[libvirt] [PATCH 11/11] hypervisor: Revisit Coverity issues regarding cpumap
Eric Blake
eblake at redhat.com
Mon Feb 11 23:35:55 UTC 2013
On 02/11/2013 10:24 AM, Eric Blake wrote:
> On 01/30/2013 11:51 AM, John Ferlan wrote:
>> Turns out the issue regarding ptr_arith and sign_exension weren't false
>> positives. When shifting an 'unsigned char' as a target, it gets promoted
>> to an 'int'; however, that 'int' cannot be shifted 32 bits which was how
>> the algorithm was written. For the ptr_arith rather than index into the
>> cpumap, change the to address as necessary and assign directly.
>> ---
>> src/xen/xen_hypervisor.c | 10 +++++-----
>
>> for (j = 0; j < maplen; j++) {
>> - /* coverity[ptr_arith] */
>> - /* coverity[sign_extension] */
>> - *(pm + (j / 8)) |= cpumap[j] << (8 * (j & 7));
>> + if ((j & 7) == 0)
>> + pm = (uint64_t *)((uint64_t)&xen_cpumap + (j & ~0x7UL));
>
> I'm not happy with how this turned out. We are turning an address into
> a pointer but not via intptr_t (probably warnings on mingw); then doing
> math on that pointer, then turning the result back into a uint64_t
> pointer. It looks like we are risking alignment errors.
>
>> + *pm |= (uint64_t)cpumap[j] << (8 * (j & 7));
More research - I think this is highly over-engineered, which explains
why we got it so wrong. I checked a full range of xen-devel, from RHEL
5 (3.0.3, about as old as we support out-of-the-box with libvirt.git) to
Fedora 18 (4.2.1); ALL of those versions had:
/usr/include/xen/dom0_ops.h: typedef uint64_t cpumap_t;
which means this type has (more or less) _always_ been exactly 64 bits;
the code that tries to allow for iterating through 16 bytes instead of 8
is over-engineered. Really, _ALL_ we are doing is reading a
little-endian 64-bit number in from the user (possibly in unaligned
memory), and turning it into a host-endian cpumap_t to hand to xen.
I should have a patch soon.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130211/0c764cf6/attachment-0001.sig>
More information about the libvir-list
mailing list