Message ID | 4cf07838-40ff-a941-159a-263c9305b89d@suse.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | None | expand |
Hi Jan, On 05/02/2020 13:16, Jan Beulich wrote: > This is more robust than the raw xmalloc_bytes(). > > Also add a sanity check on the input page range. It feels to me that the commit message/title should focus on the sanity check. The xmalloc_array() is just a cleanup is "less important". Argually the clean-up should be in a separate patch but I can appreciate they are somewhat related. > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > > --- a/xen/common/sysctl.c > +++ b/xen/common/sysctl.c > @@ -187,13 +187,17 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xe > uint32_t *status, *ptr; > mfn_t mfn; > > + ret = -EINVAL; > + if ( op->u.page_offline.end < op->u.page_offline.start ) > + break; > + > ret = xsm_page_offline(XSM_HOOK, op->u.page_offline.cmd); > if ( ret ) > break; > > - ptr = status = xmalloc_bytes( sizeof(uint32_t) * > - (op->u.page_offline.end - > - op->u.page_offline.start + 1)); > + ptr = status = xmalloc_array(uint32_t, > + (op->u.page_offline.end - > + op->u.page_offline.start + 1)); > if ( !status ) > { > dprintk(XENLOG_WARNING, "Out of memory for page offline op\n"); >
On 05.02.2020 15:34, Julien Grall wrote: > On 05/02/2020 13:16, Jan Beulich wrote: >> This is more robust than the raw xmalloc_bytes(). >> >> Also add a sanity check on the input page range. > > It feels to me that the commit message/title should focus on the sanity > check. The xmalloc_array() is just a cleanup is "less important". But it not being there would generally just result in -ENOMEM due to the xmalloc_...() failing (leaving aside overflow not accounted for in the old code), which by the new check just gets changed into the more applicable -EINVAL. I view the changed called out in the title as more important. Jan >> --- a/xen/common/sysctl.c >> +++ b/xen/common/sysctl.c >> @@ -187,13 +187,17 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xe >> uint32_t *status, *ptr; >> mfn_t mfn; >> >> + ret = -EINVAL; >> + if ( op->u.page_offline.end < op->u.page_offline.start ) >> + break; >> + >> ret = xsm_page_offline(XSM_HOOK, op->u.page_offline.cmd); >> if ( ret ) >> break; >> >> - ptr = status = xmalloc_bytes( sizeof(uint32_t) * >> - (op->u.page_offline.end - >> - op->u.page_offline.start + 1)); >> + ptr = status = xmalloc_array(uint32_t, >> + (op->u.page_offline.end - >> + op->u.page_offline.start + 1)); >> if ( !status ) >> { >> dprintk(XENLOG_WARNING, "Out of memory for page offline op\n"); >> >
Hi Jan, On 05/02/2020 16:38, Jan Beulich wrote: > On 05.02.2020 15:34, Julien Grall wrote: >> On 05/02/2020 13:16, Jan Beulich wrote: >>> This is more robust than the raw xmalloc_bytes(). >>> >>> Also add a sanity check on the input page range. >> >> It feels to me that the commit message/title should focus on the sanity >> check. The xmalloc_array() is just a cleanup is "less important". > > But it not being there would generally just result in -ENOMEM > due to the xmalloc_...() failing (leaving aside overflow not > accounted for in the old code), which by the new check just > gets changed into the more applicable -EINVAL. I view the > changed called out in the title as more important. None of the commit message really explain this. So the sanity check did feel more important. You probably want to reword the commit message to explain why the sanity check is added (i.e ENOMEM vs EINVAL). Cheers,
--- a/xen/common/sysctl.c +++ b/xen/common/sysctl.c @@ -187,13 +187,17 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xe uint32_t *status, *ptr; mfn_t mfn; + ret = -EINVAL; + if ( op->u.page_offline.end < op->u.page_offline.start ) + break; + ret = xsm_page_offline(XSM_HOOK, op->u.page_offline.cmd); if ( ret ) break; - ptr = status = xmalloc_bytes( sizeof(uint32_t) * - (op->u.page_offline.end - - op->u.page_offline.start + 1)); + ptr = status = xmalloc_array(uint32_t, + (op->u.page_offline.end - + op->u.page_offline.start + 1)); if ( !status ) { dprintk(XENLOG_WARNING, "Out of memory for page offline op\n");
This is more robust than the raw xmalloc_bytes(). Also add a sanity check on the input page range. Signed-off-by: Jan Beulich <jbeulich@suse.com>