Message ID | 599AB7260200007800171743@prv-mh.provo.novell.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On 21/08/17 09:34, Jan Beulich wrote: > The compat mode code also needs adjustment to deal with the changed > return value from gnttab_copy(). > > Signed-off-by: Jan Beulich <jbeulich@suse.com> /sigh - There's always another one, isn't there. The patch should mention that it is part of XSA-226. With that, Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> > > --- a/xen/common/compat/grant_table.c > +++ b/xen/common/compat/grant_table.c > @@ -258,9 +258,9 @@ int compat_grant_table_op(unsigned int c > rc = gnttab_copy(guest_handle_cast(nat.uop, gnttab_copy_t), n); > if ( rc > 0 ) > { > - ASSERT(rc < n); > - i -= n - rc; > - n = rc; > + ASSERT(rc <= n); > + i -= rc; > + n -= rc; > } > if ( rc >= 0 ) > { > > >
--- a/xen/common/compat/grant_table.c +++ b/xen/common/compat/grant_table.c @@ -258,9 +258,9 @@ int compat_grant_table_op(unsigned int c rc = gnttab_copy(guest_handle_cast(nat.uop, gnttab_copy_t), n); if ( rc > 0 ) { - ASSERT(rc < n); - i -= n - rc; - n = rc; + ASSERT(rc <= n); + i -= rc; + n -= rc; } if ( rc >= 0 ) {
The compat mode code also needs adjustment to deal with the changed return value from gnttab_copy(). Signed-off-by: Jan Beulich <jbeulich@suse.com>