Getting the following DSAN errors,
Code:
[ 0.300325] UBSAN: array-index-out-of-bounds in /var/lib/dkms/parallels-tools/19.4.1.54985/build/prl_tg/Toolgate/Guest/Linux/prl_tg/prltg_call.c:83:10
[ 0.300327] index 0 is out of range for type 'page *[*]'
[ 0.300396] UBSAN: array-index-out-of-bounds in /var/lib/dkms/parallels-tools/19.4.1.54985/build/prl_tg/Toolgate/Guest/Linux/prl_tg/prltg_call.c:84:3
[ 0.300397] index 0 is out of range for type 'page *[*]'
[ 0.300448] UBSAN: array-index-out-of-bounds in /var/lib/dkms/parallels-tools/19.4.1.54985/build/prl_tg/Toolgate/Guest/Linux/prl_tg/prltg_call.c:86:10
[ 0.300449] index 0 is out of range for type 'page *[*]'
[ 0.300516] UBSAN: array-index-out-of-bounds in /var/lib/dkms/parallels-tools/19.4.1.54985/build/prl_tg/Toolgate/Guest/Linux/prl_tg/prltg_call.c:245:4
[ 0.300517] index 0 is out of range for type 'page *[*]'
[ 8.065926] UBSAN: array-index-out-of-bounds in /var/lib/dkms/parallels-tools/19.4.1.54985/build/prl_tg/Toolgate/Guest/Linux/prl_tg/prltg_call.c:143:21
[ 8.065929] index 0 is out of range for type 'page *[*]'
[ 8.065983] UBSAN: array-index-out-of-bounds in /var/lib/dkms/parallels-tools/19.4.1.54985/build/prl_tg/Toolgate/Guest/Linux/prl_tg/prltg_call.c:242:25
[ 8.065984] index 0 is out of range for type 'page *[*]'
Checking the Parallels Tools module source, it does look like there's an error where loops start from 0, which cause attempting to act on index 0 on a index of pages.
ie, prltg_call.c:84:3 and 86:10 refer to this loop
Code:
for (i = 0; i < count; i++, mem += PAGE_SIZE, uple->count++) {
dma_addr_t addr;
uple->p[i] = vmalloc_to_page(mem);
page_cache_get(uple->p[i]);
addr = dma_map_page(prl_tg_get_device_from_pci_device(pdev), uple->p[i], 0, PAGE_SIZE,
DMA_BIDIRECTIONAL);
dst->RequestPages[i] = dma_addr_to_pfn(addr);
if (!dst->RequestPages[i]) {
page_cache_release(uple->p[i]);
goto err;
}
}
This *might* be introducing access to unauthorised pages, so should probably be audited to make sure it is not a security hole, and is correct behaviour.