| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y0Zf6g7ahY2b7MBK@kadam>
Date: Wed, 12 Oct 2022 09:34:18 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: Sean Christopherson <seanjc@...gle.com>, kbuild@...ts.01.org,
Oliver Upton <oupton@...gle.com>, lkp@...el.com,
kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: Re: [kbuild] arch/x86/kvm/x86.c:4988 kvm_arch_tsc_set_attr() warn:
check for integer overflow 'offset'
On Tue, Oct 11, 2022 at 03:02:28PM +0200, Paolo Bonzini wrote:
> On 10/10/22 20:39, Sean Christopherson wrote:
> > > 828ca89628bfcb Oliver Upton 2021-09-16 @4988 tsc = kvm_scale_tsc(vcpu, rdtsc(), vcpu->arch.l1_tsc_scaling_ratio) + offset;
> > >
> > > Smatch hates obvious user triggerable integer overflows... No checking
> > > on offset.
> >
> > This is ok, and even necessary, e.g. if the host TSC > guest TSC.
>
> (which in fact is the common case). Also this is unsigned which is fine
> according to the C standard, though I understand that static analyzers want
> to be stricter.
>
> > Is there anything
> > we can do in KVM to help Smatch avoid false positives? Or do you/Smatch already
> > maintain a list of known false positives?
>
> Seconded.
Thanks for your feedback.
I could probably make a rule to ignore clock related stuff. That's
honestly been a known source of false positives for a while. I kind of
have the infrastructure so it's not super hard to do actually... I'll do
that.
regards,
dan carpenter
Powered by blists - more mailing lists