From patchwork Tue Jul 4 15:12:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Zhijian Li (Fujitsu)\" via" X-Patchwork-Id: 13301374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DBFB4EB64D9 for ; Tue, 4 Jul 2023 15:13:23 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qGhiH-0003mj-CR; Tue, 04 Jul 2023 11:13:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qGhiE-0003hJ-Hu for qemu-devel@nongnu.org; Tue, 04 Jul 2023 11:13:06 -0400 Received: from smtp-fw-9103.amazon.com ([207.171.188.200]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qGhiC-000867-9H for qemu-devel@nongnu.org; Tue, 04 Jul 2023 11:13:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazon201209; t=1688483584; x=1720019584; h=from:to:cc:subject:date:message-id:references: in-reply-to; bh=G4zchxGYtYwOGh9FLa4sAzq7JCB+tDZQsbwmCadS7dw=; b=Z+I5lohoZ/w3X2LQPzcppKsBybcOpkWFAzxO0rlzOZtMU7UuRYPNG7i8 opo15AT5B2Va+BST5DeeQc9PFzexNkeRoXNT3jQq4nJP1oZ1n1qRbGuqZ kTe2YXHw6tUY14ghtGhrpLBZIo5Z2ahvDtq9ByHB0sN4a497RgXBeCHEb 8=; X-Amazon-filename: smime.p7s X-IronPort-AV: E=Sophos;i="6.01,181,1684800000"; d="p7s'?scan'208";a="1141150388" MIME-Version: 1.0 Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-pdx-2c-m6i4x-f7c754c9.us-west-2.amazon.com) ([10.25.36.214]) by smtp-border-fw-9103.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jul 2023 15:12:53 +0000 Received: from EX19MTAUEA001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2c-m6i4x-f7c754c9.us-west-2.amazon.com (Postfix) with ESMTPS id 8FE8640D60; Tue, 4 Jul 2023 15:12:53 +0000 (UTC) Received: from EX19D008UEC004.ant.amazon.com (10.252.135.170) by EX19MTAUEA001.ant.amazon.com (10.252.134.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Tue, 4 Jul 2023 15:12:45 +0000 Received: from EX19D008UEC001.ant.amazon.com (10.252.135.232) by EX19D008UEC004.ant.amazon.com (10.252.135.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.30; Tue, 4 Jul 2023 15:12:45 +0000 Received: from EX19D008UEC001.ant.amazon.com ([fe80::4702:5d1a:c556:797]) by EX19D008UEC001.ant.amazon.com ([fe80::4702:5d1a:c556:797%3]) with mapi id 15.02.1118.030; Tue, 4 Jul 2023 15:12:45 +0000 To: "peter.maydell@linaro.org" , "pbonzini@redhat.com" CC: "qemu-devel@nongnu.org" , "paul@xen.org" Subject: [PATCH] i386/xen: fix off-by-one in xen_evtchn_set_gsi() Thread-Topic: [PATCH] i386/xen: fix off-by-one in xen_evtchn_set_gsi() Thread-Index: AQHZron8iF7VJjXs5kWTD2FxIbnv+w== Date: Tue, 4 Jul 2023 15:12:45 +0000 Message-ID: <4eb4c9868798cbfd2819c317a80037f4820b0502.camel@amazon.co.uk> References: <20230302123029.153265-1-pbonzini@redhat.com> <20230302123029.153265-57-pbonzini@redhat.com> In-Reply-To: Accept-Language: en-GB, en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [10.106.83.21] MIME-Version: 1.0 Precedence: Bulk Received-SPF: pass client-ip=207.171.188.200; envelope-from=prvs=5423dbf64=dwmw@amazon.co.uk; helo=smtp-fw-9103.amazon.com X-Spam_score_int: -118 X-Spam_score: -11.9 X-Spam_bar: ----------- X-Spam_report: (-11.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_SPF_WL=-7.5 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: "Woodhouse, David" X-Patchwork-Original-From: "Woodhouse, David" via From: "Zhijian Li (Fujitsu)\" via" Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Coverity points out (CID 1508128) a bounds checking error. We need to check for gsi >= IOAPIC_NUM_PINS, not just greater-than. Also fix up an assert() that has the same problem, that Coverity didn't see. Signed-off-by: David Woodhouse Reviewed-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- hw/i386/kvm/xen_evtchn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c index 3d810dbd59..0e9c108614 100644 --- a/hw/i386/kvm/xen_evtchn.c +++ b/hw/i386/kvm/xen_evtchn.c @@ -1587,7 +1587,7 @@ static int allocate_pirq(XenEvtchnState *s, int type, int gsi) found: pirq_inuse_word(s, pirq) |= pirq_inuse_bit(pirq); if (gsi >= 0) { - assert(gsi <= IOAPIC_NUM_PINS); + assert(gsi < IOAPIC_NUM_PINS); s->gsi_pirq[gsi] = pirq; } s->pirq[pirq].gsi = gsi; @@ -1601,7 +1601,7 @@ bool xen_evtchn_set_gsi(int gsi, int level) assert(qemu_mutex_iothread_locked()); - if (!s || gsi < 0 || gsi > IOAPIC_NUM_PINS) { + if (!s || gsi < 0 || gsi >= IOAPIC_NUM_PINS) { return false; }