|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] xen/arm: Correctly handle non-page aligned pointer in raw_copy_from_guest
On 02/18/2014 05:46 PM, Ian Campbell wrote: > On Tue, 2014-02-18 at 17:10 +0000, Ian Campbell wrote: >> On Tue, 2014-02-18 at 16:56 +0000, Julien Grall wrote: >>> The current implementation of raw_copy_guest helper may lead to data >>> corruption >>> and sometimes Xen crash when the guest virtual address is not aligned to >>> PAGE_SIZE. >>> >>> When the total length is higher than a page, the length to read is badly >>> compute with >>> min(len, (unsigned)(PAGE_SIZE - offset)) >>> >>> As the offset is only computed one time per function, if the start address >>> was >>> not aligned to PAGE_SIZE, we can end up in same iteration: >>> - to read accross page boundary => xen crash >>> - read the previous page => data corruption >>> >>> This issue can be resolved by setting offset to 0 at the end of the first >>> iteration. Indeed, after it, the virtual guest address is always aligned >>> to PAGE_SIZE. >>> >>> Signed-off-by: Julien Grall <julien.grall@xxxxxxxxxx> >> >> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> > > and applied. > >>> + /* >>> + * After the first iteration, guest virtual address is correctly >>> + * aligned to PAGE_SIZE. >>> + */ >> >> I'd like to duplicate this comment in the other two places too -- if you >> are OK with it I will do that as part of committing. > > I did this. Thanks! I didn't see this part on the previous message. -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |