-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unsound code patterns #359
Comments
Tracking the unsound code patterns with issue coconut-svsm#359, and set new owners to Carlos López, Thomas Leroy and Tom Dohrmann. Signed-off-by: Thomas Leroy <[email protected]>
These will be fixed by #372. The IDT part should be fixed by #366. TSS still not fixed yet. |
This will actually be fixed by #387. |
This will be fixed by #443 (though to be fair AFAICT the original issue doesn't exist anymore anyway). |
This will be fixed by #450. |
|
Good catch. If I understand the code correctly, the UB can only be triggered in |
It's UB even if we don't access the value.
Can you elaborate on how this check would be implemented? IMHO we should change |
Yes you're right. It looks easier to handle unknown values, and allow room for the new exit codes. |
Do you plan working on implementing this? I can take it if you want |
Feel free, I'm already quite busy. |
Previously, it was possible for a guest to exit with an exit code undefined in the GuestVMExit enum, leading to undefined behavior. As suggested by @Freax13 in coconut-svsm#359, we can replace this by a tuple struct, allowing unknown values. Signed-off-by: Thomas Leroy <[email protected]>
Previously, it was possible for a guest to exit with an exit code undefined in the GuestVMExit enum, leading to undefined behavior. As suggested by @Freax13 in coconut-svsm#359, we can replace this by a tuple struct, allowing unknown values. Signed-off-by: Thomas Leroy <[email protected]>
Previously, it was possible for a guest to exit with an exit code undefined in the GuestVMExit enum, leading to undefined behavior. As suggested by @Freax13 in coconut-svsm#359, we can replace this by a tuple struct, allowing unknown values. Signed-off-by: Thomas Leroy <[email protected]>
Previously, it was possible for a guest to exit with an exit code undefined in the GuestVMExit enum, leading to undefined behavior. As suggested by @Freax13 in coconut-svsm#359, we can replace this by a tuple struct, allowing unknown values. Signed-off-by: Thomas Leroy <[email protected]>
As advised by @Freax13 in coconut-svsm#359, if misused, zero_mem_region() can corrupt valid memory by writing zeroes to it. Therefore, it should be unsafe so that callers verfies that it points to the intended memory. Signed-off-by: Thomas Leroy <[email protected]>
As advised by @Freax13 in coconut-svsm#359, if misused, zero_mem_region() can corrupt valid memory by writing zeroes to it. Therefore, it should be unsafe so that callers verfies that it points to the intended memory. Signed-off-by: Thomas Leroy <[email protected]>
As advised by @Freax13 in coconut-svsm#359, if misused, zero_mem_region() can corrupt valid memory by writing zeroes to it. Therefore, it should be unsafe so that callers verfies that it points to the intended memory. Signed-off-by: Thomas Leroy <[email protected]>
Here are some unsound code patterns possibly remaining after @Freax13's initial issue #104.
PageTable
pointer is still live whenPageTableRef::deref(_mut)
dereferences the pointer. (Fixed by mm: always usethis_cpu().get_pgtable()
instead ofget_init_pgtable_locked()
#443)this_cpu()
(cf. exception/interrupt handlers shouldn't accessthis_cpu()
#478 )The text was updated successfully, but these errors were encountered: