| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jun 2016 14:25:09 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: David Vrabel <dvrabel@...tab.net>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
Cc: xen-devel <xen-devel@...ts.xenproject.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] xen: bug fixes for 4.7-rc0
Having upgraded one of my machines to F24, I get a few new warnings
during the kernel compile due to a new compiler.
Some of them are just annoying and wrong, but one of them points to a
real Xen bug:
arch/x86/xen/mmu.c:1116:57: warning: array subscript is above array
bounds [-Warray-bounds]
for (; vaddr <= vaddr_end && (pmd < (level2_kernel_pgt + PAGE_SIZE));
~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~
because that is definitely completely wrong.
Yes, level2_kernel_pgt is one page in size, but it only has 512
entries, because each entry is 8 bytes.
So that "+ PAGE_SIZE" is entirely bogus. Either it should be
(level2_kernel_pgt + 512)
or it should be
((void *)level2_kernel_pgt + PAGE_SIZE)
but as it stands now it's a bug.
This harkens back to 2012, commit 7f9140626c757 ("xen/mmu: Copy and
revector the P2M tree").
It may be that we end up never actually crossing the pmd boundary
anyway due to vaddr limit - I didn't check. But please fix the code
regardless.
Linus
Powered by blists - more mailing lists