NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
port-xen/58362: xen_rtc_set fails to zero-initialize XENPF_settime(64) command
>Number: 58362
>Category: port-xen
>Synopsis: xen_rtc_set fails to zero-initialize XENPF_settime(64) command
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-xen-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jun 23 20:40:00 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10, 9, ...
>Organization:
The XenBSD Clockdationroot:/bin/sh
>Environment:
>Description:
1092 static int
1093 xen_rtc_set(struct todr_chip_handle *todr, struct timeval *tvp)
1094 {
...
1097 xen_platform_op_t op;
...
1108 /* Set the hypervisor wall clock time. */
1109 op.cmd = XENPF_settime;
1110 op.u.settime.secs = tvp->tv_sec;
1111 op.u.settime.nsecs = tvp->tv_usec * 1000;
1112 op.u.settime.system_time = systime_ns;
1113 return HYPERVISOR_platform_op(&op);
https://nxr.netbsd.org/xref/src/sys/arch/xen/xen/xen_clock.c?r=1.18#1092
But for newer Xen interfaces, there is an extra member called `mbz' in XENPF_settime's argument:
#define XENPF_settime64 62
struct xenpf_settime64 {
/* IN variables. */
uint64_t secs;
uint32_t nsecs;
uint32_t mbz;
uint64_t system_time;
};
#if __XEN_INTERFACE_VERSION__ < 0x00040600
#define XENPF_settime XENPF_settime32
#define xenpf_settime xenpf_settime32
#else
#define XENPF_settime XENPF_settime64
#define xenpf_settime xenpf_settime64
#endif
And Xen itself enforces this:
221 case XENPF_settime64:
222 if ( likely(!op->u.settime64.mbz) )
223 do_settime(op->u.settime64.secs,
224 op->u.settime64.nsecs,
225 op->u.settime64.system_time);
226 else
227 ret = -EINVAL;
228 break;
https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/arch/x86/platform_hypercall.c;h=23fadbc782273c8111d2938aa9618360f908573c;hb=543bbddf79f105682904c3b5a09c5a1692ae4b15#l221
>How-To-Repeat:
code inspection
>Fix:
memset(&op, 0, sizeof(op));
Home |
Main Index |
Thread Index |
Old Index