From: Julien Grall <julien@xen.org>
The documentation requires va_start() to always be matched with a
corresponding va_end(). However, this is not the case in the path used
for bad format.
This was introduced by XSA-296.
Coverity-ID: 1488727
Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
Signed-off-by: Julien Grall <julien@xen.org>
---
xen/arch/arm/domain.c | 1 +
xen/arch/x86/hypercall.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 9e8e9d921d..c0a13aa0ab 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -467,6 +467,7 @@ unsigned long hypercall_create_continuation(
return rc;
bad_fmt:
+ va_end(args);
gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p);
ASSERT_UNREACHABLE();
domain_crash(current->domain);
diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c
index 4643e5eb43..1d42702c6a 100644
--- a/xen/arch/x86/hypercall.c
+++ b/xen/arch/x86/hypercall.c
@@ -157,6 +157,7 @@ unsigned long hypercall_create_continuation(
return op;
bad_fmt:
+ va_end(args);
gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p);
ASSERT_UNREACHABLE();
domain_crash(curr->domain);
--
2.24.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-develOn 20.11.2019 14:37, Julien Grall wrote:
> From: Julien Grall <julien@xen.org>
>
> The documentation requires va_start() to always be matched with a
> corresponding va_end(). However, this is not the case in the path used
> for bad format.
>
> This was introduced by XSA-296.
>
> Coverity-ID: 1488727
> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
> Signed-off-by: Julien Grall <julien@xen.org>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 20/11/2019 13:56, Jan Beulich wrote:
> On 20.11.2019 14:37, Julien Grall wrote:
>> From: Julien Grall <julien@xen.org>
>>
>> The documentation requires va_start() to always be matched with a
>> corresponding va_end(). However, this is not the case in the path used
>> for bad format.
>>
>> This was introduced by XSA-296.
>>
>> Coverity-ID: 1488727
>> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
>> Signed-off-by: Julien Grall <julien@xen.org>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com>
+ Juergen. This is a bugfix to XSA-296 so will end up going out on
older branches.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 20.11.19 15:06, Andrew Cooper wrote:
> On 20/11/2019 13:56, Jan Beulich wrote:
>> On 20.11.2019 14:37, Julien Grall wrote:
>>> From: Julien Grall <julien@xen.org>
>>>
>>> The documentation requires va_start() to always be matched with a
>>> corresponding va_end(). However, this is not the case in the path used
>>> for bad format.
>>>
>>> This was introduced by XSA-296.
>>>
>>> Coverity-ID: 1488727
>>> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
>>> Signed-off-by: Julien Grall <julien@xen.org>
>> Reviewed-by: Jan Beulich <jbeulich@suse.com>
>
> Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
Juergen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
© 2016 - 2025 Red Hat, Inc.