Message ID | 20191120133751.67925-1-jgrall@amazon.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | xen: Add missing va_end() in hypercall_create_continuation() | expand |
On 20.11.2019 14:37, Julien Grall wrote: > From: Julien Grall <julien@xen.org> > > The documentation requires va_start() to always be matched with a > corresponding va_end(). However, this is not the case in the path used > for bad format. > > This was introduced by XSA-296. > > Coverity-ID: 1488727 > Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()") > Signed-off-by: Julien Grall <julien@xen.org> Reviewed-by: Jan Beulich <jbeulich@suse.com>
On 20/11/2019 13:56, Jan Beulich wrote: > On 20.11.2019 14:37, Julien Grall wrote: >> From: Julien Grall <julien@xen.org> >> >> The documentation requires va_start() to always be matched with a >> corresponding va_end(). However, this is not the case in the path used >> for bad format. >> >> This was introduced by XSA-296. >> >> Coverity-ID: 1488727 >> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()") >> Signed-off-by: Julien Grall <julien@xen.org> > Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com> + Juergen. This is a bugfix to XSA-296 so will end up going out on older branches. ~Andrew
On 20.11.19 15:06, Andrew Cooper wrote: > On 20/11/2019 13:56, Jan Beulich wrote: >> On 20.11.2019 14:37, Julien Grall wrote: >>> From: Julien Grall <julien@xen.org> >>> >>> The documentation requires va_start() to always be matched with a >>> corresponding va_end(). However, this is not the case in the path used >>> for bad format. >>> >>> This was introduced by XSA-296. >>> >>> Coverity-ID: 1488727 >>> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()") >>> Signed-off-by: Julien Grall <julien@xen.org> >> Reviewed-by: Jan Beulich <jbeulich@suse.com> > > Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com> Release-acked-by: Juergen Gross <jgross@suse.com> Juergen
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 9e8e9d921d..c0a13aa0ab 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -467,6 +467,7 @@ unsigned long hypercall_create_continuation( return rc; bad_fmt: + va_end(args); gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p); ASSERT_UNREACHABLE(); domain_crash(current->domain); diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c index 4643e5eb43..1d42702c6a 100644 --- a/xen/arch/x86/hypercall.c +++ b/xen/arch/x86/hypercall.c @@ -157,6 +157,7 @@ unsigned long hypercall_create_continuation( return op; bad_fmt: + va_end(args); gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p); ASSERT_UNREACHABLE(); domain_crash(curr->domain);