Re: [libvirt] [PATCH 11/11] hypervisor: Revisit Coverity issues regarding cpumap
On 02/11/2013 10:24 AM, Eric Blake wrote:
On 01/30/2013 11:51 AM, John Ferlan wrote:
> Turns out the issue regarding ptr_arith and sign_exension weren't false
> positives. When shifting an 'unsigned char' as a target, it gets promoted
> to an 'int'; however, that 'int' cannot be shifted 32 bits which was
how
> the algorithm was written. For the ptr_arith rather than index into the
> cpumap, change the to address as necessary and assign directly.
> ---
> src/xen/xen_hypervisor.c | 10 +++++-----
> for (j = 0; j < maplen; j++) {
> - /* coverity[ptr_arith] */
> - /* coverity[sign_extension] */
> - *(pm + (j / 8)) |= cpumap[j] << (8 * (j & 7));
> + if ((j & 7) == 0)
> + pm = (uint64_t *)((uint64_t)&xen_cpumap + (j & ~0x7UL));
I'm not happy with how this turned out. We are turning an address into
a pointer but not via intptr_t (probably warnings on mingw); then doing
math on that pointer, then turning the result back into a uint64_t
pointer. It looks like we are risking alignment errors.
> + *pm |= (uint64_t)cpumap[j] << (8 * (j & 7));
More research - I think this is highly over-engineered, which explains
why we got it so wrong. I checked a full range of xen-devel, from RHEL
5 (3.0.3, about as old as we support out-of-the-box with libvirt.git) to
Fedora 18 (4.2.1); ALL of those versions had:
/usr/include/xen/dom0_ops.h: typedef uint64_t cpumap_t;
which means this type has (more or less) _always_ been exactly 64 bits;
the code that tries to allow for iterating through 16 bytes instead of 8
is over-engineered. Really, _ALL_ we are doing is reading a
little-endian 64-bit number in from the user (possibly in unaligned
memory), and turning it into a host-endian cpumap_t to hand to xen.
I should have a patch soon.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 621 bytes)