]> xenbits.xensource.com Git - xen.git/commitdiff
projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 05292f9)
xen/spinlock: Fix UBSAN "load of address with insufficient space" in lock_prof_init()
authorAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 29 Oct 2024 15:30:41 +0000 (16:30 +0100)
committerJan Beulich <jbeulich@suse.com>
Tue, 29 Oct 2024 15:30:41 +0000 (16:30 +0100)
UBSAN complains:

  (XEN) ================================================================================
  (XEN) UBSAN: Undefined behaviour in common/spinlock.c:794:10
  (XEN) load of address ffff82d040ae24c8 with insufficient space
  (XEN) for an object of type 'struct lock_profile *'
  (XEN) ----[ Xen-4.20-unstable  x86_64  debug=y ubsan=y  Tainted:   C    ]----

This shows up with GCC-14, but not with GCC-12.  I have not bisected further.

Either way, the types for __lock_profile_{start,end} are incorrect.

They are an array of struct lock_profile pointers.  Correct the extern's
types, and adjust the loop to match.

No practical change.

Reported-by: Andreas Glashauser <ag@andreasglashauser.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
master commit: 542ac112fc68c66cfafc577e252404c21da4f75b
master date: 2024-10-14 16:14:26 +0100

xen/common/spinlock.c patch | blob | blame | history

diff --git a/xen/common/spinlock.c b/xen/common/spinlock.c
index 28c6e9d3ac6089d69060fe34fb34e66e5fd6f548..e672b1041c8d20f3c44ab99f38a58c43abc5a88a 100644 (file)
--- a/xen/common/spinlock.c
+++ b/xen/common/spinlock.c
@@ -607,9 +607,6 @@ struct lock_profile_anc {
 typedef void lock_profile_subfunc(struct lock_profile *data, int32_t type,
     int32_t idx, void *par);
 
-extern struct lock_profile *__lock_profile_start;
-extern struct lock_profile *__lock_profile_end;
-
 static s_time_t lock_profile_start;
 static struct lock_profile_anc lock_profile_ancs[] = {
     [LOCKPROF_TYPE_GLOBAL] = { .name = "Global" },
@@ -779,13 +776,16 @@ void _lock_profile_deregister_struct(
     spin_unlock(&lock_profile_lock);
 }
 
+extern struct lock_profile *__lock_profile_start[];
+extern struct lock_profile *__lock_profile_end[];
+
 static int __init cf_check lock_prof_init(void)
 {
     struct lock_profile **q;
 
     BUILD_BUG_ON(ARRAY_SIZE(lock_profile_ancs) != LOCKPROF_TYPE_N);
 
-    for ( q = &__lock_profile_start; q < &__lock_profile_end; q++ )
+    for ( q = __lock_profile_start; q < __lock_profile_end; q++ )
     {
         (*q)->next = lock_profile_glb_q.elem_q;
         lock_profile_glb_q.elem_q = *q;
Xen (staging and unstable) mirror