Stephen C. Tweedie
2006-Oct-04 17:17 UTC
[Xen-devel] Weird overflowing user_desc assignment
Hi all,
davej just noticed gcc spitting a complaint about this:
linux/arch/x86-64/kernel/process-xen.c ---
static inline void set_32bit_tls(struct task_struct *t, int tls, u32
addr)
{
struct user_desc ud = {
.base_addr = addr,
.limit = 0xfffff,
.contents = (3 << 3), /* user */
.seg_32bit = 1,
.limit_in_pages = 1,
.useable = 1,
};
struct n_desc_struct *desc = (void *)t->thread.tls_array;
desc += tls;
desc->a = LDT_entry_a(&ud);
desc->b = LDT_entry_b(&ud);
}
where we get an overflow assigning "3 << 3" to ud.contents,
which is a
2-bit bitfield defined in include/asm-x86_64/ldt.h:
struct user_desc {
...
unsigned int contents:2;
...
};
Any idea what the intention was here?
--Stephen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
* Stephen C. Tweedie (sct@redhat.com) wrote:> static inline void set_32bit_tls(struct task_struct *t, int tls, u32 > addr) > { > struct user_desc ud = { > .base_addr = addr, > .limit = 0xfffff, > .contents = (3 << 3), /* user */ > .seg_32bit = 1, > .limit_in_pages = 1, > .useable = 1, > }; > struct n_desc_struct *desc = (void *)t->thread.tls_array; > desc += tls; > desc->a = LDT_entry_a(&ud); > desc->b = LDT_entry_b(&ud); > } > > where we get an overflow assigning "3 << 3" to ud.contents, which is a > 2-bit bitfield defined in include/asm-x86_64/ldt.h: > > struct user_desc { > ... > unsigned int contents:2; > ... > }; > > Any idea what the intention was here?And why this was never picked up? http://lists.xensource.com/archives/html/xen-devel/2006-02/msg00640.html thanks, -chris _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel