@@ -776,9 +776,9 @@ shadow_write_entries(void *d, void *s, i
/* Because we mirror access rights at all levels in the shadow, an
* l2 (or higher) entry with the RW bit cleared will leave us with
* no write access through the linear map.
- * We detect that by writing to the shadow with copy_to_user() and
+ * We detect that by writing to the shadow with __put_user() and
* using map_domain_page() to get a writeable mapping if we need to. */
- if ( __copy_to_user(d, d, sizeof (unsigned long)) != 0 )
+ if ( __put_user(*dst, dst) )
{
perfc_incr(shadow_linear_map_failed);
map = map_domain_page(mfn);
In a subsequent patch I would almost have broken the logic here, if I hadn't happened to read through the comment at the top of safe_write_entry(): __copy_from_user() does not provide a guarantee shadow_write_entries() requires - it's only an optimization that it makes use of __put_user_size() for certain sizes. Use __put_user() directly, which does expand to a single (memory accessing) insn. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- In a future patch I guess I'll make this write store the intended data instead of doing this "no-op" write, making the subsequent loop start from 1 in the success case. In fact I also think safe_write_entry() would better go away, in favor of direct use of write_atomic().