[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/dmop: Fix compat_dm_op() ABI

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Wed, 1 Feb 2017 12:00:40 +0000
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Wed, 01 Feb 2017 12:00:56 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 01/02/17 10:46, Jan Beulich wrote:
>>>> On 31.01.17 at 20:59, <andrew.cooper3@xxxxxxxxxx> wrote:
>> What is the pupose of COMPAT_HANDLE_PARAM()? It is a packed structure of one
>> and a half pointers, so isn't safe at all for use in the hypercall function
>> APIs (depsite its naming making it look deceptively like it is the correct
>> thing to use).
> Btw, where are you taking this "one and a half pointers" from?
> It's half a pointer (a compat one) plus a zero sized array.

Hmm.  I had missed the ZLA, but debugging proves that the raw value of
bufs.c was garbage even when passing a NULL handle from userspace.  As a
result, the copy_from_compat_offset() was hitting -EFAULT for every
hypercall.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- Re: [Xen-devel] [PATCH] x86/dmop: Fix compat_dm_op() ABI
  - From: Jan Beulich

Prev by Date: Re: [Xen-devel] [PATCH v3 1/2] swiotlb-xen: implement xen_swiotlb_dma_mmap callback
Next by Date: [Xen-devel] [PATCH v3 02/11] x86: extract macros to x86-defns.h
Previous by thread: Re: [Xen-devel] [PATCH] x86/dmop: Fix compat_dm_op() ABI
Next by thread: Re: [Xen-devel] [PATCH v3 2/2] swiotlb-xen: implement xen_swiotlb_get_sgtable callback
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.