[PATCH] KVM: arm64: Fix 64 bit mmio handle
Schspa Shi
schspa at gmail.com
Fri Jul 1 05:22:21 PDT 2022
Marc Zyngier <maz at kernel.org> writes:
> On 2022-06-30 17:50, Schspa Shi wrote:
>> Marc Zyngier <maz at kernel.org> writes:
>>
>>> On Thu, 30 Jun 2022 17:12:20 +0100,
>>> Schspa Shi <schspa at gmail.com> wrote:
>>>> If the len is 8 bytes, we can't get the correct sign extend
>>>> for
>>>> be system.
>>> I'm afraid you'll have to give me a bit more details.
>>>
>>>> Fix the mask type len and the comparison of length.
>>>> Signed-off-by: Schspa Shi <schspa at gmail.com>
>>>> ---
>>>> arch/arm64/kvm/mmio.c | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>> diff --git a/arch/arm64/kvm/mmio.c b/arch/arm64/kvm/mmio.c
>>>> index 3dd38a151d2a6..0692f8b18f35c 100644
>>>> --- a/arch/arm64/kvm/mmio.c
>>>> +++ b/arch/arm64/kvm/mmio.c
>>>> @@ -81,8 +81,8 @@ unsigned long kvm_mmio_read_buf(const void
>>>> *buf, unsigned
>>>> int len)
>>>> int kvm_handle_mmio_return(struct kvm_vcpu *vcpu)
>>>> {
>>>> unsigned long data;
>>>> + unsigned long mask;
>>>> unsigned int len;
>>>> - int mask;
>>>> /* Detect an already handled MMIO return */
>>>> if (unlikely(!vcpu->mmio_needed))
>>>> @@ -97,7 +97,7 @@ int kvm_handle_mmio_return(struct kvm_vcpu
>>>> *vcpu)
>>>> data = kvm_mmio_read_buf(run->mmio.data, len);
>>>> if (kvm_vcpu_dabt_issext(vcpu) &&
>>>> - len < sizeof(unsigned long)) {
>>>> + len <= sizeof(unsigned long)) {
>>> If you're reading an 8 byte quantity, what is there to
>>> sign-extend?
>>> Sign extension only makes sense if what you're reading is
>>> *smaller*
>>> than the size of the register you are targeting.
>>>
>> Yes, you are correct, sorry for my bad patch.
>> Please ignore this patch.
>>
>>> I must be missing something. And how is that related to
>>> running BE? BE
>>> in the host? The guest?
>> I mean BE is for guest running with BE mode.
>
> So what problem did you see? If you have noticed something going
> wrong, I'd like to get it fixed.
>
I have running some static code analysis software upon Kernel
code.
Seeing there is possible overflow.
maks << 1U << ((len * 8) -1);
The AI don't know, len is only the value of 1, 2, 4, and make this
a warnings
I tring to analysis this, but didn't realize the real scenario of
sign extension, and finally sent this problematic patch.
I do see some uninitialized memory reads (the values are not used
in the end, just as temporary space for API execution),
do we need to fix these?
> Thanks,
>
> M.
--
Schspa Shi
BRs
More information about the linux-arm-kernel
mailing list