From: Julien Grall <julien@xen.org>
The documentation requires va_start() to always be matched with a
corresponding va_end(). However, this is not the case in the path used
for bad format.
This was introduced by XSA-296.
Coverity-ID: 1488727
Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()")
Signed-off-by: Julien Grall <julien@xen.org>
---
xen/arch/arm/domain.c | 1 +
xen/arch/x86/hypercall.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c
index 9e8e9d921d..c0a13aa0ab 100644
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -467,6 +467,7 @@ unsigned long hypercall_create_continuation(
return rc;
bad_fmt:
+ va_end(args);
gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p);
ASSERT_UNREACHABLE();
domain_crash(current->domain);
diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c
index 4643e5eb43..1d42702c6a 100644
--- a/xen/arch/x86/hypercall.c
+++ b/xen/arch/x86/hypercall.c
@@ -157,6 +157,7 @@ unsigned long hypercall_create_continuation(
return op;
bad_fmt:
+ va_end(args);
gprintk(XENLOG_ERR, "Bad hypercall continuation format '%c'\n", *p);
ASSERT_UNREACHABLE();
domain_crash(curr->domain);
--
2.24.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 20.11.2019 14:37, Julien Grall wrote: > From: Julien Grall <julien@xen.org> > > The documentation requires va_start() to always be matched with a > corresponding va_end(). However, this is not the case in the path used > for bad format. > > This was introduced by XSA-296. > > Coverity-ID: 1488727 > Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()") > Signed-off-by: Julien Grall <julien@xen.org> Reviewed-by: Jan Beulich <jbeulich@suse.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
On 20/11/2019 13:56, Jan Beulich wrote: > On 20.11.2019 14:37, Julien Grall wrote: >> From: Julien Grall <julien@xen.org> >> >> The documentation requires va_start() to always be matched with a >> corresponding va_end(). However, this is not the case in the path used >> for bad format. >> >> This was introduced by XSA-296. >> >> Coverity-ID: 1488727 >> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()") >> Signed-off-by: Julien Grall <julien@xen.org> > Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com> + Juergen. This is a bugfix to XSA-296 so will end up going out on older branches. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
On 20.11.19 15:06, Andrew Cooper wrote: > On 20/11/2019 13:56, Jan Beulich wrote: >> On 20.11.2019 14:37, Julien Grall wrote: >>> From: Julien Grall <julien@xen.org> >>> >>> The documentation requires va_start() to always be matched with a >>> corresponding va_end(). However, this is not the case in the path used >>> for bad format. >>> >>> This was introduced by XSA-296. >>> >>> Coverity-ID: 1488727 >>> Fixes: 0bf9f8d3e3 ("xen/hypercall: Don't use BUG() for parameter checking in hypercall_create_continuation()") >>> Signed-off-by: Julien Grall <julien@xen.org> >> Reviewed-by: Jan Beulich <jbeulich@suse.com> > > Reviewed-by: Andrew Andrew Cooper <andrew.cooper3@citrix.com> Release-acked-by: Juergen Gross <jgross@suse.com> Juergen _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
© 2016 - 2024 Red Hat, Inc.