[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [BUGFIX][PATCH 3/4] hvm_save_one: return correct data.

To: <xen-devel@xxxxxxxxxxxxx>
From: Don Slutz <dslutz@xxxxxxxxxxx>
Date: Wed, 11 Dec 2013 19:56:16 -0500
Cc: Keir Fraser <keir@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>, Don Slutz <dslutz@xxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Delivery-date: Thu, 12 Dec 2013 01:01:52 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

From: Don Slutz <dslutz@xxxxxxxxxxx>

It is possible that hvm_sr_handlers[typecode].save does not use all
the provided room.  In that case, using:

   instance * hvm_sr_handlers[typecode].size

does not select the correct instance.  Add code to search for the
correct instance.

Signed-off-by: Don Slutz <dslutz@xxxxxxxxxxx>
---
 xen/common/hvm/save.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/xen/common/hvm/save.c b/xen/common/hvm/save.c
index de76ada..ff6e910 100644
--- a/xen/common/hvm/save.c
+++ b/xen/common/hvm/save.c
@@ -112,13 +112,27 @@ int hvm_save_one(struct domain *d, uint16_t typecode, 
uint16_t instance,
                d->domain_id, typecode);
         rv = -EFAULT;
     }
-    else if ( copy_to_guest(handle,
-                            ctxt.data 
-                            + (instance * hvm_sr_handlers[typecode].size) 
-                            + sizeof (struct hvm_save_descriptor), 
-                            hvm_sr_handlers[typecode].size
-                            - sizeof (struct hvm_save_descriptor)) )
-        rv = -EFAULT;
+    else
+    {
+        uint32_t off;
+
+        rv = -EBADSLT;
+        for (off = 0; off < ctxt.cur; off += hvm_sr_handlers[typecode].size) {
+            struct hvm_save_descriptor *desc
+                   = (struct hvm_save_descriptor *)&ctxt.data[off];
+            if (instance == desc->instance) {
+                rv = 0;
+                if ( copy_to_guest(handle,
+                                   ctxt.data
+                                   + off
+                                   + sizeof (struct hvm_save_descriptor),
+                                   hvm_sr_handlers[typecode].size
+                                   - sizeof (struct hvm_save_descriptor)) )
+                    rv = -EFAULT;
+                break;
+            }
+        }
+    }
 
     xfree(ctxt.data);
     return rv;
-- 
1.8.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [BUGFIX][PATCH 3/4] hvm_save_one: return correct data.
  - From: Jan Beulich

References:
- [Xen-devel] [BUGFIX][PATCH 0/4] hvm_save_one: return correct data.
  - From: Don Slutz

Prev by Date: [Xen-devel] [BUGFIX][PATCH 4/4] hvm_save_one: allow the 2nd instance to be fetched for PIC.
Next by Date: [Xen-devel] [BUGFIX][PATCH 0/4] hvm_save_one: return correct data.
Previous by thread: Re: [Xen-devel] [BUGFIX][PATCH 4/4] hvm_save_one: allow the 2nd instance to be fetched for PIC.
Next by thread: Re: [Xen-devel] [BUGFIX][PATCH 3/4] hvm_save_one: return correct data.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.