[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 6/9] gnttab: check handle early in gnttab_get_status_frames()

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 26 Aug 2021 12:13:54 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WgAjYnxDFUYlslYtdTTLHtg23PGbrK/JGOw7bwR967o=; b=QISyScaBeCeN8vSabzq/62BIEf+3LQ+TAt2IqbGXux5nW+l9bB1jNGjp3romS0L0MJ1NgKIqBdvN4uxEq/04xk3PPQpdYSmejrVa78/SUOWUPf+MNCGyLYwM4M/MabarIBqVLr6arBvlooMKXPgCwxoUoIOdLpqa7th9lAv2zhaX4mlGlWRkJ4uMNdEFNrFmEj5WR33KBw2atP4uRlOrbBh9uKAV6CwkhN2DCXxOu2h5lCmcLuQ6iNqcBnx+D3RBS2eN7JBBbe/Jh61ZOV67m2ZchSPvfSKqeN3L0MF5Jq3MfTg3oYs0+GFaedJ5uJqRRLKWIWMJRyWcNqR1lK/78g==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j95Jty9ROLgnQteQkxFlJQemBXJ6yYU7bYlY3eVv1YXZlmSXhmY8wk5pv3PmY+aFPpK+4XGkSLruLkN9mRtoLCDRCQuy7PzxNAWmXie0MGaCmf6OVpaQaNF58oRMJJuIx6mDzMpbEItdhCpmqnmsvuGaBTwmBr2GTBkczhy5M2ZwfFgbhO1mWvwxtrOT4J14F5KtnNO35NVrD5S3acRdKKjDQ7/eXiTS5/hci8p5O6AcjUdyjKJazQimlj6rjeqvYt/v9mExXRCMM+JL/T9F1EBCTcHcQLqe9u7GxNCMkJclRtm+HgX6Pkq90cmoU+4Pv3AEo5VZbG1o0mRtXnKJXw==
  • Authentication-results: xen.org; dkim=none (message not signed) header.d=none;xen.org; dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Thu, 26 Aug 2021 10:14:03 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Like done in gnttab_setup_table(), check the handle once early in the
function and use the lighter-weight (for PV) copying function in the
loop.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -3261,6 +3261,9 @@ gnttab_get_status_frames(XEN_GUEST_HANDL
         return -EFAULT;
     }
 
+    if ( !guest_handle_okay(op.frame_list, op.nr_frames) )
+        return -EFAULT;
+
     d = rcu_lock_domain_by_any_id(op.dom);
     if ( d == NULL )
     {
@@ -3301,7 +3304,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDL
     for ( i = 0; i < op.nr_frames; i++ )
     {
         gmfn = gfn_x(gnttab_status_gfn(d, gt, i));
-        if ( copy_to_guest_offset(op.frame_list, i, &gmfn, 1) )
+        if ( __copy_to_guest_offset(op.frame_list, i, &gmfn, 1) )
             op.status = GNTST_bad_virt_addr;
     }

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.