| Message ID | 1492780545-22401-2-git-send-email-jennifer.herbert@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
> -----Original Message----- > From: jennifer.herbert@citrix.com [mailto:jennifer.herbert@citrix.com] > Sent: 21 April 2017 14:16 > To: Xen-devel <xen-devel@lists.xen.org> > Cc: Jennifer Herbert <jennifer.herbert@citrix.com>; Jennifer Herbert > <jennifer.herbert@citrix.com>; Paul Durrant <Paul.Durrant@citrix.com>; > Andrew Cooper <Andrew.Cooper3@citrix.com>; Jan Beulich > <JBeulich@suse.com>; Julien Grall <julien.grall@arm.com> > Subject: [PATCH v7 for-4.9 2/5] hvm/dmop: Make copy_buf_{from, > to}_guest for a buffer not big enough an error. > > From: Jennifer Herbert <jennifer.herbert@citrix.com> > > This makes copying to or from a buf that isn't big enough an error. > If the buffer isnt big enough, trying to carry on regardless > can only cause trouble later on. > > Signed-off-by: Jennifer Herbert <Jennifer.Herbert@citrix.com> > -- > CC: Paul Durrant <paul.durrant@citrix.com> > CC: Andrew Cooper <andrew.cooper3@citrix.com> > CC: Jan Beulich <JBeulich@suse.com> > CC: Julien Grall <julien.grall@arm.com> > --- > This patch takes the behaviour change part of patch the previouse > [patch 2/4]. > --- > xen/arch/x86/hvm/dm.c | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c > index e583e41..63aa46c 100644 > --- a/xen/arch/x86/hvm/dm.c > +++ b/xen/arch/x86/hvm/dm.c > @@ -36,30 +36,32 @@ static bool copy_buf_from_guest(const > xen_dm_op_buf_t bufs[], > unsigned int nr_bufs, void *dst, > unsigned int idx, size_t dst_size) > { > - size_t size; > + size_t buf_bytes; > > if ( idx >= nr_bufs ) > return false; > > - memset(dst, 0, dst_size); > - > - size = min_t(size_t, dst_size, bufs[idx].size); > + buf_bytes = bufs[idx].size; > + if ( dst_size > buf_bytes ) > + return false; > > - return !copy_from_guest(dst, bufs[idx].h, size); > + return !copy_from_guest(dst, bufs[idx].h, buf_bytes); What happens if dst_size < buf_bytes? > } > > static bool copy_buf_to_guest(const xen_dm_op_buf_t bufs[], > unsigned int nr_bufs, unsigned int idx, > const void *src, size_t src_size) > { > - size_t size; > + size_t buf_bytes; > > if ( idx >= nr_bufs ) > return false; > > - size = min_t(size_t, bufs[idx].size, src_size); > + buf_bytes = bufs[idx].size; > + if ( src_size > buf_bytes ) > + return false; > > - return !copy_to_guest(bufs[idx].h, src, size); > + return !copy_to_guest(bufs[idx].h, src, buf_bytes); What happens if src_size < buf_bytes? > } > > static int track_dirty_vram(struct domain *d, xen_pfn_t first_pfn, > -- > 2.1.4
diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index e583e41..63aa46c 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -36,30 +36,32 @@ static bool copy_buf_from_guest(const xen_dm_op_buf_t bufs[], unsigned int nr_bufs, void *dst, unsigned int idx, size_t dst_size) { - size_t size; + size_t buf_bytes; if ( idx >= nr_bufs ) return false; - memset(dst, 0, dst_size); - - size = min_t(size_t, dst_size, bufs[idx].size); + buf_bytes = bufs[idx].size; + if ( dst_size > buf_bytes ) + return false; - return !copy_from_guest(dst, bufs[idx].h, size); + return !copy_from_guest(dst, bufs[idx].h, buf_bytes); } static bool copy_buf_to_guest(const xen_dm_op_buf_t bufs[], unsigned int nr_bufs, unsigned int idx, const void *src, size_t src_size) { - size_t size; + size_t buf_bytes; if ( idx >= nr_bufs ) return false; - size = min_t(size_t, bufs[idx].size, src_size); + buf_bytes = bufs[idx].size; + if ( src_size > buf_bytes ) + return false; - return !copy_to_guest(bufs[idx].h, src, size); + return !copy_to_guest(bufs[idx].h, src, buf_bytes); } static int track_dirty_vram(struct domain *d, xen_pfn_t first_pfn,