|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 2/4] hvm/dmop: Implement copy_{to, from}_guest_buf() in terms of raw accessors
From: Jennifer Herbert <Jennifer.Herbert@xxxxxxxxxx>
This also allows the usual cases to be simplified, by omitting an unnecessary
buf parameters, and because the macros can appropriately size the object.
This makes copying to or from a buf that isn't big enough an error.
If the buffer isnt big enough, trying to carry on regardless
can only cause trouble later on.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Jennifer Herbert <Jennifer.Herbert@xxxxxxxxxx>
--
CC: Paul Durrant <paul.durrant@xxxxxxxxxx>
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Julien Grall <julien.grall@xxxxxxx>
---
xen/arch/x86/hvm/dm.c | 47 +++++++++++++++++++++++++++++------------------
1 file changed, 29 insertions(+), 18 deletions(-)
diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c
index fb4bcec..3607ddb 100644
--- a/xen/arch/x86/hvm/dm.c
+++ b/xen/arch/x86/hvm/dm.c
@@ -32,36 +32,47 @@ struct dmop_args {
struct xen_dm_op_buf buf[2];
};
-static bool copy_buf_from_guest(const xen_dm_op_buf_t bufs[],
- unsigned int nr_bufs, void *dst,
- unsigned int idx, size_t dst_size)
+static bool _raw_copy_from_guest_buf(void *dst,
+ const struct dmop_args *args,
+ unsigned int buf_idx,
+ size_t dst_bytes)
{
- size_t size;
+ size_t buf_bytes;
- if ( idx >= nr_bufs )
+ if ( buf_idx >= args->nr_bufs )
return false;
- memset(dst, 0, dst_size);
+ buf_bytes = args->buf[buf_idx].size;
- size = min_t(size_t, dst_size, bufs[idx].size);
+ if ( dst_bytes > buf_bytes )
+ return false;
- return !copy_from_guest(dst, bufs[idx].h, size);
+ return !copy_from_guest(dst, args->buf[buf_idx].h, buf_bytes);
}
-static bool copy_buf_to_guest(const xen_dm_op_buf_t bufs[],
- unsigned int nr_bufs, unsigned int idx,
- const void *src, size_t src_size)
+static bool _raw_copy_to_guest_buf(struct dmop_args *args,
+ unsigned int buf_idx,
+ const void *src, size_t src_bytes)
{
- size_t size;
+ size_t buf_bytes;
- if ( idx >= nr_bufs )
+ if ( buf_idx >= args->nr_bufs )
return false;
- size = min_t(size_t, bufs[idx].size, src_size);
+ buf_bytes = args->buf[buf_idx].size;
+
+ if ( src_bytes > buf_bytes )
+ return false;
- return !copy_to_guest(bufs[idx].h, src, size);
+ return !copy_to_guest(args->buf[buf_idx].h, src, buf_bytes);
}
+#define copy_from_guest_buf(dst, args, buf_idx) \
+ _raw_copy_from_guest_buf(dst, args, buf_idx, sizeof(*(dst)))
+
+#define copy_to_guest_buf(args, buf_idx, src) \
+ _raw_copy_to_guest_buf(args, buf_idx, src, sizeof(*(src)))
+
static int track_dirty_vram(struct domain *d, xen_pfn_t first_pfn,
unsigned int nr, struct xen_dm_op_buf *buf)
{
@@ -312,7 +323,7 @@ static int dm_op(struct dmop_args *op_args)
if ( rc )
goto out;
- if ( !copy_buf_from_guest(&op_args->buf[0], op_args->nr_bufs, &op, 0,
sizeof(op)) )
+ if ( !copy_from_guest_buf(&op, op_args, 0) );
{
rc = -EFAULT;
goto out;
@@ -568,8 +579,8 @@ static int dm_op(struct dmop_args *op_args)
}
if ( (!rc || rc == -ERESTART) &&
- !const_op &&
- !copy_buf_to_guest(&op_args->buf[0], op_args->nr_bufs, 0, &op,
sizeof(op)) )
+ !const_op && !copy_to_guest_buf(op_args, 0, &op) )
+
rc = -EFAULT;
out:
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |