| Message ID | 3b6374c44ae7e4afce427a9ea852d8d1ebbb42b3.1689236671.git.edwin.torok@cloud.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | xenctrl_stubs.c: fix NULL dereference | expand |
> On 13 Jul 2023, at 09:30, Edwin Török <edvin.torok@citrix.com> wrote: > > From: Edwin Török <edwin.torok@cloud.com> > > `Tag_cons` is `0` and is meant to be used as the tag argument for `caml_alloc`/`caml_alloc_small` > when constructing a non-empty list. > The empty list is `Val_emptylist` instead (which is really just `Val_int(0)`). > > Assigning `0` to a list value like this is equivalent to assigning the naked pointer `NULL` to the field. > Naked pointers are not valid in OCaml 5, however even in OCaml <5.x any attempt to iterate on the list will lead to a segfault. > > The list currently only has an opaque type, so no code would have reason to iterate on it currently, > but we shouldn't construct invalid OCaml values that might lead to a crash when exploring the type. > > `Val_emptylist` is available since OCaml 3.01 as a constant. > > Fixes: e5ac68a011 ("x86/hvm: Revert per-domain APIC acceleration support") > > Signed-off-by: Edwin Török <edwin.torok@cloud.com> > --- > tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c > index e4d9070f2d..3703f48c74 100644 > --- a/tools/ocaml/libs/xc/xenctrl_stubs.c > +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c > @@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info) > > tag = 1; /* tag x86 */ > > - arch_obj = Tag_cons; > + arch_obj = Val_emptylist; > > #endif > > -- > 2.41.0 > Acked-by: Christian Lindig <christian.lindig@cloud.com>
On 13.07.2023 10:30, Edwin Török wrote: > --- a/tools/ocaml/libs/xc/xenctrl_stubs.c > +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c > @@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info) > > tag = 1; /* tag x86 */ > > - arch_obj = Tag_cons; > + arch_obj = Val_emptylist; > > #endif > Since, aiui, this also affects 4.17, but the patch as is doesn't apply there, could you please provide a suitable backport of what went onto the master branch? Thanks, Jan
On 03/08/2023 11:15 am, Jan Beulich wrote: > On 13.07.2023 10:30, Edwin Török wrote: >> --- a/tools/ocaml/libs/xc/xenctrl_stubs.c >> +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c >> @@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info) >> >> tag = 1; /* tag x86 */ >> >> - arch_obj = Tag_cons; >> + arch_obj = Val_emptylist; >> >> #endif >> > Since, aiui, this also affects 4.17, but the patch as is doesn't apply > there, could you please provide a suitable backport of what went onto > the master branch? diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index facb5615776b..7de2ff544428 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -748,7 +748,7 @@ CAMLprim value stub_xc_physinfo(value xch) Store_field(physinfo, 9, Val_int(c_physinfo.max_cpu_id + 1)); #if defined(__i386__) || defined(__x86_64__) - arch_cap_list = Tag_cons; + arch_cap_list = Val_emptylist; arch_cap_flags_tag = 1; /* tag x86 */ #else This logic got factored out of stub_xc_physinfo() into the new physinfo_arch_caps() as part of the ARM SVE work in 4.18. ~Andrew
diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index e4d9070f2d..3703f48c74 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info) tag = 1; /* tag x86 */ - arch_obj = Tag_cons; + arch_obj = Val_emptylist; #endif