|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/2] x86: drop "index" parameter from get_free_pirq()
>>> On 05.09.12 at 14:36, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> On 05/09/12 13:24, Jan Beulich wrote:
>> @@ -71,7 +71,7 @@ static int physdev_hvm_map_pirq(
>> else
>> {
>> if ( *pirq < 0 )
>> - *pirq = get_free_pirq(d, type, *index);
>> + *pirq = get_free_pirq(d, type);
>> ret = map_domain_emuirq_pirq(d, *pirq, *index);
>
>
> Relatedly (and I had already noticed this but not got round to making a
> patch because of other more urgent bugs)
>
> You still have a chance here of passing an error into
> map_domain_emuirq_pirq, in the pirq value. This is not a security issue
> as map_domain_emuirq_pirq does range check pirq, but may turn into a
> problem if the implementation of map_domain_emuirq_pirq changes. I
> would say that for correctness sake, physdev_hvm_map_pirq() should range
> check get_free_pirq(), even if this will lead to a double range check of
> the value.
Yes, that would be more clean.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |