[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v7 04/10] xen/memory: Add a vmtrace_buf resource type
On 25.01.2021 17:31, Jan Beulich wrote: > On 21.01.2021 22:27, Andrew Cooper wrote: >> --- a/xen/common/memory.c >> +++ b/xen/common/memory.c >> @@ -1068,11 +1068,35 @@ static unsigned int resource_max_frames(const struct >> domain *d, >> case XENMEM_resource_grant_table: >> return gnttab_resource_max_frames(d, id); >> >> + case XENMEM_resource_vmtrace_buf: >> + return d->vmtrace_frames; >> + >> default: >> return arch_resource_max_frames(d, type, id); >> } >> } >> >> +static int acquire_vmtrace_buf( >> + struct domain *d, unsigned int id, unsigned long frame, >> + unsigned int nr_frames, xen_pfn_t mfn_list[]) >> +{ >> + const struct vcpu *v = domain_vcpu(d, id); >> + unsigned int i; >> + mfn_t mfn; >> + >> + if ( !v || !v->vmtrace.buf || >> + nr_frames > d->vmtrace_frames || >> + (frame + nr_frames) > d->vmtrace_frames ) >> + return -EINVAL; > > > I think that for this to guard against overflow, the first nr_frames > needs to be replaced by frame (as having the wider type), or else a > very large value of frame coming in will not yield the intended > -EINVAL. Actually, besides this then wanting to be >= instead of >, this wouldn't take care of the 32-bit case (or more generally the sizeof(long) == sizeof(int) one). So I think you want if ( !v || !v->vmtrace.buf || (frame + nr_frames) < frame || (frame + nr_frames) > d->vmtrace_frames ) return -EINVAL; > If you agree, with this changed, > Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> This holds. Jan
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |