Possibly incorrect allocation in function pp_alloc_clr #199
Comments
|
Hello @nkosmatov!
This is amazing!! Thank you for doing that work. Your corrections seem to make sense. I'd propose you send a PR with the fixes you point out. |
nkosmatov
added a commit
to nkosmatov/bao-hypervisor
that referenced
this issue
Jan 2, 2025
See issue bao-project#199 Signed-off-by: Nikolai Kosmatov <[email protected]>
josecm
pushed a commit
to nkosmatov/bao-hypervisor
that referenced
this issue
Jan 6, 2025
See issue bao-project#199 Signed-off-by: Nikolai Kosmatov <[email protected]> Signed-off-by: Jose Martins <[email protected]>
josecm
pushed a commit
to nkosmatov/bao-hypervisor
that referenced
this issue
Jan 6, 2025
See issue bao-project#199 Signed-off-by: Nikolai Kosmatov <[email protected]> Signed-off-by: Jose Martins <[email protected]>
josecm
pushed a commit
that referenced
this issue
Jan 6, 2025
See issue #199 Signed-off-by: Nikolai Kosmatov <[email protected]> Signed-off-by: Jose Martins <[email protected]>
|
Fixed by #202 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While working on formal verification of cache coloring and page coloring mechanisms in Bao, we discovered two issues in function
pp_alloc_clrThe following line (currently line 138 in commit c306b0f in file src/core/mmu/mem.c)
index ++;should be removed. Otherwise , in some situations, a previously allocated page can be allocated again, or other unintended behavior can occur.
The following line (currently line 161 in commit c306b0f in file src/core/mmu/mem.c)
index = 0;should be replaced by
index = pp_next_clr ( pool->base , 0 , colors ) ;Otherwise , in some situations, a previously allocated page can be allocated again.
After the proposed modifications we were able to prove a (slightly simplified) corrected version of cache coloring and page coloring mechanisms in Bao.
The text was updated successfully, but these errors were encountered: