[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/memory: Make resource_max_frames() to return 0 on unknown type



On 17.02.25 11:18, Jan Beulich wrote:


Hello Jan


On 16.02.2025 22:19, Oleksandr Tyshchenko wrote:

From: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>

This is actually what the caller acquire_resource() expects on any kind
of error (the comment on top of resource_max_frames() also suggests that).
Otherwise, the caller will treat -errno as a valid value and propagate incorrect
nr_frames to the VM. As a possible consequence, a VM trying to query a resource
size of an unknown type will get the success result from the hypercall and 
obtain
nr_frames 4294967201.

Fixes: 9244528955de ("xen/memory: Fix acquire_resource size semantics")
Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>


Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>



Thanks.


albeit preferably with an addition:


--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -1157,7 +1157,7 @@ static unsigned int resource_max_frames(const struct 
domain *d,
          return d->vmtrace_size >> PAGE_SHIFT;
default: 
-        return -EOPNOTSUPP;
+        return 0;
      }
  }


Wouldn't we better accompany this by an ASSERT_UNREACHABLE() in the default
case of _acquire_resource()?
Maybe yes, as I understand, normally we won't get to this point, as an unknown type will always be rejected earlier in resource_max_frames(). 
Will add.





Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.