[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 2/4] hvm/dmop: Implement copy_{to, from}_guest_buf() in terms of raw accessors
From: Jennifer Herbert <Jennifer.Herbert@xxxxxxxxxx> This also allows the usual cases to be simplified, by omitting an unnecessary buf parameters, and because the macros can appropriately size the object. This makes copying to or from a buf that isn't big enough an error. If the buffer isnt big enough, trying to carry on regardless can only cause trouble later on. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Jennifer Herbert <Jennifer.Herbert@xxxxxxxxxx> -- CC: Paul Durrant <paul.durrant@xxxxxxxxxx> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Julien Grall <julien.grall@xxxxxxx> --- xen/arch/x86/hvm/dm.c | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c index fb4bcec..3607ddb 100644 --- a/xen/arch/x86/hvm/dm.c +++ b/xen/arch/x86/hvm/dm.c @@ -32,36 +32,47 @@ struct dmop_args { struct xen_dm_op_buf buf[2]; }; -static bool copy_buf_from_guest(const xen_dm_op_buf_t bufs[], - unsigned int nr_bufs, void *dst, - unsigned int idx, size_t dst_size) +static bool _raw_copy_from_guest_buf(void *dst, + const struct dmop_args *args, + unsigned int buf_idx, + size_t dst_bytes) { - size_t size; + size_t buf_bytes; - if ( idx >= nr_bufs ) + if ( buf_idx >= args->nr_bufs ) return false; - memset(dst, 0, dst_size); + buf_bytes = args->buf[buf_idx].size; - size = min_t(size_t, dst_size, bufs[idx].size); + if ( dst_bytes > buf_bytes ) + return false; - return !copy_from_guest(dst, bufs[idx].h, size); + return !copy_from_guest(dst, args->buf[buf_idx].h, buf_bytes); } -static bool copy_buf_to_guest(const xen_dm_op_buf_t bufs[], - unsigned int nr_bufs, unsigned int idx, - const void *src, size_t src_size) +static bool _raw_copy_to_guest_buf(struct dmop_args *args, + unsigned int buf_idx, + const void *src, size_t src_bytes) { - size_t size; + size_t buf_bytes; - if ( idx >= nr_bufs ) + if ( buf_idx >= args->nr_bufs ) return false; - size = min_t(size_t, bufs[idx].size, src_size); + buf_bytes = args->buf[buf_idx].size; + + if ( src_bytes > buf_bytes ) + return false; - return !copy_to_guest(bufs[idx].h, src, size); + return !copy_to_guest(args->buf[buf_idx].h, src, buf_bytes); } +#define copy_from_guest_buf(dst, args, buf_idx) \ + _raw_copy_from_guest_buf(dst, args, buf_idx, sizeof(*(dst))) + +#define copy_to_guest_buf(args, buf_idx, src) \ + _raw_copy_to_guest_buf(args, buf_idx, src, sizeof(*(src))) + static int track_dirty_vram(struct domain *d, xen_pfn_t first_pfn, unsigned int nr, struct xen_dm_op_buf *buf) { @@ -312,7 +323,7 @@ static int dm_op(struct dmop_args *op_args) if ( rc ) goto out; - if ( !copy_buf_from_guest(&op_args->buf[0], op_args->nr_bufs, &op, 0, sizeof(op)) ) + if ( !copy_from_guest_buf(&op, op_args, 0) ); { rc = -EFAULT; goto out; @@ -568,8 +579,8 @@ static int dm_op(struct dmop_args *op_args) } if ( (!rc || rc == -ERESTART) && - !const_op && - !copy_buf_to_guest(&op_args->buf[0], op_args->nr_bufs, 0, &op, sizeof(op)) ) + !const_op && !copy_to_guest_buf(op_args, 0, &op) ) + rc = -EFAULT; out: -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |