[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: [Patch 4/4] Refining Xsave/Xrestore support - Version 2
>>> On 29.10.10 at 03:49, Haitao Shan <maillists.shan@xxxxxxxxx> wrote: >+ if ( evc->size != PV_XSAVE_SIZE || >+ evc->xfeature_mask != xfeature_mask ) >+ { >+ ret = EFAULT; This ought to be negative, and perhaps another error code would be better to pick here. >+ goto vcpuextstate_out; >+ } >... >+ if ( evc->size > PV_XSAVE_SIZE ) >+ goto vcpuextstate_out; What if evc->size < PV_XSAVE_SIZE? You're still copying xsave_cntxt_size bytes in the final copy_from_guest_offset(). Also, you're copying directly from the user buffer into struct vcpu fields, so you'll leave inconsistent state there if the second or third copy fails but at least the first succeeded. I think you need to copy the full input structure first, check for validity, and only then put the fields into the respective struct vcpu ones. >+#define CPU_XSAVE_CODE 16 I forgot to ask already on your first submission why this isn't using DECLARE_HVM_SAVE_TYPE(). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |