) by server-13.tower-21.messagelabs.com with DHE-RSA-AES128-GCM-SHA256 encrypted SMTP; 21 Jun 2017 16:37:53 -0000 Received: (qmail 19824 invoked from network); 21 Jun 2017 19:37:52 +0300 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.bbu.dsd.mx.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 21 Jun 2017 19:37:52 +0300 Received: from smtp03.buh.bitdefender.org (smtp.bitdefender.biz [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 4359B7FBEA for ; Wed, 21 Jun 2017 19:37:52 +0300 (EEST) Received: (qmail 28408 invoked from network); 21 Jun 2017 19:37:52 +0300 Received: from unknown (HELO xen.dsd.bitdefender.biz) (rcojocaru@bitdefender.com@10.10.14.109) by smtp03.buh.bitdefender.org with AES128-SHA256 encrypted SMTP; 21 Jun 2017 19:37:52 +0300 From: Razvan Cojocaru To: xen-devel@lists.xen.org Date: Wed, 21 Jun 2017 19:37:31 +0300 Message-Id: <1498063051-9905-1-git-send-email-rcojocaru@bitdefender.com> X-Mailer: git-send-email 1.9.1 X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.6 on smtp03.buh.bitdefender.org, sigver: 7.71954 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.8.1074, Dats: 452738, Stamp: 3], Multi: [Enabled, t: (0.000011, 0.006882)], BW: [Enabled, t: (0.000011)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.003491), Flags: 85D2ED72; NN_S_TWO_SPACES_ADN; NN_NO_CONTENT_TYPE; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS; NN_LEGIT_MAILING_LIST_TO], SGN: [Enabled, t: (0.013917,0.000065)], URL: [Enabled, t: (0.000005, 0.000001)], RTDA: [Enabled, t: (0.099896), Hit: No, Details: v2.5.1; Id: 15.5f45gp.1bimp9vbp.50ovd], total: 0(775) X-BitDefender-CF-Stamp: none Cc: andrew.cooper3@citrix.com, tamas@tklengyel.com, Razvan Cojocaru , jbeulich@suse.com Subject: [Xen-devel] [PATCH V3] x86/monitor: Fixed CID 1412966: Memory - corruptions (OVERRUN) X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Fixed an issue where the maximum index allowed (31) goes beyond the actual number of array elements (4) of ad->monitor.write_ctrlreg_mask. Coverity-ID: 1412966 Signed-off-by: Razvan Cojocaru Reviewed-by: Andrew Cooper --- Changes since V2: - Removed stale comment. - Indentation. - Added Reviewed-by. --- xen/arch/x86/monitor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/monitor.c b/xen/arch/x86/monitor.c index bedf13c..764195a 100644 --- a/xen/arch/x86/monitor.c +++ b/xen/arch/x86/monitor.c @@ -132,8 +132,8 @@ int arch_monitor_domctl_event(struct domain *d, unsigned int ctrlreg_bitmask; bool_t old_status; - /* sanity check: avoid left-shift undefined behavior */ - if ( unlikely(mop->u.mov_to_cr.index > 31) ) + if ( unlikely(mop->u.mov_to_cr.index >= + ARRAY_SIZE(ad->monitor.write_ctrlreg_mask)) ) return -EINVAL; if ( unlikely(mop->u.mov_to_cr.pad1 || mop->u.mov_to_cr.pad2) )