NetBSD Problem Report #58362
From www@netbsd.org Sun Jun 23 20:38:11 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
client-signature RSA-PSS (2048 bits) client-digest SHA256)
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 4CCCC1A923A
for <gnats-bugs@gnats.NetBSD.org>; Sun, 23 Jun 2024 20:38:11 +0000 (UTC)
Message-Id: <20240623203809.F0A621A923C@mollari.NetBSD.org>
Date: Sun, 23 Jun 2024 20:38:09 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: xen_rtc_set fails to zero-initialize XENPF_settime(64) command
X-Send-Pr-Version: www-1.0
>Number: 58362
>Category: port-xen
>Synopsis: xen_rtc_set fails to zero-initialize XENPF_settime(64) command
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: riastradh
>State: needs-pullups
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jun 23 20:40:00 +0000 2024
>Closed-Date:
>Last-Modified: Sun Jun 23 21:05:01 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10, 9, ...
>Organization:
The XenBSD Clockdationroot:/bin/sh
>Environment:
>Description:
1092 static int
1093 xen_rtc_set(struct todr_chip_handle *todr, struct timeval *tvp)
1094 {
...
1097 xen_platform_op_t op;
...
1108 /* Set the hypervisor wall clock time. */
1109 op.cmd = XENPF_settime;
1110 op.u.settime.secs = tvp->tv_sec;
1111 op.u.settime.nsecs = tvp->tv_usec * 1000;
1112 op.u.settime.system_time = systime_ns;
1113 return HYPERVISOR_platform_op(&op);
https://nxr.netbsd.org/xref/src/sys/arch/xen/xen/xen_clock.c?r=1.18#1092
But for newer Xen interfaces, there is an extra member called `mbz' in XENPF_settime's argument:
#define XENPF_settime64 62
struct xenpf_settime64 {
/* IN variables. */
uint64_t secs;
uint32_t nsecs;
uint32_t mbz;
uint64_t system_time;
};
#if __XEN_INTERFACE_VERSION__ < 0x00040600
#define XENPF_settime XENPF_settime32
#define xenpf_settime xenpf_settime32
#else
#define XENPF_settime XENPF_settime64
#define xenpf_settime xenpf_settime64
#endif
And Xen itself enforces this:
221 case XENPF_settime64:
222 if ( likely(!op->u.settime64.mbz) )
223 do_settime(op->u.settime64.secs,
224 op->u.settime64.nsecs,
225 op->u.settime64.system_time);
226 else
227 ret = -EINVAL;
228 break;
https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/arch/x86/platform_hypercall.c;h=23fadbc782273c8111d2938aa9618360f908573c;hb=543bbddf79f105682904c3b5a09c5a1692ae4b15#l221
>How-To-Repeat:
code inspection
>Fix:
memset(&op, 0, sizeof(op));
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: port-xen-maintainer->riastradh
Responsible-Changed-By: riastradh@NetBSD.org
Responsible-Changed-When: Sun, 23 Jun 2024 20:50:41 +0000
Responsible-Changed-Why:
I made the bug (kind of) and I hopeI fixed it
State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sun, 23 Jun 2024 20:50:41 +0000
State-Changed-Why:
fix committed to HEAD, needs pullup-10 and pullup-9
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58362 CVS commit: src/sys/arch/xen/xen
Date: Sun, 23 Jun 2024 20:47:17 +0000
Module Name: src
Committed By: riastradh
Date: Sun Jun 23 20:47:17 UTC 2024
Modified Files:
src/sys/arch/xen/xen: xen_clock.c
Log Message:
xen_rtc_set: Zero-initialize op before passing to hypervisor.
PR port-xen/58362
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/sys/arch/xen/xen/xen_clock.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.