From patchwork Tue Sep 11 14:31:36 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fengguang Wu <fengguang.wu@intel.com>
X-Patchwork-Id: 1438411
Return-Path: <kvm-owner@vger.kernel.org>
X-Original-To: patchwork-kvm@patchwork.kernel.org
Delivered-To: patchwork-process-083081@patchwork2.kernel.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by patchwork2.kernel.org (Postfix) with ESMTP id C0A40DFFCF
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue, 11 Sep 2012 14:32:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758653Ab2IKOb5 (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Tue, 11 Sep 2012 10:31:57 -0400
Received: from mga01.intel.com ([192.55.52.88]:32906 "EHLO mga01.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751803Ab2IKObn (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 11 Sep 2012 10:31:43 -0400
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
	by fmsmga101.fm.intel.com with ESMTP; 11 Sep 2012 07:31:43 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.80,405,1344236400"; d="scan'208";a="220744195"
Received: from unknown (HELO wfg-t420.sh.intel.com) ([10.255.21.3])
	by fmsmga001.fm.intel.com with ESMTP; 11 Sep 2012 07:31:42 -0700
Received: from wfg by wfg-t420.sh.intel.com with local (Exim 4.77)
	(envelope-from <fengguang.wu@intel.com>)
	id 1TBRV2-0001jF-BQ; Tue, 11 Sep 2012 22:31:36 +0800
Date: Tue, 11 Sep 2012 22:31:36 +0800
From: Fengguang Wu <fengguang.wu@intel.com>
To: Avi Kivity <avi@redhat.com>
Cc: kernel-janitors@vger.kernel.org, kvm@vger.kernel.org
Subject: [kvm:next 1/1] arch/x86/kvm/emulate.c:232 writeback_registers()
	error: buffer overflow 'ctxt->_regs' 9 <= 15
Message-ID: <20120911143136.GA5736@localhost>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Heirloom mailx 12.5 6/20/10
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org

Hi Avi,

In the kvm/next branch, sparse warns about

arch/x86/kvm/emulate.c:232 writeback_registers() error: buffer overflow 'ctxt->_regs' 9 <= 15

This is because the array definition is ctxt._regs[NR_VCPU_REGS] where
NR_VCPU_REGS=9 for i386 and 17 for x86_64.

It could be fixed by changing the hard coded 16 to (NR_VCPU_REGS-1).
And I wonder whether you actually want NR_VCPU_REGS here?

Thanks,
Fengguang
---
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- linux-next.orig/arch/x86/kvm/emulate.c	2012-09-11 20:14:00.537475301 +0800
+++ linux-next/arch/x86/kvm/emulate.c	2012-09-11 22:21:57.569227558 +0800
@@ -228,7 +228,7 @@ static void writeback_registers(struct x
 {
 	unsigned reg;
 
-	for_each_set_bit(reg, (ulong *)&ctxt->regs_dirty, 16)
+	for_each_set_bit(reg, (ulong *)&ctxt->regs_dirty, NR_VCPU_REGS)
 		ctxt->ops->write_gpr(ctxt, reg, ctxt->_regs[reg]);
 }