xen: Add missing va_end() in hypercall_create_continuation()
diff mbox series

Message ID 20191120133751.67925-1-jgrall@amazon.com
State New
Headers show
Series
  • xen: Add missing va_end() in hypercall_create_continuation()
Related show

Commit Message

Julien Grall Nov. 20, 2019, 1:37 p.m. UTC
From: Julien Grall <julien@xen.org>

The documentation requires va_start() to always be matched with a
corresponding va_end(). However, this is not the case in the path used
for bad format.

This was introduced by XSA-296.

Coverity-ID: 1488727
Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
Signed-off-by: Julien Grall <julien@xen.org>
---
 xen/arch/arm/domain.c    | 1 +
 xen/arch/x86/hypercall.c | 1 +
 2 files changed, 2 insertions(+)

Comments

Jan Beulich Nov. 20, 2019, 1:56 p.m. UTC | #1
On 20.11.2019 14:37, Julien Grall wrote:
> From: Julien Grall <julien@xen.org>
> 
> The documentation requires va_start() to always be matched with a
> corresponding va_end(). However, this is not the case in the path used
> for bad format.
> 
> This was introduced by XSA-296.
> 
> Coverity-ID: 1488727
> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
> Signed-off-by: Julien Grall <julien@xen.org>

Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper Nov. 20, 2019, 2:06 p.m. UTC | #2
On 20/11/2019 13:56, Jan Beulich wrote:
> On 20.11.2019 14:37, Julien Grall wrote:
>> From: Julien Grall <julien@xen.org>
>>
>> The documentation requires va_start() to always be matched with a
>> corresponding va_end(). However, this is not the case in the path used
>> for bad format.
>>
>> This was introduced by XSA-296.
>>
>> Coverity-ID: 1488727
>> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
>> Signed-off-by: Julien Grall <julien@xen.org>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com>

+ Juergen.  This is a bugfix to XSA-296 so will end up going out on
older branches.

~Andrew
Jürgen Groß Nov. 20, 2019, 2:56 p.m. UTC | #3
On 20.11.19 15:06, Andrew Cooper wrote:
> On 20/11/2019 13:56, Jan Beulich wrote:
>> On 20.11.2019 14:37, Julien Grall wrote:
>>> From: Julien Grall <julien@xen.org>
>>>
>>> The documentation requires va_start() to always be matched with a
>>> corresponding va_end(). However, this is not the case in the path used
>>> for bad format.
>>>
>>> This was introduced by XSA-296.
>>>
>>> Coverity-ID: 1488727
>>> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
>>> Signed-off-by: Julien Grall <julien@xen.org>
>> Reviewed-by: Jan Beulich <jbeulich@suse.com>
> 
> Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com>

Release-acked-by: Juergen Gross <jgross@suse.com>


Juergen

Patch
diff mbox series

diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 9e8e9d921d..c0a13aa0ab 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -467,6 +467,7 @@  unsigned long hypercall_create_continuation(
     return rc;
 
  bad_fmt:
+    va_end(args);
     gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p);
     ASSERT_UNREACHABLE();
     domain_crash(current->domain);
diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c
index 4643e5eb43..1d42702c6a 100644
--- a/xen/arch/x86/hypercall.c
+++ b/xen/arch/x86/hypercall.c
@@ -157,6 +157,7 @@  unsigned long hypercall_create_continuation(
     return op;
 
  bad_fmt:
+    va_end(args);
     gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p);
     ASSERT_UNREACHABLE();
     domain_crash(curr->domain);